Over the last 18 months, the level of regulatory focus on the adequacy of the design, implementation and operating effectiveness of Risk Management Frameworks within the Building Society sector, and the adequacy of their Risk Functions, has heightened significantly. As a direct consequence, these matters are high on the agenda of Boards, Risk Committees and Audit Committees across the sector.
Given the current focus on the effectiveness of firms’ Risk Management arrangements, we have designed a series of monthly blogs aimed at providing an overview of the key matters that societies should be considering to ensure their Risk Management Frameworks and risk oversight arrangements are fit for purpose in line with the standards expected by the regulator. Our series of blogs cover the following ‘Hot Topics’:
- The Risk Function – How effective is yours?
- Risk governance arrangements – A case of blurred lines?
- A question of appetite and tolerance;
- Accountability, escalation and risk-based decision making; and
- Passing the embedding test – How do you know?
The main drivers causing the Prudential Regulation Authority (‘PRA’) to focus on the areas covered by this series of blogs have typically arisen as a result of perceived: i) aggressive or ambitious growth strategies (by reference to historical performance; ii) lack of strength in the Chief Risk Officer (or equivalent) or Risk Function as a whole; and iii) lack of risk capabilities and / or experience within the Non-Executive Director group. Where the PRA has provided feedback and outlined their concerns to Boards, they have generally focussed upon firstly, the independence, expertise and level of resource within the Risk Function and its ability to provide both significant and appropriate levels of challenge and oversight; and secondly, the adequacy of the whole risk management structure underpinning the business.
As a result of their concerns, the PRA has sought to use its regulatory toolkit in a number of different ways, including: i) commissioning Skilled Person reports under s166 of the Financial Services and Markets Act (‘FSMA’) (as amended by the Financial Services Act 2012); ii) imposing Pillar 2 capital add-ons or applying management scalars thereby increasing capital requirements; iii) restricting the level of lending activity undertaken; and iv) requiring Board’s to instruct the Society’s Internal Audit function to perform an independent assessment to areas of concern and provide them with the results.
In light of the above, the contents of our series of blogs should be of direct interest to Chief Risk Officers (or equivalents), Heads of Internal Audit and Board Risk Committee Chairs and members.
Requests for additional blogs on Risk Management topics of interest are welcomed and you can provide us with details of these, together with any feedback on this series of blogs, using the comments box provided further below.
We have a wealth of knowledge and experience of delivering both Audit and Assurance services to Building Societies across the sector. We have working relationships with more than 90% of the sector, giving us an unparalleled position and ability to provide a deep level of industry insight into current regulatory hot topics and key areas of focus.
Our depth of knowledge, understanding and industry experience means that we are well placed to provide invaluable insight and deliver tailored, pragmatic and proportionate solutions (either in an advisory or internal audit capacity) to help societies address new challenges and create competitive advantage.