This blog is part of a series of insights on Building Society risk management.
One of the key focus areas of regulatory reviews performed over the last 18 months has been the effectiveness of the Risk Function. As part of the feedback issued to Building Societies following their supervisory review and evaluation process, the Prudential Regulation Authority (‘PRA’) has emphasised that it considers an effective Risk Function to be crucial to the future well-being of societies and the successful delivery of their business strategies.
Where weaknesses have been displayed either by the personnel employed within the Risk Function or within the role and remit of the function, this has led the PRA to cast doubt over the quality of the risk management within that organisation and whether the current function is fit for purpose.
As a result of their concerns, the PRA has either requested Society Board’s to commission an independent report to assess the adequacy of the Risk Function (and provide the results to their supervisory team together with details of any remedial management actions required), or has used its formal powers to commission this work under s.166 of the Financial Services and Markets Act (‘FSMA’). Based upon the evidence seen within the sector, the outcome of these reviews has generally resulted in an increased level of regulatory supervision (regardless of the review approach taken) and the application of Pillar 2 capital add-ons or management scalars.
So, how can you make sure that your Risk Function is effective and meets regulatory requirements and expectations?
Some of the key questions that Chief Risk Officers (or equivalents) and Board Risk Committee Chairs and members should consider in informing their views are set out below:
- Is the vision for the Risk Function clearly articulated and does this address;
a) what the target operating model for the Risk Function is and does this reflect the level of complexity and size of the business and the degree of risk arising from the Society’s strategy?
b) how the function supports the achievement of the goals and objectives in the Corporate Plan?
c) how the Risk Function, Senior Management and the Board will know when the Risk Function has achieved its key objectives?
- Does the Risk Function have clear and appropriate Terms of Reference or an operating mandate, which is understood by all parts of the business?
- Is the level of independence, expertise and resource within the Risk Function commensurate with the size, scale and nature of the Society’s activities, and the complexities of the business model?
- Are key members of the Risk Function (i.e. Chief Risk Officer / Head of Risk, Senior Risk Managers etc.) able to clearly articulate the key risks faced by the Society, and the complexities of any inherent risks within the Society’s Balance Sheet and business model?
- Does the Risk Function provide both significant and appropriate levels of challenge and oversight?
- Is the Risk Function appropriately engaged with the business functions of the Society, and have appropriate representation at both first and second line risk committee meeting, and does the Chief Risk Officer / Head of Risk have continuous dialogue with the Chair of the Board Risk Committee and Board?
As well as being key questions for Chief Risk Officers and Board Risk Committees, Heads of Internal Audit and Audit Committees should also be considering how the effectiveness of the Society’s Risk Function can be assessed on a periodic basis. Some firms are taking the opportunity to test the effectiveness of their Risk Functions by using their Internal Audit function, or an alternative independent assurance provider, by assessing the function’s capabilities and performance over a period of time. This work is critical in providing directors and executives, with independent assurance and insight into whether the Risk Function meets regulatory requirements and expectations, and how this benchmarks with comparable functions within the sector.
We have a wealth of knowledge and experience of delivering both Audit and Assurance services to Building Societies across the sector. We have working relationships with more than 90% of the sector, giving us an unparalleled position and ability to provide a deep level of industry insight into current regulatory hot topics and key areas of focus.
Our depth of knowledge, understanding and industry experience means that we are well placed to provide invaluable insight and deliver tailored, pragmatic and proportionate solutions (either in an advisory or internal audit capacity) to help societies address new challenges and create competitive advantage.