Building Society risk management

This blog is part of a series of insights on Building Society risk management.

A key ongoing consideration for the Senior Management of Building Societies is risk appetite and tolerance, and the Society's adherence to it. The question of risk appetite and tolerance has been on the agenda of Board's and regulators for some time now; however, the level of focus given to this in recent years has now increased to the point where no Board or Board sub-committee meeting fails to touch on this in some way.

As explicitly outlined by the Financial Stability Board in 2014, the Prudential Regulation Authority ("PRA") expects a firm's risk appetite to be "integral to its strategy and the foundation of its risk management framework, so that the whole firm operates within this appetite." Whilst this sounds logical there are a number of pitfalls for firms, which should be, and need to be avoided.

Principle amongst these pitfalls is for the Senior Management and the Board to misunderstand the central and fundamental question of risk appetite and tolerance. To avoid this, firms need to be clear and not forget that 'risk appetite' is about the pursuit of risk to achieve goals and objectives, and that 'risk tolerance' is about what an organisation can actually cope with. Too often Boards and Senior Management can see effective risk management as 'putting the brakes on' or restricting business activity; rather than it being seen as being an enabler of activity on a sound basis consistent with the aspirations and objectives of the firm. Where this central question is misunderstood, firms typically end up constraining their activities and fail to achieve their goals.

In addressing the Financial Stability Board's requirements, and to avoid falling into some of the other pitfalls observed in recent years, Building Societies need to ensure that:

the Board's understanding of its risk appetite is correctly and clearly articulated within the Society's Business Plan, and that this sets out the level of risk that the Society is prepared to take in the pursuit of its objectives;

a Risk Strategy is developed which supports the delivery of the Society's Business Plan and clearly articulates the risk strategy and objectives for the management of each of the principle sources of risk that the Society faces. In formulating their Risk Strategy, societies should ensure that they address both the questions of risk appetite and risk tolerance, and address how successful implementation of the strategy will be measured, monitored and reported upon;

the Board's risk appetite and tolerance is put at the centre of the Society's Risk Management Framework, by ensuring that the policies and procedures in place are aligned with the Risk Strategy and that other key risk management tools in place (i.e. Key Risk Indicators, Early Warning Indicators, Key Control Indicators etc.) are also aligned and calibrated appropriately; and

all staff understand the risk appetites and tolerances, and apply these within the course of their work, and carry out their role and responsibilities in respect of the Society's Risk Management Framework as set out.

We have seen an increase in the level of regulatory scrutiny and challenge provided to societies by the PRA over the last two years. Where elements of the above have not been addressed in line with expectations, remedial action has been requested by the regulator, with impositions being made on societies (i.e. in the form of scalars or Pillar 2 capital add ons) until such time that they have been addressed to the PRA's satisfaction. Furthermore, where societies are considering changing their respective lending and / or financial risk management approaches under the PRA's updated Supervisory Statement (SS20/15) Supervising building societies' treasury and lending activities (i.e. in order to achieve the goals and objectives set out in their Business Plans), the PRA has requested Board's to keep them informed at an early stage and to provide details of how its risk strategy, risk policies and associated risk management tools will change in order to ensure that the risks associated with the transition will be effectively managed.

Given the level of focus and attention given to this topic, and the goals and objectives of building society board's in the context of their respective societies business plans; Board Risk Committees, Audit Committees, Chief Risk Officers and Heads of Internal Audit should ensure that due focus and attention is maintained in this respect, and that independent assurance is provided by Internal Audit on a periodic basis, and more frequently where changes to Business Plans or societies chosen approaches under the Building Societies Sourcebook are being considered or implemented.

Our experience

We have a wealth of knowledge and experience of delivering both Audit and Assurance services to Building Societies across the sector. We have working relationships with more than 90% of the sector, giving us an unparalleled position and ability to provide a deep level of industry insight into current regulatory hot topics and key areas of focus.

Our depth of knowledge, understanding and industry experience means that we are well placed to provide invaluable insight and deliver tailored, pragmatic and proportionate solutions (either in an advisory or internal audit capacity) to help societies address new challenges and create competitive advantage.


Matt Perkins

Matt Perkins - Partner, Head of Building Societies, Deloitte

Matt leads Deloitte’s national Building Society practice and is responsible for a team of c. 80 individuals across External Audit, Internal Audit, Tax, Corporate Finance and Consulting.

Email | LinkedIn

Kieren Cooper

Kieren Cooper - Partner, Financial Services, Deloitte

Kieren is a Partner in Deloitte’s Midlands Financial Services Practice and leads a large number of Internal and External Audit engagement in the Building Society sector.

Email | LinkedIn

Adam Roberts

Adam Roberts - Senior Manager, Financial Services, Deloitte

Adam is a Senior Internal Audit Manager working in Deloitte’s Financial Services Practice based in the Midlands and works with a wide range of Building Societies. Adam is a specialist member of the Institute of Risk Management (‘IRM’) and specialises in the delivery of Risk Management audits.

Email | LinkedIn


Verify your Comment

Previewing your Comment

This is only a preview. Your comment has not yet been posted.

Your comment could not be posted. Error type:
Your comment has been saved. Comments are moderated and will not appear until approved by the author. Post another comment

The letters and numbers you entered did not match the image. Please try again.

As a final step before posting your comment, enter the letters and numbers you see in the image below. This prevents automated programs from posting comments.

Having trouble reading this image? View an alternate.


Post a comment

Comments are moderated, and will not appear until the author has approved them.