Do you know who is who? Three lines of defence in the context of NFR

Bina Lehmann

Contents

Foreword

Preface

Introduction

Introduction to Part I: The origins of non-financial risk management

1.

The complete history of operational risk regulation (abridged)

2.

Financial institutions and non-financial risk: Learning from the corporate approach

3.

The painful financial side of NFR

4.

“Risk management is about managing risk” and “It’s all about people”: Psychology might be more important than models

5.

The confusion of Babel: What’s in the name NFR – taxonomy

Introduction to Part II: Governance of non-financial risk management

6.

“It’s the culture, stupid”: Risk culture as the key building block of NFR management – and why some banks have come through the Covid-19 pandemic better than others

7.

Do you know who is who? Three lines of defence in the context of NFR

8.

Herding cats? NFR divisions as truly diverse units

9.

“Just do it!”: Partially self-organising governance structures for NFR frameworks

Introduction to Part III: Tools and instruments for non-financial risk management

10.

A risk by any other name: Identification, classification and agendas

11.

Old but gold? Mastering the RCSA despite Covid-19

12.

Biases in scenario analyses and how to mitigate them

13.

When scenarios are not severe enough: Stress testing for non-financial risk

14.

Ending NFR in NFR: From Excel sheets to professional IT systems for NFR management

15.

Breaking up with risk management: Using the power of controls for good not the prevention of evil

Introduction to Part IV: Focus areas of non-financial risk management

16.

It won’t be over after Covid-19: Pandemics and operational resilience

17.

Dealing with IT complexity and innovation: Delivering business resilience and customer outcomes

18.

Protecting the new gold: Information security

19.

Conduct risk and the impact of Covid-19

20.

From lawsuits to models: Compliance risk and financial crime

21.

Others are doing it cheaper: But can they really? Opportunities and risks in outsourcing

22.

Managing reputation and stakeholders

Introduction to Part V: The future of non-financial risk management

23.

ESG risk as a new (and very important) trigger for NFR

24.

Looking into the crystal ball: What will NFR management look like in 2030?

25.

This time will be different: An alternative future of NFR management

26.

Right time, right place: The drive for change in operational and non-financial risk

Taking risks is an integral part of every decision. We cannot “not” take risks. This applies to business as well as private decisions. Going to (or staying in) bed is risky, as statistically most people die in bed. Getting up in the morning is also risky, as we may slip on a carpet and sprain an ankle. What we can do, however, is take risks smartly. Smart risk taking means identifying and taking risks consciously, not avoiding risks by all means. We all want to get up and go somewhere during our day, so it is better to mitigate that risk and purchase a non-skidding bedside carpet.

WHY DO WE NEED TO REVIEW RISK GOVERNANCE?

If all outcomes of a business decision were known, the gains and the losses, a business manager would be able to take the optimum decision in the best long-term interests of the company. An incentive system that appropriately represents the known gains and risks from a decision could be established to ensure this is happening, and a separate risk manager would not be needed. However, reality provides us with two fundamental challenges.

  1. Risk is about uncertainty. Niels Bohr put this tricky situation into words: “Prediction is very difficult, especially if

Sorry, our subscription options are not loading right now

Please try again later. Get in touch with our customer services team if this issue persists.

New to Risk.net? View our subscription options

If you already have an account, please sign in here.

You need to sign in to use this feature. If you don’t have a Risk.net account, please register for a trial.

Sign in
You are currently on corporate access.

To use this feature you will need an individual account. If you have one already please sign in.

Sign in.

Alternatively you can request an individual account here: