This time will be different: An alternative future of NFR management

Christian Hunt





Introduction to Part I: The origins of non-financial risk management


The complete history of operational risk regulation (abridged)


Financial institutions and non-financial risk: Learning from the corporate approach


The painful financial side of NFR


“Risk management is about managing risk” and “It’s all about people”: Psychology might be more important than models


The confusion of Babel: What’s in the name NFR – taxonomy

Introduction to Part II: Governance of non-financial risk management


“It’s the culture, stupid”: Risk culture as the key building block of NFR management – and why some banks have come through the Covid-19 pandemic better than others


Do you know who is who? Three lines of defence in the context of NFR


Herding cats? NFR divisions as truly diverse units


“Just do it!”: Partially self-organising governance structures for NFR frameworks

Introduction to Part III: Tools and instruments for non-financial risk management


A risk by any other name: Identification, classification and agendas


Old but gold? Mastering the RCSA despite Covid-19


Biases in scenario analyses and how to mitigate them


When scenarios are not severe enough: Stress testing for non-financial risk


Ending NFR in NFR: From Excel sheets to professional IT systems for NFR management


Breaking up with risk management: Using the power of controls for good not the prevention of evil

Introduction to Part IV: Focus areas of non-financial risk management


It won’t be over after Covid-19: Pandemics and operational resilience


Dealing with IT complexity and innovation: Delivering business resilience and customer outcomes


Protecting the new gold: Information security


Conduct risk and the impact of Covid-19


From lawsuits to models: Compliance risk and financial crime


Others are doing it cheaper: But can they really? Opportunities and risks in outsourcing


Managing reputation and stakeholders

Introduction to Part V: The future of non-financial risk management


ESG risk as a new (and very important) trigger for NFR


Looking into the crystal ball: What will NFR management look like in 2030?


This time will be different: An alternative future of NFR management


Right time, right place: The drive for change in operational and non-financial risk

In the early days of my regulatory career as head of department at the UK Financial Services Authority (FSA),11 The FSA was a quasi-judicial body accountable for regulating the financial services industry in the UK between 2001 and 2013. it became clear I would need a simple way of describing what I did to those unfamiliar with it, partly because the terms “regulator” or “supervisor” I would normally use would often turn into highly effective conversation stoppers. I therefore came up with a far more creative and intentionally provocative framing of my role: I’d tell people my job involved “trying to stop bad things from happening”.

As a means of conversation, it worked really well. Usually, it elicited one of two reactions: “What do you mean ‘trying to’? Shouldn’t you actually be stopping them?” and “What are those ‘bad things’?”. Both responses allowed me to explain the fundamental nature of the job. As a regulator, you are in the business of managing risk, not eliminating it. In part, this is because you are entirely dependent on the people within the firms you’re regulating, who are helping you meet those objectives. You have tools allowing you to achieve that aim, but

Sorry, our subscription options are not loading right now

Please try again later. Get in touch with our customer services team if this issue persists.

New to View our subscription options

You need to sign in to use this feature. If you don’t have a account, please register for a trial.

Sign in
You are currently on corporate access.

To use this feature you will need an individual account. If you have one already please sign in.

Sign in.

Alternatively you can request an individual account here