Sponsored feature: Marsh Risk Consulting

Sound steps towards risk management


Financial institutions face myriad challenges today – the uncertainty of a complex environment coupled with market volatility and global imbalances that could affect their sovereign debt exposure. At the same time, they face mounting pressure from increased regulation and taxation.

The traditional business models of universal banks were threatened by the changing financial and political environments drive in the wake of the financial crisis. Banks needed to de-risk their activities, which resulted in a change of attitude towards risk management. Subsequently, risk managers began to work more closely with boards and played a greater role during the crisis.

Financial institutions have now reached a certain level of maturity in risk management. This new awakening of their risk knowledge and control has made them more confident and able to take more risks. With the risk management safety net, boards now have a higher risk appetite.

Financial risks are still the main concerns of banking institutions, with credit and liquidity being the most important issues, and operational risk coming in third. Risk managers of financial institutions consider that new regulations have done little to reduce their operational risk exposure. However, operational risk management can be improved through the implementation of a global approach, from the establishment of a framework to insurance programme placement. This type of approach is well implemented in European countries like the UK, Switzerland, the Netherlands and France, where financial institutions work on capital relief. However, it is not yet fully implemented in other countries. In eastern Europe, financial institutions have implemented frameworks and they assess operational risk capital; while in India we are beginning to see the emergence of frameworks and insurance decisions more aligned with operational risk.

The global operational risk approach is based on the following key principles:

  • To develop and enhance risk data, including historical losses and risk scenarios
  • To quantify and articulate the appetite/tolerance for operational risk at the group and entity level
  • To capture the mitigating effect of insurance and risk transfer in the firm’s capital models
  • To create a methodology for using information on operational risk exposure and risk appetite to assess the cost benefit of risk retention versus risk transfer
  • To optimise the role and structure of captive insurance and other risk retention strategies – creating a methodology for optimising insurance purchasing at the group level and at the level of individual entity as required
  • To leverage a thorough understanding of risk profile into an advantage in placing the policies in the relevant markets with the best possible terms.
  • The Operational Risk Approach is also designed to assist decision-making by establishing the total cost and benefit of insuring operational risks regardless of whether the entity concerned is adopting the advanced measurement approach (AMA) or remaining on the standardised approach. In addition, the methodology can be adapted to meet differing interpretations of AMA requirements as set by individual national regulators.

Figure 1 provides an overview of the key stages based on the best practices. Naturally, this approach is presented on a prospective basis, which is explained in more detail below.

Step 1
Establishing an operational risk framework in order to align insurance to the operational risk profile, particularly for AMA capital mitigation purposes. 

Step 2
Determining the operational risk profile and risk appetite using loss and exposure data, then communicating group-wide risk appetite and setting parameters for risk posture, limits and tolerances at the level of individual entities.

Step 3
Aligning risk to insurance solutions by reviewing the risk information obtained in step two against the current and prospective policies and programme.

Step 4
Programme design and cost benefit analysis focuses on bringing together all the information generated in the previous steps to quantify and assess the relative value of financing options including risk retention, either through the captive or other means, and alternative insurance programme options.

Step 5
Programme placement is common for both the AMA and non-AMA entities in the bank, and refers to the use of risk profile information generated in the previous steps to facilitate placing the programme in the insurance markets in the best possible terms.

In addition to the implementation of this operational risk approach, financial institutions can improve their resilience with the following actions.

Monitoring the economic and regulatory environments – Current volatility and uncertainty of the economic environment can be taken into account, for example, by creating new scenarios based on identified emerging risks. The regulatory environment is also changing rapidly, therefore, it is essential for organisations to take a proactive stance and implement systems to monitor these environments.

Understanding their risk appetite – Risk appetite is a powerful tool for managing risk and improving business performance. Organisations should establish their risk tolerance parameters and determine a risk strategy for deploying self-finance and other third-party risk transfer techniques, in accordance with their appetite, to retain risk.

Implementing a total cost of risk approach – The total cost of risk is an equation that includes the global cost of self-retained losses, risk management administration expenses and risk transfer costs, for example, insurance premiums. This approach allows organisations to recognise imbalances within their risk management approach and adopt a more integrated one, particularly when there is a tactical focus on immediate cost-savings.

Improving their risk management framework – Benchmarking and the application of international best practice can support organisations in measuring their own level of risk management maturity, but should only be applied in the context of a thorough knowledge and understanding of the organisation.

Click here to view the article in PDF format.


  • LinkedIn  
  • Save this article
  • Print this page  

You need to sign in to use this feature. If you don’t have a Risk.net account, please register for a trial.

Sign in
You are currently on corporate access.

To use this feature you will need an individual account. If you have one already please sign in.

Sign in.

Alternatively you can request an individual account here: