The Risk Coalition has published its long-awaited final principles-based guidance for UK board risk committees – urging firms to adopt the principles early to meet the “challenging” framework.
In its guidance report, titled ‘Raising the Bar’, the Risk Coalition outlines separate guidance of eight principles for board risk committees and nine principles for risk functions.
In the document, the Risk Coalition warns that elements of the guidance – in particular, its strong focus on accountability – “may prove challenging, or even contentious initially” for some organisations.
Professor Michael Mainelli, alderman and sheriff of the City of London, and executive chairman of Z/Yen Group, said in the foreword: “Though many of the principles and guidance are well-established, Raising the Bar attempts to provide a single, slim, authoritative document, some of whose recommendations are challenging.”
As a result, the Coalition is urging organisations to consider “early adoption” of the final guidance.
The eight risk committee principles cover board accountability, composition and membership, risk strategy and risk appetite, principal risks and continued viability, risk management and internal control systems, risk information and reporting, risk culture and remuneration, chief risk officer and risk function independence and objectivity.
According to the final guidance, the board risk committee is primarily an advisory committee to the board, but the board “retains ultimate accountability for the organisation’s principal risks and for the overall effectiveness of its risk management arrangements”.
In addition, Principle A8 sets out that the board risk committee should oversee the performance of the chief risk officer and, in meeting this principle, should “periodically challenge and assess the continued independence and objectivity of the chief risk officer and risk function”.
The nine risk function principles include independent risk oversight and challenge, independent and objective perspective, risk governance and risk reporting.
The guidance assumes that organisations operate what the Risk Coalition calls a ‘Three Lines of Defence Model’, in which first line management is responsible for risk-taking, the second line is responsible for providing “robust, independent oversight and challenge” of first line risk-taking, while the third line provides independent assurance over the organisation’s governance, risk and internal control arrangements.
Dame Susan Rice, chair of the Scottish Fiscal Commission and chair of the Banking Standards Board, called the final guidance “sensible, helpful, understandable and appealing” and added that it could have “a very significant impact”.
The Coalition initially launched its Risk Guidance Initiative in 2018 to meet the need for coherent, good practice guidance for board risk committees and risk functions within the UK financial services sector.Last Updated: 9 January 2020