- Neu
E-Book
E-Book, Englisch, 400 Seiten
Gittfried / Lienke / Seiferlein Non-financial Risk Management in the Financial Industry
A Target Operating Model
revised and extended
ISBN: 978-3-95647-238-1
Verlag: Frankfurt School Forum
Format: EPUB
Kopierschutz: 6 - ePub Watermark
revised and extended
ISBN: 978-3-95647-238-1
Verlag: Frankfurt School Forum
Format: EPUB
Kopierschutz: 6 - ePub Watermark
A Target Operating Model
E-Book, Englisch, 400 Seiten
ISBN: 978-3-95647-238-1
Verlag: Frankfurt School Forum
Format: EPUB
Kopierschutz: 6 - ePub Watermark
Managing compliance, operational, digital, AI and sustainability risks has become increasingly critical for businesses in the financial services industry. Furthermore, expectations by regulators are ever more demanding, while monetary sanctions are being scaled up. Accordingly, non-financial risk (NFR) management requires sophistication in various aspects of a risk management system. This handbook analyses a major success factor necessary for meeting the requirements of modern risk management: an institution-specific target operating model - integrating strategy, governance & organisation, risk management, data architecture and cultural elements to ensure maximum effectiveness. Fully updated to reflect the latest regulatory and industry developments, the second edition features two brand-new chapters on the deployment of (Gen) AI in non-financial risk management and cyber resilience in financial institutions. The book has been written by senior NFR experts from key markets in Europe, the US and Asia. It gives practitioners the necessary guidance to master the challenges in today's global risk environment. Each chapter covers key regulatory requirements, major implementation challenges as well as both practical solutions and examples.
Gittfried / Lienke / Seiferlein
Non-financial Risk Management in the Financial Industry jetzt bestellen!
Autoren/Hrsg.
Weitere Infos & Material
1 Introduction: Rising to the Challenges of Non-Financial Risk Management
Dr. Bernhard Gehra, Jannik Leiendecker, Dr. Georg Lienke
Historically, financial institutions have concentrated their risk management efforts on financial exposures directly linked to core business activities. In recent years, however, non-financial risk (NFR) management has gained prominence – driven by a rapidly evolving mix of regulatory expectations, societal pressures, and emerging technological as well as geopolitical risks. New rules on responsible AI, heightened scrutiny of data protection and cyber resilience, and the operational risks linked to cloud adoption and third-party dependencies are reshaping the institutions’ obligations to monitor, mitigate, and manage risk. At the same time, tightened regulatory expectations towards management of sustainability risks – such as the latest guidance from the European Banking Authority (EBA) – are urging banks and financial institutions to take action and recognize sustainability-related risks in their risk management processes.
The need for a robust and adaptable NFR framework becomes particularly evident in times of systemic disruption. This was clearly demonstrated during the Russia–Ukraine conflict, when an unprecedented wave of sanctions required financial institutions to react rapidly and decisively across jurisdictions. In today’s environment, cyber threats and AI-related vulnerabilities represent similar systemic challenges: They evolve rapidly, cut across organizational boundaries, and often require cross-functional crisis response. In parallel, regulatory enforcement has intensified. Fines for failures in anti-money laundering (AML) and related compliance areas have exceeded 300 billion globally between 2013 and 2023, particularly impacting North American and European institutions.[1] Effective non-financial risk management is no longer just a support function – it is a strategic capability and a prerequisite for institutional resilience.
This handbook explores the key success factors for mastering the evolving demands of non-financial risk management. It introduces an institution-specific target operating model (TOM) that integrates all essential components – strategy, governance, risk management, information and communication technology, data architecture, digitization, artificial intelligence, and ethics – into a cohesive framework. Authored by senior experts in NFR, compliance, and sustainability from Europe, North America, and Asia, this book provides practitioners with the practical guidance needed to navigate today’s increasingly complex risk environment. Each chapter combines a clear overview of regulatory expectations with actionable insights, implementation challenges, and real-world examples from across the financial sector.
1.1 New risks and challenges
The non-financial risk landscape has evolved dramatically in recent years. Financial institutions now face a diverse and growing array of external and internal risk drivers – from geopolitical instability and climate regulation to reputational exposure, cybersecurity threats, and responsible AI. These developments are mirrored by an increasingly complex regulatory environment, including new and far-reaching obligations such as the Digital Operational Resilience Act (DORA), and AI-specific legislation. As a result, non-financial risks are no longer confined to specialist teams; instead, they are becoming central to strategic decision-making processes, regulatory compliance, and stakeholder trust.
According to a recent BCG report, three issues stand out as particularly pressing: the rising importance of emissions reporting, the growing threat of reputational damage through adverse media coverage, and the emergence of responsible AI and data protection as core compliance concerns. These trends reflect the extent to which new risk types are rapidly gaining relevance – and in many cases overtaking traditional compliance topics in respect to their urgency.[2]
Many institutions have responded to these developments with isolated, reactive measures – layering new controls and reporting mechanisms onto legacy frameworks without stepping back to assess overall coherence. This often leads to fragmentation, duplicative assurance efforts, and an escalating complexity – particularly as internal compliance demands increasingly match or even exceed those from external regulators. Ambiguities in governance, inconsistent risk definitions, and siloed responsibilities inhibit the ability to manage non-financial risks transparently and effectively.
Despite the potential of advanced technologies to support risk management, adoption remains narrow. AI, for instance, is frequently applied to administrative tasks, while its strategic potential – and its corresponding risks – is still insufficiently explored. The growing mismatch between risk complexity and organizational readiness is compounded by regional divergence in regulatory priorities and expectations, placing a particular strain on global financial institutions.
In this environment, the traditional models of non-financial risk management are reaching their limits. Institutions must rethink their definition, organization, and prioritization of risks – not only to remain compliant but to stay resilient. This calls for a shift toward holistic, adaptive frameworks that balance resilience with simplicity, and regulatory fulfilment with operational focus.
1.2 A forward-looking solution for non-financial risk management in the financial industry
To continue to thrive in an increasingly challenging risk environment, financial institutions need to develop a sophisticated approach to non-financial risk management. This can be done by establishing an institution-specific non-financial risk TOM, which will subsequently allow for a proper definition of risks, creating an integrated view of the 3LoD and building an effective internal control system – informing a sensible executive decision-making that can prevent inevitable risks getting out of control.
This handbook outlines the key ingredients of a non-financial risk TOM for financial institutions. The book sections follow a consistent structure: chapters start with an individual introduction to the topic at hand, followed by a summary of key regulatory expectations across the EU, the US and Asia. Each chapter assesses operational challenges and complexities, and it delivers approaches to define solutions based on industry success factors. Chapters are augmented by practical, hands-on examples from seasoned practitioners. They conclude with the summaries of key takeaways.
1.3 Defining and aligning non-financial risk categories
Risks are inherent to every business model, so that a zero-risk tolerance approach is in fact counter-intuitive. Historically, financial institutions have focused their attention on financial risks, including credit risk, market risk, liquidity risk and funding risks, aggregating the remainder under a category most often labelled as operational risk. Recently, non-financial risks have evolved as an independent category for risk management, allowing for a more tailored approach to management of individual non-financial risks. Chapter 2 provides a general definition of non-financial risk, delineates non-financial risk from financial risk, and provides definitions for categories and types of non-financial risk for financial institutions.
1.4 Establishing a non-financial risk appetite framework to prevent an undesirable risk-taking
Following the definition of non-financial risk, chapter 3 provides a holistic approach to defining a non-financial risk appetite framework for financial institutions across three levels. This includes qualitative risk appetite statements for individual non-financial risk categories, outlining the level and types of risk that the financial institution is willing to take on in order to achieve its strategic objectives and business plan (level 1). Qualitative risk appetite statements are broken down into risk appetite metrics and corresponding thresholds, enabling institutions to set quantifiable tolerance levels for non-financial risk and underlying operational activities (level 2). Level 3 cascades the risk appetite framework to business lines and entity levels via pre-defined key risk indicators, facilitating the early detection of potential deviations from risk appetite objectives and potentially triggering timely interventions. The chapter also draws an outline of the corresponding governance that is required to operate a risk appetite framework.
1.5 Building key governance and organizational pillars for non-financial risk management
Three chapters outline the governance and organizational structures required for sustainable non-financial risk management, standing on three major pillars. The three lines of defense (LoD) model (chapter 4) defines the roles and responsibilities of the first LoD (front, middle and back office), the second LoD (risk control functions) and the third LoD (internal audit). The chapter focuses on the independence of second-LoD control functions and describes the concept of risk coordinating functions in the first LoD as a regulatory competence center, coordination unit and interface to the second...
Bitte ändern Sie das Passwort
