At KRM22, we believe in a world where organizations operate at their optimal threshold of risk, a philosophy we call Risk as Alpha. When firms have difficulties in implementing effective risk management, they are exposed to significant financial and reputational implications arising from a misalignment to their risk appetite.
In March this year, FCA regulated firms completed their first round of Internal Capital Adequacy and Risk Assessment (ICARA) submissions, which required them to evaluate potential harms that may arise from materializing risks. These assessments should assess any possible negative impacts on three areas;
KRM22 has identified several key challenges that companies face when managing risks in alignment with ICARA requirements.
Due to the lack of standardization in this process, many firms lack confidence in their ability to accurately assess risks in a manner that conforms to regulatory requirements. Assessing potential harms is often a challenging task complicated even further by being done on Excel sheets. With interdependencies difficult to capture, each risk manager essentially starts from scratch for every submission. This process means that many firms have resorted to conducting annual review meetings with each business head, leaving them vulnerable to unexpected losses due to a deviation from their risk appetite.
To effectively assess risks and understand potential harms, firms must involve their first line of defense. While this has been a longstanding issue, it has become more challenging due to the ICARA requirement to capture potential harms. To address this, risk management departments should educate their risk managers on a new process. As with any new process, this can be challenging as those involved may see the changes as a burden, resulting in risk managers spending considerable time collecting information from business heads rather than having them taking ownership from start to finish. Meanwhile, the business heads are often reluctant to take responsibility as the information they need is not in one place and it is difficult for them to delegate the update of their risk register in spread sheets. When business heads do take ownership of the risk management process, they often see large benefit as it allows them to effectively to communicate to senior management when resource is required to mitigate a risk.
ICARA mandates that firms quantify their risks, which determines the amount of capital they need to hold in reserve. However, it is also considered good practice to incorporate financial impact into qualitative assessments, as different levels can be interpreted differently by various stakeholders. For instance, the board of a company may view risk appetite differently from the risk managers. Failing to consider the financial impact of risks can result insignificant discrepancies when aggregating risk. To avoid this issue, risk managers should have a clear understanding of the financial loss associated with their qualitative assessments. This approach enables those assessing risks to comprehend the implications of their actions and simplify process.
Enhancing your ICARA solution is critical to the success of your business. By standardizing the process of assessing potential harms against risks, engaging the first line of defense to ensure relevant data is available, and accurately quantifying risks, organizations can better manage risks and make informed decisions. This, in turn, can reduce the probability of financial losses and reputational damage while improving the overall health of the business, ensuring alignment with their risk appetite.
KRM22 has been collaborating with its clients to standardize risk assessment approaches, enabling organizations to adopt a systematic approach to risk management. Implementing a systematic approach enhances the level of confidence as firms can be assured of their alignment with their risk appetite and have sufficient funds to cover all impacts of a risk materializing.
With KRM22’stoolset, FCA regulated firms are now able to move away from spreadsheets and effectively build a risk-based culture to simplify ICARA submissions. We have several features which can be leveraged to help companies manage risks in alignment with ICARA requirements.
Users are guided through a risk of harms assessment within the system, leveraging an organizations risk matrix this is quantified allowing for potential capital requirements to be understood.
Organizations can customize the standard risk register within the tool to ensure that the risks that are being tracked across their business align to their strategy.
When completing risk assessment users are presented with all relevant information to accurately assess their inherent and residual risk. Users are made aware if anything has changed and can understand if they are aligned to their firm’s risk appetite.
The ICARA process is one use case demonstrating how KRM22 is helping firms achieve a digital risk register. Contact us to find out more about how we can help you.