Non-financial risks:

analyze comprehensively, communicate clearly, manage centrally 

Disruptive changes in the face of pandemics or climate policy require a new approach to managing non-financial risks (NFR) in an increasingly interconnected world, partly because their relevance is steadily increasing.

Analogous to traditional operational risks (OpRisk) such as IT risk or infrastructure risk, non-financial risks are also associated with significant costs and reputational damage. The spectrum is complex and includes, for example, risk events such as cyber-attacks or fraud. They lead to losses and compensation payments, not to mention the loss of trust among your customers. Thus, it is to be expected that non-financial risks will play a role in the foreseeable future - beyond the OpRisk component - for the regulatory surcharge on capital requirements.

Would you like to learn more?


We will send you further information.

The initial situation

To date, the management of non-financial risks - if it exists at all - is almost organized decentralized. It still dispenses with a comprehensive model approach that could reflect the full range of interacting non-financial risks. However, established modelling is all too often stuck in the mindset of classic operational risks, and this falls short here. New methods are urgently needed. They need to be an event-oriented analysis and scenario-oriented analysis, the corresponding reporting as well as the modelling and management of the risks and their impact.

Our approach: An integrated framework with impact graphs 

We have developed an integrated framework based on best practices for these complex challenges. It provides a uniform and overlap-free taxonomy of non-financial risks that facilitates the identification of the types of risk defined therein. In addition, the interaction between internal (risk) events and influences of exogenous factors and events in the form of impact graphs is represented. These impact graphs allow the customer-specific modelling of analyses, the use of individual key figures and the creation of an reporting that is tailored to the needs of the addressees. For example, the associated types of risk make it easy to see in which are.

The Corona pandemic causes novel non-financial risks such as increased, long-term employee outages. This leads, for example, to the delay of projects on important regulatory issues. The Bank can no longer act in accordance with applicable rules and there is a risk of corresponding impact on reputation, financial, earnings and assets. Based on the associated types of risk, it is easy to see in which areas of responsibility the risk drivers lie and in which areas the consequences have an impact.

Based on the ifb model, we support you comprehensively from the analysis of your initial situation up to the comprehensive, networked risk management in all relevant questions:

  • What exactly are the non-financial risks in my company, what types of risks are included and which are not? We know the demarcation problematik and guide you structured through this complex topic area.
  • How should my company deal with non-financial risks and categorize the individual risk areas? Which delimitations make sense and what belongs together? Where are material effects and, finally, is everything thought of? Based on our standardized procedure model, we manage with you structured through this analysis process.
  • How do we detail the complex types of risk? How do we illustrate the manifold connections between them? Our tools and illustrative examples also ensure a fast project start and process when it comes to  recording and mapping of impact graph. 
  • How can the defined risk events be analyze and evaluate? How can the findings be mapped and visualized in reporting and used for control purposes both in management and in the specialist area? What is the overall view? We develop a tailor-made key figure classification and corresponding reporting for you, combined with methods of machine learning.

Our adaptable NFR framework flexibly addresses every point in the risk cycle, enabling a comprehensive mapping, management and communication of each individual risk, from the introduction and allocation of the risk event and the types of risks to the connection in impact graphs to individual analysis, benchmarking and adequate reporting.

Recommend