Disruptive changes in the face of pandemics or climate policy require a new approach to managing non-financial risks (NFR) in an increasingly interconnected world, partly because their relevance is steadily increasing.
Analogous to traditional operational risks (OpRisk) such as IT risk or infrastructure risk, non-financial risks are also associated with significant costs and reputational damage. The spectrum is complex and includes, for example, risk events such as cyber-attacks or fraud. They lead to losses and compensation payments, not to mention the loss of trust among your customers. Thus, it is to be expected that non-financial risks will play a role in the foreseeable future - beyond the OpRisk component - for the regulatory surcharge on capital requirements.
To date, the management of non-financial risks - if it exists at all - is almost organized decentralized. It still dispenses with a comprehensive model approach that could reflect the full range of interacting non-financial risks. However, established modelling is all too often stuck in the mindset of classic operational risks, and this falls short here. New methods are urgently needed. They need to be an event-oriented analysis and scenario-oriented analysis, the corresponding reporting as well as the modelling and management of the risks and their impact.
We have developed an integrated framework based on best practices for these complex challenges. It provides a uniform and overlap-free taxonomy of non-financial risks that facilitates the identification of the types of risk defined therein. In addition, the interaction between internal (risk) events and influences of exogenous factors and events in the form of impact graphs is represented. These impact graphs allow the customer-specific modelling of analyses, the use of individual key figures and the creation of an reporting that is tailored to the needs of the addressees. For example, the associated types of risk make it easy to see in which are.
The Corona pandemic causes novel non-financial risks such as increased, long-term employee outages. This leads, for example, to the delay of projects on important regulatory issues. The Bank can no longer act in accordance with applicable rules and there is a risk of corresponding impact on reputation, financial, earnings and assets. Based on the associated types of risk, it is easy to see in which areas of responsibility the risk drivers lie and in which areas the consequences have an impact.
Our adaptable NFR framework flexibly addresses every point in the risk cycle, enabling a comprehensive mapping, management and communication of each individual risk, from the introduction and allocation of the risk event and the types of risks to the connection in impact graphs to individual analysis, benchmarking and adequate reporting.