Principles for an Effective Risk Appetite Framework
The FSB Principles set out key elements for: (i) an effective risk appetite framework, (ii) an effective risk appetite statement, (iii) risk limits, and (iv) defining the roles and responsibilities of the board of directors and senior management (see Section III). The Principles aim to enhance the supervision of systemically important financial institutions (SIFIs) but are also relevant for the supervision of financial institutions and groups more generally, including insurers, securities firms and other non-bank financial institutions. For non-SIFIs, supervisors and financial institutions may apply the Principles proportionately so that the RAF is appropriate to the nature, scope and complexity of the activities of the financial institution.
The FSB Principles are high level to allow financial institutions to develop an effective RAF that is institution-specific and reflects its business model and organisation, as well as to enable financial institutions to adapt to the changing economic and regulatory environment in order to manage new types of risk. Establishing an effective RAF helps to reinforce a strong risk culture at financial institutions, which in turn is critical to sound risk management. A sound risk culture will provide an environment that is conducive to ensuring that emerging risks that will have material impact on an institution, and any risk-taking activities beyond the institution's risk appetite, are recognised, escalated, and addressed in a timely manner.
An appropriate RAF should enable risk capacity, risk appetite, risk limits, and risk profile to be considered for business lines and legal entities as relevant, and within the group context. Subsidiaries of groups, in particular of SIFIs, should have a risk appetite statement that is consistent with the institution-wide RAF and risk appetite. The elements of the RAF should be applied at the business line and legal entity levels in a manner that is proportionate to the size of the exposures, complexity and materiality of the risks. Materiality should be determined by financial institutions, and discussed with supervisors, in accordance with their internal assessments of risk appetite, risk capacity and risk profile, having regard to capital, liquidity and earnings at the entity level.