is a web-based environment that provides a set of related subscription services designed to enhance a business’s
ability to identify and monitor real-time risk metrics via an embedded KRI Framework. KRIeX includes an industry generated Library
of risk indicators KRI Library
; an on-line service to support the collection, aggregation,
and management of risk indicators across a corporation KRI Monitoring
; and a benchmarking
platform for internal or external (peer group) comparison KRI Benchmarking
RiskBusiness publishes guidance on three lines of defence
While there has been a lot of discussion as to what constitutes a three lines of defence model, there remains across all industries and especially within financial services, little understanding of the ramifications of actually implementing a risk agnostic, organisation-wide three lines of defence model.
Drawing upon its experiences in working with a wide range of firms across the globe, of different size, complexity and management structure, RiskBusiness has established a step-by-step guide to help firms establish a robust, proactive three lines of defence model which can stand the test of time. The resultant approach allows for custom models – there is no one size fits all – which have been tried and tested in corporate entities, banks, insurers, asset managers and other firms.
“Three lines of defence is not about risk management,” states Mike Finlay, chief executive of RiskBusiness International. “You cannot try and apply a model that affects corporate structure, individual accountability and, as a consequence, corporate culture by thinking it is a risk management initiative – even worse if you think it only applies to operational risk and perhaps to the compliance function. Three lines of defence is integral to the DNA of the firm, it starts with the vision, mission and values, flows through corporate governance, corporate strategy and overall business objectives into the everyday functioning and decision making of the entire enterprise. It is all about the core principles we base our business on – and how we measure ourselves against the achievement of those principles and our business objectives.”
Global regulation, particularly in the financial services industry, is increasingly focussing on good governance and how the Board and executive management behave and run the enterprise. To comply with the ever increasing volume of regulation and to achieve the firm’s potential, every enterprise should implement a robust governance structure which embraces the three lines of defence concept, making this guidance an invaluable resource for every firm, irrespective of geography, size or nature.
The Library also includes a risk analysis framework that allows a subscriber to view and navigate the content via product/service
risk profiles as a means of identifying key areas of operational risk exposure within the firm. These risk profiles map exposures to
individual operational risk categories within various business processes on a risk point basis and represent inputs from more than 70
firms globally, creating "industry risk profiles"
. The KRI Library has benefitted from broad industry participation and
input. It is structured by industry type, with financial services covered in detail, although much of the core content is applicable to any
corporation. It constitutes a widely accepted standard in terms of the taxonomy of risk embedded in the framework, how content is accessed
and analysed, and in the specific content of each metric record.
has introduced a companion service to the KRI Library, the Scenario Library, which employs the same structured
framework for identifying areas of operational risk exposure affecting the international financial services community. Subscribers
can now use the KRIeX industry risk profiles
to identify, risk point by risk point, historical public loss events which can
assist the firm in evaluating whether the specific form of risk could adversely affect it; KRIs to measure and monitor its current
exposure to that risk; and now, scenarios to assess potential future worst case exposure.
The KRI Library is a living repository, with additional metrics being added on an ongoing basis, both resulting from peer group
workshops facilitated by RiskBusiness
and from suggestions and proposals from subscribers. Ongoing research is focussed on
assessing which indicators are the most appropriate for specific risk points by product/service area within the different major
financial services business lines as well as incorporating the control type and causal classification elements of the
Taxonomy Service into the KRI Library.
For more information on the KRI Library or any related RiskBusiness
Service, contact us at info@KRIeX.org