ERM Glossary: Risk management policy or
Risk policy
[this page | pdf | references | back links]
A firm’s risk management policy (or
‘risk policy’ for short) outlines the way in which it manages (or plans to
manage) each relevant and material category of risk, both strategically and
operationally. The policy should also describe how the way it manages risks link
with the firm’s risk appetite, risk tolerance and risk limits, supervisory
capital requirements and economic capital. It should also describe the
processes and methods the firm uses to monitor risk.
Some regulatory frameworks include specific requirements for
risk management policies and/or place them in the context of a wider set of
policies an organisation is required to establish.
For example, for insurers in the EU, EIOPA’s Guidelines on system
of governance indicates that an insurance undertaking should establish a
risk management policy which at least:
a) defines
the risk categories and the methods to measure the risks;
b) outlines
how the undertaking manages each relevant category, area of risks and any potential
aggregation of risks;
c) describes
the connection with the overall solvency needs assessment as identified in the
ORSA, the regulatory capital requirements and the undertaking’s risk tolerance
limits;
d) specifies
risk tolerance limits within all relevant risk categories in line with the
undertaking’s risk appetite; and
e) e)
describes the frequency and content of regular stress tests and the situations
that would warrant ad-hoc stress tests.
It also puts the undertaking’s risk management policy in
context. For example, it indicates that within its overall risk management
policy, such an undertaking should have policies that address specific types of
risk, e.g. underwriting and reserving risk, operational risk, strategic and
reputational risk, asset and liability management risk, investment risk, liquidity
risk, etc. It also indicates that its overall system of governance should
include policies on other topics such as on remuneration, application of “fit and
proper” requirements for its staff and directors, capital management, internal
audit, asset and liability valuation, etc.
NAVIGATION LINKS
Contents | Prev | Next