ERM Glossary: Risk management policy or Risk policy

[this page | pdf | references | back links]

A firm’s risk management policy (or ‘risk policy’ for short) outlines the way in which it manages (or plans to manage) each relevant and material category of risk, both strategically and operationally. The policy should also describe how the way it manages risks link with the firm’s risk appetite, risk tolerance and risk limits, supervisory capital requirements and economic capital. It should also describe the processes and methods the firm uses to monitor risk.


Some regulatory frameworks include specific requirements for risk management policies and/or place them in the context of a wider set of policies an organisation is required to establish.


For example, for insurers in the EU, EIOPA’s Guidelines on system of governance indicates that an insurance undertaking should establish a risk management policy which at least:


a)       defines the risk categories and the methods to measure the risks;

b)      outlines how the undertaking manages each relevant category, area of risks and any potential aggregation of risks;

c)       describes the connection with the overall solvency needs assessment as identified in the ORSA, the regulatory capital requirements and the undertaking’s risk tolerance limits;

d)      specifies risk tolerance limits within all relevant risk categories in line with the undertaking’s risk appetite; and

e)      e) describes the frequency and content of regular stress tests and the situations that would warrant ad-hoc stress tests.


It also puts the undertaking’s risk management policy in context. For example, it indicates that within its overall risk management policy, such an undertaking should have policies that address specific types of risk, e.g. underwriting and reserving risk, operational risk, strategic and reputational risk, asset and liability management risk, investment risk, liquidity risk, etc. It also indicates that its overall system of governance should include policies on other topics such as on remuneration, application of “fit and proper” requirements for its staff and directors, capital management, internal audit, asset and liability valuation, etc.

Contents | Prev | Next

Desktop view | Switch to Mobile