Financial Services Sector: Principles Based Guidance for Risk Committees

Financial Services Sector: Principles Based Guidance for Risk Committees

Aug 11, 2021

The Risk Coalition has published (4 December 2019) its principles-based guidance for board risk committees and risk functions in the UK financial services sector. The guidance comprises eight principles for risk committees and nine principles for risk functions.


The guidance, “Raising the Bar”, which provides detailed practical guidance on the implementation of the good practice principles, is intended to be used on an "apply or explain" basis, with firms encouraged to disclose publicly the extent of their application of the guidance.


It assumes that firms will adopt a "Three Lines of Defence" approach to their risk management function under which risk will be managed, in the first instance, by management, and in the second by the robust, independent oversight and challenge of management's risk-taking activities and thirdly by the work of the internal audit function.


Though many of the principles and guidance are well-established, Raising the Bar attempts to provide a single, slim authoritative document, some of whose recommendations are challenging. The guidance emphasises the importance and seniority of a Chief Risk Officer (CRO) or equivalent, as well as their independence. Risk committees and CROs can and should aggregate and communicate risk information from across a business and its environment to the board. There should be one holistic view for the Board.

The principles for risk committees are:

  1. Board accountability
  2. Composition and membership
  3. Risk strategy and risk appetite
  4. Principal risks and continued viability
  5. Risk management and internal control systems
  6. Risk information and reporting
  7. Risk culture and remuneration
  8. Chief risk officer and risk function independence and objectivity

The risk function principles are:

  1. Independent risk oversight and challenge
  2. Independent and objective perspective
  3. Risk governance
  4. Risk reporting
  5. Corporate strategy and objectives
  6. Risk function independence and effectiveness
  7. Risk culture
  8. Innovation and change
  9. Group risk functions