Independent Risk Management

From Open Risk Manual


Independent Risk Management is, in the context of banking regulation,[1] a function within the financial firm that operates (relatively) independently from the remainder of the firm (usually denoted the business). Organizationally it falls under the direction of a Chief Risk Officer (CRO), a senior position with sufficient stature, independence, resources and access to the management board.

In the popular Three Lines of Defense paradigm of Risk Management the independent risk function is a key component of the bank’s second line of defence. The function is responsible for overseeing risk-taking activities across the enterprise and should have authority within the organisation to do so.

Key Activities

  • identifying material individual, aggregate and emerging risks;
  • assessing these risks and measuring the bank’s exposure to them;
  • subject to the review and approval of the board, developing and implementing the enterprise-wide risk governance framework, which includes the bank’s risk culture, risk appetite and risk limits;
  • ongoing monitoring of the risk-taking activities and risk exposures in line with the board-approved risk appetite, risk limits and corresponding capital or liquidity needs (ie capital planning);
  • establishing an early warning or trigger system for breaches of the bank’s risk appetite or limits;
  • influencing and, when necessary, challenging decisions that give rise to material risk;
  • reporting to senior management and the board or risk committee on all these items, including but not limited to proposing appropriate risk-mitigating actions.


The risk management function should be sufficiently independent of the business units and should not be involved in revenue generation. Such independence is an essential component of an effective risk management function, as is having access to all business lines that have the potential to generate material risk to the bank as well as to relevant risk-bearing subsidiaries and affiliates


  1. BIS D328, Corporate governance principles for banks, July 2015

Contributors to this article

» Wiki admin