Risk Appetite

From Open Risk Manual


Risk Appetite (also Risk Tolerance) denotes the set of explicit internal organization statements that capture the degree of risk the entity is willing to accept while pursuing its Business Model. It denotes total amount and type of risk that an organization is prepared to accept, tolerate, or be exposed to at any point in time.

Risk appetite statements must in general be translated into concrete policies, practices and management frameworks.


Risk appetite and risk appetite frameworks came to prominence after the Great Financial Crisis, as a mechanism to enhance awareness and ownership of risk by the senior management of organizations. By-and-large the structure of such frameworks reflects best practice ideas employed at lower-level risk management. Key difference is the abstraction to include the organization as a whole, including for example all its risks, resources etc.

Risk Appetite Framework

Risk appetite is an important high level element of the broader / more detailed Risk Management Framework. The concrete elements of the risk management framework that capture "risk appetite" are usually denoted collectively as the Risk Appetite Framework (RAF).

Risk Appetite Statement

The Risk Appetite Statement is a (usually short) document / excerpt that articulates the organization's formal recognition of risk and risk capacity in verbal terms. This document may be disclosed in company annual reports / websites etc.

Regulatory Expectations in Banking

Most supervisors do not provide banks with detailed requirements to follow in developing their risk appetite.[1] This is in part to ensure that banks understand the risks they face, and also that they fully accept responsibility for managing and mitigating these risks. However, many supervisors do have expectations with respect to some facets of the risk appetite development process:

  • a bank’s risk appetite should cover all the material risks to which it is exposed.
  • the risk appetite should be linked to the Risk Strategy of the bank
  • there should be a linkage between a bank’s risk appetite and some set of targets, limits, tolerances, triggers or thresholds for consistency purposes.
  • the risk appetite framework to be fully integrated in its decision-making processes and risk management, and
  • aligned with the bank ́s Business Plan, strategy, capital planning and employee remuneration practices

Issues and Challenges

  • Whereas a general "gauge" of institutional risk appetite can be established fairly easily (e.g., limited or moderate overall risk appetite, zero appetite for reputation risk etc.) it is more challenging to have a consistent and concrete realization of such statements uniformly across the risk landscape
  • It is challenging to have a dynamic risk appetite framework (a framework that responds to unfolding events and information in an effective and consistent manner)

See Also


  1. Basel Committee on Banking Supervision, "Overview of Pillar 2 supervisory review practices and approaches", June 2019