Risk Appetite (also Risk Tolerance) denotes the set of explicit internal firm statements that capture the degree of risk the firm is willing to accept while pursuing its business model. Risk appetite statements must in general be translated into concrete policies, practices and management frameworks.
Risk appetite and risk appetite frameworks came to prominence after the Great Financial Crisis, as a mechanism to enhance awareness and ownership of risk by the senior management of organizations. By-and-large the structure of such frameworks reflects best practice ideas employed at lower-level risk management. Key difference is the abstraction to include the organization as a whole, including for example all its risks, resources etc.
Risk Appetite Framework
Risk appetite is an important high level element of the broader / more detailed Risk Management Framework. The concrete elements of the risk management framework that capture "risk appetite" are usually denoted collectively as Risk Appetite Framework (RAF). This normally comprises:
- a strategic plan and objectives versus risk taking
- a risk appetite statement
- high level risk limits
- monitoring and reporting activities that compare risk profile versus appetite
- mechanisms for the control and correction of the risk profile when it deviates from the stated risk appetite
- a framework for reassessing risk appetite in light of changes in business or control environments
Risk Appetite Statement
The Risk Appetite Statement is a (usually short) document / excerpt that articulates the firm's risk capacity in verbal terms. This document may be disclosed in company annual reports / websites etc.
Issues and Challenges
- Whereas a general "gauge" of institutional risk appetite can be established fairly easily (e.g., limited or moderate overall risk appetite, zero appetite for reputation risk etc.) it is more challenging to have a consistent and concrete realization of such statements
- It is even further challenging to have a dynamic risk appetite framework (that responds to unfolding events and information)