A Risk Taxonomy is the (typically hierarchical) categorization of risk types. A common approach is to adopt a tree structure, whereby risks higher in the hierarchy are decomposed into more specific (granular) manifestations.
Constructing a risk oriented taxonomy follows the general practice and science of taxonomies (classifying things or concepts, including the principles that underlie such classifications).
Risk Taxonomies in Financial Services
There is no over-arching risk taxonomy that applies consistently to the entire financial services industry, let alone to the risk management of broader business / organizational models.
The risk taxonomy enters in risk management activity as a tool to help primarily with the following two tasks:
- Establish a degree of completeness in the coverage of risks
- Identify potential linkages between risks factors
Regulatory Risk Taxonomies
There are a number of separate taxonomies implicit or explicit in the extant regulatory frameworks for financial institutions:
- The high level segmentation into Credit Risk, Market Risk, Operational Risk embedded in the Basel Standards
- The Basel II Operational Risk Taxonomy
- The IT Risk taxonomy
The Open Risk Taxonomy
- to provide means to organize the material incorporated in the Open Risk Manual
- to support the development of a comprehensive and consistent set of Open Source Risk Management Software.
The Open Risk Taxonomy is primarily based on the distinction between contractual and business process risks
You can browser the taxonomy by clicking on the arrows
Issues and Challenges
- The subjective and ever changing nature of many financial system risks means that (in contrast with more durable taxonomies of physical phenomena), risk taxonomies need to be constantly revisited to assess whether they continue being relevant
- One of the weaknesses of using exclusively regulatory prescriptions as the basis for an internal risk management taxonomies is that the regulatory (external) perspective places less weight to day-to-day and (until recently) business model sustainability
- BCBS, Principles for the Sound Management of Operational Risk
- EBA, Final Guidelines on ICT Risk Assessment under SREP
- Open Risk Taxonomy White Paper, 2015