OCC's Board of Directors recently approved the adoption of OCC's Risk Appetite Framework. Executive Chairman Craig S. Donohue shares insights on the framework's design that ensures material risks impacting OCC are monitored, identified, analyzed and addressed in a timely and effective manner.
What is OCC's Risk Appetite Framework?
Our Risk Appetite Framework, or RAF, is a tool that helps OCC achieve its risk management goals by communicating acceptable risk levels to employees and the Board. It allows OCC to articulate the level and types of risk that it is willing to assume to achieve the company's strategic objectives. The RAF includes risk statements, risk metrics and an outline of the roles and responsibilities of those overseeing the implementation and monitoring of the risk at OCC.
How does this RAF help OCC in its critical role of promoting financial stability in the marketplace?
The RAF is designed to ensure that OCC monitors and takes action on situations in which limits set within the Board-approved risk appetite are breached. It is also expected of systemically important institutions like OCC because it is an excellent tool to help OCC identify acceptable limits in relation to taking and measuring risk. Having a clear understanding of the risk limits sets the tone for risk culture across the organization and helps ensure that business decisions are made within the limits set by the RAF.
What does the RAF look at, and what are the risk categories?
OCC's Enterprise Risk Management team developed a risk universe to ensure that all material areas of risk are monitored by the RAF. There are six risk categories in this OCC risk universe: Financial, Operational, Technology, Legal/Regulatory, Strategic and Reputational. Each category has its own monitoring metrics and tolerances to ensure all of our business lines are within the limits of our risk appetite.
What is the reporting structure for identifying and reporting risks?
OCC monitors adherence to the RAF thresholds through the use of a detailed dashboard, follow-up analysis and other resources. Reports track performance relative to the metrics, highlight emerging risks within the overall market and business environment, and flag key issues detected. These metrics are used by the Enterprise Risk Management team, senior management, and the Board to monitor OCC's risk exposure.