Quality MI is Integral to Good Quality Non Financial Risk Management

Quality MI is Integral to Good Quality Non Financial Risk Management

Richard Pike

Non Executive Director at Permanent TSB

Views 609

Quality MI is Integral to Good Quality Non Financial Risk Management

11.11.2016 07:15 am

“Without data you’re just another person with an opinion” W Edwards Deming, Data Scientist

This is a very true statement, however it can equally said that too much data with too few opinions is equally ineffectual. Therefore the balance between too much and too little data is a key one in ensuring the good governance of firms. The area of non financial risk is one presents some of the most challeneges where this problem is concerned.

In any medium to large financial organisation the amount of data that senior executives have to understand, in order to manage the non financial risk, is becoming a major risk in itself. Hundreds of pages in preparation for meetings are not uncommon and one’s ability to ‘see the wood from the trees’ is greatly impaired.

So your governance of non financial risk needs to be focused on those items that represent the most risk to your firm.


Governance of financial firms has undergone a major upheaval in the last few years.

Countless reports, reviews, guidelines, codes and regulations have been produced and most firms have made large leaps forward in their governance practices.

In the case of non financial risk,  senior executives are struggling to understand what is the relevant information at a point in time. This is a key determinant in enabling them to govern effectively.

One of the reasons for the recent emergence of large non financial risk reporting packs is the very reasonable requirement of regulators to be able to ‘look over the shoulders’ of the risk executives. In the past senior executives were guilty of assuming that what they were presented with was correct and not effectively challenging the data. So, when you challenge a one page overview of a risk or opportunity, the gut non financial risk executive’s reaction is often to present you with all of the facts devoid of any summary or conclusion. 

There are currently five major problems causing this to be very difficult to achieve in a medium or large financial institution:

  • The Goldilocks Problem: Too much or too little information in reports and board packs
  • The Basis Problem: Data is often presented in different bases e.g. qualitative (traffic lights, number of issues), quantitative (VaR, days survival, duration)
  • The Interdependencies Problem: The recording and visualisation of relationships between different entities and risks is not possible in current systems.
  • The Taxonomies Problem:  Non financial risk is riddled with too many differing taxonomies (Basle Op Risk Types,  Compliance categories, IT Risk categories,etc). There taxonomies are confusing and are often not mutually exclusive.
  • The Line Of Sight Problem: Data is not aggregated in a cohesive and structured manner, so hindering lone of sight into the business

Senior executives need to push back hard if they see this ‘dumping’ of management data on them. Not only does this create a huge reading and understanding overhead but also more importantly it adds to their personal risk. If you have been presented with the data then the regulator may assume that you have understood the relevance and consequences therein.


So what might a good non-financial risk pack look like?

There are essentially two types of information in a reporting pack:

  1. Information concerning the status of ongoing operations, risks and projects within the firm

For the first type of information it is vital that this is placed in context. There is no point in showing the level of ATM uptime as 98.78 if you don’t also explain what the expected value is, what the trend is and what, if any, impact this had had on customers. So what context is relevant? At senior executive level the context must be the strategy and risk appetite of the firm. If a piece of information cannot be put into one of these contexts then it may not deserve to be in a status information pack.

Once the executives have the context for the status updates they can focus on those items that seem to be out of kilter with the expected values and spend time discussing items that show the business is running off course regarding strategy or risk appetite.

  1. Information concerning new initiatives that the management wants to undertake or the results of which they want to share with the board

Regarding information about initiatives, the problem is a different one. Too little information risks the ‘have to look over their shoulder’ challenge and too much information makes it nearly impossible to have a structured debate and make a decision. A middle ground is where the risk team is required to present a set of options, and the supporting data, to the executives. The Operational Risk team will indeed have a preferred option but the challenge of providing multiple other reasonable options will present the senior executives with enough information to have a challenging debate.


The field of non financial risk has coe along way in terms of its frameworks and ability to record data. The next serious challenge is to represent that data effectively and to be able to communicate the results of data collection and analysis in a manner that gets the point across so that executives see the benefits that are being delivered for the firm.

In order to ensure the above, non financial reports need to always be set in the context of the risk appetite or the strategic goals and objectives of the firms. Also, where a course of action is presented it needs to be accompanied by other choices so that the senior executives have clear options. Better non financial risk reporting and communication leads to better overall non financial risk at your firm!


You can hear more from Richard Pike at the New Generation Operational Risk: Europe Summit taking place in London 14-15 March 2017, where he will join a speaker line-up of more than 20 senior operational risk professionals. For more details and information on how to register for the operational risk management conference, you can contact olympia.nolan@cefpro.com or call +44 (0) 207 164 6582.

Latest blogs

Ian Bradbury Fujitsu UK

UK Finance's UK Payment Markets Report - Comment from Fujitsu

Over the past months, businesses have had to rapidly move away from physical cash in order to provide consumers with a safer service. However, this data shows us that a gradual movement away from cash in society started long before the Read more »

James Turner Turner Little

Protecting yourself against a recession

The coronavirus outbreak has spread to businesses, leaving many around the world counting costs. Notoriously, known as the Great Lockdown, it’s been affecting the world economy since early this year. The predicted recession is considered to be the Read more »

Alan Cole JHC Financial

Every Cloud: Covid-19 and the opportunity for digital transformation

Faced with tighter regulations and changing customer needs, over the last decade Wealth Managers have not had it easy – but with the development of new technologies, many have been able to create efficiencies, reduce costs and shrink operational Read more »

Nabeel Irshad Mastercard

Two sides of the same coin: Financial and digital inclusion

The issue of how to tackle financial inclusion has long been a part of the conversation in banking and financial services circles. Regulations have ledto the UK’s biggest banks having to provide ‘basic bank accounts’ to cater for those who do not Read more »

Alex Malyshev SDK.finance

The Biggest Danger to Branchless Banking

With a third of the global population on lockdown and scores of bank branches closed, many are convinced that branch banking is dead, and the future is branchless. Is this really true? Branchless alternatives like Revolut, N26, Monzo, and NuBank Read more »

Free Newsletter Sign-up
+44 (0) 208 819 32 53 +44 (0) 173 261 71 47
Download Our Mobile App
Financial It Youtube channel