Delivering ICARA & a Risk Transformation

Client Projects
Written By Andrew J Smart

Introduction

This client case study provides an outline of a successful risk management project undertaken by Andrew Smart and his team for a mid-size broker, within the UK financial services sector.

Faced with the new ICARA regulatory requirements, the firm's board took the opportunity to improve risk management across the business. The project's primary objective was to deliver a robust risk framework that meets the demands of the business and the regulatory obligations of ICARA, and in doing so, transform the firm's risk culture and redefine the perception of risk management within the firm.

To achieve this, Andrew and his team developed a "Services-Based Risk Management" framework that aligned the risk management framework to the business and addresses both board and regulatory demands.

Background

The client, a mid-size broker operating within the UK financial services sector, faced increased scrutiny from regulatory bodies and pressure from its board of directors to improve risk management practices. The recent introduction of the ICARA (Internal Capital Adequacy and Risk Assessment) regulatory requirement had heightened the need for a comprehensive risk management strategy. Furthermore, the board demanded a more proactive approach to managing risk across the entire organisation.

Challenge

The central challenge of this project was to overturn the existing negative perception of risk management within the firm while delivering a risk framework and fostering a risk culture that aligned with regulatory and board expectations. The firm's legacy risk management processes and systems were inadequate and failed to meet the new ICARA regulatory requirements. They also cost the business significant time with little benefit, hence their firm's negative view of risk management.

To successfully transform the risk management framework and the firm's risk culture, Andrew and his team needed to develop an innovative framework that addressed regulatory and board requirements while securing buy-in from the front-line business users.

Solution

Andrew and his team began by thoroughly assessing the client's existing risk management practices, systems, and culture. This evaluation identified a few key issues;

  1. The existing risk management framework simply did not reflect the business model, strategy and operating model of the firm.

  2. The executive and business decision-makers simply did not value the outputs from the risk management process.

  3. Unsurprisingly, the existing risk management framework must meet the regulatory obligations under ICARA.

However, on a more positive note, there was a clear desire at all levels of the firm to see a better approach to risk management, particularly better, real-time risk information.

Building on this desire for a better approach to risk management, Andrew and his team designed an innovative 'Service-Based' Risk Management framework that revolved around the services individual parts of the business delivered, either internally or externally, asked what could go wrong and incorporated the ICARA harms.

Starting the risk management conversation with the services that individual parts of the business deliver meant that executives and senior business decision-makers were far more engaged in the process and willing to drive the conversation with their staff and peers.

The resulting integrated risk management framework was built around clearly defined services with associated risks, controls, metrics and accountabilities.

In addition to the integrated risk management framework, the project team worked with the business to produce and build buy-in for a comprehensive risk management policy, a risk taxonomy, a risk appetite framework and a straightforward risk management process.

Outcomes

This project delivered a series of positive outcomes;

Firstly, the risk management team submitted its ICARA submission to the firm's board ahead of its internal deadline, and the submission was signed off by the Non-Executive Director accountability for risk without the need for revision. As a result, the firm was able to make its ICARA submission to the FCA well ahead of its deadline.

Secondly, as a result of the work done during this project and the resulting risk framework, risk policy, processes etc. while there was a slight increase (approximately 5%) in the amount of regulatory capital the firm set aside under ICARA compared to that set aside under the previous ICAAP regime, over the period the firm grow by over 25%.

Thirdly, perhaps the most critical outcome of this project was the change in buy-in and engagement from the Board and Senior decision-makers within the firm, which is probably best summarised by a comment from the Chief Risk Officers about this project; "the Service-Based Risk Management framework designed as part of our ICARA project has completely changed the firm’s view on Risk Management and the value it creates. We finally have a risk management framework that the business can relate to and adds value in their day-to-day decision-making”

DecideWright is a UK-based consultancy that delivers solutions in the areas of Strategy Execution and Enterprise Performance Management, Enterprise and Operational Risk Management, Operational Resilience including DORA and Measurement & Metrics, including KPIs & OKRs.

Contact us to see if we are the right firm for your project.

Andrew J Smart
Previous

FCA’s & PRA’s approach to Operational Resilience
Next

Driving Strategy Execution with Strategy Maps, KPIs & OKRs