In the Financial Supervision Act (Wet op het financieel toezicht), risk management constitutes an important element in the assessment of sound and controlled operations (section 3:17). This has been worked out in more detail in sections 23 and 24 of the Decree on Prudential Rules for Financial Undertakings (Besluit Prudentiële Regels Wft or Bpr). The present Q.A deals with the governance of risk management for banks and insurers (herein: 'undertakings'), which comprises:
- the manner in which the undertaking has organised its risk management (cases in point are strategy, policies, processes, procedures, embedment in operations, allocation of capacity and responsibilities, independent review, etc.);
- the operation of risk management, centring on the control of all of the various risks/risk areas in their interrelationship (integral risk management).
In the context of its supervision of risk management governance, DNB looks at four main subjects:
- the risk culture within the undertaking, with the tone at the top being an important factor;
- risk strategy and risk policy, including the undertaking’s risk appetite/tolerance;
- the manner in which the risk management function (RM function) has been organised, with the RM function’s operational independence and its access to the Managing Board and the Supervisory Council as important elements, and.
- the presence of a holistic approach and integral control of all relevant risks by high-quality risk management processes.
DNB also applied these categories in its thematic examination regarding the quality and governance of insurers' risk management in 2011.
In the thematic examination, a questionnaire was used in which a number of main questions were formulated for each of these four main subjects. For each main question, sub-questions were included, focusing on concrete aspects of the subject concerned. The sub-questions are not exhaustive but seek to set examples or provide guidance. The thematic examination has yielded several 'good practices' as applied by insurers in the field. These good practices are described below the relevant questions.
Use of the questionnaire
- You may use the questionnaire to help you assess which aspects regarding the governance of risk management within your undertaking require attention. Thus, the questions may help you identify possible shortcomings and effect improvements within your undertaking.
- Sound governance of risk management is formalised, structured and has been shown to work. Ideally, this is periodically evaluated, giving rise to ever higher levels of control.