Skip to content

Four principles of active risk management


As financial firms adapt to the new normal following coronavirus (Covid-19) and digitalisation continues at pace, their operational risk profiles are undergoing significant change.

This transformation is happening at a speed we haven't seen before. In response, operational and non-financial risk teams need to be more and more active in their risk management to ensure they are adding value and helping organisations to navigate these changes safely.

Over the last few years, ORX has been focusing on how we can support financial firms to become active managers of operational and non-financial risk. This challenge has been a common topic of discussion among our LeadersConnect community - a group of senior risk professionals and industry leaders from among our member firms. 

In one of our LeadersConnect sessions, we discussed how operational risk teams can ensure they are proactively managing risk and enabling and supporting institutions to change at pace. During the discussion, we identified four principles and capabilities that are key to moving towards active risk management.

4 key principles

1. Exercise autonomy

The second line should be empowered to pursue an independent agenda. We heard differing perspectives during our session on what this autonomy means for the three lines of defence (3LOD) model and the operational risk function’s authority within the firm.

For most firms, the first line is accountable for understanding how decisions impact risks, with the second line acting in an advisory role, providing independent review and challenge and ultimately lending its support or otherwise.

2. Prioritise risk

Digital transformation is making early risk identification, fast assessment and effective prioritisation of operational risk even more essential. Here are two key ways that you can prioritise risk:

  1. Be outward and forward-looking
  2. Be holistic and agile

3. Early influence

Operational risk managers should be involved in business and strategic decision making from the outset and exercise constructive influence. This influence gives operational risk the platform to highlight potential issues before they arise. However, as one LeadersConnect participant commented, effective mitigation throughout the lifecycle of transformational projects will require a second line practitioner to be embedded end-to-end.

4. Equip the business

Operational risk must provide the first line with appropriate tools, data and expertise to help them identify, assess, and take risk. There are three key ways elements to consider when doing this:

  1. Be data-driven
  2. Tools should be easy to use
  3. Bring credible expertise

Manage the risks of digital transformation with ORX Membership

Actively managing operational and non-financial risk is more important than ever in today's digital environment. ORX is here to support you and your organisation through this transition. Get access to operational risk loss data, compare your practice with other organisations and be part of a global community of operational risk managers who are working together to overcome the challenges faced by financial firms in our current operating landscape.

Find out more about ORX Membership