Ideas collected from MCKINSEY & COMPANY Publications on : Non Financial Risks ( NFR) in Trade Finance(TF) Business

Nonfinancial Risk (NFR), whether related to compliance failures, misconduct, technology, or operational challenges, has only a downside.

The reputation damage wrought can hit a Trade Finance(TF) Organisation hard at a time when customers, shareholders, and public stakeholders are questioning the company's business models. And there are also the personal consequences for senior managers, whom regulators increasingly hold accountable for misconduct or failure to comply with laws and regulations.All of this, and the prospect of still tighter regulation, puts considerable pressure on TF Companies to manage NFR better.Much time is spent firefighting and remediating audit findings, yet too often there is no warning of when or where the next risk might materialize.

TF companies feel they are drowning in parallel efforts aimed at identifying, assessing, and remediating risks, with the same individuals being approached over and over again, and diluting scarce resources and attention from running the business. Inevitably, the chief risk officer and his or her operational-risk unit struggle to provide the board and regulators with a thorough view of risks faced and controls required.

The measures suggested by this articles are

1. An enhanced NFR-governance framework

In the organisations , the first line owns and manages risks, the second line sets control standards and monitors adherence to them, and the third line—audit—checks on the adequacy of the first two.

Whereas all institutions regard the business divisions as the first line of defense, some overlook the role of central-infrastructure areas, such as IT and operations. These central areas do not take on financial risks from the balance sheet, but they are where the risk of most operational failure resides. Hence, many TF Organisations have extended the definition of the first line to include them.

In addition, they have broadened their definition of the second line beyond the risk and compliance functions to include areas such as legal, HR, finance, and tax, recognizing their role in managing the institution’s control framework in their respective areas of risk expertise. Take legal. Like credit risk, it is often directly involved in business transactions, advising on and approving legal structures. HR, meanwhile, often sets and monitors policies on hiring, promotions, and compensation.

They should clarify the organizational separation of the first and second lines to ensure independent control by second-line areas, while permitting them to perform activities as adviser or servicer. 

The principles also need to emphasize the importance of first-line areas taking responsibility for NFR management, rather than focusing entirely on revenue or cost management.

Ultimately, the principles must promote a change in the organization’s thinking so that risk management and controls are at the front of senior management and employees’ minds.

Once they are agreed, the risk-governance principles need to be shared across the organization and formalized as part of the risk-policy framework, while the chief risk officer ensures their consistent application.

2. The role of the board

Despite recent improvements, many company boards do not routinely consider NFR management, engaging only in some firefighting when risk controls fail. They can increase their engagement in various ways. Quarterly board meetings or a board committee dedicated to risk control are options. The meetings will need to provide auditable proof of appropriate risk-taking and risk-management decisions in line with the board’s regulatory and legal accountability. Their quality will depend on input from both first and second lines and, crucially, on action-oriented reports on nonfinancial risk that align to a clear definition of risk appetite.

 that can be monitored to ensure the organisations’s tolerance of risk is not breached. These might include the history of operational losses as the basis for capital quantification, as discussed later, but can be more business specific, ranging from employee turnover (if the ability to recruit and retain is regarded as a top risk) to the number of customer complaints (if compliance is regarded as a priority risk).

1.  and their impact in terms of financial losses or capital implications. The report should analyze the causes of such incidents, state what lessons have been learned, and indicate where similar incidents might occur elsewhere in the organization. This process can be augmented by scenario analysis.
2. highlighting control effectiveness and critical control themes.
3. be they better controls or business adjustments—such as exiting certain businesses or improving processes—or an indication of new controls that might be needed as a result of regulatory change. Timelines for implementation should be clear.

All points simply taken from Articles written by : McPiotr Kaminski, Daniel Mikkelsen, Thomas Poppensieker, and Anke Raufu? of Mc Kensey.All the views are of above writers and this is to be treated to be an summary of article for reading no violence of copy right ...