The latest enterprise risk management news from around the world

‘Organisational Structures for Enterprise and Operational Risk’

Details
Published: Thursday, 13 February 2020 09:17

The World Federation of Exchanges (WFE), the global industry group for exchanges and CCPs, has published a benchmarking paper examining the organizational structures for enterprise and operational risk within market infrastructures (MIs).

The study, ‘Organisational Structures for Enterprise and Operational Risk’, undertaken by the WFE’s Enterprise Risk Working Group (ERWG) as a first step to agreeing and harmonising industry enterprise risk management (ERM) practices - is unique in seeking to understand and detail the way in which exchange and CCP operators structure their approach to risk management through dedicated teams; and the relationship with other parts of their organizations. It also outlines how governance arrangements feed up to the board level, and how necessary independent assurances operate.

Key findings from the study are:

  • On average, the dedicated enterprise risk function currently accounts for around 2 percent of a company’s entire workforce;
  • All the responding entities employ, as a base level, the three lines of defence / defense model (with some labelling senior management or supervisors as an additional line):
    • First line of defence is the Executive (Group-level risk) Committee, whose primary responsibility is the day-to-day management of risk;
    • Second line of defence is the Risk (management oversight) Committee, which incorporates the ERM function, and is governed by the Chief Risk Officer. This line provides the risk universe and risk manager framework, ensures compliance, and reports up to the senior management team;
    • Third line of defence is the internal and external auditors who perform an independent assessment on the efficiency and effectiveness of the internal controls, risk management and governance.
  • Internal audit (IA) forms an integral part of the third line of defence and the wider risk management structure. It is an independent function, performing regular reviews, providing oversight, and holding responsibility for risks, controls and governance assurance.
  • Some firms have extended the model to include a ‘fourth line of defence’, reporting via bespoke committees or processes to their regulators. Further, some entities also designate the actions and roles of the senior management and board as distinct lines of defence, and integrate those additional lines within the model.

Read the document.



Want news and features emailed to you?

Signup to our free newsletters and never miss a story.

The Hunt for Hidden Risks
The Impact Tolerance Guide

Additional Resources

A website you can trust

The entire Continuity Central website is scanned daily by Sucuri to ensure that no malware exists within the site. This means that you can browse with complete confidence.

Business continuity?

Business continuity can be defined as 'the processes, procedures, decisions and activities to ensure that an organization can continue to function through an operational interruption'. Read more about the basics of business continuity here.

Get the latest news and information sent to you by email

Continuity Central provides a number of free newsletters which are distributed by email. To subscribe click here.