Risk Management Blog
Content for Risk
Management Professionals


August 28, 2019

Accounting for Non-Financial Risks

Accounting for Non-Financial Risks with ERM

Non-financial risk (NFR) events are a wildcard for banks, credit unions and other financial institutions. NFRs have financial, regulatory and reputational implications on a global scale.

NFRs force stakeholders to reflect on the implications of non-financial risk. What they’re discovering is the benefits of utilizing an enterprise risk management (ERM) and governance, risk and compliance (GRC) platform for monitoring and mitigating NFRs.

The Unique Threats of NFRNon-Financial Risk with ERM

Banks and financial institutions are accustomed to taking on financial risk and generating profit from it. NFRs, however, pose a very different threat and include:

  • Operational challenges, including external environmental factors, system downtime or fraud
  • Regulatory compliance failures, including financial crime risk and legal risk
  • Integrity risk and violations of codes of conduct
  • IT and cybersecurity risk

Direct financial consequences of NFRs are not the only concern. Reputational damage can severely impact a financial institution.

There are also the personal consequences for senior management as regulators increasingly hold senior managers accountable for misconduct or failure to comply with laws and regulations.

All of this, and the prospect of still tighter regulation in the future, puts pressure on banks to manage NFR.

How Can ERM Help Navigate NFRs? 

Many companies manage NFRs by boosting headcounts, creating new governance structures and making operational improvements. Unfortunately, too much time is spent firefighting and remediating risks. This doesn’t allow for proactive planning.

Non-financial risks can be complex or unfamiliar to organizations. Managing them often requires a company to change the way it integrates risk and control programs. This usually includes establishing a common operating and data model to support an ERM/GRC platform. Leveraging ERM/GRC structures and processes supports identifying, assessing and responding to NFR-related risks.

ERM and GRC play central roles in cross-functional coordination and harmonization of risk management across an organization by:

  • Defining the overall vision and strategy for the risk assessment program
  • Developing and maintaining enterprise-wide standards and tools for identifying, assessing and measuring risks, including risk taxonomy, the regulation library, scoring methodology and business hierarchy
  • Bringing together relevant expertise across the firm to address complex transversal risk issues
  • Ensuring oversight of the firm’s risk assessment program

Learn More

The dynamic nature of non-financial risks requires that institutions embrace ERM and GRC. An ERM/GRC solution provides a powerful way for financial institutions to manage NFRs by encouraging a broader, integrated perspective for risk mitigation.

With Procipient®’s universal risk evaluation framework, you can continuously identify, analyze and evaluate NFRs. Risk and control assessments are integrated in an enterprise-wide ERM/GRC tool.

Request a demo today to see how Procipient® can support your management of NFRs by prioritizing, assigning and tracking to completion tasks, incidents, issues and remediations.