shield_lock
金大哥
返回 Skill 列表
extension
分类: AI Agent 能力无需 API Key

managing-risk-governance

构建风险治理框架,包括委员会章程、升级协议和报告节奏。在设计风险治理、构建风险委员会或记录治理框架时使用。

person作者: jakexiaohubgithub
open_in_new仓库download下载资源包

Managing Risk Governance

Structures risk governance frameworks with committee charters, escalation protocols, and reporting cadences for enterprise, market, and operational risk functions.

When To Use

  • Standing up or restructuring a risk governance framework (new fund, post-merger integration, regulatory remediation)
  • Drafting or revising risk committee charters (Board Risk Committee, Management Risk Committee, specialized sub-committees)
  • Defining escalation protocols — who approves what, at which threshold, on what timeline
  • Establishing or overhauling reporting cadences across the three lines of defense
  • Documenting governance frameworks for regulatory examination or investor due diligence

Inputs To Gather

  • Organizational structure: Legal entity hierarchy, business lines, and geographic footprint
  • Existing governance documents: Current charters, policies, committee calendars, and org charts
  • Regulatory requirements: Applicable frameworks — OCC Heightened Standards, Basel BCBS 239, Fed SR 11-7, Solvency II, or equivalent [VERIFY jurisdiction-specific requirements]
  • Risk taxonomy: Defined risk categories (credit, market, operational, liquidity, model, cyber, strategic, reputational)
  • Appetite and tolerance statements: Board-approved risk appetite statement and quantitative tolerance metrics
  • Stakeholder roles: CRO reporting line, committee membership rosters, first-line risk owners
  • Pain points: Known gaps — missed escalations, duplicative reporting, unclear decision rights

Workflow

  1. Map the governance architecture

    • Chart the committee hierarchy: Board → Board Risk Committee → Management Risk Committee → Specialized Sub-Committees (Credit, Market, Operational, Model)
    • Identify decision rights at each level (approve, recommend, inform)
    • Confirm CRO independence and reporting line to Board or Board Risk Committee [VERIFY regulatory expectation for CRO reporting structure]

  2. Draft committee charters

    • For each committee, specify: purpose, scope, membership and quorum requirements, meeting frequency, standing agenda items, authority and delegations, escalation triggers, and documentation/minutes standards
    • Define voting vs. non-voting members and guest attendance protocols
    • Include charter review and approval cadence (typically annual)

  3. Design escalation protocols

    • Set quantitative breach thresholds tied to risk appetite metrics (e.g., VaR limit breach, credit concentration exceedance, operational loss above $X)
    • Define escalation tiers: Level 1 (desk/business unit), Level 2 (Management Risk Committee), Level 3 (Board Risk Committee/full Board)
    • Specify required response times per tier (e.g., Level 3 within 24 hours of identification)
    • Document temporary limit authority and after-hours escalation contacts

  4. Establish reporting cadences

    • Map report type to audience and frequency:
      • Daily: Trading risk dashboards, P&L attribution, limit utilization
      • Weekly: Operational risk events, key risk indicator (KRI) summaries
      • Monthly: Management Risk Committee pack — aggregate exposures, limit breaches, emerging risks, action item tracking
      • Quarterly: Board Risk Committee pack — risk appetite scorecard, stress test results, top and emerging risks, regulatory matters
      • Annual: Risk appetite recalibration, governance framework self-assessment
    • Assign report owners and review/approval workflows before distribution

  5. Align the three lines of defense

    • First line: Business-unit risk ownership, self-assessment, and control execution
    • Second line: Independent risk oversight, policy setting, challenge, and aggregation
    • Third line: Internal audit assurance over governance effectiveness
    • Document interaction protocols — how second line challenges first-line risk assessments, how audit findings feed into committee agendas

  6. Build governance calendar and tracking mechanisms

    • Create an annual governance calendar consolidating all committee meetings, reporting deadlines, charter reviews, and regulatory submissions
    • Establish action-item tracking with owners, due dates, and status reporting at each committee meeting

Output

The deliverable is a Risk Governance Framework Document containing:

  • Governance architecture diagram (committee hierarchy with reporting lines)
  • Individual committee charters (one per committee)
  • Escalation protocol matrix (trigger → tier → response time → authority)
  • Reporting cadence schedule (report → owner → audience → frequency)
  • Three-lines-of-defense responsibility matrix (RACI format)
  • Annual governance calendar
  • Appendix: Risk taxonomy aligned to committee oversight assignments

Format as a structured report suitable for Board approval and regulatory examination. Use tables for escalation matrices and reporting schedules. Flag any items requiring Board or regulatory sign-off.

Quality Checks

  • Every risk category in the taxonomy maps to at least one oversight committee
  • Escalation thresholds tie directly to quantified risk appetite/tolerance metrics — no orphaned limits
  • No gaps in decision authority: every material risk decision has a clear owner and escalation path
  • Committee charters specify quorum, frequency, and documentation standards consistently
  • Reporting cadence covers all three lines of defense with no audience left without regular risk reporting
  • CRO independence and Board-level access are explicitly documented [VERIFY against applicable regulatory guidance]
  • Charter review cycle and governance self-assessment are calendared, not aspirational
  • All regulatory-specific requirements are tagged with [VERIFY] where jurisdiction or entity type may alter obligations