Policy, Program and Procedures

 View Only
  • 1.  Risk Appetite Statements

    This message was posted by a user wishing to remain anonymous
    Posted 3 days ago
    This message was posted by a user wishing to remain anonymous

    Hi All,

    I'm in the financial services industry and am drafting our TPRM risk appetite statements.  I've designed our approach so that it is very binary (go/no-go) pre-onboarding for new services and much more qualitative for services that are in the ongoing monitoring phase.  For example, we have no appetite to onboard a residually critical services or we have no appetite to execute a contract prior to completing the onboarding due diligence process. Once the service is live in our environment, I'm proposing a more qualitative approach, looking for outliers within a service category, country of provision or vendor/subcontractor concentration to initiate a conversation with 1 LoD on why a service, vendor or third-party portfolio of services is in or out of appetite.

    Does this approach make sense and is it inline with the rest of the industry?  Does anyone have any suggestions on alternative approaches?

    I look forward to any feedback/advice you can provide.

    Thank you!