When we visit a doctor, we learn much about our health risk based on various measurements. Doctors check our blood pressure, heart rate, and cholesterol levels, and then compare them to medically determined acceptable rates. If our results are higher than the acceptable rates, doctors will advise us how to manage those rates downward to reduce our overall health risk.
Similarly, many chief risk officers today are asking department heads to establish key risk indicators for their business lines as part of a risk appetite framework. That task is pretty straightforward for business areas that are quantitatively measured, such as capital, liquidity, asset-liability management, and credit risk. But when it comes to compliance, how can risk be measured? What are key risk indicators a chief compliance officer can establish to help determine the amount of compliance risk that a company is willing to assume?
This article offers an approach for determining the appropriate key risk indicators for an organization and then identifies examples of key risk indicators that chief compliance officers can consider to effectively measure compliance risk.