[Skip to content]

Sign up for our daily newsletter
The Actuary The magazine of the Institute & Faculty of Actuaries

How's your risk appetite?

Chris Makomereh outlines principles for a practical approach to setting risk appetite statements



Risk management has occupied an increasingly influential role within financial services in the past decade, partly thanks to events of the credit crisis in 2008. It is vital for firms providing society with financial solutions within an evolving political, economic and technological environment to have clear, relevant and practical risk appetites. This enables firms to make optimal risk-based decisions, enhancing outcomes for the firms and society in the long run. This article presents some principles that can be applied generally in order to deliver valuable insights to management and boards in the sector. 

Start from the top

Risk appetites must be approved, and any changes reviewed and signed off by the board. As well as being a standard set out in the draft Prudential Regulation Authority supervisory statement on “financial management and planning by insurers”, in order for the statements to deliver the objective of improving risk-based decision making, they have to be shaped and owned by the decision makers. 

Any risk appetite framework process must engage the board early, through discussions that outline the boundaries around the strategy that company operates within. It is also necessary to set high-level principles that establish the general attitude to each class of risk, for example with respect to customer detriment: “Strongly avoid risks that could result in customer detriment.” 


A recurring theme in my risk management training was that operational risk has the least established quantification methods but presents the greatest risk of business failure, with many examples including Barings Bank (1995) and Equitable Life (2000). Therefore, a risk appetite framework with inadequate coverage of non-financial risks provides only a limited benefit to its users. 

Outline a set of qualitative risk appetite statements for each major risk category the firm has exposure to. The statements don’t have to be quantitative but should have more detail than the principles. 


It is vital to assess performance against the risk appetite. It is tempting to articulate aspirational statements that are not measurable, and there is room for that in the management of the business but not in the risk appetite framework, which has to be a tool that facilitates improved decision making and a call to action. 

Make use of subject matter experts to provide expert judgment, where appropriate, for risks that are not easily quantifiable.

Involve the right people

The risk appetite framework requires input from stakeholders across the business to select the right metrics and recommend the appropriate calibration. By way of example, cyber risk has been on the agenda across the industry of late, and in setting the cyber risk appetite, the input of the information security and technology teams will be required. Much of the information is likely already being produced; this exercise should serve to bring it together in one place for review through a risk lens.

It is also important to obtain input and a review by the relevant subject matter expert for each risk appetite statement.

Embed the framework

In order to drive risk-based decision making and improve management’s ability to select and operate within the desired risk range, it is vital that there is regular assessment and reporting of performance against appetite at different levels of the firm. Where the metrics are out of the range, there has to be an agreed action to bring the risk back within it, or acknowledgment to operate outside it for an established timeframe. 

Also, it is key to report on risk appetite performance at regular intervals at the appropriate management forums and risk committee to provide visibility and accountability. 

Prospective and retrospective

In order to provide a complete picture, the risk appetite statements should incorporate some prospective and retrospective measures and indicators. For example, tracking metrics that indicate the state of the organisation’s reputation are prospective, as they could point to the possibility of adverse sales and retention performance if the underlying issues are not addressed. It is much easier to have retrospective measures, and they are useful, to the extent that they show trends and patterns that can highlight insights. Prospective measures require more imagination and can be very useful indicators for highlighting potential emerging risks. 

Chris Makomereh is head of risk at Vitality Life 

Configure your Portal