- Mismeasurement of known risks
- Failure to take risks into account
- Failure in communicating the risks to top management
- Failure in monitoring risks
- Failure in managing risks
- Failure to use appropriate risk metrics
Firstly, banks and insurers track a range of risk events/incidents. It would be useful to consider if reported incidents fall into any of the above categories. Alternatively they may be consistent with risk appetite.
Secondly, insurers and banks using an internal model are expected to use it to support a profit and loss attribution. This means explaining actual profits and losses by reference to the output of the internal model and the risk categories considered. It would be interesting to consider if the losses arise from changes in values consistent with risk appetite or any of the reasons set out above.
The above might seem a simple idea but learning from failures, or risk management failures in this case, is usually anything but a simple idea.
If you found this post useful, you may want to subscribe and receive future posts by email (here). There will not be many of them.