The state of Non-Financial-Risks (NFR) and its management in 2017 and beyond.


Non-Financial Risk Management Insights Series

Implementing an integrated framework for financial institutions

Insights Series

We are pleased to welcome you to our Non-Financial Risk (NFR) Insights series. The series serves as a continuation of our original Point of View: The pressing case to design and implement a Non-Financial Risk Management Framework.

Each release will focus on one of the implementation categories:



Issue # 1 – Risk Taxonomy and Risk Identification

March 2018

A thorough analysis of a bank’s risk profile that takes into consideration its business model and strategic direction is a fundamental prerequisite of an effective risk and control management framework; it necessitates a comprehensive risk taxonomy and a dynamic Risk Identification process.

Read more & download our Insights Series #1.

Issue # 2 – Risk Appetite

May 2018

An integrated Risk Appetite Framework, covering financial and non-financial risks, is fundamental to informed decision-making and steering an institution within the business and risk strategy.

Read more & download our Insights Series #2.

Issue # 3 - Governance

January 2019

Adapting the existing governance model to include NFRs, with clear responsibilities across all risks.

Setting up a governance model with clearly defined roles and responsibilities, a compatible organizational structure and oversight committees is a prerequisite for effective and efficient NFR management. An emerging trend in the industry includes centralizing

NFR responsibilities in the second line of defence, often referred to as “umbrella function”.

Read more & download our Insights Series #3.

Issue # 4 - Culture

April 2020

Risk culture refers to the norms, attitudes, and behaviors related to risk awareness, risk taking, and risk management in an organization. Risk culture’s significance increases for non-financial risk (NFR), as it can be difficult to create policies and procedures to manage all of them. Short comings in conduct,compliance, and other elements of non-financial risk are often the result of a risk culture gone sideways. Since the financial crisis, regulators have been dialing up the accountability. In this issue, we unpack the risk culture dimension of the NFR framework, including ways to assess it.

Read more & download our Insights Series #4.


Issue # 5 - Measurement and Monitoring

July 2020

Measurement and monitoring contribute to an informed evaluation of non-financial risk (NFR). They can also help mitigate NFR and reduce the amount of operational risk capital that financial institutions must hold. In this issue, we examine what makes NFR uniquely challenging to measure and monitor, then explore an integrated model for overcoming these challenges and reducing the impact of NFR on an institution’s risk profile.

Read more & download our Insights Series #5.



Issue # 6 - Supervision and Control Model

August 2020

A supervision and control model for non-financial risk (NFR) identifies and reflects the controls associated with all relevant processes across all businesses and functions. In this issue, we review the challenges that commonly arise in the absence of a top-down control framework. We also look at what it takes to build an effective and efficient NFR control framework so that financial institutions can identify, measure, monitor, and mitigate NFR risks in a comprehensive yet efficient way.

Read more & download our Insights Series #6.



Our Insights Series by Deloitte's Banking Union Centre

About the Deloitte Banking Union Centre in Frankfurt (BUCF)

Europe’s most ambitious integration project since the euro.

The Banking Union initiative represents a fundamental innovation in supervision of financial services with significant consequences for the structure of the banking sector in the Eurozone and beyond, affecting business models and strategies.

Read more BUCF reports here.

Visit the BUCF solution overview here.


What's next?



Selecting and deploying a common infrastructure to link processes to controls and support measurement and management of risks, while enhancing automation and transparency


Creating a common reporting framework, where risks are monitored and communicated consistently across all lines of defence