Risk Universe: The full range of risks which could impact, either positively or negatively, on the bank’s capabilities.
Risk Capacity: The amount and type of risk the bank is able to support in pursuit of its business objectives.
Risk Target: The optimal level of risk the bank wants to take in pursuit of a specific business goal.
Risk Limit: Thresholds to monitor that actual risk exposure does not deviate too much from the risk target and stays within the bank’s risk tolerance/risk appetite. Exceeding risk limits will typically trigger management action.
Risk Management Culture: This addresses the extent to which the board (and its relevant committees), management, staff and regulators understand and embrace the risk management systems and processes of the bank.
Risk Management Processes: This refers to the extent to which there are processes for identifying, assessing, responding to and reporting on risks and risk responses within the bank.
Risk Capacity: The resources, including financial, intangible and human, which a bank is able to deploy in managing risk.
Risk Management Maturity: The level of skills, knowledge and attitudes displayed by people in the bank, combined with the level of sophistication of risk management processes and systems in managing risk within the bank.
Risk Capability: A function of the risk capacity and risk management maturity which, when taken together, enable a bank to manage risk in the pursuit of its long-term objectives.
Propensity to Take Risk: The extent to which people in the bank are predisposed to undertaking activities the impact, timing and likelihood of which are unknown, and which is influenced by financial, cultural, performance and ethical considerations.
Propensity to Exercise Control: The extent to which people in the bank are predisposed to take steps to change the likelihood, timing or impact of risks, influenced by financial, cultural, performance and ethical considerations.