TraceRiskUncategorizedRisk Rating Impact

Risk Rating Impact

Example: Impact Rating System

Rating 1 – Fully Controlled: Factors such as cost, time, delivery, quality and security are virtually not affected. Little or no exposure to dollar losses, compliance issues, customer complaints, capital decay, insufficient liquidity or reputational damage. Value-at-Risk (VaR) is slight and well within the bank’s stated risk appetite. Risk events will not negatively affect the bank’s financial, operational, compliance or reporting objectives. The annual rate of loss expectancy is very low.

Rating 2 – Largely Controlled: Losses concerning cost, time, delivery, quality and security are inconsequential and can be absorbed when adverse events or conditions occur (think: “the cost of doing business”) and routine remediation is appropriate. There is very modest exposure to dollar losses, compliance issues, isolated customer defection and reputational damage. Value-at-Risk is acceptable and remains within the bank’s stated risk appetite. Risk events could have a negligible effect on the bank’s financial, operational, compliance or reporting objectives, as applicable. Loss expectancy remains well within acceptable limits.

Rating 3 – Adequately Controlled: Losses concerning cost, time, delivery, quality and security can be managed when adverse events or conditions occur but preventative and corrective remediation is required. There is measurable exposure to one or more of dollar losses, compliance issues, capital decay, insufficient liquidity, possible customer defection and reputational damage. Value-at-Risk remains acceptable but is at the limit of risk appetite and the bank will likely be criticized by regulatory supervisors. Risk events could have a negative effect on the bank’s financial, operational, compliance or reporting objectives, as applicable. Loss expectancy is at the bank’s tolerable limit.

Rating 4 – Inadequately Controlled: Losses concerning cost, time, delivery, quality and security are almost a certainty when adverse events or conditions occur and prompt preventative and corrective remediation is warranted. There is meaningful exposure to one or more of dollar losses, regulatory criticism and lawsuits stemming from non-compliance with laws and regulations, and an increasing likelihood of capital decay, insufficient liquidity, customer defection and reputational damage. Value-at-Risk exceeds the bank’s stated risk appetite and risk tolerance levels are stressed. The bank will be criticized by regulatory supervisors and shareholders. Risk events will have a negative effect on the bank’s financial, operational, compliance or reporting objectives, as applicable. Loss expectancy exceeds the bank’s tolerable limit.

Rating 5 – Uncontrolled: Losses concerning cost, time, delivery, quality and security are profound when adverse events or conditions occur and immediate preventative and corrective remediation is warranted. There is significant exposure to dollar losses, regulatory censure and civil money penalties stemming from non-compliance with laws and regulations. There is a strong likelihood of one or more of customer defection, capital decay, insufficient liquidity and reputational damage. Value-at-Risk critically exceeds risk tolerance levels and could prove fatal. Risk events will have a severe and unpredictable negative effect on the bank’s financial, operational, compliance or reporting objectives, as applicable. Loss expectancy far exceeds the bank’s tolerable limit.