This second edition of Sound Practice Guidance dealing with Risk Appetite has been reviewed and updated to take account of feedback received following publication of the original paper in December 2009.

Whilst the management of risk should be positioned first and foremost as a means of supporting the achievement of company objectives, those are likely to include compliance with regulatory requirements. Emerging guidance from European as well as UK financial services regulators provides a clear indication of the expectation that firms define their Operational Risk Appetite (ORA) and that the ORA is likely to provide an important mechanism for demonstrating compliance with the  ‘Use Test’. Regulators take a particular interest in risk appetite because of its importance to governance, corporate behaviour and internal risk culture and the guidance contained in this paper aligns to current regulatory expectations.

As with other paper in the series, the guidance makes no attempt to suggest a one-size-fits-all solution to any of the practical challenges an organisation faces. Rather, it aims to outline a variety of good practices from which may be drawn a collection of appropriate, relevant and proportional ideas.