By methodically reviewing the key themes of an effective FLRC function, financial services firms address ongoing common challenges.
Since the financial crisis, financial institutions have managed a high volume of change, often leading to tactical initiatives with significant spend to comply with regulatory demands. Regulators, prudential supervisors and other stakeholders continue to seek greater first-line accountability, transparency and challenge in risk management processes. They also want to see an evolution of the control environment to cover business transformation and emerging technologies.
At the same time, firms are looking to rationalize their control environments to increase efficiency and sustainability. This includes reviewing tactical measures taken over time with an eye toward more strategic solutions. Amid this evolving internal controls agenda is an increasingly visible and important function — the first-line risk and controls (FLRC) team.
The FLRC function
Development of a distinct first-line risk and control team, was an early post-financial crisis trend in the front office of capital markets businesses at large global banks.1 Recently, the FLRC concept has expanded beyond these sales and trading front-office teams, formalizing in other parts of the first line (e.g., operations and technology), within other business lines (e.g., consumer banking, wealth and asset management), and at broader financial services firms of varying size and complexity (e.g., finance, insurance, and payments companies, regional banks).2
While a particular event or instance of regulatory feedback may be the trigger to formalize a FLRC organization structure, we see a growing strategic importance for the function, and we attribute that to some distinct recurring themes across firms of all types. These groups support better first line accountability and transparency, centralize oversight of nonfinancial risks in the first line, and drive control enhancements over time. Accordingly, we anticipate a continued expansion and formalization of this function. Firms now point to headcount increases in these areas, rather than risk and compliance, when asked about measures to support first line accountability.3
Recurring themes: common drivers across FLRC functions
Key aspects of effective FLRC functions resonate regardless of size or context. These can be grouped into four themes:
First line accountability
In response to pressure from business leadership and stakeholders (regulators, independent risk, and internal audit), there has been a move toward greater first line ownership of risk management activities, including conduct and compliance.4 Business management looks to the FLRC team to support this more active role in the internal controls framework across businesses and functions. The FLRC function forms part of the management team, providing control leadership, evidence of control activities, and ongoing risk identification and response.
Nonfinancial risk tolerance
Avoiding losses, resolving open regulatory issues, and providing assurance to boards/shareholders around nonfinancial risks require effectiveness and transparency in first-line risk and control processes. FLRC teams play a significant role in assessing existing and new processes for inherent risks, and in applying management tolerances to the design, execution, and monitoring of mitigating controls. FLRC functions also provide an essential central point of contact for nonfinancial risk and control assessment, aggregation and communication.
Breadth and depth of risk
FLRC teams have broad mandates and deep subject matter expertise. Evolving business activities and market structure require the control environment to evolve. Rapid transformation needs skilled first-line risk identification and mitigation, and nimble coordination across risk and control groups. Examples include handling conduct issues, responding to new risk areas (e.g., FinTech, cyber, resiliency), and assisting with business model changes (e.g., market utilities, automation of trading, agile product development). Across the variety of nonfinancial risk types, FLRC functions provide strategic risk identification and response capabilities.
Optimization and efficiencies
Cost pressures and scarcity of skilled resources make optimization of processes and controls a key business initiative. Leadership from FLRC executives across multiple nonfinancial risk types increases the firm’s ability to align the risk and control environment. For example, FLRC functions tend to lead the push for converged risk assessments and centralized issues management, as they seek to avoid rework and eliminate duplicative processes. Given their positioning and scope of coverage, FLRC teams are uniquely positioned to drive the rationalization of controls agenda.
Building on the themes
These themes can be seen as the building blocks underlying successful design and operation of a FLRC function. Whether establishing a new FLRC team or strategically enhancing an existing one, translating these themes across a series of design principles and approaches will guide the process.