We are a risk-based regulator and as such we allow the market the freedom to operate flexibly. In doing so we acknowledge that some risks may crystallise and where these fall outside our risk appetite we will respond accordingly.
This means we will not seek to intervene in all situations; rather our approach is based on judgement and the circumstances of each potential intervention and an assessment of its impact. We prioritise our actions in terms of risk, cost and perceived benefits in a consistent and transparent way, choosing the most appropriate course of action from our suite of regulatory tools.
External / regulatory
We are averse to risks which threaten our ability to perform our regulatory functions (ie visibility over regulated entities) or pose a significant or systemic risk to our objectives (eg undesirable business models).
However, we have an open appetite for taking well managed risks where innovation and change create opportunities for discernible benefits and clear improvement in our ability to achieve our objectives.
In acknowledgment of the growth and operational maturity of our multiple regulatory functions, we maintain a cautious risk appetite towards sustaining appropriate operational processes, systems and controls to support delivery but adopt a more open appetite for the development and enhancement of these systems.
We are heavily reliant upon information and data to be able to operate as an effective risk-based regulator. The accidental disclosure of sensitive or restricted information has the potential to erode trust, damage our reputation and ultimately prevent us from being able to function. As such we have a minimalist appetite for such risks.
We are averse to the risk of internal fraud and other insider threats, including the wilful or deliberate disclosure of sensitive or restricted information, and will maintain appropriately robust controls and sanctions to maximise prevention, detection and deterrence of this type of behaviour.
Where we are working with relatively untested legislation we are willing to adopt an open risk appetite to achieve our statutory objectives and to determine the extent of our powers and our jurisdiction.
We retain an averse risk appetite to behaving in an illegal, unreasonable or irrational way, or any other way, which would likely to give rise to a successful judicial review.
Risk appetite definitions
||Avoidance of risk and uncertainty in achievement of key deliverables or initiatives is paramount. Activities undertaken will only be those considered to carry virtually no inherent risk.
|Minimalist||Predilection to undertake activities considered to be very safe in the achievement of key deliverables or initiatives. Activities will only be taken where they have a low degree of inherent risk. The associated potential for reward / pursuit of opportunity is not a key driver in selecting activities.|
||Willing to accept / tolerate a degree of risk in selecting which activities to undertake to achieve key deliverables or initiatives, where we have identified scope to achieve significant reward and/or realise an opportunity. Activities undertaken may carry a high degree of inherent risk that is deemed controllable to a large extent.
|Open||Undertakes activities by seeking to achieve a balance between a high likelihood of successful delivery and a high degree of reward and value for money. Activities themselves may potentially carry, or contribute to, a high degree of residual risk.|
|Hungry||Eager to be innovative and choose activities that focus on maximising opportunities (additional benefits and goals) and offering potentially very high reward, even if these activities carry a very high residual risk.|