Regulators around the world are calling for organizations to establish a risk appetite framework. This is primarily for financial services organizations and especially their financial-related risks…
Wondering – how is IA assessing the RAF, and how do stakeholders and the audit committee know if IA is doing it appropriately or sufficiently? Is there specific guidance? How are regulators determining sufficiency? Are insurers taking these requirements into consideration when determining rates?
Dave Tate, Esq. (San Francisco)