Key Risk Indicators (KRIs) are used to detect, measure, and report financial crime risk exposures. There is no one-size-fits-all approach to selecting KRIs – each institution’s risks are unique. But KRIs need to be periodically evaluated and updated for emerging risks or shifting risk appetites. Monitoring and reporting KRIs is critical for effective risk management, good governance, and oversight.
Yet even though KRIs are essential for compliance programs, we've heard that many compliance leaders struggle with a lack of guidance on choosing and monitoring effective KRIs.
Below is a primer to help you think about KRIs, followed by a free downloadable spreadsheet template with example KRIs and charts, as well as instructions for using the template.
We hope this resource is useful to you and we'd love any feedback you have for us!
Why are KRIs important?
1. Reporting and oversight
Effective oversight by Boards and senior management requires good KRI reporting. Senior stakeholders need the right information to set risk appetites, and successful compliance leaders are skilled at using KRIs to highlight the right data points with appropriate context for decision-makers.
2. Effective, risk-based compliance programs
KRIs provide critical backward-looking data for institutions to evaluate if their compliance program is effectively mitigating risks over time. Regulators expect institutions to implement effective, risk-based compliance programs, not just paper or tick-box compliance programs.
KRIs inform core elements of a risk-based compliance program – for example, risk assessments, risk appetite determinations, systems and controls, and internal testing and audits.
3. Growth Decisions
KRIs are also key to forward-looking, action-oriented decisions about growth. They reveal areas of weaknesses, root causes of risk events, and potential vulnerabilities – all of which need to be addressed appropriately. Boards and other decision-makers use KRI results to establish future risk appetites and other performance metrics.
This means KRIs are not just for compliance – getting KRIs right enables businesses to grow with confidence about their compliance.
Why can KRIs be hard?
1. Matching KRIs to your compliance program
What are the right KRIs for your institution’s risks? On the one hand, compliance leaders should ensure KRIs adequately reflect risk appetites and cover an institution’s risk profile. However, KRIs also need to be carefully selected to avoid overwhelming compliance teams with monitoring.
2. Matching KRIs to business needs
KRIs also should meaningfully impact business concerns. KRIs need buy-in from business stakeholders, who must understand why KRIs were selected, what KRI results mean, and how to appropriately respond to KRI reporting.
3. KRI monitoring is very manual and time-consuming
The reality is that KRIs are only as good as the data inputs – but collecting data can occupy a lot of time and resources. Compliance leaders are often burdened by monitoring and reviewing KRI data sources to ensure all relevant information is captured.
How can KRIs be optimized?
1. Focus on measurable, predictive, and informative KRIs
To identify the right KRIs, compliance leaders should tie KRIs to risks identified in institutions’ Risk Assessments. Linking KRIs to identified risks helps ensure that institutions’ compliance programs are effectively addressing their specific risks, and maximizes relevance and usefulness of KRIs.
2. Share KRIs consistently with business stakeholders
Compliance leaders should regularly communicate KRIs with the wider business to build buy-in and get feedback. Rather than just providing raw data, effective leaders should give stakeholders context and framing to understand the significance of KRIs for the business.
3. Seek technology to automate and expand KRI data collection
Compliance teams can eliminate the pain of manual KRI data collection using automated technology like Cable’s Automated Assurance, which also provides comprehensive data about financial crime risks over time.
Cable’s platform also enables new KRI approaches by allowing compliance leaders to conduct automated testing with 100% coverage instead of relying on manual, dip-sampling approaches.
Enter your details below to receive our End-of-Year KRI Template for financial crime compliance!
Get in touch with us here to learn more about Cable’s all-in-one effectiveness testing platform or to see our platform in action.