Non-financial risk

Jump to navigation Jump to search
Venn Diagram of various non-financial risks. This is only one possible representation on how the different risk types overlap

Non-financial risks (NFR) are all of the risks which are not covered by traditional financial risk management.[1] This negative definition resembles the initial definition of operational risk, and it depends on the bank or cooperation whether or not they use the term operational risk synchronously with NFR. Since 2019, the new term NFR became popular in the risk management sector[2]


Non-financial risks include:

  • Operational risk (Op risk). In case that Op risk is considered a part of NFR (and not as equivalent), Op risk summarizes e.g. those risks which can be quantified by the use of scenario models. Examples are pandemics, floods and other weather events.
  • Conduct risk means that the behavior of the cooperation's employees leads to losses[3]
  • Cyber risk and IT risk are possible losses due to security breaches.
  • Compliance risks are risks related to Governance, risk management, and compliance. Managing the compliance risk means putting a price tag on potential failures of adhering to self-given rules of the bank as well as Regulatory compliance.
  • Regulatory risk are possible losses due to changes of the law and regulations.
  • Reputational Risk is potential loss caused by the damage to a firm's reputation.

All these risk types are closely related. In the case of a data leak (which is an cyber risk incident), the reputation of the company as a whole might be at stake.[4]


  1. ^ Hida, Edward; Pieper, Michael. "The future of non-financial risk in financial services". Deloitte. Retrieved 16 September 2020.
  2. ^ Tattam, David. "Non-Financial Risk – Why the big focus?". Protecht. Retrieved 16 September 2020.
  3. ^ Strachan, David. "Managing conduct risk - Addressing drivers, restoring trust". Deloitte. Retrieved 16 September 2020.
  4. ^ Tolordava, Erekle (7 Feb 2020). "Changes to internal and external conditions and the consequent impact on an organization's risk situation require an adjustment to the organizational structure used for risk management". Capgemini Invent. Retrieved 16 September 2020.