Nicolas Renard February 4, 2022

Top 10 risk insights of 2021

What are our most popular insights of the past year?

January 2022 is already over...

We hope you had all a great start of the year!

For the second year in a row (if you missed our previous edition, please find it here), we at Chapelle took the opportunity of a new year to review and consolidate the list of the 10 resources that our growing community of followers liked the most or found the most insightful in 2021.

We shared a lot of these insights on our Chapelle Linkedin page and will continue to do so in 2022.

Should you need further guidance or support on any of these topics, do not hesitate to contact us via our website.

  1. Auditing Risk Culture: A practical guide from the Institute of Internal Auditors (Australia)

A strong risk culture is a key aspect to a risk management framework’s effectiveness, complementing other more tangible aspects of the framework such as policies, procedures or systems. Contrary to widespread opinion -sometimes also within the risk managers’ community- there is not such thing as a unique risk culture within one organisation. This is reminded in this practical guide which stresses the importance of risk culture and the role of internal audit, as well as providing a risk culture model and a ten-step approach to auditing risk culture in practice. While issued for an audience of internal auditors, this guide proves an interesting resource to professionals across the three lines.



               Additional references:

  1. Credit Suisse Report on Archegos Capital Management

How would you assess your organisation’s ability:

  • To act on known information?
  • To adequately invest in Risk Culture, Experience, Training, Personnel and Technology?
  • To learn from the Past?

How would you assess the ability of your Senior Management to engage, challenge, oversee and escalate?

What about the effectiveness of your Risk Systems?

The 172-page insightful report issued for the Special Committee appointed by Credit Suisse’s Board of Directors and made available to the public, is an invaluable source of information for risk professionals of any organisation to guide their firm to perform a self-assessment and reflect on potential gaps and improvement opportunities on their own risk management framework.


               Additional references:

  1. FSI Insights – Stress-testing banks for climate change: a comparison of practices

The risks posed by Climate Change, whether physical risks (arising from climate change impacts and climate-related hazard) or transition risks (risks associated with transition to a low carbon economy), have again been gaining the attention throughout 2021, some of them materialising in a catastrophic way, through the extreme meteorological events such as wildfires in United States and Australia, records of extreme temperatures, or catastrophic floods in Europe, or raising critical questions in terms of our ability to move away from our dependence to fossil fuels, in a COVID-19 dominated risk environment, driving supply-chain risks around the world. This has been once again been confirmed in this year (2022) edition of the World Economic Forum Top Global Risks report, with climate-related risks dominating the risk landscape across all horizons.

The financial sector has a key role to play in addressing these risks (as well as risk managers of the concerned organisations), and regulatory authorities around the world are increasingly taking action to require stronger preparedness by the financial industry (with, in Europe, the adoption by the European Commission of the Banking Package 2021, and climate-related and environmental risks once again among the priorities of the ECB, for 2022-2024).

Beyond the disclosure aspects (through voluntary and -increasingly- mandatory application of the TCFD framework), authorities started launching stress tests for banks. The challenges raised by these tests as well as details of 3 pilot exercises conducted in The Netherlands, France and United Kingdom are reviewed in this report from the Financial Stability Institute of the Bank for International Settlements, which offers valuable lessons and reflections to incorporate climate risks in a bank’s overall risk management framework.



Additional references:

4. Operational Resilience: the never-ending staircase, an article by David Goodyear, Jimi Hinchliffe, and Andrew Sheen

In this article published in the Institute of Risk Management (IRM)’s Enterprise Risk Magazine, Chapelle’s UK Senior Associates are presenting the key aspects of the final UK regulatory policies published in March 2021 (along with the final version of the BCBS Principles). They present the roadmap for operational resilience that all businesses can benefit from, and detail the ten-step resilience journey, explaining what needs to be ready by March 2022.

The never-ending staircase: a path to operational resilience

Additional references:

  1. ICAAP for operational risk and scenario analysis (webinar replay), by Ariane Chapelle and Giorgia Chillon

During 2021, Chapelle organised several webinars to share insights into risk management topics in high demand amongst our community of risk managers.

Scenario analysis and the Internal Capital Adequacy Assessment Process (ICAAP)’s being two of those, we hosted on November 12th a webinar dedicated to these topics, presenting a step-by-step, transparent, and robust approach to use scenario identification and quantification for the Internal Capital Adequacy Assessment Process.

If you missed it, the replay is available on demand through following page: 

  1. How to Set Up a Robust Risk Governance Framework, a blog by Andrew Sheen

Robust risk governance is a key foundation of an effective risk management framework.

In this insightful blog written by Andrew Sheen, our Senior Associate (former UK regulator), you will learn about:
- typical deficiencies observed in risk governance
- useful resources to tap into
- how to validate your risk governance.

  1. GRC system implementation: Buyer Beware, an article by Ariane Chapelle and Jimi Hinchliffe

In this second article published in the IRM’s Enterprise Risk Magazine, Ariane Chapelle and Jimi Hinchliffe provide you with concrete and practical advices for the deployment of a Governance, Risk & Compliance (GRC) system in your organisation.

Organisations sometimes invest considerable time and money to exploit the immense ability of modern GRC systems to replicate what they have been doing in spreadsheets. We have also seen epic failures where organisations have neglected to secure a professional project manager.

Sounds familiar? Discover in our article below the key phases, rules to follow and pitfalls to avoid for such undertaking to be a success.


  1. PECB Certified ORM Training Information Session (webinar replay), by Ariane Chapelle and Elsa Hyseni

2021 was a key year for our training practices, with the signature of a training partnership with PECB to deliver the first-ever ORM certification course.

In October we organised an information session webinar with PECB to introduce the programme, the course content, certification requirements and exam logistics. If you missed it, you can watch the replay on-demand via the following page:

The first edition was delivered in November 2021, with next online sessions planned in March, June and September 2022 (in English) and May 2022 (in French).

The whole list of sessions is available when clicking our Training page.

In case of additional questions, please do not hesitate to contact us at

Additional references:

  1. “Don’t Tell the Regulators”, a blog series by Andrew Sheen

As a risk practitioner of a regulated firm, you may one day have the opportunity of meeting the regulator, who will question you to understand the effectiveness of your current Operational Risk Management framework.

There are a number of mistakes to avoid, and in this 10 blog-series, Andrew Sheen makes you benefit of his past experience as a regulator to come back on 10 of them. In each blog, he explains why the mistake is damaging and could lead to regulatory sanctions, a capital add-on and even -in the UK context- a skilled persons review (S166).

Blog 1 – We don’t capture all our key risks

Blog 2 – We use Excel to oversee our risks

Blog 3 – We use scenarios for capital purposes only

Blog 4 – We have an ORM framework but can’t show

Blog 5 – We didn’t read…

Blog 6 – I’m an SMCR but don’t know what that means

Blog 7 – We don’t have clear roles/responsibilities

Blog 8 – Operational resilience expectations are met

Blog 9 – The pandemic shows my operational resilience framework is fine

Blog 10 – There aren’t any biscuits

  1. Chapelle awarded Best Risk Management Advisory & Training Firm, EU at Finance Awards 2020

On top of the pleasure we have on a daily basis sharing our experience, solving our clients’ most pressing challenges and training them so we can together contribute to making risk management more valuable and accepted as enabler of performance, the recognition of our work is also a huge driver of our work.

Building up on a prior recognition of our firm at OpRisk Awards 2019 for “Outstanding achievement of the year”, we were thrilled to share with our community a new recognition as “Best Risk Management Advisory & Training Firm, EU” at Finance Awards 2020. According to SME news, “the (our) firm has been able to differentiate itself from the rest and rise to the forefront of the industry, thanks to its (our) values and training capabilities”.

On behalf of the whole Chapelle team, thank you for being so numerous to read us, support our work and advocate with us the best practices of risk management!

Finance-Awards-Buildings & Chapelle