Key Risk Indicators & Key Performance Indicators: Is the Difference Important?
Author: Michael Cohn
What’s the difference between a Key Risk Indicator (KRI) and a Key Performance Indicator (KPI)?
We get this question all the time! Examiners are also starting to hone in on this, telling us it warrants our attention. In short:
- A Key Performance Indicator (KPI) is a backward-looking indicator, and
- A Key Risk Indicator (KRI) is a forward-looking indicator.
One tracks how well you did, and the other attempts to predict where you are going.
Step 1: Don’t Get Bogged Down with Definitions (Yet!)
Are you in the early stages of setting up risk indicators for your monitoring activities and risk appetite statement? If so, getting your monitoring tasks up and working in a useful way should be your top priority. As a result, it’s not worth getting bogged down in the difference between backward and forward-looking just yet.
In other words, having some monitoring program in place is your best first step. Then, you can focus on whether you are perfectly classifying all risk indicators as forward-looking or backward-looking. That said, it is essential from a regulatory perspective. It’s also just good business practice to be able to track risks from both perspectives. You’ll eventually want to get to this level of maturity.
Key Performance Indicators for Banks & Credit Unions
The challenge we keep hearing about is identifying and tracking a forward-looking key risk indicator. For most of us, identifying KPIs is relatively straightforward. These typically outline how well we have done a particular task by measuring the outcome.
Key Performance Indicator Examples:
- Ratios of delinquent loans/total loans,
- Delinquent loans/assets, or
- Net charge offs/average loans.
If we approved better quality loans, these ratios would be favorable. Simple, right? Now, let’s look at forward-looking indicators.
Key Risk Indicators: Predicting Future Performance
Want to turn the table and look forward or uncover emerging risk? Start by thinking about what would trigger negative performance in the future. Then, following the lending example above, how can we attempt to predict delinquent or charged-off loans? At a high level, if we diversify our lending and keep to our sound lending policies, we can reduce negative results.
Types of Key Risk Indicators:
To predict emerging risk, we can track:
- Loan concentrations,
- Underwriting trends, or
- Loan Policy exception rates.
You most likely monitor these already; they’re just not thought of as forward-looking. But they are in the sense that they help us predict unfavorable results. So, for example, if we violate our underwriting principles, we can expect to experience delinquencies in the future.
IT Key Risk Indicators
We can apply the same logic to other areas. Consider information technology. It may be helpful to detect emerging risk by monitoring:
- Application patch latency,
- Number of successful and unsuccessful logins,
- # of viruses blocked,
- Number of SPAM emails blocked, system usage time of day logins, and
- # phishing attempts.
The list can go on, but you get the point. We can all agree that a move in these activities could very well predict some nefarious activity is on the way.
Risk Monitoring Goals:
There are many more forward-looking Key Risk Indicators out there. The goal here is to help you identify which is which and possibly get you thinking about some new activities you have not monitored before. So keep driving your risk management program. Keep remembering to look in the rearview mirror for lessons learned, but keep your eyes out ahead of you as well.
Knowing where you are going is the best way to ensure your risk management activities align with strategic objectives. Happy monitoring!!
Originally published on 8/30/18 by Michael Cohn. Updated on 1/10/22