Key Risk Indicators & Key Performance Indicators: Is the Difference Important?
Author: Michael Cohn
What’s the difference between a Key Risk Indicator (KRI) and a Key Performance Indicator (KPI)?
We get this question all the time! Examiners are also starting to hone in on this, telling us it warrants our attention. In short:
- A Key Performance Indicator (KPI) is a backward-looking indicator, and
- A Key Risk Indicator (KRI) is a forward-looking indicator.
One tracks how well you did, and the other attempts to predict where you are going.
Step 1: Don’t Get Bogged Down with Definitions (Yet!)
Are you in the early stages of setting up risk indicators for your monitoring activities and risk appetite statement? If so, getting your monitoring tasks up and working in a useful way should be your top priority. As a result, it’s not worth getting bogged down in the difference between backward and forward-looking just yet.
In other words, having some monitoring program in place is your best first step. Then, you can focus on whether you are perfectly classifying all risk indicators as forward-looking or backward-looking. That said, it is essential from a regulatory perspective. It’s also just good business practice to be able to track risks from both perspectives. You’ll eventually want to get to this level of maturity.
Key Performance Indicators for Banks & Credit Unions
The challenge we keep hearing about is identifying and tracking a forward-looking key risk indicator. For most of us, identifying KPIs is relatively straightforward. These typically outline how well we have done a particular task by measuring the outcome.
Key Performance Indicator Examples:
- Ratios of delinquent loans/total loans,
- Delinquent loans/assets, or
- Net charge offs/average loans.
If we approved better quality loans, these ratios would be favorable. Simple, right? Now, let’s look at forward-looking indicators.
Key Risk Indicators: Predicting Future Performance
Want to turn the table and look forward or uncover emerging risk? Start by thinking about what would trigger negative performance in the future. Then, following the lending example above, how can we attempt to predict delinquent or charged-off loans? At a high level, if we diversify our lending and keep to our sound lending policies, we can reduce negative results.
Types of Key Risk Indicators:
To predict emerging risk, we can track:
- Loan concentrations,
- Underwriting trends, or
- Loan Policy exception rates.
You most likely monitor these already; they’re just not thought of as forward-looking. But they are in the sense that they help us predict unfavorable results. So, for example, if we violate our underwriting principles, we can expect to experience delinquencies in the future.
IT Key Risk Indicators
We can apply the same logic to other areas. Consider information technology. It may be helpful to detect emerging risk by monitoring:
- Application patch latency,
- Number of successful and unsuccessful logins,
- # of viruses blocked,
- Number of SPAM emails blocked, system usage time of day logins, and
- # phishing attempts.
The list can go on, but you get the point. We can all agree that a move in these activities could very well predict some nefarious activity is on the way.
Risk Monitoring Goals:
There are many more forward-looking Key Risk Indicators out there. The goal here is to help you identify which is which and possibly get you thinking about some new activities you have not monitored before. So keep driving your risk management program. Keep remembering to look in the rearview mirror for lessons learned, but keep your eyes out ahead of you as well.
Knowing where you are going is the best way to ensure your risk management activities align with strategic objectives. Happy monitoring!!
Originally published on 8/30/18 by Michael Cohn. Updated on 1/10/22
Frequently Asked Questions About KRIs & KPIs
How do organizations determine the thresholds or benchmarks for Key Risk Indicators (KRIs) and Key Performance Indicators (KPIs)?
Determining the thresholds or benchmarks for Key Risk Indicators (KRIs) and Key Performance Indicators (KPIs) typically involves a combination of factors. Organizations often consider historical performance data, industry best practices, regulatory requirements, and strategic objectives. The thresholds are often set based on the organization’s risk appetite and tolerance levels, which may vary depending on the nature of the business and its objectives.
Are there any specific regulatory guidelines or industry standards that prescribe the types of KRIs and KPIs financial institutions should track?
Regulatory guidelines and industry standards play a significant role in shaping the types of KRIs and KPIs that financial institutions should track. Regulatory bodies such as banking authorities often provide guidance on risk management practices and may specify certain indicators that institutions must monitor to ensure compliance with regulations. Additionally, industry associations and standards-setting bodies may offer frameworks and recommendations for KRI and KPI selection based on best practices and emerging trends in risk management.
What are some common challenges that organizations face when attempting to implement forward-looking KRIs, and what strategies can they employ to overcome these challenges?
Implementing forward-looking KRIs can pose several challenges for organizations. One common challenge is defining and identifying KRIs that effectively predict future performance and mitigate emerging risks. Organizations may struggle to determine which leading indicators are most relevant to their specific business context and objectives. Additionally, obtaining timely and accurate data for forward-looking indicators can be a logistical challenge, especially for complex risk factors. To overcome these challenges, organizations can engage in comprehensive risk assessment processes, leverage technology solutions for data analytics and monitoring, and continuously refine their KRI frameworks based on evolving risk landscapes and organizational priorities.