Whether it’s explicit or not, every business has a risk appetite. But what is it, who determines it, and who is responsible for putting it into practice? Let’s find out.
Businesses make decisions every day that could have serious implications for the company and its future. From agreeing to a huge liability cap in a contract, to transferring cash reserves into a particular currency, all the way down to smaller agreements with suppliers - it can all create risk.
Risk appetite is therefore a key concept in safeguarding the company as it grows and becomes ever more complex. Let’s think about what it means.
What is risk appetite? Definition and meaning
Risk appetite means the amount of risk a company is willing to accept, in order to pursue its objectives, without taking action to reduce that risk.
Evaluating your risk appetite means balancing the negative outcomes that might follow if the risk in question comes to pass, versus the positive outcome that might be delivered if you go ahead.
Understood this way, risk appetite is simply a mechanism that the business, led by its Board, can use to help guide consistent and sensible decision-making. In a given situation, decision-makers throughout the business should be able to act in accordance with the company’s risk appetite, without needing to seek guidance every time.
Who determines risk appetite?
“The executive team should define the risk appetite for different areas of the business (legal, finance, operational etc.) and recommend them to the Board, who is responsible for setting risk appetite, so the Board will review and, if satisfied, approve them,” according to James Sullivan, GC and COO at Ziglu.
Kate Jones, Lead Legal Counsel at 11FS, agrees that while risk appetite affects almost everyone in the business, deciding it sits at a senior level: “it should be the Executives, the Board and Risk & Legal determining the general policy and overall level of risk appetite - and then business leads further down would know where they are in relation to it. If they want to move outside it, they’ll seek approval from leadership.”
“The executive team should define the risk appetite for different areas of the business" - James Sullivan, GC and COO, Ziglu
How to determine risk appetite
The level of risk appetite that a company is comfortable with will depend on a range of factors, including:
- Company size: what’s the headcount and revenue?
- Company stage: is this an early-stage, mid-market or enterprise business?
- Industry: is the company’s vertical heavily regulated, for example?
Based on this, the company will need to decide level one risks, level two risks, and so on. It might be that financial risk is the biggest area of concern for the business in question, and this trumps other risk areas (like strategic risk, legal risk and so on) when push comes to shove. Or conversely, other risk areas might be prioritized as level one.
What’s the legal team’s role in risk appetite?
As key risk guardians for the business, lawyers need a good understanding of how they would reflect the company’s risk appetite in the decisions they make and advice they provide to colleagues.
James Sullivan explains: “let’s say you’re involved in a significant contract - lawyers often focus on issues like addressing uncapped liability, providing more flexibility in terms of termination, removing autorenewal provisions, and so on, which are all necessary, of course. But it’s often more complex - lawyers need to think laterally about what exposures the contract could actually have for the business. For example, does it expose the firm to increased credit risk? If one side defaults, would it pose an operational risk? If so, are these types of risk within the risk appetite that has been set by the Board?”
These questions are more difficult to bottom out, with shades of grey and assumptions to be challenged. However, “they give you more room to be impactful and strategic as a GC, rather than focusing on granular issues that might make lawyers feel like they have done their job short-term but could be less impactful long-term from a risk perspective.”
“It’s our job to be a bridge between the business and the Executive team - translating the overall business risk appetite and helping to apply it to specific situations" - Kate Jones, Lead Legal Counsel, 11FS
Enabling the business - safely
Legal teams can unfairly be pigeonholed as the ‘department of no’, but it’s part of legal’s remit to be the voice of common sense. “As an in-house lawyer, you should start with yes - if you can make it work, within the agreed risk appetite, then you should. Sometimes on paper a risk looks big, but when you drill down it’s much more acceptable,” says Kate Jones.
“It’s our job to be a bridge between the business and the Executive team - translating the overall business risk appetite and helping to apply it to specific situations, applying common sense and logic to the risk-reward balance. Similarly legal should help to steer the Executive team in the direction of the route they should go down.”
Misalignment in the business about risk appetite is a common problem to avoid, according to Juro's GC, Michael Haynes: "Misalignment comes from two places - (i) misalignment on assessment of the size of the risk or the reward; or (ii) misalignment or disagreement about the company's tolerable risk/reward ratio. Misalignment means either that the company takes disproportionate risks that threaten longer-term shareholder value, or that the company doesn't take enough risks, stifling growth."
Does risk appetite change over time?
Yes. If a company’s risk appetite depends on certain characteristics - size, stage, regulation - then it makes sense that its risk appetite will change when these characteristics change too.
Early-stage businesses tend to have quite low risk appetites but are high risk-takers. As companies mature they can start thinking about taking more risk in certain areas, but risk appetites in general tend to be low - particularly in areas like contract risk, financial risk, legal risk, regulatory risk and so on.
Strategic risk might be the exception, with companies prepared to make bold decisions around things like product, in pursuit of growth.
Similarly, as the business grows, although it might consider its risk appetite to have decreased, it’s likely that its risk exposure has increased significantly, simply because it has agreed more contracts, undertaken more projects, and so on - creating bigger risk exposure for the company.
How can I find out more about my company’s risk appetite?
If you’re seeking general information about risk, risk appetite, and how to operationalize it at your company, visit:
If you’re an in-house lawyer looking for peer-to-peer advice on risk appetite and your role in managing it, then apply to join Juro’s private community for in-house lawyers.