Browser issue

It looks like the browser you're using doesn’t work well with our website. For a better experience, please update to the latest version of Chrome, Edge, Firefox or Safari.

Thematic reviews

Thematic review on risk management

We completed a thematic review to understand deposit takers' risk management practices.

Published:
Last updated:

Thematic report

This report presents the key findings from our review and sets out our expectations and recommendations, including what we consider essential for promoting effective risk management in the sector.

Thematic Review on Risk Management

PDF | 401KB

About the review 

The review covered 9 deposit takers of varying sizes and business models, with the objective of strengthening sector capability by sharing good practices and identifying areas for improvement. 

We focused on 3 key pillars of sound risk management: the Risk Management Framework (RMF), governance and oversight, and the risk management function. Risk culture was outside the scope, but it remains critical for driving accountability, informed decision-making, and embedding risk awareness across entities. 

Overall, we found that risk management practices were largely proportionate to entity size and complexity. While most entities are already investing in enhancing their risk management practices, the review found that more needs to be done to uplift capability to meet the Reserve Bank’s expectations.

Recommendations

We identified the following key recommendations to support sound risk management, and we expect all deposit takers to follow them in line with their scale, complexity, and risk profile.

  • Maintain a comprehensive, fit-for-purpose and forward-looking RMF.
  • Ensure the Risk Management Strategy and Risk Appetite Statement are clearly defined and well-aligned.
  • Identify and assess risks proactively.
  • Ensure robust assessment and oversight of mitigation strategies and controls.
  • Continuously monitor and provide timely risk reporting.
  • Ensure strong risk governance and oversight.
  • Maintain an independent and appropriately resourced risk function.
  • Maintain a strong risk-aware culture with a focus on continuous improvement.

More details on the above recommendations and our expectations can be found in the report.

Next steps


Participating entities

Participating entities must review specific feedback provided and develop action plans to appropriately address identified weaknesses.

All deposit takers

All deposit takers must undertake a self-assessment against the expectations, findings, good practices, and recommendations outlined in the thematic report, and take appropriate actions based on their size, nature, and the complexity of their operations. They should be prepared to discuss any shortfalls identified and their remediation plans with supervisors.

Other RBNZ-regulated entities

Although we focused on deposit takers, the findings are relevant to all RBNZ-regulated entities. We encourage all entities to consider the insights and adopt relevant recommendations to strengthen their risk management practices.

Policy development

Findings have informed the draft guidance accompanying the Risk Management Standard under the Deposit Takers Act 2023. Exposure drafts of the standard and accompanying guidance will be released in February 2026, and we encourage deposit takers to provide feedback.

Our next Thematic Review will focus on risk management practices in the general insurance sector.