Ahraf Khan has released an IMF risk management working paper on "The Role of Nonfinancial Risk Management" in central banking with major references to the ISO 31000 risk management framework.

"ISO 31000 is the general standard for risk management implementation in corporate institutions. Published in 2009 it provides principles and guidelines that institutions can use to design, implement and maintain risk management processes throughout an organization. “Organization” in terms of ISO 31000 is not a limited category, but rather includes “any public, private or community enterprise, association, group or individual.” In that sense, the standard provides a high level overview of what risk management relates to."

Ashraf Khan |IMF

The winning feature of ISO 31000 in this case is how the risk framework leaps beyond a typical risk management silo, how it integrates or allows institutions to "actively manage risks at a central level" rather than departments "taking care" of their own risks, in their own style. This paper explores the use of ISO 31000 and COSO for instilling the process around which nonfinancial risks and overall governance of a central bank can be implemented.

There is a trend in banking, both central banking and more broadly the commercial counterpart for financial institutions to improve their governance structures and some banks are looking closely at ISO 31000 to meet this end. This paper goes a long way to support the cause of ISO 31000 in not just banking but the central bank.

IMF Working Paper on Central Bank Governance | Ashraf Khan [LINK]

A lot of people, even bankers see central banks as a source of risk management expertise but as it happens, these institutions could directly benefit from improving their own internal risk management procedures.

This document extends right out to the edge of failed risk management implications; inferring that poor governance or a lack of internal governance in the central bank could contribute to a disruption of economic stability in the broader economy. While this line of thinking is not supported with data, it is a concern that is worthy of contemplation for central bankers.

Ashraf Khan sees the management of nonfinancial risks as being particularly underdeveloped in central banks which is generally in line with commentary from the post 2008 Global Financial Crisis review that has been carried out by the Bank for International settlements. This paper is an interesting read and it introduces a new central bank hierarchical risk taxonomy that is aligned with other work from the Basel committee but is also contextually relevant to central banks.