# Definitions #### 1. Formal Definition of NRM **1.1 Core Definition (Normative and Operational)** **Normative definition** > **Nexus Risk Management (NRM)** is a federated, standards-based risk management architecture that: > > * Integrates existing risk frameworks across domains and scales; > * Operates on the Nexus Rail and UNOSINT evidence stack; and > * Explicitly combines human, machine, and nature intelligence > > in order to support **legitimate, accountable, and equitable decisions** about systemic risk, capital allocation, and resilience. At its core, NRM asserts that: * Risk management at systemic scale is a **shared civic function**, not merely a private, firm-level activity. * Risk decisions that materially affect ecosystems, communities, and future generations **must** be: * Evidenced in transparent and contestable ways, * Governed by clear mandates and safeguards, * Linked to capital and policy instruments that follow agreed rules. **Operational definition** Operationally, a risk management process, system, or programme shall be considered **NRM-conformant** when: 1. It is deployed on, or interoperable with, the **Nexus Rail**, using: * Approved Nexus ontologies and data models (or mapped equivalents), * UNOSINT-based Assurance & Evidence Packs (AEPs) as primary external evidence artifacts. 2. It uses **NRM Profiles** as the reference frame for: * Scenario design and analysis, * Trigger and rulebook specifications, * Documentation of assumptions, uncertainties, and distributional impacts. 3. It is subject to the **governance, conformance, and oversight** mechanisms specified under GRF and GCRI for NRM, including: * Evidence Quality Levels (EQL), * Conformance Levels (CL), * Contestation, grievance, and meta-governance procedures. 4. It recognises and, where applicable, incorporates: * **Human and institutional intelligence** (expert judgement, institutional positions), * **Indigenous, local, and community knowledge**, with appropriate rights and safeguards, * **AI and simulation outputs**, governed under NRM’s model governance rules, * **Earth system and ecological signals** as first-class inputs for relevant risk domains. Anything that does not meet these criteria may be inspired by NRM concepts but **shall not be described** as “NRM-conformant” or “Nexus Risk Management”. *** **1.2 NRM vs ERM, DRM, DRF, and Other Regimes** NRM is intended to **integrate and extend**, not supplant, existing regimes. Key distinctions and relationships: * **ERM (Enterprise Risk Management)** * Scope: Risk to a firm or portfolio, typically within a regulatory and ownership perimeter. * NRM relationship: * ERM remains the **internal risk discipline**. * NRM provides the **external systemic rail** that ERM plugs into, enabling: * Access to shared evidence (AEPs), * Alignment with cross-sector scenarios, * Participation in NRM-based capital and policy programmes. * **DRM (Disaster Risk Management)** * Scope: Hazards, exposure, and vulnerability, primarily in a civil protection and DRR context. * NRM relationship: * DRM frameworks (e.g., Sendai) are **embedded as domain modules** in NRM ontologies and profiles. * NRM adds: * Financial and systemic dimensions, * Integration with ERM and capital markets, * Earth system and social-justice framing. * **DRF (Disaster Risk Financing)** * Scope: Financial instruments and strategies to manage contingent liabilities from disasters. * NRM relationship: * DRF instruments (e.g., parametric facilities, contingency credit, insurance) are **designed and operated** on NRM evidence and profiles via GRA. * NRM ensures: * Consistency of trigger logic with multi-domain evidence, * Transparency of assumptions and distributional implications. * **Sectoral risk regimes** (e.g., cyber frameworks, health security, infrastructure safety) * Scope: Sector-specific practices and standards (NIST, ISO/IEC, health security, safety engineering). * NRM relationship: * Sectoral regimes are expressed as **NRM domain modules** and NRM Profiles, allowing: * Cross-sector alignment, * Joint scenarios, * Integration with finance and policy tools. * **ESG / sustainability frameworks** * Scope: Reporting and management of environmental, social, governance factors. * NRM relationship: * NRM provides a **risk-centric, systemic infrastructure** that can underpin or enrich ESG assessments, particularly for climate, nature, and social risk. In summary, NRM is best understood as a **meta-architecture**: it does not replace ERM, DRM, DRF, or sectoral standards, but **binds them together** on a common rail. *** **1.3 In-Scope vs Out-of-Scope Domains and Decisions** **In-scope domains** NRM explicitly covers: * **Physical and environmental risk**: climate, water, ecosystems, biodiversity, pollution, land-use. * **Biological and health risk**: epidemics/pandemics, biosecurity, food security, One Health interfaces. * **Cyber and digital risk**: cyber-physical systems, cloud and platform dependencies, digital infrastructure resilience. * **Financial and macro risk**: credit, market, liquidity, systemic financial risk, macroeconomic stress, capital flows. * **Infrastructure and industrial risk**: energy, water, transport, logistics, telecoms, manufacturing, industrial safety. * **Social and political risk**: conflict, instability, governance fragility, social cohesion, information ecosystem risk. * **Cross-cutting systemic risk**: cascading failures and multi-hazard interactions across the above. **In-scope decisions** Decisions are in scope when they: * Have **material systemic implications** (cross-sector, cross-border, cross-community), and/or * Involve **shared or public resources** (public budgets, sovereign balance sheets, critical infrastructure, shared ecosystems), and/or * Depend on or significantly affect **Earth system trajectories** or **intergenerational outcomes**. Examples: * Design and governance of sovereign risk finance facilities, * Regulatory standards that affect systemic resilience (e.g., banking, insurance, utility regulation), * Large-scale infrastructure and adaptation investments, * Major corporate risk strategies with systemic externalities, * Multi-party disaster preparedness and response plans. **Out-of-scope (for NRM as such)** NRM does not attempt to: * Govern **purely internal, low-impact risk decisions** that do not interact with systemic domains (e.g., small operational issues entirely contained within a firm). * Replace **clinical or individual-level risk decisions** (e.g., individual medical diagnosis, individual credit scoring), though those may be informed indirectly by NRM outputs. * Dictate **political choices** (e.g., tax rates, detailed distribution of public spending). NRM provides structured evidence, but the **political decision** remains outside NRM’s mandate. Boundaries are intentionally porous: institutions may choose to bring additional decisions into NRM processes where this improves transparency, coordination, or legitimacy. *** #### 2. NRM Conceptual Model **2.1 Enterprise-Centric Risk vs Systemic and Planetary Risks** The NRM conceptual model starts from a distinction: * **Enterprise-centric risk** * Defined relative to the balance sheet, P\&L, and strategic objectives of a single entity or portfolio. * Managed via ERM, capital planning, and internal controls. * **Systemic and planetary risks** * Defined relative to the behaviour of coupled systems: * Earth system (climate, biosphere, water, etc.), * Socioeconomic systems (economy, politics, institutions), * Infrastructural and digital systems (energy, digital, logistics), * Community and cultural systems. * Managed via public policy, global frameworks, collective action, and shared infrastructure. Most real-world risk is **jointly enterprise and systemic**. The NRM model: * Treats enterprise-centric risk as a **projection** of systemic and planetary risk onto specific actors, * Models how **behaviour of enterprises** (and other actors) feeds back into systemic risk (e.g., emissions, investment decisions, infrastructure operations), * Provides a common representation where **both levels can be seen together** and co-optimised (e.g., firm resilience + system resilience). *** **2.2 “ERM Inside, NRM Outside” – Relationship and Interfaces** The phrase **“ERM inside, NRM outside”** captures a key design pattern: * Inside the enterprise: * ERM frameworks, models, and governance remain in place. * NRM does not dictate internal organisational structures. * At the interface: * ERM systems expose selected data, scenarios, and risk metrics to the Nexus Rail (subject to confidentiality and sovereignty controls). * ERM consumes NRM AEPs, Profiles, and scenarios as **structured external intelligence**. * Outside the enterprise: * NRM coordinates shared views of systemic risk, cross-actor scenarios, and joint programmes. * NRM’s governance layer (GRF, RNCs, NCCs, community/Indigenous councils) convenes and arbitrates cross-actor risk processes. Technically, this interface is implemented via: * **Connectors/APIs** between ERM systems and Nexus Rail, * **NRM Profiles** that define how internal models and external evidence align, * **Data abstraction layers** that allow aggregated or anonymised exposure views without sharing raw sensitive data. Organisationally, the interface is implemented via: * **Participation in NRM consortia**, working groups, and simulations, * **Risk Academy training**, to build shared language and methods, * **Formal agreements** (e.g., MoUs, facility contracts) that specify obligations and rights. *** **2.3 Human–Machine–Nature Intelligence as First-Class Design Constraint** NRM explicitly treats the integration of **human, machine, and nature intelligence** as a **first-class design constraint**, not an afterthought: * **Human and institutional intelligence** * NRM workflows shall always include: * Human review and sign-off, * Institutional deliberation for high-stakes decisions, * Documentation of rationales and dissent. * Expert and institutional positions are represented as **objects in the ontology and evidence packs**. * **Machine intelligence** * AI models, scoring engines, and simulations: * Are instrumented with **model cards, limitations, and validation results**, * Operate within human-in-the-loop workflows, * Are subject to NRM’s AI governance (audit, robustness, drift monitoring, alignment constraints). * **Nature intelligence** * Earth system and ecological signals: * Are treated as **primary information channels** (e.g., climatic, hydrological, ecological indicators), * Are incorporated into AEPs and Profiles with appropriate scientific traceability, * Act as constraints (e.g., planetary boundaries) on risk appetites and strategies in relevant domains. The architecture, governance, and standards of NRM are all designed so that **none of these forms of intelligence can silently dominate**: * Human/institutional: to avoid purely political or arbitrary risk framing, * Machine: to avoid opaque algorithmic dominance or misalignment, * Nature: to avoid reduction of complex ecosystems to simplistic metrics without contextual interpretation. *** #### 3. NRM Use-Case Taxonomy NRM is intended to be applied across multiple domains and actor types. The following taxonomy is illustrative, not exhaustive. **3.1 Sovereign and Sub-Sovereign Risk (Finance, Fiscal, DRR)** Use cases include: * Design and operation of **sovereign and regional risk finance facilities** (e.g., parametric catastrophe facilities, contingent credit lines). * Support for **medium-term fiscal frameworks** that incorporate climate, disaster, and systemic risk. * Integrated **national risk assessments** and **DRR strategies** that connect physical risk, fiscal risk, and social vulnerability. * **Multi-hazard early action** frameworks that translate NRM evidence into pre-agreed actions and financing. NRM provides: * Shared scenarios and AEPs for hazards, exposure, vulnerability, capacity, and macro-fiscal impacts, * Standardised NRM Profiles for sovereign risk finance programmes, * Governance architectures for multi-ministry, multi-stakeholder coordination. *** **3.2 Financial Sector (Banking, Insurance, Asset Management)** Use cases include: * **Systemic stress testing** that integrates climate, health, cyber, and infrastructure scenarios, * **Portfolio-level risk and impact analysis** for bank, insurance, and asset management portfolios, * Design of **NRM-based insurance and reinsurance structures**, including parametric products and resilience bonds, * Integration of **NRM metrics into prudential regulation**, recovery and resolution planning, and macroprudential policy. NRM provides: * Federated, explainable risk indicators and scenarios, * NRM Profiles that link financial risk instruments to multi-domain evidence, * Mechanisms for aggregating and anonymising exposures for systemic analysis. *** **3.3 Critical Infrastructure (Energy, Water, Transport, Digital, Health)** Use cases include: * Joint risk assessments and scenario planning across infrastructure operators, regulators, and emergency management agencies, * NRM Profiles for **grid stress, drought and water systems, transport chokepoints, digital infrastructure outages, and health system capacity**, * Design of **resilience investment programmes**, including cost sharing and risk-sharing mechanisms. NRM provides: * Cross-infrastructure dependency models, * Interfaces for secure sharing of aggregated operational data, * AEPs that link engineering risk analyses to broader systemic and social impacts. *** **3.4 Corporate and Supply Chain Risk** Use cases include: * Mapping of **supply chain exposures** to climate, geopolitical, health, and infrastructure risks via NRM, * Corporate **systemic risk dashboards** that integrate ERM outputs with Nexus Rail evidence, * NRM-informed decisions on **capital expenditure, location choices, supplier diversification**, and **transition planning**. NRM provides: * Sectoral and regional AEPs that firms can overlay on their supply networks, * Profiles that translate systemic risk views into concrete performance and loss metrics relevant to corporate decision-making. *** **3.5 Community and Indigenous Risk Governance** Use cases include: * **Community-led risk observatories**, contributing to UNOSINT under data sovereignty agreements, * Co-design of **local early warning and early action plans**, with associated NRM Profiles, * Indigenous and community participation in: * NRM governance boards, * Model and ontology review, * Evaluation of NRM-driven programmes. NRM provides: * Formal roles, rights, and interfaces for communities and Indigenous nations, * Evidence structures that can incorporate local indicators, narratives, and priorities, * Mechanisms for articulating **community-defined risk and resilience metrics** within broader systemic frameworks. *** #### 4. NRM Profiles **4.1 Concept of an NRM Profile** An **NRM Profile** is a structured specification that defines **how NRM is applied to a particular domain, question, or programme**. Examples: * **NRM-Climate-Finance-Sovereign** – profiles for sovereign climate-related risk finance facilities, * **NRM-Pandemic-Health-System** – profiles for health system stress and pandemic scenarios, * **NRM-Cyber-Critical-Infrastructure** – profiles for cyber risk to infrastructure networks, * **NRM-Heat-Urban-Grid** – profiles for urban heat and electricity system interactions. Conceptually, each NRM Profile: * Declares its **scope and use cases**, * Specifies the **data, models, and standards** it draws on, * Sets **minimum evidence and conformance levels**, * Provides **templates for scenarios, triggers, and decisions**. Profiles can be thought of as **ready-to-use “risk lenses”** that actors can adopt, adapt, and combine. *** **4.2 Structure and Metadata of an NRM Profile** An NRM Profile shall at minimum include: 1. **Identity and scope** * Profile identifier and version (e.g., `NRM-Climate-Finance-Sovereign v1.0`), * Domains, sectors, and geographies covered, * Intended uses (e.g., facility design, stress testing, planning). 2. **Standards and frameworks referenced** * Explicit list of relevant standards: * E.g., IPCC scenario types, Sendai hazard codes, Basel stress testing principles, NIST categories. * Mapping notes (how these standards are embedded or interpreted). 3. **Ontology and data specifications** * The subset of Nexus ontology entities and relations used, * Required and optional data fields, * Allowed data sources and provenance requirements. 4. **Models and methods** * Recommended or required models (e.g., climate models, hazard models, macro-fiscal models), * Validation requirements and uncertainty characterisation, * Conditions for using alternative models (and how to document them). 5. **Evidence Quality and Conformance requirements** * Minimum **EQL (Evidence Quality Level)** for AEPs supporting the profile, * Relevant **Conformance Levels (CL)** for participating systems and institutions. 6. **Scenario and trigger templates** * Reference scenarios (e.g., event sets, time horizons, shock structures), * Example triggers and rulebook logic for decisions (e.g., payout conditions, escalation criteria). 7. **Equity and justice considerations** * Required distributional metrics (e.g., impacts on vulnerable groups, regional disparities), * Any specific safeguards or participatory processes required. 8. **Governance and review** * Responsible bodies (under GRF/GCRI) for stewarding the profile, * Review cycles, consultation obligations, and change control procedures. Profiles are machine-readable (for technical implementation) and human-readable (for governance and legal reference). *** **4.3 Relationship Between NRM Profiles and Existing Standards** NRM Profiles are **interfaces between NRM and existing standards/regimes**: * They **embed** existing standards: * A profile might, for instance, specify that: * Hazard representations follow Sendai terminology, * Climate scenarios must map to specific IPCC pathways, * Financial risk calculations align with Basel stress testing principles. * They **extend** existing standards: * By adding: * Cross-domain linkages (e.g., climate → infrastructure → fiscal → social), * Equity and justice metrics, * Human–machine–nature intelligence integration and governance requirements. * They **translate** between standards: * A profile’s ontology and data schemas map multiple standards into a consistent representation, * This allows, for example, a **Basel-style banking stress test** and a **Sendai-style hazard analysis** to coexist and cross-inform each other within one NRM scenario. In governance terms: * GRF and GCRI steward profiles, in dialogue with relevant standard-setting bodies and communities of practice. * GRA uses these profiles to design and operate risk finance and resilience instruments. * Regulators and policy-makers can **adopt specific NRM Profiles** as: * Reference frameworks for regulatory guidance, * Conditions for facility eligibility, * Baselines for systemic stress testing. In practice, adoption of NRM is largely adoption of **concrete NRM Profiles**—which is why their design, documentation, and governance are central to making NRM real. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.therisk.global/organization/standardization/nexus-rail/nexus-based-risk-management-nrm/definitions.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.