INSIGHTS for Financial Institutions Winter 2015 | Page 4
ERM for Financial Institutions
Mitigating Risk Amid Regulatory Pressures
and Requirements
Financial institutions are in an environment
of increasing regulation, such as oversight
from the U.S. Consumer Financial Protection
Bureau and other regulators, as well as new
capital requirements, stress testing and
additional obligations. Consequently, they must
understand their risks. For these organizations
to gain a better perspective of their risks and
define ongoing strategies to address their
unique challenges, implementing an Enterprise
Risk Management (ERM) program is a significant
step toward staying ahead of the game.
an approach that will fit with the long-term
goals of the institution.
ERM can also help financial institutions navigate
and assess their strategy, and make sure that
they understand what potentially may impact
their strategy, both negatively and positively.
ERM puts all of that into one bucket and
really helps a bank or any financial institution
understand the risk certain strategies may have
on the business.
Do
you
have
a
good
organizational
structure
in
place?
By understanding the
foundation and structure
of the organization,
we can help build an
ideal vision of what the
organization’s
ERM
could look like. We can
incorporate ideas they
have as well as provide
some examples of what
we have seen at other
financial institutions. It is
important to understand
how the departments
communicate with each
other as well as what
the reporting structure
looks like so we can
help build a long lasting
What are the first steps to building an
ERM program? The first step is to determine
the structure of the ERM program – who
reports to whom, what kind of structure does
the organization want? There are all kinds of
different structures for putting an ERM program
in place. Do you want individual teams? Do
you want facilitated or individual meetings? It
depends on the type of organization.
What is needed to implement a successful
ERM program? Essentially, the only thing
financial institutions need to begin an ERM
program is the commitment of the management
team and board. If the management team is not
supportive of putting an ERM program in place,
it will be a struggle to integrate ERM and to
maximize the benefit of such a program.
We do not require organizations to have any
plans – we do not even require a deadline or
timeline. As long as they have a commitment to
do it, we can work with the team to customize
INSIGHTS for Financial Institutions
3
program. We work with management to define
the timeline and help everyone see the vision of
the program.
tasks to think about risk and how it affects
various aspects of the organization.
By far the biggest benefit was they finally
What follows those initial steps? Once understood what different parts of the bank
the foundation of the program is built, we were doing and how different risks managed by
begin discussions to determine the risks of different departments can impact the bank as a
the organization. Typically, we will look at key whole. ERM really helped them understand the
players from different areas in the organization different parts of the organization better, which
to understand what risks they
is a big part of ERM – making
face in each of their areas While they are not sure you really understand your
and what they do to mitigate required to have an organization and everything that
risks they currently face. We ERM program, a smaller plays into it.
do this for every area within
organization decided it What are some of the obstacles
the organization. In a bank,
for example, we identify risk would be a good benefit and pitfalls of implementing an
within
each
department, for them. Now, for ERM program? In developing
from lending to back office
everybody who works an ERM program, some
operations, including process
organizations design a process
and
strategic,
external at that bank, it is simply that becomes a burdensome
and internal. Once those a part of their daily exercise. That is typically where
are established, additional tasks to think about ERM programs fail. You need
meetings with management
to make sure everybody is on
are held to rate the risks and risk and how it affects board – make sure the board and
further determine which risks various aspects of the management have an invested
are considered significant as a organization.
interest, make sure your staff
group. It is important to build a
buys in. Build a program that
framework that not only identifies the risks but enhances daily operations. ERM is not a onealso considers strategies to mitigate them.
time project, it’s an ongoing mindset and it
has to become part of management of the
What’s one example of a company that organization. Continuously and over time, it has
was successful in implementing an ERM to become part of everyday tasks and strategy.
program? There was one smaller organization
that sat down and decided while they are not Are there any final points readers should
required to have an ERM program, it would know about ERM for financial institutions?
be a good benefit for them. The board and An important step within the ERM program is
management team developed an initiative that to communicate and “socialize” it within the
resulted in enhanced management meetings. organization so that you’re not just going through
They have established what they consider to the motions. Emphasizing and communicating
be their significant risks and monitor how those your ERM strategy and program to your board
risks can impact the bank, including positive and your employees is a significant part of the
and negative impacts. The result: a successful process. Without effective communication,
ERM program. Now, for everybody who works program implementation will not be successful.
at that bank, it is simply a part of their daily
4
bswllc.com