The 2008 financial crisis has had a lasting impact on the way financial institutions think about risk. Today, there is a significant push to incorporate enterprise risk management (ERM) capabilities that will not only protect financial providers from potential business-impacting crises, but also shield shareholders, customers, and the industry at large from any ripple effects.
Facing pressure from regulators, board members, and executive leadership, the heads of business continuity and risk departments in firms across the country are now considering how to best make ERM a priority throughout their organizations. Is an ERM program right for your business? Let’s take a brief look at the role that ERM can play in a financial institution and how such a program might work.
Benefits of ERM
When done correctly, ERM can not only help a business stay in compliance but also mitigate loss, support growth, and improve profitability. Implementing an ERM program throughout your organization has the power to create a cultural shift, placing greater emphasis on proactive rather than reactive risk management and long-term rather than short-term success.
An effective program will involve all stakeholders and include tools and processes to educate and incentivize them to strengthen their overall performance and management of risk—not only for their individual success but for the success of the company.
An ERM Framework
Of course, implementing ERM is no small feat. A fully functioning program requires dedicated staff and resources. However, according to risk-management firm McKinsey & Company, the 2008 financial crisis highlighted several key requirements for institutions seeking to better manage risk. These important procedures ideally work together throughout the organization to create a holistic ERM structure.
McKinsey & Company argues that successful ERM requires the following five core capabilities:
1. Risk insight and transparency
This is an ongoing effort to clearly define your organization’s risk/return trade-off to help guide business decisions. Risk transparency should include factors such as market threats, potential operational crises, and legal issues. Ideally, the business should work to be as proactive as possible—instead of looking at current and past risks, it should consider those scenarios that could happen in the future. Here, the business will benefit from closely integrating your risk-management and business-continuity efforts and from using industry best practices that include in-depth stress-testing and rating methodologies.
2. Risk appetite and strategy
Establishing a certain risk appetite and strategy requires leadership to help create a risk-appetite statement, which is then incorporated into every level of the organization. Next, risk-appetite metrics can help you set the strategy, guiding the business as a whole, as well as individual departments, on how to align with the risk-appetite statement.
3. Risk-related decisions and processes
Through a successful ERM program, risk becomes embedded in all levels of the organization and guides the company’s processes and decisions. This includes mergers and acquisitions, compliance and conduct, and people and performance management.
4. Risk organization and governance
This segment involves questioning and identifying where financial responsibility for risk lies, as well as the structure and staffing of the risk organization. Again, true ERM requires dedicated resources. Successful organizations will prioritize risk management by establishing a chief risk officer or similar position, as well as leaders from each department who take ownership of risk.
5. Risk culture and performance transformation
Here, the organization should take steps to introduce programs and initiatives that reinforce a strong risk culture. This is where the ERM program lays out specific actions, identifies team members, and sets milestones to help manage risk, as well as monitor it over time.
Although ERM is a challenging proposition—particularly in the dynamic financial industry—a risk-management program has the potential to truly transform your organization. By better understanding and managing risk, the business can be better prepared for the future and positioned for ongoing success.
How is risk currently managed at your organization? Do you believe that implementing an enterprise risk management framework would truly benefit the business?