Implementing Enterprise Risk Management (ERM) in financial institutions

Banking is the business of risk management. How you effectively identify and manage risk, price your products and services in relation to that risk, and provide oversight to your operations determines whether your institution is successful long term or not. Enterprise risk management (ERM) is a relatively new term but the concept and the principles have been in place for many years. It has just become more of a focus for examiners and financial institutions due to the level of institution failures and other losses incurred during the recent economic crisis. The various regulatory agencies; Office of the Comptroller of the Currency, Federal Deposit Insurance Corporation, and the National Credit Union Administration all completed Material Loss Reviews or studies of why banks or credit unions failed. Some of the common findings from these studies were that failed institutions often had:

  • Inadequate risk management policies and procedures in place or the policies and controls were adequate but, were often overridden by management in the pursuit of excessive growth and or profit;
  • Board of Director oversight was insufficient because the Board either didn’t have the experience or expertise to properly carry out their fiduciary duties and or the right information to evaluate the inherent risk in the institution;
  • Incentive compensation and reward systems motivated the wrong behaviors as they often failed to consider the proper balance between growth, profit, and risk over the long term; and,
  • Management and the Board of Directors failed to properly assess the effect of outside threats in a timely manner such as the weakening of local and national economic conditions and real estate markets and adjust the institution’s risk management policies appropriately.

The importance of ERM is heighted by the 1) increasing level of cyber and phishing attacks on banks and credit unions where the goal is to obtain unauthorized access to customer or member private information or assets, 2) continued downward pressure on net interest margins putting stress on net earnings and the formation of capital, 3) the Increasing level of competition as more non-depository institutions are offering loans or other products and technology is allowing institutions to expand their geographic footprint without adding a physical presence, and the 4) the economic recovery has been slow. Add to this a regulatory environment which is continuously evolving and considered by many to be overly burdensome.

ERM is the framework and processes used by institutions to manage risk and evaluate opportunities that may help the institution achieve its long term strategic objectives. In ERM an institution:

  • Identifies events or circumstances relevant to the institution’s long-term objectives;
  • Assesses these events or circumstances in terms of likelihood and level of impact;
  • Prepares an appropriate response strategy (how can you mitigate the potential risks involved and increase the likelihood of success); and
  • Continuously monitor whether the intended controls, policies, and processes are working as intended and adequately designed.

By implementing an effective ERM function, institutions protect and create value for their stakeholders including; shareholders, employees, and your customer or member base. It can also enhance your relationship with regulators. The focus of safety and soundness exams is to evaluate an institutions ability to identify, evaluate, and manage risk. Having a comprehensive ERM process should improve the likelihood of your having a successful regulatory exam.

The keys to implementing ERM include:

  • Use a continuous versus static process. Your ERM committee should meet monthly or at least quarterly to update your ERM plan and evaluate the potential benefits, risks, policies, and internal controls of any new venture such as the launching of a new product or service, the opening of a new branch, or the implementation of a new technology before these venture are effective or are implemented;
  • Ensure that the ERM committee includes members from all key functions of the institution and senior level management. This is one of the most critical functions of your institution and the members of your ERM committee should reflect that;
  • Involve your Board of Directors in the process; and,
  • Link the ERM process with your capital planning and strategic planning processes as all three of these processes are interrelated.

ERM is an effective tool that will assist your financial institutions in managing risk and helping establish the overall risk culture for your institution.