What Directors Should Know About Enterprise Risk Management
By Lyn Farrell, Sheshunoff Consulting + Solutions
Federal bank regulators are increasingly emphasizing the importance of “Enterprise Risk Management” for the management and directors of community banks. Enterprise Risk Management or “ERM”, is more than comprehensive than the banking risks that typically comprise risk management programs, such as regulatory compliance, loan review, fraud risk management, internal controls, etc. While traditional risk management continues to be important, if an institution wants to grow in a safe and sound manner, a more holistic view of risk management is necessary.
By identifying and quantifying these high level risks, an institution can establish a mitigation program that will enable it to predict, monitor and contain future risks. This process will help the bank reduce uncertainty and loss in its future performance.
An ERM strategy includes a plan for financial, operational and environmental risks. A bank’s management should take all of these risks into consideration, establish the bank’s risk tolerance in each category and establish a governance and information reporting mechanism that will allow active monitoring of these risks on an ongoing basis.
There are several types of risks to consider in a bank’s ERM program, including financial risks (such as balance sheet, income statement, capital and liquidity risks), operational risks (including fraud, damage to physical assets, and business disruption) and environmental risks (such as the legal and regulatory environment).
As an example, balance sheet risks specifically include:
Once the enterprise risks are identified each of them should be incorporated into the overall ERM plan with action steps, goals, reports and responsibility and accountability assigned. In some cases control systems will need to be put in place or strengthened to cover a risk that was previously not addressed. It is best if successful risk mitigation can be incorporated into job performance objectives.
What process can a bank’s management take to begin to develop an ERM program?
Inventory the bank’s risks
Consider Different Scenarios
Identify Key Risk Indicators
Determine how to make decisions from the information