As a result of the recession and market volatility, there has been a concerted effort in recent years throughout the banking industry to focus on a holistic approach to an institution’s overall risk management in order to achieve and sustain stability. This approach, commonly referred to as Enterprise Risk Management (ERM), closely identifies, monitors and mitigates not only the actual risks inside the organization, but also the external perception of these risks within an organization.
ERM encompasses several broad categories, which include the following:
- Credit Risk – This is the risk that earnings and capital could be adversely impacted due to a borrower’s inability to perform on their contractual obligations. Unlike other industries that sell products and services outright, banks must evaluate clients’ ability and willingness to repay their obligations under a predetermined agreement over time. By introducing the element of time, risk increases because of unforeseen and uncontrollable circumstances that may arise. Credit risk became a very painful reality during the last economic downturn.
- Interest Rate Risk – This particular sort of risk has become of more interest recently due to speculation of movements and the Federal Reserve’s recent increase in short-term rates. The oversight of interest rate risk specifically relates to how well banks mitigate the risk of an adverse movement in rates. It is critical for financial institutions to have an effective committee, sound policies and reporting tools in place and make sure to mitigate these factors to prevent loss.
- Liquidity Risk – To maintain stability, financial institutions must ensure there are always adequate levels of liquidity to meet its obligations as they become due. This includes keeping adequate levels of liquidity to meet the unplanned increases or decreases in deposits and maintaining adequate funding sources to meet demands while not jeopardizing earnings.
- Operational Risk – Operational risk includes anything that could potentially affect a financial institution’s service and/or product delivery. This is a very broad category in terms of risk factors, ranging from breakdown of operations to employee neglect, to IT risks. Operational risks transcend all departments of a bank. Ensuring that the bank’s internal information systems and controls are in effect to prevent breaches, fraud or other unforeseen catastrophes is paramount. Especially in recent years, cyber attacks and other technology threats are very real and highly dangerous because they have far-reaching ripple effects on not only the bank, but also the entire economy. Banks must be focused on mitigating these risks by having the proper security measures in place. Other areas include physical security risks, vendor related risks and natural disaster risks.
- Compliance Risk – The banking industry is highly regulated. As such, banks must comply with and conform to all laws and regulations. Failure to comply has a significant negative impact on the bank and poses a very serious risk. It is the utmost responsibility of the organization to ensure that all laws and regulations are met and maintained at all times. Failure to do so can result in a diminished reputation, expansion restrictions, fines and penalties.
- Strategic Risk – If a financial institution does not have an effective strategic plan, as well as the right management discipline to execute the plan against all internal and external distractions, there is high strategic risk. Using efficient technology and deploying the proper resources to uphold the identified strategy will help mitigate these risk factors.
- Reputational Risk – In any industry, perception is reality. Managing reputational risk is essential. If a bank receives negative publicity, the results could have a materially adverse effect. In the shadows of the recession, people are especially attuned to these risks, so a bank must consistently send positive messages to its community, clients and shareholders that all operations are efficient and that risks are properly managed and mitigated at all times.
- Financial Reporting Risk – This refers to the risk that a financial institution is not accurately reporting its financial position, conforming with generally accepted accounting principles or complying with reporting requirements of the regulatory agencies and tax authorities. Using third party auditors, accounting firms and other professionals will help ensure the bank’s financial reports are as complete as possible, which also contributes to its overall reputation.
To be effective, a sound ERM framework should be in place that includes an ERM policy, ERM committee and appropriate tools to identify, measure and report risks. It is critical that an organization embrace ERM and that staff members at all levels all play a role in managing risks. It is imperative that the board of directors is fully informed on bank risk tolerances and they are supplied with adequate data and information to ensure strategic decisions do not jeopardize the organization’s future.
Does your financial institution use Enterprise Risk Management to achieve stability? Leave a comment below about how you’ve been successful with this process.
Matt Davis is executive vice president and chief operating officer at Paragon Bank. He has more than 24 years of experience working in banking and finance, the last 17 of which have been with Paragon Bank.