ERM in the time of financial crisis
The Hindu Business Line
Partner & National Leader - Financial Services Risk Management, Ernst & Young
It is now clear that the changing regulatory landscape and increased expectations of regulators and external stakeholders are driving financial institutions of all types and sizes to rethink and assess their risk management framework and governance practices.
At banks that are well on their way to meeting their regulator's globally aligned risk capital standards (that is, Basel II), the concern uppermost on the mind of their Boards of Directors is whether the institution's management is making investments to build an ERM function that is “leading practice” and capable of benefiting the organisation in a sustained manner.
Enterprise Risk Management (ERM) is defined to be a structured ongoing process to assess, mitigate and monitor the risks that an institution faces in achieving its objectives. Prior to the financial crisis, many banks and financial institutions typically viewed risk management as a support function; perhaps, a compliance requirement thrust upon them by conservative regulators.
A key lesson learned from the financial crisis is the need to have a dynamic ERM function to help drive and support sound business decision-making. And nowhere more than at banks and banking conglomerates, which have been at the epicentre of the financial crisis.
Banking conglomerates are working hard to evolve a leading-practice ERM function characterised by clearly defined risk appetite and governance structure (so that there is a context for ERM), clarity of roles and responsibilities (where ERM is taken seriously by everyone from the Board and senior management down to the lines of business), and integrated risk reporting (so everyone speaks and reads the same language). Clearly, it's no longer only about compliance! So what's driving ERM? Surely there's more to the renewed focus on ERM. Key challenges with which ERM is helping include:
(1) Recovery from the crisis – most organisations have been severely impacted by the crisis. The challenges for the senior teams in those organisations have been intense. Many have cautioned that doing business in the post-crisis world is a “completely new ball game” requiring caution, judgment and an immense amount of senior management focus.
ERM can provide a robust framework to enable senior management to form a structured view of enterprise-level risks and their potential organisational implications.
It can also serve as an effective tool to demonstrate management's risk focus to regulators, credit rating agencies and other key stakeholders.
(2) Navigating the still-fluid economy – While most banks agree that the downturn appears to be behind us, and the economy is showing signs of recovery in most parts of the world, many continue to be apprehensive about the continued volatility of the markets.
In this uncertain market environment, ERM can provide a proactive linkage between business objectives and the “risks that matter” for the organisation, whether Basel II - Pillar 1/Pillar 2 risks, or other business and strategic risks.
(3) Dealing with the regulatory environment – There is little doubt that the regulatory environment will become stricter and, probably needed in many markets to prevent future crises. Managements are stretched to deal with the still-developing, and sometimes contradictory, regulations across countries and jurisdictions and the need for clear and consistent interpretations of a large amount of new requirements.
In this scenario, an enterprise-wide ‘Risk Governance' framework, based on leading-practice ERM principles and standards, could be a definitive edge in a bank's Corporate Governance arsenal and a sound basis for keeping abreast with the changes required by:
– raising risk awareness among people;
– investing in new systems and processes; and
– Introducing a judicious mix of qualitative and quantitative techniques to assess and report risk.
(4) Finding the right people – Many people underestimate the vital importance of the human factor in managing risk.
Leading-practice ERM involves a series of interactive workshops for management and personnel at various levels, on the relevance of ERM for the organisation and its reputation with key external stakeholders. This would enable banks to not only raise risk awareness amongst key management personnel, but also expand the “virtual risk team” to line managers and other control functions.
To make this a reality in our banks, there are a few key initiatives in which Indian banks should be differentially investing, particularly as they are well on their way to accomplish their Basel II risk management programme objectives. Typical examples of critical initiatives that the board of directors of banks should be demanding from their senior management teams include:
ERM framework and governance – Review and update, where necessary, the oversight arrangements, including the interaction with the Board, supporting committee structures, mandates, charters, delegations of authority and reporting lines for all aspects of risk management across the bank.
Refresh roles and responsibilities – Assess the current roles, responsibilities and authorities of key personnel across the bank to determine that the appropriate personnel are in place and have the appropriate skill sets to make necessary decisions. Challenge the depth and adequacy of coverage for categories of risk that traditionally sat outside of the CRO/risk functions, including product development.
Implement integrated, enterprise-wide risk reporting – Review or develop an enterprise-wide view of risk, sources of risk and the understanding of how risks are interrelated across the business and risk types (e.g. concentrations, correlations and contagion). This also includes the development of standardised risk reports and dashboards for the Board, committees and management.
Banks have made substantial headway in their risk management efforts, but there is more to be done. Particularly, as the external environment remains uncertain and complex. A comprehensive ERM programme would help the banks sustain the following broad goals:
Enable the Board and senior management to understand how the risks for which they are responsible are being managed on a day-to-day basis;
Aggregate and integrate significant risk to create an enterprise-wide view of the bank's risk profile and its “in control” status;
Equip business and corporate areas with the capabilities to proactively identify, assess, and report on the control of their significant financial and non-financial risks at any time within the context of the business objectives.
Implemented right, ERM can be an enabling framework with varied benefits for banks and other financial institutions in these complex and changing times!