Risk Governance – What Directors (and Management) Should Know

Staying ahead of the risk curve can feel overwhelming for most bankers today. If you are feeling more pressure to ensure that your risk governance process, primarily your risk management system, is effectively identifying, measuring, monitoring and controlling applicable risks, you aren’t alone. The pressure is coming from regulators and auditors and from the industry itself.

A proactive risk management culture is a major determining factor in sustained profitability, adequate capitalization, effective strategic planning and sound supervision and oversight. Effectively measuring and managing risk is crucial to the success of financial institutions.

Risk management systems are not a one size fits all proposition. Each bank is unique and must develop a risk management system that is sustainable and a proper fit with the organization’s strategic goals. Your bank’s individual risk profile, based on size, complexity, culture, staff depth and ability, and geographic diversity, determines the necessary risk management system sophistication level. The right system for your bank should be commensurate with the quantity of risk and the quality of management’s ability to properly manage and control these risks.

All proactive risk management systems share a number of common fundamentals:

1. Proper risk identification
2. Accurate and timely measurement of risk
3. Prudent risk limits set forth in the bank’s policies, procedures and practices
4. Accurate and timely risk monitoring

Additionally, a bank’s unique risk culture, or navigational beacon, is a powerful influence on the entire organization including the discipline necessary to build and maintain an effective risk management system. Key components of a proactive risk culture include:

1.Expectations – Also known as “Tone at the Top”. Bank Directors and Senior Management of the organization are clear and consistent in their communications and actions regarding expectations for all associates.

2.Ethics –This is probably self-explanatory. Not only are these the business standards, or code of conduct that guide associates in determining what is right or wrong; legal or illegal; and appropriate behavior, it also establishes appropriate transparency and collaboration and can affect how individuals communicate freely across business units.

3.Empowered and Engaged Associates – A sound risk culture is evident when associates understand what risks they own and what it means to own that risk and the responsibility for controlling it.

4.Education/Expertise – Sound risk cultures result from training and technical learning, personal development, reinforcement and shared objectives.

5.Enterprise – Organizational structures, whether a large, medium or small, can influence a risk culture and the level and significance of the challenge. Banks that have business units operating in silos may face more challenges than a larger bank utilizing an integrated approach. A comprehensive, enterprise-wide risk management system will help all banks, whether large or small, make decisions that protect the entire organization.

Risk culture may be difficult to define and pin down and, at times, even difficult to measure, but it is the critically important ingredient that allows Directors to gauge their success meeting strategic goals while controlling potential risks within your organization.

For more information on these issues, speak with the risk management consultants at Bank Strategic Solutions by calling (800) 281-9980 and find out what we can do for your bank.