Enterprise Risk Management (ERM) is an approach prescribed to manage and balance organizations’ risk with their objectives. It looks to provide a strategic overview of an institution and their risks. Since the global financial crisis, institutions were criticized for their apparent siloed approach to risk management, failures to bring each area together for a holistic overview of risk to manage within its risk appetite. ERM provides a central risk function to improve an institutions coordination between functions and capability, it provides a unified outlook for stakeholders and aims to improve the ability to manage risks across the enterprise more effectively. Scrutiny is increasing on financial institutions to ensure risks area appropriately managed and an ERM program is in place to manage risks in order to feed up to stakeholders. There are a range of frameworks or approaches adopted in order to tailor to the needs of complex institutions and improve their practices to identify, analyze, respond to and monitor risks and opportunities.
With risk playing an integral part in any financial institution or broader business, regulatory scrutiny is continually increasing to ensure processes are in place across the industry. When properly managed, risk can enhance growth and opportunity for institutions, however with many large complex institutions across the industry, it is increasingly difficult to gain an overview of risk and opportunities to drive the business.
ERM as a function is difficult to place within an institution, with many questions raised as to where the function sits and how this impacts reporting structures. ERM should be viewed as a business strategy, not just a regulatory burden and used to manage risk both holistically and to better prepare for the future of the enterprise. Institutions look to carve out a function to identify all risks and manage them actively based on several factors, reports are made available to stakeholders and shareholders. Across the industry and between each institution there are varying ranges of interpretation around the ERM requirements and understanding the conceptual standard across the industry. Many have questioned the theory in practice and questioned the functionality of the role and necessity, with questions around the role of ERM compared to the role of the CRO? Doesn’t the prescriptive text theoretically describe the role of the CRO? The differences appear to come when considering reporting lines, do functions report to the ERM function or the CRO? For a relatively mature requirement many are grappling with the fundamentals of what ERM means and where it sits within their institution. The function has the task of calculations for both modelling and finance and representing the enterprise and their risks, reporting up and providing reports to drive business strategy and decision making.
During the research for the Center for Financial Professionals’ risk management conference: 3rd Annual Operational & Enterprise Risk Management, an alarming number of industry professionals raised a number of questions as to the fundamentals of the ERM function, where it sits and often grappling with understanding the purpose.
Another key area flowing on from definitions and interpretations is implementation within strategy and using ERM as a strategy asset to define the lines of business. ERM should be seen as a function that drives strategy and business making ability, with an enterprise wide view of risk. ERM is often misinterpreted as mentioned above and not always utilized in the way anticipated, often viewed as a confliction with other functions and more of an op risk focus, the role of ERM plays a vital part in reporting upwards and providing a business overview. Organizations should see ERM as a strategy asset used to define risk and appetite in each line of business with a uniform overview of each silo or business line/function. ERM plays a vital role in communicating to the Board and providing information upwards to key stakeholders. Board communication is an integral part of ensuring that ERM is used and utilized as a function that sets appetite and drives the business forward, key decision makers are informed of the overall risk level and make decisions accordingly based on this. Many should but do not see ERM as a function that can assist in identifying, monitoring and assessing risk at an enterprise level, it is not only the responsibility of each function, but also of ERM in order to bring these areas together. ERM is increasing in momentum and focus in individual institutions, and is quickly being seen as a strategy asset, although differing interpretations and uncertainty as to the expectations of the function may impact effectiveness.
ERM has been a strong focus area in many institutions both large and small since the financial crisis, the visible need to reduce the apparent siloed structure in organizations brought the idea of a function to ‘bring it all together’. Traditionally institutions operate with business lines as individual functions, and a broader overview of risk is not always apparent, ERM brings silos together and provides senior management and the Board the information required to steer the business and set appetite levels. When interpreted and implemented effectively, ERM can provide untold success and benefit to institutions.
The Center for Financial Professionals look to provide insight from the industry’s senior though leaders to review what ERM means and tools for successful implementation at the 3rd Annual Operational & Enterprise Risk Management Congress, NYC, October 19-20.
Visit www.cefpro.com/oprisk-erm for all information on the agenda, speaker line up and speaker insight. Join industry peers for two days in New York City to discuss key areas within ERM and Operational Risk, combine the two for an overview or delve into one stream for in depth discussions.
Don’t miss the ERM Masterclass, October 18, led by industry expert Craig Spielmann who provides an intensive and interactive one day class on ‘Supercharging your ERM Process including an RCSA step by step’.