It may not be a surprise to most bankers, but keeping up with regulatory changes was cited as a top risk management challenge by 72 percent of risk officers and 69 percent of bank board members in a recent survey conducted by Bank Director and Wolters Kluwer Financial Services, a consulting firm focused on risk management and regulatory compliance.
“If you take a look at just what happened in the month of January with the regulations that [the] CFPB [Consumer Financial Protection Bureau] issued,” says Timothy Burniston, vice president and senior director of the risk and compliance consulting practice at Wolters Kluwer, “there were a number of separate rulemakings that were released in final form that are going to have an effect on institutions.”
The 2013 Risk Practices Survey was completed by a group of risk officers and board members at banks over $5 billion in assets through January of this year.
Sixty-one percent of risk officers and 41 percent of directors also revealed that maintaining the technology and data structure to support risk decision-making is a challenge. “The sustainability of the technology products that exist in the marketplace is not very high,” says John Fleshood, executive vice president, risk management at $17.5-billion asset Wintrust Financial Corp., a financial services holding company headquartered in Rosemont, Illinois.
Ninety percent of risk officers and 75 percent of directors reported that their banks either have or are in the process of creating an enterprise risk management program. Fifty-six percent of risk officers and 38 percent of directors cited regulatory requirements as one of the primary reasons their bank invested in an enterprise risk management program.
The top reason cited by risk officers for this investment, at 61 percent, was to ensure consistent, solid performance.
Directors seem more concerned with ensuring success of the bank’s strategic direction (50 percent) and developing a governance system that sets the tone from the top (41 percent). “As a director, that’s the kind of view of the organization that I would want to have,” says Burniston. “I would want to make sure that I understand what’s going on in every critical area that presents risk to my institution, and for management to be in a position to explain the interconnectivity, the relationships between those risks, [and] how the organization holistically is taking a look at it.”
When asked about the biggest challenges in supporting an enterprise risk management program, 61 percent of risk officers cited collecting, analyzing and reporting risk data as a top concern. Fifty percent cited creation of a risk culture, in which employees are motivated to own and manage risk, as a key concern. “Ultimately what you want from a risk management program is that you have [everyone in] your organization thinking about risk in their daily job and how it affects their daily job,” says Phil Gaglia, chief risk officer of First Interstate BancSystem Inc., a $7-billion financial holding company based in Billings, Montana.
When asked about specific risk categories, operational risk is the top concern of both risk officers, at 83 percent, and directors, at 56 percent. Christina Speh, director of new markets and compliance strategy in the risk and consulting practice at Wolters Kluwer, is glad to see this focus on operational risk, as it was not a focus for banks in the past but caused a lot of problems in the industry over the last several years. The breakdown in the mortgage industry was a breakdown on the operational side, says Speh. “The compliance processes had been set, and the financial requirements were being followed, what happened was a breakdown in the operations,” she says, “and many of the settlement requirements required the operational breakdowns to be fixed.”
Despite the challenges, both directors and risk officers expressed a high level of confidence in their bank’s ability to manage risk across all lines of business, with 91 percent of directors and 89 percent of risk officers identifying themselves as very confident or confident. None of the respondents expressed a negative view on their bank’s ability to manage risk. When directors were asked to rate the bank management team’s ability to identify, manage and control potential risks to the bank, 91 percent of directors rated their management team’s work in this area as excellent or good.
As to the board’s role in risk management, risk officers appear to be fairly confident in the abilities of their directors. Eighty-three percent of risk officers rated their board’s ability to understand and interpret risk data as excellent or good. Perhaps this confidence level is understandable, as both groups indicate that, over the last three years, boards are devoting more time to risk management issues, with all risk officers and 91 percent of directors reporting an increase. Pressure on banks brought about by regulatory changes as well as other issues has caused risk management to get more board-level attention. “The attention to risk management has been fairly high even preceding the financial crisis, but we learned a lot of things going through that process,” says James Bork, senior banking compliance analyst at Wolters Kluwer. Regulatory change has been a part of that education. “I think it has raised awareness on the part of directors to the many ways that risk can infiltrate an organization,” he says.
“[Directors are] asking questions that they weren’t asking several years ago,” says Burniston, “which shows that they are definitely tuned in to the need to make sure that they’re on top of risk in their institutions. “
ABOUT THE SURVEY RESPONDENTS
Bank Director surveyed in January risk officers and members of the board of directors with $5 billion or more in assets, using two similar but separate surveys. Nineteen respondents were risk officers and 32 were directors.