For American Community Bank & Trust, a $590 million-asset institution located about 70 miles north of Chicago in McHenry County, Illinois, enterprise risk management (ERM) has steadily become a part of the culture and dialogue throughout the organization. Chief Executive Officer Charie Zanck admits that it will still require continual improvement over time, but knew she had to start somewhere.
A common theme throughout this year’s Bank Chairman/CEO Peer Exchange event was the topic of enterprise risk management and what exactly that means to today’s financial institutions. While many bank leaders are finding the term difficult to define, it is clear that the Federal Deposit Insurance Corp. will be focusing heavily on risk management processes and not just for the publicly traded and/or larger banks.
After much research and calls to the regulators, Zanck had come up empty in her quest to define what ERM was and what the industry standard best practices were for her to build upon at her institution. What she discovered was that it wasn’t easy, or simple, and there was no hallmark case or standard process. Now what?
Although it was hard to get started, Zanck knew that the old siloed or isolated approach to managing risk wasn’t going to work anymore. So she began to build out her own processes for assessing the risks in her organization, identifying the bank’s risk appetite in conjunction with the board, putting controls in place and determining how to best measure those risks.
American Community Bank & Trust ended up changing the way it looks at risk and has begun to apply those processes to not only specific areas such as IT or vendors, but also to their strategic and growth decisions. For example, when the management team wants to introduce a new product into the marketplace, it must first get the approval of the ERM committee, which looks at it from all different perspectives and asks the tough questions. That is the essence of enterprise risk management, and no one person can do it all, Zanck said. It requires a team of people from compliance, operations and senior management to fully assess the risk to the entire organization. Zanck then reports the findings to the board and audit committee.
Unfortunately, the regulators weren’t much help to Zanck despite their new mandate to monitor her organization’s risk. She sympathized with her fellow bankers, noting that this was why it was such a difficult process for her and her team. If the banks don’t figure ERM out for themselves, then it will surely get decided for them. The question is by whom?