The banking industry has made great strides over the last few years in the management of risk, and a number of important best practices have begun to emerge, according to Bank Director’s 2014 Risk Practices Survey, sponsored by FIS. While the Dodd-Frank Act requires publicly traded banks with more than $10 billion in assets to establish separate risk committees of the board, and banks over $50 billion to additionally hire chief risk officers, smaller banks are proactively following suit. By taking a more comprehensive approach to risk management, these institutions are reaping the benefits with improved financial performance.
The 2014 Risk Practices Survey reveals how these banks govern risk, and that a best-practice approach can positively impact financial performance. Creating and properly using a comprehensive risk appetite statement challenges many boards. Many see room for improvement in the quality and comprehensiveness of the bank’s enterprise risk management program. Tying risk management to the strategic plan and measuring its impact on the organization is difficult for many institutions, although those that have tried to measure the risk management program’s impact report a positive effect on financial performance.
Conducted in January, the survey is based on 107 online responses from independent directors and senior bank executives, primarily chief risk officers, of banks with more than $1 billion in assets.
- Ninety-seven percent of respondents report that the bank has a chief risk officer or equivalent on staff, and 63 percent oversee risk within a separate risk committee of the board. Moreover, respondents whose banks have a separate board-level risk committee report a higher median return on assets (ROA), at 1.00, and higher median return on equity (ROE), at 9.50, compared to banks that govern risk within a combined audit/risk committee or within the audit committee.
- Of those that oversee risk within a separate risk committee, 64 percent of respondents review the bank’s strategic plan and risk mitigation strategies, while the remaining 36 percent do not yet do so.
- Tools like the risk appetite statement, the enterprise risk assessment and risk dashboard aren’t fully used. Only one-third of respondents feel that the bank’s risk appetite statement covers all the risks faced by the institution, and less than half use it to provide limits to board and management. Just 13 percent analyze the risk appetite statement’s impact on financial performance.
- Just 17 percent of respondents review the bank’s risk profile and related metrics at the board and executive level monthly. Almost half review these metrics quarterly, while 23 percent review twice a year or annually.
- Fifty-seven percent of directors feel that the board could benefit from more training in understanding how new regulations impact and pose risk to the bank, and 53 percent want a deeper understanding of emerging risks, such as risks associated with cyber security or Unfair, Deceptive or Abusive Acts or Practices (UDAAP). Conversely, senior executives feel that the board needs more training in overseeing the bank’s risk appetite, and understanding risk oversight best practices and how other banks govern risk.
- The regulatory environment continues to challenge bank boards. Fifty-five percent cite the volume and pace of regulatory change as the environmental factor most likely to cause risk evaluation failures at the bank.
- More than half of bank officers, and 40 percent of respondents overall, say that maintaining the technology and data infrastructure to support risk decision-making is a top risk management challenge.
View the video: Five Risk Management Best Practices for 2014