Who owns risk management at your bank?
If your bank limits that function to the teams that report to the chief risk officer, it’s fumbling on two fronts: It’s failing to drive accountability across every corner of the enterprise, and it’s conceding its edge in a marketplace that’s never been more competitive.
Recognizing that every employee owns a piece of this responsibility make risk management an equal offensive and defensive pose for your organization. This empowers your employees to move nimbly, strategically and decisively when the bank encounters change, whether it’s an external regulatory pressure or an internal opportunity to launch a new product or service. In either case, your team navigates through change by building on best operational practices, which, in the end, work to your advantage.
Getting the bank into that position doesn’t happen overnight; the vision starts with the actions of your senior leaders. They set the tone and establish expectations, but everyone plays a hands-on role. When management prioritizes an environment where people can work collaboratively and have transparency into related roles, they foster consistency across your change management process that minimizes risk.
The need for a risk-aware culture aligns precisely with the signals coming out of Washington, D.C., that the stakes are getting higher. The Consumer Financial Protection Bureau hinted early at increased regulatory scrutiny, advising that it would tighten the regulatory standards it had relaxed to allow banks to quickly respond to customers’ financial hardship in 2020.
In response to the competitive and regulatory environment, your bank’s risk management framework should incorporate four key elements:
- Start with setting the ground rules for how the bank will govern its risk. Define its risk strategy, the role the board and management will play and the committees that compose that governance structure — and don’t forget to detail their decision-making authority, approval and escalation process across those bodies. This upfront work also should introduce robust systems for ongoing monitoring and risk reporting, establish standard parameters on how the bank identifies issues and create a basic roadmap to remediate issues when they come along.
- Operating Model. Distinguish the roles and responsibilities for every associate, with a key focus on how they manage risk generated by the core activities in that business. By taking the time to ensure all individuals, in every line of defense, understand their expected contributions, your bank will be ahead of the game because your people can act quicker and efficiently when a change needs to happen.
- Standard Framework, Definitions and Taxonomies. In basic terms, everyone across the enterprise needs to speak the same language and assign risk ratings the same way. Calibrating these elements at the onset builds confidence that your bank gives thoughtful attention to categorize risks into the right buckets. Standardization should include assessment scales and definitions of different risks and risk events, leading to easier risk aggregation and risk reporting that enables a holistic view of risk across the enterprise.
- Risk Appetite. Nothing is more important than establishing how much risk your organization is willing to take on in its daily business. Missing the mark can impact your customers, bottom line and reputation. Optimally, bank leaders will reestablish this risk appetite annually, but black swan events such as the pandemic should prompt more timely reviews.
Too often, banks reinvent the wheel every time a change or demand comes along. As the industry eyes increasing regulatory pressure in the year ahead, driving and promoting a robust risk management culture is no longer a “nice to have” within your organization; it’s a “need to have.”
When you reset the role and ownership of risk management as a strategic pillar in your bank’s future growth and direction you minimize your bank’s risk and actually propel your company forward.
Banks looking to check out best practices and a strategic framework for creating their enterprise risk framework should check out my latest whitepaper, Turning a Solid Risk Framework Into a Competitive Advantage.