Enterprise risk management (ERM) is an approach prescribed to manage and balance organisations’ risk with their objectives. It looks to provide a strategic overview of an institution and their risks.
Since the global financial crisis, institutions have been criticised for their apparent siloed approach to risk management, and their failure to bring each area together for a holistic overview of risk to manage within its risk appetite. ERM provides a central risk function to improve an institution’s coordination between functions and capability, and delivers a unified outlook for stakeholders to help manage risks across the enterprise more effectively.
Financial institutions are facing increasing scrutiny to ensure risks area appropriately managed and that an ERM programme is in place to manage risks and feed up to stakeholders. Companies can adopt a range of frameworks or approaches to meet their complex needs and improve their practices to identify, analyse, respond to and monitor risks and opportunities. When properly managed, risk can enhance growth and opportunity for institutions. However, with many large complex institutions across the industry, it is increasingly difficult to gain an overview of risk and opportunities to drive the business.
ERM as a function is difficult to place within an institution because it raises many questions about where the function sits and how it impacts reporting structures. ERM should be viewed as a business strategy, not just a regulatory burden, and should be used to manage risk holistically and to better prepare for the future of the enterprise. Institutions look to carve out a function to identify all risks and manage them actively based on several factors, while reports are made available to stakeholders and shareholders.
Across the industry and between each institution, there are varying ranges of interpretation around the ERM requirements and conceptual standard. Many have questioned the theory in practice and questioned the functionality and necessity of the role, particularly in relation to the role of the chief risk officer (CRO). These questions include: doesn’t the prescriptive text theoretically describe the role of the CRO? The differences appear to come when considering reporting lines, do functions report to the ERM or the CRO?
Despite ERM being a relatively mature requirement, many organisations are grappling with the fundamentals of what it means and where it sits within their institution. The function is tasked with providing calculations for both modelling and finance, representing the enterprise and its risks, and providing reports to help drive business strategy and decision making.
During the research for the Center for Financial Professionals’ 3rd Annual Operational & Enterprise Risk Management Congress an alarming number of industry professionals raised a number of questions about the fundamentals of the ERM function, where it sits and its purpose.
Another key area of uncertainty is implementation within strategy and using ERM as a strategy asset to define the lines of business. ERM is often misinterpreted and not always utilised in the way anticipated, often viewed as a conflict with other functions and more of an operational risk focus. However, the role of ERM plays a vital part in reporting upwards and providing a business overview. Organisations should see ERM as a strategy asset used to define risk and appetite in each line of business with a uniform overview of each silo or business line/function. ERM plays a vital role in communicating to the board and providing information upwards to key stakeholders so they know the overall risk level, enabling them to make decisions accordingly.
Many should, but do not, see ERM as a function that can assist in identifying, monitoring and assessing risk at an enterprise level. It is not only the responsibility of each function, but also of ERM, to bring these areas together. ERM is increasing in momentum and focus in individual institutions, and is quickly being seen as a strategy asset. However, differing interpretations and uncertainty as to the expectations of the function may impact effectiveness.
ERM has been a strong focus area in institutions both large and small since the financial crisis. The visible need to reduce the apparent siloed structure in organisations brought the idea of a function to ‘bring it all together’. Traditionally, institutions operate with business lines as individual functions, and a broader overview of risk is not always apparent, ERM brings silos together and provides senior management and the board the information required to steer the business and set appetite levels. When interpreted and implemented effectively, ERM can provide untold success and benefit to institutions.
The Center for Financial Professionals aims to provide insight from the industry’s senior though leaders to explain what ERM means and review the tools that can be used for its successful implementation at the 3rd Annual Operational & Enterprise Risk Management Congress in New York City on 19-20 October 2017.
Join industry peers for two days to discuss key areas within ERM and operational risk, combining the two for an overview, or delving into one stream for in-depth discussions.
Don’t miss the one-day ERM Masterclass on 18 October, which will be led by industry expert Craig Spielmann. He will provide an intensive and interactive class on ‘Supercharging your ERM Process including an RCSA step by step.’
Visit the website for information on the agenda, speaker line-up and speaker insight.
Alice Kelly is a senior research associate at the Center for Financial Professionals