When faced with the regulatory mandate to incorporate or improve your organization's enterprise (or enterprise-wide) risk management (ERM) process, we can sometimes feel like a Klingon confronting Tribbles. To succeed with ERM within our organization, we must instead adopt the attitude expressed by Captain James Kirk in the'Day of the Dove episode: "There's another way to survive. Mutual trust...and help."
Several years ago, the federal banking regulators set off on a mission to bring Enterprise Risk Management (ERM) to the forefront of financial institution governance expectations. In the ensuing years, state insurance regulators have joined the mission through the National Association of Insurance Commissioners (NAIC) Own Risk and Solvency Assessment (ORSA) model act. The topic continues to get considerable attention in recent regulatory guidance, including Federal Reserve Board (FRB) supervisory letters 12-7 and 08-8. The Federal Reserve Bank of Chicago (FRB-C) devoted considerable attention to the topic at its 2011 conference.
What appeared to be a distant risk management galaxy in the late 1990s has certainly become an oft-discovered governance imperative for financial institutions. As a financial industry executive, you know that you have been charged with the responsibility “to boldly go where no man has gone before.” Much like the voyage of the storied U.S.S. Enterprise, your voyage has taken you to strange new worlds as you have sought to develop or improve your ERM model.
When you have set out to build a robust risk management infrastructure to integrate, coordinate and facilitate forward-looking risk management throughout the enterprise, you invariable have encountered (or will encounter) skeptics. Captain Kirk addressed this challenge in the 'A Private Little War' episode: "The only solution is...a balance of power. We arm our side with exactly that much more. A balance of power...the trickiest, most difficult, dirtiest game of them all. But the only one that preserves both sides."
But make no mistake about it—ERM is not optional and is here to stay. Thus, we often will find ourselves educating senior leadership colleagues and independent directors about ERM, in parallel with obtaining the necessary data to build, enhance, and report upon our ERM model. ERM cannot simply become a once-and-done exercise that ends up on a binder on your credenza.
Building a culture around ERM involves acclimating leadership throughout the organization to a continuous reporting system that identifies and addresses emerging risks. Strategic initiatives and ongoing business planning are evaluated in light of current and emerging risks and incorporated into analysis and leadership and board decision-making. ERM becomes a discussion item on at least a weekly basis within the leadership team, and a standing agenda item for your board, often through an ERM committee. Reports are designed to be condensed, accurate and meaningful for decision-making.
Internal Audit and Compliance play key roles in the ERM process. The periodic review and validation of the model through targeted risk assessments must be conducted under the direction of the organization’s senior leadership to support the organization’s risk appetite.
Occasionally, Captain Kirk and his officers would find themselves enmeshed in a scene from Earth's pre-space travel history, yet the episode always ended with our beloved travelers safely back aboard the U.S.S. Enterprise. As your ERM model and methodology evolve, it is likely that the organization will also never return by the way that it arrived, because external variables will continually infiltrate the ERM model. Most notably, your organization’s ERM will remain under the scrutiny and be subject to the recommendations of your prudential regulator. There simply is no going back.
Continue to be the evangelist for sound enterprise risk management in your organization, devoting yourself to encouraging, educating and embracing your colleagues as you faithfully fulfill the ERM governance role entrusted to you. Much like Kir, may you live long and prosper in your role.
No comments:
Post a Comment