The elements of “getting to strong”
There are four specific elements banks should consider to build risk management programs that would be considered “strong” in the eyes of regulators.
Build risk management programs that would be considered “strong”
While the elements themselves have not changed over time, their reach and the depth in which they could be applied are different today. This report explains how each of these elements may be brought to life, offering a possible blueprint for working to strengthen risk management capabilities and addressing regulatory concerns.
Policies and procedures
An organization’s risk appetite can set everyday expectations for its people. So how can an organization ensure the actions being taken are appropriate and uniform throughout? The answer may be found, in part, in the policies and procedures it has set in motion, and the rules implementing those expectations. Policies and procedures are the link between a bank’s strategic vision and its day-to-day operations. It’s not likely banks will be able to satisfy regulatory requirements for strength in risk management without a robust set of policies.
For many banking leaders, the issue of policies and procedures may be quite straightforward: Identify specific risks and regulatory requirements; develop clear policies that address them; and, execute those policies with procedures that match the operating environment of the business.
Measure, monitor, and report
The ability to measure, monitor, and report risk (MM&R) is critical to the effective management of a bank. It assists organizations to understand the risks being taken, mitigate them to the extent possible, price them appropriately and detect adverse developments on a timely basis. It is the netting that holds the risk governance process together. Not surprising, then, that significant effort is being expended by the financial services industry to raise the game on MM&R. With a strong MM&R process, prospects of achieving a strong overall risk management program are likely to be considerably increased.
Internal controls have continuously been the focus of change and enhancement in the financial industry. However, this is particularly true over the past 30 years. Today, banks once again may be seeking to take their internal control framework up a notch. The reason? A desire to achieve the coveted regulatory rating of “strong” for their risk management programs.
Throughout the industry, there is a concerted effort to raise the game when it comes to risk management. The status quo is not good enough. As a result, the new utopian state appears to be one that defines risk management programs as being rated nothing less than “strong.” Included in the strength equation is the adequacy of the risk governance effort. The inability to achieve the highest designation in risk governance will likely diminish any hope of gaining a strong overall rating. Consequently, it’s important that banks get the governance component right. Creating an effective governance program begins at the top with bank leaders. The level of emphasis the board of directors or senior management place on governance—what is known as the “tone at the top”—is often the most important factor in determining the success or failure of an organization’s efforts. A strong “tone at the top” can help shape an organization’s culture to focus on proactively managing risk.