Enabling Proactive Risk Management

Why manage risk?

Banking leaders realize their organizations are exposed to more risk than in the past given the scope of cyber occurrences, more frequent global and geographic catastrophic events, and dependence on global networks to conduct business. Executives need confidence in their ability to overcome such threats.

To alleviate these challenges, bankers are working with staff and consultants to implement new technology and processes that can improve efficiency and mitigate risk. 

Resources to help manage risk

Innovation plays a significant role in helping financial services firms address risks, with many executives looking to protect their organizations, gain a competitive edge, and respond to the growing scrutiny on Environment, Social and Governance (ESG) activity.

While some businesses take proactive steps to achieve these goals, others are held back because they lack the budget or talent, they need to move their plans forward at the desired pace or scale.

Emerging technologies are one of the tools executives deploy to increase competitiveness and protect their organizations. But implementing them effectively consumes resources and requires skill. Businesses must balance the return on investment, considering the associated costs and time needed to build effectiveness alongside the potential benefits.

Technology can help

New technology plays a key role in helping organizations adapt to the latest changes, whether that’s in the business environment or regulation. Those in the financial services sector stand out from their non-financial services counterparts for a greater adoption of broad-ranging technologies included in a recent FIS study – with financial services firms taking the lead in areas such as regulatory technology investments.

How to manage risk in your organization

Beyond investing in emerging risk management innovation, banking executives can enable best practice and policies that can also proactively mitigate risk. First among these is to incorporate an appropriate risk governance structure within your organization structure.

Ensure an independent CRO!

A Chief Risk Officer (CRO) should be in place as the individual where the risk management buck stops. The CRO should have an independent reporting structure, perhaps directly to the bank’s Board of Directors to ensure proper independence, allow high visibility to critical risk issues, and provide the clout needed to get risk mitigation done thoroughly.

Audit and risk management separation

Another reporting structure best practice is for your organization’s internal audit function to report up through your chain of command, independent of the risk management function. Often reporting through the legal area, this provides Audit with additional independence to rigorously vet the controls and practices of your institution.

Established, current, and available risk policies and procedures

A financial institution’s risk management policies, procedures, and practices should be readily available and known to all bank employees. Regular, formal acknowledgement of reading the documentation surrounding risk should become a part of your organization’s governance.   While basic in nature, these acknowledgements send a strong message to the importance of these policies.

Run through dress rehearsals to test risk management plans and practices

Your institution’s CRO should organize meetings on a regular basis to conduct dry runs of unexpected events that could severely impact your business operations.

These meetings provide the foundation to:

• Develop and refine mitigation planning.
• Create action plans should an event come to fruition.
• Pose “what if” questions for executives to plan for and solve.
• Increase collaboration between staff and business unit functions.

Transparency plans and protecting sensitive information

Refined risk management plans and documentation should be shared with employees (as previously mentioned) and, to an extent, with other stakeholders as needed.

Customers may want some sense of your organization’s ability to recover from a security breach, for example. But balance remains the key word here, as banks must share information to inspire confidence with their stakeholders, while not providing fuel for potential fraudsters.

The economic and regulatory environment continues to change fast. But no matter the climate, the latest risk management technologies combined with risk management plans – that are continually vetted and improved – will be the key to remaining competitive and protecting your business.