Guest Contributor: Todd Cooper, Vice President and General Manager of Enterprise Risk Compliance, Wolters Kluwer Financial Services
The financial services industry is definitely at a crossroads when it comes to compliance and risk management. One road leads to growth, but requires taking calculated business risks in order to achieve success. The other path involves avoiding risk and simply meeting regulatory obligations as they occur in order to merely exist.
In an industry still recovering from a major financial crisis, mere existence doesn’t sound that bad—especially when you consider the number of firms that have failed since 2008. But that option means ignoring the dynamic tension between risk and opportunity. Good risk management at the enterprise level can give you a holistic view of threats as well as opportunities; help you get better products to market faster; and position yourself as a stronger competitor in the market. For those reasons, financial firms would be wise to choose the tougher path. But before embarking on the journey, there are five questions that need to be addressed:
1. Has your organization defined and articulated a risk appetite and communicated it to employees? An effective risk appetite not only serves as the base for a firm’s risk management framework, but also shows regulators that you have a clear mission statement when it comes to managing risk.
2. Has your firm established a strong culture of risk management? This means that the organization’s risk appetite has been communicated to employees and daily business operations reflect it. Can you say that your organization’s risk appetite is really at the forefront of any business decision that’s made?
3. Is risk management operationalized within your organization? This means that risk management is part of your business workflow. Technology is a key tool because it can help shed light on risks and the firm’s current risk situation. Additionally, it allows compliance, risk, IT and internal auditing departments to address risks that are important to them, while working within a common framework spanning the entire institution.
4. Do you have experts on board who can effectively lead risk management efforts? You can’t effectively manage risk with technology alone. Financial organizations need experts in each risk area and business unit, and must also make sure vendors and other third parties they work with know their business and the risk challenges they face.
5. How are you controlling and measuring risk management? Controls must be in place to help ensure the firm is complying with regulatory requirements and acting in accordance with its risk appetite. Are all of your branch offices adhering to the risk management program? Can you prove to regulators that you are proactively managing and measuring risk?
Simply complying with all the rules and requirements will not prevent another financial crisis or guarantee our solvency. It certainly didn’t prevent the last one. If your business is able to look at your overall risk profile holistically and truly understand the impact strategic decisions have on the overall organization, you are ahead of the game. After all, good risk management is really just good business management.