Enterprise Risk Management: Three Questions Securities Firms Should Consider

Guest Contributor: Paul Murdock, Director of Consulting and Professional Services, Enterprise Risk Compliance, Wolters Kluwer Financial Services

With increasing regulatory demands and requirements that constantly change, one thing is certain: the current focus on risk management in the financial services industry is not going way. If anything, it is getting stronger. This means executives, risk managers and compliance officers need to plan for how their organizations will manage compliance and risk holistically across their organizations

A Wolters Kluwer Financial Services survey of nearly 185 professionals working at broker-dealers, investment advisors, hedge funds and other types of securities firms, showed more than 80 percent of the respondents are concerned about managing risk within their organizations. Additionally, more than a third are concerned with maintaining compliance in the midst of many new and changing regulations. Other anticipated challenges noted by respondents were the ability to identify and manage risk; having adequate systems in place to manage risk; and having adequate procedures/processes in place to manage risk.

As your company evaluates how you are currently managing risk and whether or not you need to improve your efforts, here are three questions to consider:

  1. Are we truly prepared to manage firm-wide risk in a comprehensive, actionable and intelligent way?

Your firm may have chief risk and compliance officers, as well as a chief auditor. But chances are each one of those individuals will give you a different definition as to how risk is managed within the organization because each one bases it on their functional duties and responsibilities. Firms need a methodology that allows all three of these individuals to compare notes and think about risk as one unit. They may all have a different view on what risk means to them, but together they can develop a core perspective as to what risk is for your company. With that collective intelligence, a firm is better prepared to move forward with a firm-wide action plan.

  1. Can we effectively explain our risk management programs to the Board of Directors, regulators and institutional investors?

For years regulators in the securities industry have been talking about the need for risk management systems to help financial institutions mitigate firm-wide risk. Now, they are really starting to look closely at firms’ risk management framework. For example, the SEC appointed Carlo V. di Florio the director of the Office of Compliance Inspections and Examination. He was a former PwC partner with a focus on corporate governance, enterprise risk management and regulatory compliance and ethics.

At the same time, institutional investors are beginning to ask organizations how they manage risk. They want to know why they should be confident giving firms their money. And Boards of Directors want to know how the firm is identifying and measuring risk. Securities firms must not only be prepared to respond to all three of these groups, but also provide explanations that are to-the-point and easy to understand.

  1. Are we confident that our current risk management framework is effective at providing for the needs of all stakeholders and will achieve a favorable review from regulators?

In addition to all of the quantitative data that feeds your risk management program, some items are truly qualitative. For example, do you have management buy-in? Are employees at all levels of the organization committed to risk mitigation? What defines confidence can vary greatly from firm to firm, depending on your organizational structure and other circumstances. Ultimately, you need to gain a level of confidence that allows you to show any key stakeholder that your risk management framework is successful and you are mitigating risk in the proper way.

Firms that focus on providing transparency and controls will not only be better positioned to manage the overall risks of the organization, but also meet the needs of their management, regulators and investors.

This entry was posted in Data Management, Guest Blog, Operational Risk. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s