In the wake of the financial crisis, strategies for managing enterprise risk have taken center stage of organizational decision making and many institutions have revamped their entire approach to understanding the nature of the risks they face and how to mitigate against them. A sophisticated approach to managing risk is a continual process of systematically assessing, measuring, monitoring and managing risks in an organization. Moreover, it ensures that the “big picture” is not lost to the daily demands of running a business.
One of the best ways for an organization to accomplish this is through establishing a risk management “feedback loop” to continually assess whether the assumed risk is reasonable and appropriate, or whether the situation should be reassessed. Feedback loops are effective tools for positively impacting and changing risk behavior, since they allow the institutions to address minor issues at the lowest level and empower business lines to self-correct—while keeping the focus of the executive team on more high-level business concerns.
Increasingly, boards and senior executives are looking to develop effective key risk indicators (KRIs) to drive success in their ERM process and improve the execution of the organization’s strategy while pushing responsibility and accountability into the front-line business units. These KRIs serve as a type of feedback loop, providing organizations with an early warning sign of increasing risk exposure in various areas of the enterprise.
Getting visibility into specific regulatory rule changes alone isn’t enough, for example. Firms have to be able to pull this information through the business and clearly demonstrate to shareholders, investors and regulators that relevant action has been taken. The ultimate verification is that controls have been put in place to mitigate any potential risk and that these controls have been positively tested.
This is what we think of as a “virtuous circle” of effective risk management and it is critical to success. In order for it to work, however, there has to be the right “tone at the top.”
For a true risk management culture to take hold within a financial services organization, there must be a pervasive philosophy communicated from top management down through the organization and embraced by staff. Every employee must understand the organization’s risk appetite and where the “edges of the envelope” are for each business line, product and geographic unit. Front-line managers must buy into the risk appetite, and operate under it, for the risk culture to be effectively implemented.
As a rule, KRIs should be monitored closer to the “front” than in the higher reaches of management. It is important to establish a good working relationship between the risk management function and the business units, so that employees view risk managers as making a positive contribution—rather than just someone who enforces the rules. Instead of relying on the risk function to manage risk, financial institutions need to hold accountable and empower the front-line managers to make decisions in a more risk-aware way.
The best ERM practice has business managers, profit centers, business units and functional heads assume full responsibility and accountability for the risks they take.
Senior management and boards of directors do not need to know, nor are they necessarily in a position to fully appreciate, all KRIs employed within the organization, but they should be expected to understand and be kept updated on KRIs related to the organization’s top risk exposures.
Having the right culture for compliance is crucial and this can be improved if it’s demonstrated that effective compliance is not to be seen as an ineffective cost center, but as a way of running an ethical business which not only can improve the strategic direction of the organization but can improve the firm’s reputation within the market.
Learn more from Wolters Kluwer on October 16th, when they sponsor FTF’s CAPCon New York conference. Stevie D. Conlon, Senior Director and Tax Counsel for Wolters Kluwer will lead a discussion on new corporate action burdens under FATCA. View the full events agenda online here.