WolfPAC sponsored, Emceed, and spoke at the California Banker’s Enterprise Risk Management (ERM) conference. After spending a whole day with Bankers, industry experts, and examiners from the OCC and FDIC, I noticed there were three common themes to an effective and efficient ERM program. Call them “Best Practices”. They are simple, yet powerful:
- Your ERM framework must be coordinated in your organization: Like all critical management programs, effective risk management starts at the top with executive buy in. Without this, you will be done before you begin. Top down buy in gives power to the three “lines of defense” (Line Management, Independent Risk Management, and Audit). When working together properly, all aspects of the ERM framework will allow for risks, limits, and tolerances to be clearly articulated. This is necessary so risks can be properly identified, measured, monitored, and controlled.
- It is not necessary for a $500M organization to have an identical ERM framework as a $20B organization: Your ERM framework can be scaled commensurate with risk exposure. This does not mean you don’t have the functions of Independent Risk Management, Line Management, and Audit in place. These functions are still necessary, but the scope of their activities can be reflective of your overall risk exposure.
- Part of an effective ERM program is to tie your risk profile to your strategic planning process: When evaluating your current strategy, as well as when considering a change in your strategy (new products and services, new geographies, etc), it is essential to hold that up to your risk appetite for continuity. This may take some thought and planning, but imagine expanding a product or service that is in direct conflict with your risk appetite? Proper alignment now will save you much heartburn in the future!
Do you need some help getting your ERM framework and Risk Appetite Statement implemented or improved? Let me know, we can help.