No matter how bright and organized a chief risk officer is, an institution’s enterprise risk management (ERM) program is only effective when employees follow it. That’s why building buy-in is essential for anyone involved in managing risk. In fact, it’s the biggest challenge some CROs face.
It certainly is for the banker who manages strategic risk at a $1 billion+ community bank. More than anything, she struggles with getting everything she needs from busy business units that have clients to serve and profits to earn. It’s been particularly tricky over the past few years as the bank has upgraded its ERM process and other elements of its risk management program. Yet she’s been proactive and is making progress, she says.
The banker is quick to clarify that she isn’t the bank’s CRO. Her job is to help implement the bank’s risk management strategies while playing a critical role in operations. The CRO job technically falls to the CEO, who is a huge advocate for risk management along with the bank’s chief operating officer.
Their support is essential to her success, she says.
“I have the authority to talk to committees and tremendous support from the top down in terms of risk,” she says of the autonomy she’s given. “There is absolutely no tolerance for not supporting any risk-related discussion.”
While the banker typically has everyone’s attention when a major change is rolled out, it doesn’t last forever. Changes soon become old news and can get lost in the shuffle.
Also, not everyone understands the tools available. Consider a senior credit officer on the operational risk management committee. He was discussing concentration risk when the banker asked him if he’d used the bank’s system to create an easy-to-track finding.
His response: “No. I’m working on Key Risk Indicators, but I’m also working on real risk.”
They should be one and the same, notes the risk manager, and that’s the next level of risk management for the bank. Staff needs to understand the system isn’t just busy work meant to make pretty reports. Fully utilizing the bank’s ERM tools and solution will make ultimately make the credit risk officer’s job easier while improving the bank’s long-term risk management.
To overcome this problem, the bank now requires every management committee to include dashboards from the bank’s ERM systems as an agenda item in every meeting. It forces them to begin using the tool for reporting. It also prevents the risk manager from being the sole spokesperson for everything risk: The message comes from the top.
Risk management fatigue also sets into meetings. It’s easy to look back at dashboards to see past findings, the banker says, but it’s just as important to look ahead to emerging risks. She tackled this problem recently by reformatting meetings. She added look-back reporting to the consent agenda, which is sent in advance. This gives members time to send in questions and concerns, leaving more time for meaningful discussion.
While the bank and the risk manager have come a long way, building buy-in will remain a work in progress as the bank continues on its journey into improve its overall ERM.
“Every time I listen to speakers around enterprise risk or regulator boards and panels and hear them talk about different aspects of managing risk I come back and tell my bosses ‘We’ve done so much, but we still have so much left to do,’” she says.
Do you feel like your institution could be doing more to streamline ERM? Ncontracts’ Nrisk is a dynamic risk management solution that measures potential impacts continuously, for the closest thing to real-time risk management you can get. With the provided libraries of thousands of risks and controls, Nrisk enables your organization to measure risk on everything from one neighborhood location’s social media page to the payroll vendor that your entire institution uses. Customizable and automated, Nrisk gives you the monitoring and reporting tools you need to be exam ready.