How often do you engage with human resources (HR)? Risk managers may not give a lot of thought to HR, but they should.
According to COSO and its industry leading ERM framework (Enterprise Risk Management – Integrating Strategy and Performance), attracting, developing, and retaining capable individuals is a key element of governance and culture. Why does HR matter?
HR is often the home of training initiatives. Making inroads with HR can help ensure that onboarding and training speaks about the importance of risk management and how it is part of everyone’s job description. It’s also an opportunity to reinforce procedures, positive behaviors and values necessary for strong risk management.
Measuring performance and incentivizing long-term goals. Incentives should align with an institution’s long-term goals and objectives. They shouldn’t reward behavior that runs counter to the interests of the institution. Remember how Wells Fargo got into hot water for CSRs opening new customer accounts without consent in order to meet quotas? When risk management is involved in these conversations, it can identify potential problems and conflicts of interest and nip them in the bud.
Informing candidate selection. HR is trained in helping identify the strongest candidates for a job. Risk management skills won’t be top of the requirement list for most positions, but that doesn’t mean they shouldn’t influence hiring decisions. When staffing comes up in strategy meetings, make a case for qualities that can help reinforce the institution’s risk management culture.
For C-level executives, it means seeking out candidates with judgement skills and risk management experience. For mid and lower level positions, it means looking for candidates with a background and personality traits that suggest they work collaboratively and are open-minded and inquisitive.
Uncovering best practices. Can you imagine interviewing a new IT security employee and letting them know that you want to pay the lowest salary possible, you expect them to have leading knowledge on IT security, and you need them to be available 24 hours a day and seven days a week?
But that’s exactly what many financial institutions do when they go through the vendor selection process. Rather than view third-party vendors as strategic relationships that can help the organization achieve its goals, they view them in the same light as they do their office supplies: necessities that should be purchased at as low a cost as possible.
Combining best practices from HR with vendor management processes can improve vendor selection, leading to reduced third-party risk down the road. I call it vendor resource management.
The Risk of Failing to Attract and Nurture New Talent
The risk of failing to attract and nurture new talent is a top concern at community banks and credit unions. Young graduates’ banking experience is often limited to the teller line. That is, if they’ve even been inside a bank at all.
Meanwhile, banks and credit unions in need of future lenders, compliance and risk officer officers, and IT leaders find themselves competing with every other industry and bigger companies with far more brand awareness.
What is your institution doing to reach next generation leaders? If the answer is nothing, it’s definitely worth a conversation.
One effort worth noting is the Conference of State Bank Supervisors’ annual community bank case study competition. This competition invites teams of undergraduate students to study a local community bank, giving them the opportunity to learn about the industry firsthand by engaging with local bankers and others knowledgeable about the industry.
Each year the winning case studies are published in the Journal of Community Bank Case Studies and present to regulators and industry stakeholders at the Community Banking in the 21st Century Research and Policy Conference. Interest in the competition is steadily increasing with 58 student teams in 2019, up from 33 in 2017.
Last year the competition focused on financial innovation and how community banks utilize technology to streamline processes and better serve their consumers. The first-place team from Eastern Kentucky University focused on $2 billion-asset Central Bank in Lexington, Ky. and how it engages in due diligence to “ensure the most innovative community banking technologies are integrated, strategically aligned, secure, and compliant with regulations.”
It also looked forward to how the bank wants to implement third-party vendors focused on artificial intelligence, digital lending, and fintech. (Not to toot our own horn, but it includes a shout-out to Nvendor for the role it plays in managing Central Bank’s 403 third-party vendors.)
These in-depth case studies have surely left an impression on participating students, exposing them to a potential career path they otherwise wouldn’t have known about. And it’s likely to have attracted the kind of go-getters any business would want to hire.
ERM is all about overcoming silos to create stronger, more resilient institutions that are poised to take early action to exploit opportunities and defend against threats. This requires informational give and take, where different areas don’t just air their opinions but are open to best practices and input.
It’s not just about minimizing risk. It’s understanding how changes in risk impact decisions and making the most of that awareness. To learn more about the components and principles of COSO’s framework, join us for our webinar, ERM 101: What’s COSO and Why Should I Care?.