BANKTHINK
Partner Insights

Risk Management Resolutions for 2013

Print
Email
Reprints
Comments (2)
Twitter
LinkedIn
Facebook
Google+

In the last few years, this notion of risk has taken center stage.

Today, risk is marked by increasing complexity and velocity, and in light of our mobile, social and big-data landscape, there is urgency around proactively identifying and managing risk. As such, organizations are reassessing fundamental risk management strategies and best practices needed to create and sustain a thriving business.

Risks today are interconnected and horizontal, running across departments and business units. In conversations with CEOs, board members and banking executives, there are a few key overlapping risk areas that are most top of mind going into 2013.

Strategic risk is more connected to compliance risk. New regulations are impacting how banks make money and develop products. There are complexities resulting from the Durbin Amendment, new capital requirements under Basel III and increasing costs associated with understanding and adhering to the expansive Dodd-Frank rules. The demand for mobile payment products exists, but the uncertainty around consumer compliance and vendor governance creates additional hurdles and costs. Product development lifecycles expand as banks take time to review and understand existing and expected rules.

Compliance risk is complex. "Fair lending" requirements seem to impact most products offered by banks. Every loan, every overdraft and every mortgage default resolution requires a fresh eye.

Reputational risks are increasingly linked to operational missteps and compliance violations, civil money penalties and fines. Thanks to social media, pervasive content sharing and strong opinions are the new norm. Smartphones, real-time newsfeeds and geo-located review sites enable stakeholders to publish content that can put entire organizations – or individual employees – in the hot seat. Compliance violations are headline news and penalties can impact earnings.

Operational risk is unavoidable. A greater reliance on vendors and third-parties, and a vulnerable IT environment (as witnessed by recent distributed denial-of-service attacks), means that banks no longer have complete control of their business operations.

Prior to the financial crisis, banks were encouraged to take risks and the government promised to insure their deposits and act as the last resort lender. Elijah Brewer, professor of Finance at DePaul University and former economist at the Federal Reserve of Chicago shared with me some facts he presented at Lawrence University in October 2012: Research shows that roughly 60% of financial firms' liabilities worth an estimated $25 trillion had access to some type (explicit or implicit) of government safety net at the end of 2009. This kind of support for bankers can distort their incentives, and could cause banks to take excessive risks in their loan portfolios. It is this type of behavior that resulted in the probability of default among subprime lenders reaching alarmingly high levels from 2007-2009.

Since then, the government has responded swiftly, raising lending standards and capital requirements. Furthermore, banks have broadened their focus to assess the quality of a customer's underlying assets before approving loans. According to a 2012 research paper written by Minh Nguyen, macroeconomic researcher at Lawrence University, "Lending standards and the corresponding screening process have gotten stricter, and therefore credit risk is likely on the decline." As a result of scrutiny from their boards, a tighter review process and more frequent loan reviews, most banks have a better handle on their credit risk going into 2013.

When it comes to New Year's resolutions, there are plenty of best practices to consider. Some of the most successful banks are rethinking their approach to risk management and have defined their business processes and linked them to risks, controls, policies and even their vendors. This helps ensure that stakeholders can collaborate to assess the impact of key risks on broader business objectives. Successful banks are also focusing on education and employee training courses.

Additionally, successful banks are establishing a formal enterprise risk management department that creates frameworks and processes to routinely assess risk, ensure continuous monitoring and provide "enterprise-level" reporting to management and the board. The EVP of Enterprise Risk is emerging as a key role, but more than ever, banks are looking to every single employee as a risk owner acting as the first line of defense.

Audit departments are also tying resources to real risk exposures, and audit plans themselves are becoming risk-based, not calendar-based. Auditors are also moving away from merely executing audit-related tasks to analyzing trends and connecting the dots.

Lastly, successful banks are tying compensation to risk management by establishing performance scorecards that allocate 10%+ of variable compensation to metrics around audit findings, repeat findings, closed issues, risk self-assessments and scheduled control testing.

No doubt the uncertainties facing banks will continue, and risk management will continue to require more innovation, more resources and more qualified people.  

Susan Palm is vice president of industry solutions for MetricStream, a provider of enterprisewide governance, risk, compliance and quality management solutions.

JOIN THE DISCUSSION

(2) Comments

SEE MORE IN

RELATED TAGS

2014 Summer Reading List for Bankers
Summer Reading List for Commercial Bankers 2014

American Banker asked readers, BankThink contributors and staff members to recommend books for bankers to take on their summer vacations. Share your own suggestions in the comments section below.

Related links: Last year's list, the 2012 list

Image: ThinkStock

Comments (2)
At CONIX, our banking partners consistently tell us that their key risk management focus in 2013 will include the following fundamentals:

1.Common database solutions that ease their compliance burden and have the added benefit of reducing expenses through streamlined operations.
2.Solutions that embrace the growing RDC and mobile payments venues while adequately protecting against inherent risks. This means demanding Day 0 risk mitigation tools.
3.Solutions that adequately address the need for cross-channel protection. Single-silo risk mitigation is a thing of the past.
Posted by tinaeward | Friday, December 28 2012 at 1:52PM ET
Good article on business risks and their management. Read a whitepaper about this very topic "Which SOC controls report is right for your organization" it offers very good information readers will find it very helpful @ bit.ly/SDD74Y
Posted by ksuresh | Wednesday, January 02 2013 at 5:58AM ET
Add Your Comments:
Not Registered?
You must be registered to post a comment. Click here to register.
Already registered? Log in here
Please note you must now log in with your email address and password.
Already a subscriber? Log in here
Please note you must now log in with your email address and password.