With regulators starting risk-based exams this year, many banks are scrambling to adopt policies addressing threats to the institution's business.
Not New Jersey-based National Westminster Bancorp.
The U.S. unit of National Westminster Bank PLC, London, has just completed its first year under a risk-management regimen that combines centralized control with department-level implementation.
The institution has 15 employees - one from each area of the bank - watching out for signs of trouble.
"What this does is take the responsibility and put it back into each individual department," said Barbara Bye, Natwest vice president for technology and business support. "It puts the responsibility with the people who have the most knowledge about the risks."
The program puts Natwest on the cutting edge of risk management, a field that has engrossed regulators for the past year.
"It can be an very effective way to handle risk," said JoAnn S. Barefoot, president of Barefoot, Marrinan, & Associates consulting firm in Columbus, Ohio. "The risk coordinators are a piece of the puzzle. Another is an articulated strategy from top management. Combining these with new technology can help banks better measure, quantify, and handle risk."
Natwest risk manager Kristin W. Davis, who will speak about the bank's practices at the Western League of Savings Institutions' 1996 Regulatory Compliance Conference in San Diego today, said other institutions need to start paying more attention to risk management.
"This is something that all banks are going to need to do because the Office of the Comptroller of the Currency and Federal Reserve Board are going to require it," said Ms. Davis.
Natwest's experiment may prove to be short-lived. The Fed gave Fleet Financial Corp. permission Monday to buy the bank. Fleet officials declined to comment on whether they would adopt Natwest's risk management approach.
Natwest began its program in March 1995. The bank had top brass in each department appoint vice presidents to ferret out potential trouble spots, then write policies to mitigate the chance one of these areas could erupt into a problem, she said.
The vice presidents brainstormed with employees in each department and consulted with senior management to determine how much risk each unit faced, Ms. Davis said.
The search uncovered 300 different risks that the bank confronts every day. Senior managers divided those risks into eight categories: third-party crime and fraud; unethical employee behavior; work force hazards, such as robberies and on-the-job injuries; errors and omissions; legal liability; property damage; vendor failure; and systems and technology.
The vice presidents then sat down with employees from each unit to develop separate risk-control plans for each department, Ms. Davis said.
Ms. Davis said the policies vary from credit quality to computer security.
For example, Ms. Bye coordinated the risk profile of the bank's strategic development department, which handles confidential information involving mergers and acquisitions. Trying to limit the chance that the data could become public, the bank installed a computer program that only releases the information to employees with the proper password.
Ms. Bye said other risks surfaced during a brainstorming session in her new department. For example, the bank realized it could lose customers if it didn't offer some of the newest banking products, such as smart cards. So a policy was written to explain the importance of staying abreast of emerging industry trends.
With policies for each of their departments, the vice presidents now meet quarterly to share solutions for tackling different risks and get together with senior management at least monthly.