Don Truslow, Chief Risk Officer of Wachovia Corporation, spoke to over 300 business professionals and NC State graduate students at the ERM Initiative’s September 22, 2006 ERM Roundtable. Truslow provided an overview of how the third largest retail bank in the U.S. manages risk across an enterprise with over 100,000 employees.
Driver of ERM at Wachovia
Enterprise risk management (ERM) at Wachovia is ultimately driven by its overarching corporate vision and values. The role and purpose of ERM is to support the organization’s aspirations to achieve their vision of being the “…most trusted and admired financial services company.” All of the activities surrounding ERM within Wachovia are designed to move them towards the achievement of that value proposition.
The launch of ERM was largely motivated by a desire to reduce volatility in earnings. After experiencing an interval of unacceptable earnings volatility, the senior leadership team developed processes of managing risks to lower earnings volatility to within an acceptable range. To do so, they established a target risk environment that defined Wachovia as “informed, measured, and disciplined risk takers.” Now, as they execute the bank’s overall strategy for shareholder growth, management continues to reduce uncertainties surrounding growth in earnings and return on capital through superior risk management efforts.
Categories of Risks
Similar to most financial institutions, Wachovia categorizes various risks into three broad classes:
- Credit risk – risk related to the failure to be repaid monies owed Wachovia
- Market risk – risk associated with a decline in the value of Wachovia’s net assets due to price/interest rate changes in the market
- Operational – risk associated with losses arising from the failure of processes, systems, or people; or due to external events.
Because most banks have constructed robust processes surrounding events triggering credit and market exposures, Wachovia already has well-functioning processes for the management of these risks. Much of the bank’s focus today is on strengthening risk management efforts concerning operational risk. Truslow noted that operational risks for the bank resemble what would be viewed as “enterprise-wide” risks for most non-financial institutions.
Operational Risks Represent Greatest Risk Growth Areas
The management of risks arising from “operations” is a significant challenge. Many of the operational processes are distinct, which makes risk management tougher, dispersed, and in some cases vague. Operations, such as information technologies, human resources, vendor management, legal, real estate, and business continuity planning, often involve business processes that are managed from across an organization often with an array of data and performance metrics employed to manage those operations. To some extent, trying to manage risks from disparate operations requires greater reliance on qualitative versus quantitative assessments. The variation in activities and related measures make enterprise-wide operational risk management extremely challenging.
Four Cornerstones to ERM at Wachovia
Wachovia’s approach to ERM consists of four distinct components:
1. Governance: Wachovia’s focus on risk is top-down. The risk committee of the board of directors oversees management’s approach to risk management on behalf of the full board. All individuals serving on the risk committee are independent directors – no management directors are a part of this group. The committee meets typically six times per year and oversees management’s senior risk committee. The senior risk committee, which is chaired by Wachovia’s CEO, consists of senior executives who meet monthly and provide a top-level management view of risks arising from multiple functional areas. To support the senior risk committee, key functional areas within the bank each have functional risk committees that own risks within their functional areas.
2. Technology: Wachovia has invested over $1 billion in information technologies to develop and implement tools to expedite the achievement of corporate objectives. Risk management policies are online, their data center has been expanded, and information technologies are being used to provide more strategic risk information to assist management in their risk monitoring efforts on an ongoing, real-time basis. Furthermore, technology is deployed to conduct continuous risk monitoring, such as the electronic monitoring required for anti-money laundering compliance activities.
3. Process: Over the past several years, Wachovia has worked to develop enterprise-wide operational and business continuity processes so that risk management approaches are streamlined across multiple operational areas. Policies for underwriting have been standardized to achieve greater efficiencies and effectiveness and management has worked to improve risk metrics and reporting across the company.
4. People: At the heart of risk management are people and culture. Truslow noted that, without the appropriate risk management philosophy and culture, ERM will fail. Thus, Wachovia has worked diligently to instill an appropriate risk culture that permeates the entire organization. Wachovia recognizes that the best way any entity can manage risks is to ensure all employees across the organization know risks are out there and consider how their actions affect risks for others within the company. Accountabilities for risk management are built into each business unit’s management responsibilities and all employees (especially new hires) receive training on the importance of risk management for all aspects of the bank.
ERM Now a Valued Added Partner
Today, risk management is a strong part of the company’s overall DNA. Risks are routinely evaluated by all functional areas at all levels throughout the Wachovia Corporation. ERM is viewed as a valued added business partner there to help business lines leverage strategic opportunities and ensure appropriate levels of risk and return. Truslow noted that, at the end of the day, ERM helps expand Wachovia’s competitive advantage.