For six years in a row, Deloitte has performed a survey pertaining to the current state of global risk management and how financial services companies are facing challenges related to risk management.  The results from this year’s survey prove that the turbulent nature of the global markets, and the government’s reaction, has made risk management a greater priority to management teams. 

The survey shows that a majority of financial institutions believe that the oversight of risk management should be a direct responsibility of the board of directors, in order to satisfy their fiduciary responsibilities.  To instill an effective risk management system, the board should approve risk policies, adopt a clearly-stated risk framework, and articulate risk appetite, which should all be communicated to the entire organization.  Over half of the institutions surveyed have a formal statement of risk appetite, while one quarter of those firms rely on a quantitatively defined statement and one third use both quantitative and qualitative approaches to defining risk appetite.

Almost three quarters of the survey participants have a Chief Risk Officer (CRO) who is responsible for escalating risk issues to the CEO.  The CRO is also typically responsible for implementing the risk management policy and overseeing the aggregation of risk exposure, risk analytics and risk quantification within the institution.  The increasing importance of the CRO role is likely to continue due to the increased pressure on the board to have efficient risk management programs.

Even though the benefits from an Enterprise Risk Management (ERM) system are considerable, and regulators are continuing to support the trend, only 36 percent of the participants report that they have an ERM program in place.  This is likely due to the cost of implementation and short-term perspective of risks in investment banking.  Of the ERM programs surveyed, almost all focus on traditional risk types including credit, market and operational risk.  However, reputation, liquidity, and strategic risk are emerging risks that are seeing more consideration possibly from the recent losses at many firms.

While many firms are wary of implementing ERM due to costs, 72 percent of executives surveyed who have ERM programs, note that the quantifiable financial benefits exceed the costs.  Additionally, almost half said they have an improved understanding of risks and controls within their firm as well as improved perception of their institution by regulators and rating agencies.  The most significant challenges of implementing ERM were the integration of data and the cultural issues. 

Of the financial institutions surveyed, half are subject to Basel II requirements.  Basel II recommendations improve the risk sensitivity of the company’s regulatory capital measures by improving measurement of credit, market and operational risk so that economic capital can be more effectively calculated.  In the United States, these requirements are usually reserved for the largest banking institutions, while other countries require this of smaller banks.  Considering the push towards common, international standards, smaller banks should be aware that they too might have to comply in the immediate future. 

This survey also shows that these institutions are being held more accountable for their own assessment of key risks.  If the companies can create an integrated structure for compliance and risk management, they can increase efficiency and lower costs.  Over half of the institutions also had an independent model validation function, showing that model risk is also important to manage.  This survey also further details how institutions are managing four key risk types – credit, market, liquidity and operational risks.

Another major concern of management was the lack of technological integration among their risk systems.  Over 70 percent of institutions expected to increase their spending on risk management technology over the next three years.  These statistics show there is going to be a large, emerging market for not only ERM information technology infrastructures, but also for the knowledge to create internally-developed systems.

It is most important to remember that if management does not create a risk-aware culture by effectively communicating with employees, implementation could yield weak results.  The incorporation of risk management goals into performance objectives is the key to successful ERM systems.

Click below to read the full article.

Subscribe to ERM Insights

The latest research, insights and opportunities from the NC State ERM Initiative to help
you and your organization lead with confidence.

ERM Enterprise Risk Management Initiative 2009-01-01