Skip to main content
Poole College of Management
Enterprise Risk Management Initiative
ERM Leadership and Governance

Enterprise Risk Management and the Banking Crisis: Lessons Being Learned

November 2, 2011 2-min. read

Many critics of ERM point to the banking crisis of 2008 and 2009 as an example that ERM does not work. Steve Dreyer, Managing Director and Practice Leader at Standard & Poors, explains how banks either weren’t practicing ERM correctly or didn’t have strong metrics in measuring their risk assessment.  He speaks to how he believes banks were simply doing risk management in name only and they didn’t look at risks beyond a typical scope.

Key Points:

  1. Value of ERM for CEOs and Boards: Dreyer explains that ERM provides a structured language for communicating with key stakeholders, including the board, stockholders, regulators, and consumers. It helps organizations shift from opportunistic management to a more thoughtful and formal approach to managing risk.

  2. ERM and the Banking Crisis: In response to critics who claim that ERM failed during the 2008-2009 banking crisis, Dreyer argues that while banks were practicing ERM, they set their risk tolerance too high and lacked effective metrics. They failed to understand the true risks of their products and the correlations across different areas of their business. This indicates the need for more comprehensive, enterprise-wide risk management.

  3. Risk Management vs. Enterprise Risk Management: Dreyer distinguishes between siloed risk management (focused on specific areas of a business) and true enterprise-wide risk management, which considers strategic risks across the entire organization. He notes that many companies still only focus on narrow areas and lack the will or resources to take the next step toward a broad, integrated approach.

  4. Cultural and Organizational Challenges: Implementing enterprise-wide risk management is a long-term process that requires changing the company culture and aligning strategic risk management with daily operations. CEOs often hesitate to share strategic risks, and creating a shared vision of risk management is a major hurdle.

Conclusion:

Dreyer emphasizes that while ERM is still evolving, it is a necessary and valuable tool for organizations to better manage risk. The banking crisis revealed limitations in how ERM was applied, particularly in terms of risk tolerance and understanding systemic risks. However, the discipline is progressing, and with time, ERM can become a prominent and integrated part of organizational strategy. Achieving this requires overcoming cultural and strategic challenges, but it is essential for managing risks in a complex business environment.

Original Article Source:Interview Transcript with Steve Dreyer on ERM and the Banking Crisis: Lessons Being Learned“, Steve Dreyer and Bonnie Hancock, November 2011

More From Enterprise Risk Management Initiative

Bonnie Hancock

The Role of Corporate Boards in Enterprise Risk Management
TradeTalks

How C-Suite Leaders Are Navigating Current and Future Risks
photo of a board room table

Board Oversight of Risks: Strengthening ERM for Effective Risk Governance