Insights

Turning a Solid Risk Management Framework into a Competitive Advantage

Written by Cara Williams | May 26, 2021 1:34:20 PM

As a big football fan, the mantra – from coaches and sports analysts alike – of how the defense protects your house and ultimately wins games has been imprinted upon me.

But in my opinion, within the banking industry, this way of life no longer holds up. Your risk management teams are certainly the heart of your defense – helping you play by the rules of the game and turning things around when you fumble – but if you’re only using them on defense, you’re missing a strategic opportunity to use them offensively, where they can sharpen a powerful edge for your bank in a marketplace that’s never been more competitive.

By adjusting your mindset to recognize that every employee owns a piece of the responsibility for risk management, you empower your people to move nimbly, strategically and decisively when you face a change – whether it’s an external regulatory pressure or an internal opportunity to launch a new product or service. In either case, you navigate through change by building on best operational practices, which, in the end, work to your advantage.

Getting your bank into game-ready position doesn’t happen overnight, of course, and the vision starts with the actions of your senior leaders. They set the tone and establish expectations. But everyone ultimately needs to play a hands-on role. When leaders make risk management a priority and nurture an environment where people can work collaboratively and have transparency into related roles, it leads to continuity across your change management process, thus minimizing your risk.

Playing by Changing Rules

Every time your team takes the field, you start with no points on the scoreboard. But you’ve scouted the competition and developed a strategy for how to get across the goal line. When it’s time to call the opening play, you – and every member of your team – know precisely what it will take. Countless hours of training have generated muscle memory and athletic IQ, making your actions seamless.  

Within your organization, the need for a risk-aware culture that is second nature to your people aligns precisely with the signals coming out of Washington, D.C., that the stakes are getting higher. For one, banking referees such as the Consumer Financial Protection Bureau hinted early at increased regulatory scrutiny, then soon after advised that they were tightening up regulatory standards they had relaxed during the pandemic year to allow banks to quickly respond to customers’ financial hardships.

As a starting point, your risk management framework should incorporate four key elements:

  • Governance: Start with setting the ground rules for how you’ll govern your risk. Define your risk strategy, the role your board and management will play, and the committees that will comprise your governance structure – and don’t forget to detail the decision-making authority, approval and escalation process across those special teams. This upfront work – consider this your pre-season training and conditioning – also should introduce robust systems for ongoing monitoring and risk reporting, establish standard parameters for how you identify issues, and provide a basic roadmap for remediating an issue when one comes along.
  • Operating Model: Distinguish the roles and responsibilities for every player, with a key focus on how they’ll manage risk generated by the core activities in that business. By taking the time to ensure all individuals in every line of defense understand their expected contributions, you’ll be ahead of the game as your people can act more quickly and efficiently when a change needs to happen.
  • Standard Framework, Definitions and Taxonomies: In basic terms, everyone across your enterprise needs to be speaking the same language and assigning risk ratings the same way. Calibrating these elements at the onset builds confidence that your bank gives thoughtful attention to categorizing risks into the right buckets. Your standardization should extend to assessment scales and definitions of different risks and risk events, leading to easier risk aggregation and risk reporting to enable a holistic view across your playing field.
  • Risk Appetite: Nothing is more important than establishing how much risk your organization is willing to take on in its daily business – and knowing that missing the mark can impact your customers, your bottom line and your reputation. Optimally, your leaders will re-establish this risk appetite annually, but black swan events such as the pandemic should prompt more timely reviews.

Too often, banks reinvent the wheel every time a change or demand comes along. As we eye increasing regulatory pressure in the year ahead, driving and promoting a robust risk management culture is no longer a “nice to have” within your organization: It’s a “need to have.”

When you reset the role and ownership of your risk management as a strategic pillar in your future growth and direction, you’ll find that adhering to best operational practices – on everything from regulatory compliance to product and service adjustments – minimizes risk and actually propels your company forward.

The Client Benefits

When you make risk management part of your enterprise culture, you’re essentially playing both ends of the field. Of course, playing conditions continue to evolve, so your framework should be flexible to adapt as well. Download my recent white paper to find out how you can turn risk management into a competitive advantage for your bank.