Enterprise risk management:Technology as a cultural enabler

Contributor: Marcus Cree

On Tuesday, I participated in a risk-themed Twitterview with Michael Versace, director of global risk at IDC-Financial Insights (@versace57) and Virginie O’Shea, managing editor at A-Team Group (@virginieateam).

Virginie posed several interesting questions to Michael and me, covering technological and cultural challenges and approaches to enterprise risk management. Within the boundaries of Twitter, we had a meaningful discussion around internal governance, the importance of risk empowerment, and how to capitalize on industry changes and take action now.

Question 1: Are firms waking up to the need to adopt enterprise risk management infrastructure?

MARCUS: Slowly, since the crisis hit, the crosshairs have moved between models and incentives, but as normality resumes, lack of risk as a cultural imperative has been recognized. This is also reinforced by #DoddFrank & new Basel rules.

MICHAEL: 75%+ of financial firms we speak with have a Chief Risk Officer – that’s waking up, I guess.

Question 2: The challenge beyond technology is cultural for ERM to work, how are firms tackling this?

MICHAEL: Linking risk vision and accountabilities to performance, and from performance to compensation.

MARCUS: It comes down to looking beyond calculations, and focusing on credibility of results, and distribution of those results.  Asking traders to use risk strategically demands that they be given numbers, in context that can be trusted!

Question 3: How could they improve their risk governance accordingly? Is a chief risk officer the solution?

MARCUS: To an extent, but only an empowered CRO. If CRO reports directly to CEO then you have platform for better governance.  The language of the firm has to evolve to include risk context, to make risk cultural.

MICHAEL: Measuring CRO performance is crucial but data shows compensation committees not involved yet in ERM programs- big missing link.

Question 4: Where do the biggest challenges lie on a day to day basis?

MICHAEL: Talent, demonstrating breadth & depth of understanding in ERM functions, selling ERM competitive advantage.

MARCUS: The biggest challenge is cultivating a risk culture, at the expense of absolute profits.  It’s easy to talk risk in a crisis, less so when it means reducing (non risk adjusted) profits. This is why the context of success must include risk, which is the cultural rather than mathematical part.

Question 5: Regulators have stepped in to mandate certain risk governance guidelines – is this the right approach?

MARCUS: Probably the only approach, given the backdrop. But be cautious. Capital regs provide buffer between a firm blowing up and potential systemic effect. They’re not there to insulate the firm from itself. Requires internally driven governance.

MICHAEL: Regs set expectation, but businesses hold accountabilities and compliance obligations to shareholders, customers and market.

Question 6: Have the regulators gone far enough to ensure firms change their approach to risk management?

MICHAEL: Far enough for what? In certain areas like capital adequacy and liquidity, I think so. Security, yes.  Defining understanding the economic impact of #DoddFrank, probably not.

MARCUS: At this point, we can’t tell. They have the mandate and implied power, but until the full regulations are in place and supervision is set against them, we won’t know whether or not they’ve used their full firepower.

Question 7: How could firms leverage technology to this end? If at all?

MARCUS: Don’t get hamstrung by bad tech choices. Calculation/production control/distribution require specific tech solutions.  Keep focus on end point goals and choose tech for each. Take an infrastructural approach to join the dots.  Think about it as a risk ecosystem, rather than an application.

MICHAEL: Many examples- ALM, financial crime, credit & portfolio risk: people, policy & tech manage risk

Question 8: What would be your advice to risk management teams struggling with a lack of empowerment?

MARCUS: Take the bull by the horns. Be willing to expose errors and gaps, and generate firm-wide participation. Empowerment is borne from credibility, which involves evolving from a regulatory capital report into a strategic tool. Be willing to debate and validate or change approaches. No one will empower you without you first proving why they should.

MICHAEL: Be business people, demonstrate returns from effective ERM, and the costs of “wait and see” approach. You’ve got to be thinking this way, because your competitors are.

SHARE