On Their Way Four Banks Forge Ahead in Enterprise Risk Management

Article excerpt

If enterprise risk management is a journey, banks follow paths that at certain points intersect with those of other banks, but then may diverge as well. It can be useful for a bank to hear about other journeys before embarking on its own.

The paths taken by large banks have been chronicled far more than those of smaller ones. The RMA Journal asked risk officers at four banks in the Western U.S. to respond to seven questions about their enterprise risk management efforts. Ebrahim Shabudin, EVP and COO, responded for $8 billion United Commercial Bank of San Francisco, California; James Kempf, SVP and manager of Risk Assessment, responded for $4 billion 1st National Bank of Arizona and 1st National Bank of Nevada; Kai Neizman, VP and manager of Sarbanes-Oxley compliance, responded for $4 billion Columbia Bank of Tacoma, Washington; and Mary Sellers, chief risk officer, responded for $10.5 billion Bank of Hawaii.

There are commonalities in all of the banks' definitions of enterprise risk management. Only one of these banks has a chief risk officer, per se, but all have an ERM structure in place. All agree on the importance of and difficulty in data collection, while all differ on the risks that most concern them currently. Other topics discussed include ERM investments and ERM as an agent for growth.

For any program to have a chance of success, an institution must carefully negotiate its way through the first steps, which usually include 1) defining the program; 2) identifying leaders and champions; 3) designing a framework and reporting structure; and 4) creating policies and procedures to support it. These certainly aren't the only steps, but they do lay the foundation. Within these steps, there are lots of decisions to be made. No one needs to reinvent the wheel, so seeing how other institutions are creating their enterprise risk management (ERM) programs is helpful to banks that are not quite as far along the path. This article brings together the experience and insights of four bankers on the West Coast (and beyond). The banks represented here are United Commercial Bank of San Francisco, California; 1st National Banks of Arizona and Nevada; Columbia Bank of Tacoma, Washington; and Bank of Hawaii.

Defining ERM

Among the four banks, definitions for enterprise risk management hold many similarities. Importantly, each bank has a definition of what enterprise risk management means to it.

United Commercial Bank defines ERM as "the identification and measurement, analysis and mitigation, reporting and control, management and oversight of all risks associated with doing business in our banking marketplace, as well as their impacts on our company." Ebrahim Shabudin, EVP and COO, says that the bank includes credit, market, and operational risks in the management of enterprise risks, using Basel definitions to categorize them.

James Kempf, SVP and manager of Risk Assessment, says that 1st National Bank uses ERM to align strategy, processes, people, technology, and knowledge with the purpose of evaluating and managing the uncertainties the company faces as it creates value. And Kai Neizman, VP and manager of Sarbanes-Oxley compliance, Columbia Bank, adds that "The passage of the Sarbanes-Oxley Act--in particular, Section 404--has really forced us to focus on and understand the processes and risks across the organization. We continually refine our processes to reflect the changing risks within the organization and attempt to take a more proactive approach to managing these same risks."

Necessary steps in the process, according to Kempf, include:

* The removal of traditional functional, divisional, departmental, or cultural barriers.

* A process-oriented approach that helps 1st National Bank manage key business risks and opportunities while maximizing shareholder value.

* Identifying, prioritizing, and managing risks across an enterprise or division. …