Community Banks Turn to Enterprise Risk Management. (Community Bank Forum)

Article excerpt

There was a time when community banks could be profitable throughout the economic cycle by focusing almost entirely on credit risk. But the days when the five C's of credit defined risk management are over In today global economy a myriad of risks affect banks of all sizes and in every location. It is becoming perilous for community banks not to identify and closely monitor all the risks in their enterprise.

Smaller community banks are privately owned or closely held, so their traditional focus has been capital preservation. But more and more, banks of all sizes are beginning to measure their operational and market risk and, ultimately, their enterprise risk, because managing those risks is important not only from a regulatory perspective but from a business perspective as well. Community banks use different approaches to managing risk, which sometimes includes appointing a risk officer to oversee the effort or forming a committee to do so. Many use a combination of the team and risk officer approach. The CEO also plays an important oversight role.

"Enterprise risk management is an issue we're all going to have to face," says Richard L. Harbaugh, president and CEO of the $150 million Equitable Federal Savings Bank in Grand Island, Nebraska. "It's there right now. It's a matter of segregating the risks and specifically identifying them."

As an RMA Board member and chair of the Community Bank Council, Harbaugh says he is particularly aware of the need to identify and manage all of the bank's risks, not just its credit risk. Enterprise risk management at Equitable is currently in its "embryonic stage," he says. "We're just beginning to take a look at operational and market risk."

As CEO, Harbaugh is the chief risk officer, but he has enlisted the help of his top officers for that task. The chief financial officer monitors operational risk, the chief operations officer monitors market risk, and the chief credit officer, of course, is the watchdog of the credit portfolio. Each of those individuals works separately, trying to quantify specific risks.

"It's problematic because we don't know all we have to look at yet," says Harbaugh, noting that the risks the bank is currently examining include transaction, interest rate, fraud, and identity theft. "After we identify the risks, we can determine how they affect us in our daily operations. We may have to outsource the management of some risks. As a standalone banking franchise, we don't have access to risk information, other than what is available to us through RMA. We're now identifying our risks, but we're also very dependent upon RMA to provide us with a risk management product line."

Blending Compliance and Credit Administration

Until her recent retirement, Jean Hopeman was the credit risk officer for Sonoma Valley Bank in California. At this $150 million bank, Hopeman's position evolved to include both credit and compliance administration. "The risk officer role is different from that of the traditional roles of safety and soundness credit administration and compliance, says Hopeman. "In the past, the two responsibilities were separated, and to this day they still are in most banks. Most banks have credit safety and soundness auditors who know little about compliance and vice versa.

"My greatest challenge and success was the blending of the two and creating a greater awareness among all employees about each type of risk. The understanding of risk in the bank is better if a risk manager takes charge of training in these areas. I hired people to accomplish the training. Basically, the risk manager needs to know the regulatory issues, which change each year, figure out what the employees need to know, and establish procedures that ensure the knowledge is reinforced.

"I also performed an economic analysis of our market and an in-depth analysis of the loan portfolio so that the Board is aware of the industry risks. …