Risk management has moved from interesting concept to necessity in financial institutions throughout the world. The interrelationship among an organization's risks lead naturally to a system of enterprise-wide risk management. This article discusses various possibilities and offers a proposed model for ERM that features a chief risk officer with close reporting ties to CFO, CEO and the board, and whose direct reports include the heads of the three major risk management disciplines.
Boards of directors, management, regulators, and the business press all seem to be talking about enterprise-wide risk management. ERM has achieved the status of a buzzword among financial institutions and even in other types of companies. This is understandable when considering the two underlying premises of ERM:
1. Risks are often interrelated. Consider, for example, a bank with an active program to securitize loans. While the credit risk may decline, operational and reputational risks may increase.
2. Risks should be approached in a consistent, balanced, and integrated manner.
There are many advantages to an integrated approach. First and foremost is its impact on the bottom line. If ERM is effective, it should help reduce the volatility of the company's earnings, thus enhancing shareholder value. With an organized approach to risk, a firm can better manage its risks and returns to make more informed decisions about capital and investments. For example, two different lines of business may have achieved equal profit at different levels of credit risk or operational risk; once the different risk levels are identified, they can become a factor in future strategic decisions.
Much of the current dialogue about ERM focuses on systems to measure exposures across an organization and ways of measuring the integration of market and credit risk. Progress has been made along both of these lines. Enterprise-wide measurement of exposure is now feasible, though it requires a large investment in systems and methodologies. The effect of market risk on credit exposure - for derivatives and other instruments - is being computed by increasingly sophisticated models. Other models address issuer or specific risk by quantifying the impact of downgrades in credit or changes in investor perceptions on market value.
With all the attention focused on measurement systems, however, not enough discussion has been devoted to the realities of implementing ERM. A particularly thorny aspect of implementation is the requisite organization structure. This is a significant issue since the organizational model for ERM sets the tone for the culture and processes that spell a successful enterprise-wide approach.
How should a company be organized to deliver ERM? This question is so new that no best practice yet exists. Organization structures - and indeed definitions - for ERM vary widely, often dramatically, from company to company. Some companies measure market risk around the world and call it enterprise-wide risk management. Others consider ERM to be measuring credit risk in all their locations. Many companies now integrate market and credit risks. A few more ambitious companies also are attempting to include operational risk under the umbrella of their ERM effort.
There are many benefits to centralizing the entire spectrum of an organization's risks - including credit risk, market risk, and operational risk. Rather than managing these risks by a committee or a series of committees, the most effective way to assure continuity and consistency in risk management is with a single organizational unit that bears direct responsibility for supervising the entire risk management process. Typically, such a unit is headed by a chief risk officer (CRO) - sometimes called an enterprise-wide risk manager or risk czar - who is responsible for overseeing all the organization's business and financial risks. …