Why an Enterprise Risk Management?
Griggs, Malcolm D., The RMA Journal
RMA, throughout its long and distinguished history, has provided forums for the discussion of cutting-edge ideas in credit and risk management. Whether through chapter meetings, conferences, training courses and materials, or The RMA Journal, our Association has provided the industry with the most up-to-date thinking on risk management.
"In the spirit of RMA" is a phrase that all members will recognize. It means that we can be competitors and learn from each other at the same time. It means serving when called upon to do so. RMA had already formed councils to focus on credit risk, operational risk, market risk, and regulatory risk. These councils are populated by some of the best thought leaders in our industry.
So why create an Enterprise Risk Council? RMA's leadership recognized that the whole is a bit different from the sum of its parts. In other words, while credit, operational, market, and regulatory risk management are all parts of an effective enterprise risk management program, the point of a true enterprise risk focus is to knit those parts together so that the underlying disciplines are managed properly, as are the connections among them. Consider just three connections that are common in many institutions:
1. A substantial market shift can create credit risk. Can the counter-party on the derivative contract uphold its end of the bargain?
2. An operational risk can give rise to credit losses. Was the failure to perfect that security interest the root cause of the loss?
3. Regulatory risk affects everything we do. Will that AML consent order prevent you from doing business as usual?
How do we manage all of these risks in a coherent fashion? How do we prioritize our risks? And are our risk management budgets in line with these priorities? It is "in the spirit of RMA" that the Enterprise Risk Council (ERC) was created so that we may address these and other issues related to managing risk across the enterprise. The other councils will, of course, continue to pursue their respective subjects, and we will all benefit from their work.
RMA President Maury Hartigan, BB&T CCO Ken Chalk, and Guaranty Bank President Glenn Wilson were the drivers behind the formation of the ERC. With the able assistance of Charles Taylor and Bill Githens from RMA, we held the first ERC meeting in Cincinnati in October. The initial members of the new council are Bill Wells from AmSouth/Regions, John Drew from Amegy Bank, Jack Wixted from PNC, Eby Shabudin from United Commercial Bank, and Herb Hilliard from First Tennessee Bank, NA.
A New Definition
The ERC recognized there were many definitions of enterprise risk management floating around--some very technical, some with more of an audit focus, and some that tried to boil the ocean with the level of detail included. RMA had even developed a draft definition earlier in the year that was close to the mark but not quite what the members of the council had in mind. Thus, the first order of business was to arrive at a definition that we could all use and understand.
Several issues had to be addressed in drafting a working definition.
1. The ERC felt strongly that a definition must be simple--something that sums up the concept without getting bogged down in the technical details of what is "in scope" versus "out of scope" for enterprise risk management (ERM). This is important because, theory aside, the practical reality is that no two banks have exactly the same business model. Because of these differences, the ERM program for one bank will not necessarily work at another. On the contrary, while there are certainly some core principles that most ERM programs will share, a cookie-cutter approach to risk management is doomed to failure because there will be a gulf between business strategy and risk management execution. So the definition must be simple and broad.
2. The definition must tie back to shareholder interests. …