Enterprise-Wide Risk Management: Staying Ahead of the Convergence Curve
Lam, James, The Journal of Lending & Credit Risk Management
The convergence of commercial and investment banking mixes the challenges of establishing an integrated business model and managing multiple risks across different business units and countries. At the same time, companies such as AIG and Swiss Re are offering a new class of risk transfer products that would allow end users to manage any combination of risks. A prerequisite to taking advantage of these products is an enterprise-wide risk management approach. This article discusses the why, what, and how of developing enterprise-wide risk management and the role credit professionals need to play.
As a result of banks internal risk reviews and recent wake-up calls from such firms as Barings and Long-Term Capital Management, leading institutions are abandoning their traditional approach of managing risk "by silos" and adopting an enterprise-wide risk management approach. Steps in doing so include:
1. Create an enterprise-wide risk management organization through the appointment of a chief risk officer and the formation of an enterprise-wide risk management committee, to direct and coordinate credit, market, and operational risk management activities as well as corporate oversight units, such as insurance, security, audit, and compliance. This organization often reports to the CEO or CFO, and increasingly has a direct reporting relationship to the Board.
2. Establish an integrated risk management framework to measure and manage all aspects of risk. These risks include credit risks, such as lending and counterparty exposures; market risks, such as interest rate, liquidity, and trading positions; business risks, such as volatility in volumes, margins, or costs; and operational risks, such as fraud, data or model risks, and other low-probability but high-severity events.
3. Optimize the return on risk management investments by linking risk management processes and risk transfer strategies. Typically, different functions make separate buying decisions in risk management, including the purchase of risk methodologies from consulting firms, risk models from technology companies, derivatives from investment banks, and insurance policies from insurance companies. Linking internal risk processes and external risk transfer can help an institution reach its risk objectives at the lowest possible cost.
4. Leverage risk management to make better business decisions by incorporating risk/return considerations in product development and pricing, relationship management, investment and portfolio management, and mergers and acquisitions. Leading institutions recognize that risk management is not just about protecting against the downside, but that it can be a powerful tool for improving business performance. A risk-centric business management approach can help management identify and grow businesses with the highest risk-adjusted returns and thus maximize shareholder value.
Managing risk by silos simply doesn't work, because risks are highly interdependent and cannot be segmented and managed solely by independent units. Moreover, a segmented approach to risk management doesn't provide senior management and the board with aggregated risk reporting. This realization has led to the trend towards enterprise risk management, which is supported by internal demand, external developments, and advances in risk management methodology.
The Magnificent Seven
There are seven components of enterprise risk management.
1. Corporate Governance. It is the responsibility of corporate management to ensure that an effective risk management program is in place. This responsibility includes:
a. Defining the institution's risk appetite in terms of loss tolerance, risk-to-capital leverage, and target debt rating.
b. Ensuring that the institution has the required risk management skills and risk absorption capability (for example, human and financial resources) to support its business strategy. …