Enterprise risk management in financial services

Holding over three decades of experience, Sunder has been at the helm of Enterprise Risk Management and Internal Audit, BCP, Information Security, and several other functions.

Financial Services Sector entails Banking, Insurance and Mutual Funds. The banking sector during the last one decade has heavily reeled under deficient credit quality/Asset Quality with spiraling provisioning for bad and doubtful debts. The operational risks have increased in mammoth proportions especially cyber risks and security of customer information or data. The sector has learnt in a hard way that Enterprise Risk Management needs to be in place. Risks and its management need to be embedded in each business segment, function, processes and the sub-divisions.

What is Enterprise Wide Risk Management
ERM is the planning and controlling of business activities to minimize the likelihood of an event and reduce the impact of that uncertain event on the company. ERM deals with scenario analysis and consideration of impact of those scenarios on the financial health of the Enterprise.
Emergingly, ERM also deals with strategies of the Company and indicates leading risk factors in achievement of short-term and long-term strategies of the enterprise.

Enterprise risk management (ERM) is defined as an organization’s enterprise risk competence—the ability to understand, control, and articulate the nature and level of risks taken in pursuit of business strategies—coupled with accountability for risks taken and activities engaged in. One of the main benefits of ERM is an enhanced perspective and focus on risk management across the institution.

ERM Framework
An ERM framework and model supports a management competency to manage risks well, comprehensively, and with an understanding of the interrelationship/correlation among various risks. The successful institution incorporates a robust ERM capability and strategy as part of its culture by integrating what already exists to create a comprehensive and integrated view of the institution’s risk profile in the context of its business strategy.

Enterprise wide Risk Management – The Building Blocks
The enterprise risk management framework's structure applies regardless of the size of the institution or how an institution wishes to categorize its risks.
The ERM framework is designed to support the depth and breadth of activities by providing a structured approach for identifying, measuring, controlling, and reporting on the significant risks faced by an organization.

Enterprise Risk Management allows financial institutions to take responsibility for the risk management process and enables them to gain insights into their organization by involving all parts of the institution.

All businesses have risk, and with many start-ups failing within their first four years, somebody needs to take responsibility for managing risk, even in a small company.

When a start-up makes that all-important decision to grow, there are huge risks to deal with and there are even more on-going risks associated with being a large company. What was a basic risk management solution is now no longer enough – you need an enterprise risk management framework.

Different risks could cover financial, operational, reporting, compliance, governance, systemic, strategic, people and reputational.

Each risk has two different angles. The likelihood of its occurrence, and the potential consequences of its severity. Once you have identified how severe each risk is and the likelihood of it, you should be able to answer whether the benefits of mitigating each risk outweighs the cost of taking the risk.

ERM is akin to the hydraulic breaks and other safety systems in a high-end Car that gives a faster & smoother ride yet with high safety and precision

The Need for ERM
The need for ERM in the financial services sector, as with other business sectors, is driven by external and internal pressures. Some of the external pressures are common to all businesses—calls for corporate governance reforms from stock exchanges, accounting bodies, institutional investors, and government regulators in countries around the world. Other external pressures are to the financial services sector. They come from bank and insurer regulators and legislators who want to assure that policyholders and customers—as well as the financial system as a whole—are protected from unwarranted risks, even as the industry is deregulated.

The internal pressures come from business conditions and risks unique to this industry—especially those that arise from operating in a more competitive environment.

Steps to Enterprise Risk Management:
•Identify acceptable risk
•Prioritize risks
•Establish contingency plans
•Look for insurable risks
•Embed risk management across the organisation
•Implement a risk management technology solution
•Monitor, review and analyze all risk data

Conclusion:
Ultimately, an enterprise risk management strategy can provide answers to three basic business questions:
•Should we do it (aligned with business strategy, risk appetite, culture, values, and ethics)?
•Can we do it (people, processes, structure, and technology capabilities)?
•Did we do it (assessment of expected results, continuous learning, and a robust system of checks and balances)

A BFSI enterprise which deals with savings of millions of citizens of a country must play a role of trustee or custodian of wealth of the nation. An enterprise flourishes or grows when Enterprise Wide Risks are managed better rather than grow at a high speed to break down later owing to risks being managed in a deficient manner. ERM is akin to the hydraulic breaks and other safety systems in a high-end Car that gives a faster & smoother ride yet with high safety and precision. A Chief Risk Officer who is the ultimate leader responsible for ERM is akin to a Chief Opportunity Officer who ensures that business taps each opportunity for growth through incisive risk analysis of pros and cons.