For all banks, meeting compliance demands is a requirement. But for many community banks, risk management is a strategic choice. It’s a choice designed to not only help your bank meet evolving compliance challenges, but also to strengthen your institution’s overall performance.
Risk management should also support your bank’s long-term strategy. Whether your bank’s goal is to accelerate growth or pursue M&A activity, you need a rock-solid risk management strategy—one that considers all of your bank’s potential risks comprehensively. Luckily, it doesn’t have to be as hard as it sounds. Community banks can adopt a new breed of strategic thinking by tying strategy and risk together through an Enterprise Risk Management (ERM) approach.
3 Hot Topics for Regulators
The Office of the Comptroller of the Currency (OCC) has been discouraging a siloed approach to managing potential risks, in favor of a more comprehensive one, since it released heightened standards for large financial institutions in 2014. While many smaller financial institutions are exempt from these requirements, regulators will continue to look at banks’ risk structures during examinations as evidenced in the OCC’s updated guidance regarding it’s Risk Assessment System (RAS).
And, to further complicate matters, the FFIEC updated the IT Examination Handbook, which states that a financial institution’s technology decisions should be made in line with the board’s appetite (or risk threshold). That means, to create a comprehensive risk management program at your bank, your risk management strategy should include your financial institution’s previously established risk categories, while also including these three hot topics:
- Cybersecurity Risk Management
- Vendor Management
- Complaint Management
When your bank takes a closer look at the risk thresholds for each of these areas and defines how those risks are connected, you begin thinking about risk management strategically. And then, by taking a collective approach to risk management across your entire enterprise, you get a better picture of your financial institution’s risk appetite.
Remember, you can’t manage what you can’t monitor. And that’s why enterprise risk management is a very hot topic for regulators.
“The Best Defense is a Good Offense”
Typically, ERM is an investment that’s driven by either an event (an exam or audit) or a desire to prove to regulators that your management team is engaged. And there’s a good reason for that. The signature of a strong risk management strategy is an engaged management team—one with the ability to understand the bank’s current risk appetite and to formulate an educated response in the event risk thresholds are compromised.
This is where enterprise risk management software comes in handy for financial institutions. ERM software helps banks collect, store, analyze, score and report on risk data, giving you a real-time snapshot of your bank’s performance. And when the board and senior management have access to and understand that information, your financial institution has fully adopted an ERM strategy. This means you’re taking a proactive approach to identifying and monitoring your overall exposure as well as the interconnectedness between various types of risk.
Benefits of Tying Strategy and Risk Together
Once your financial institution has established your risk appetite and developed a strong strategy for handling risk, your bank is better able to:
- Take control of the conversation. Be confident in discussions with auditors, examiners and the board by anticipating and proactively managing risks
- Prove your board and management team are engaged. Give your institution the tools it needs to show your management team and board are well-educated on risks
- Get an integrated, holistic view of risks. Break down the silos to understand all facets of your risk strategy, including cybersecurity, vendor management, etc.
Establishing a strong and comprehensive strategy for risk management will not only help your institution better mitigate potential risks, it will also help your management team and board better respond in a crisis and achieve strategic objectives that benefit your bottom line.
Even if you’re not an OCC-regulated financial institution, adopting an ERM approach—one focused on monitoring and reporting on your bank’s performance—can help your bank manage risks while maximizing profits. After all, ERM is an investment intended to fortify the performance and governance of your financial institution.
Keith Monson serves as CSI’s chief risk officer. In this role, Monson maintains an enterprisewide compliance framework for risk assessment and reporting, as well as other key components of CSI’s corporate compliance program. With nearly 25 years of banking experience, he has a wide range of expertise in the compliance arena, having served as chief compliance officer for both large and small financial institutions. He also was recently a guest speaker in CSI’s Banking Unleashed webinar series.