Although much has changed for financial institutions since the Committee of Sponsoring Organizations (COSO) issued the Enterprise Risk Management (ERM) – Integrated Framework in 2004, much has remained the same. A financial services professional need only check their inbox or scroll through their newsfeed to ascertain that financial institutions, both large and small, are holding on by a thread to implement and sustain effective risk management processes. A December 2017 Wolters Kluwer Regulatory and Risk Management Study echoed this sentiment noting 65% of 600 respondents are concerned with efficiently managing risk across all lines of business, up 13% from the previous year.
Waiting on Pins and Needles for Change
While concern is growing, as are expectations, enhanced guidance and clarity appears to be on the way. On August 3rd, 2017, the Federal Reserve (Fed) proposed supervisory guidance for boards of directors that was designed to consolidate and replace the 170 existing expectations with 33 proposed expectations to enhance board effectiveness (BE). Then on January 4, 2018, the Fed proposed comment guidance for risk management (RM) at Large Financial Institutions (LFIs). The proposal was tailored to complement the proposed BE guidance and distinguish the different risk management expectations of senior management, business lines, independent risk management, and internal audit. While the Fed recommended RM guidance is specific to LFIs, it is highly anticipated that these expectations will quickly trickle down to institutions of smaller size.
In the meantime, practical, scalable guidance has arrived. In September 2017, COSO issued the highly anticipated Enterprise Risk Management – Integrating with Strategy and Performance (Framework). This Framework is designed to build on the 2004 version by incorporating certain aspects of ERM with more depth and clarity and provide more significant insights into the fabric of strategy, risk, and performance.
More specifically, the Framework seeks to clearly stitch together ERM with stakeholder expectations, position risk in the context of an organizations performance, rather than an isolated exercise, and enable organizations to better anticipate risk, with the understanding that change creates opportunities, not just crises.
Sewing Together a Useable Framework
The financial institution industry has long sought a patch to provide clarity as it relates to conceptual, practical and regulatory guidance relative to ERM. To iron out a framework for implementation, financial services professionals tasked with facilitating ERM in their respective organizations must move quickly to partner with trusted professionals both internally and externally in order to gain an understanding of the new guidance.
While the enhanced guidance is a significant, positive development for the financial services industry, it will no doubt result in heightened expectations of stakeholders, sooner rather than later.
Incorporating ERM into the Fabric of Your Organization
CRI’s financial services team is uniquely positioned to assist both small and medium-sized institutions to not only gain an understanding of ERM in today’s environment but also to facilitate the development of an efficient implementation plan. Contact your CRI professional today to help weave a plan of effective risk management into the fabric of your organization.