Tuesday, July 23, 2019

Risk management - Smaller institutions and the benefits of ERM

Posted by OnCourse Staff September 11, 2012 5:30pm

Photo Credit: 123rf

This article is from the Financial Managers Update - July 24th 2012 edition. Amit Govil was interviewed on the topic of risk management. 

Smaller institutions with simple business models may be somewhat skeptical about the benefits to be derived from implementing a broad-scale, and possibly costly, enterprise risk management program.

Nonetheless, the regulatory mandates on ERM seem to be “trickling down,” affecting ever-smaller institutions as regulators push hard for it’s implementation - even though the Dodd-Frank mandate is directed at institutions with more than $10 billion in assets.

“Regulators are almost mandating it for banks at or above $1 billion in asset size,” says industry strategist Amit Govil, managing partner, P&G Associates, East Brunswick, N.J. “So the regulators have almost made up their own unofficial threshold of $1 billion or more.”

In addition, during exams, regulators are also citing the need for institutions with less that $1 billion in assets to implement ERM when the institution is growing extremely fast, Govil noted. “The underlying issue is that regulators seem to be dictating an ERM concept.”

Govil compared the value of utilizing an effective ERM program to that of truck drivers using a GPS (global positions) system that helps them arrive at a destination. An effective ERM framework can help provide a “roadmap” for smaller institutions to deal with today’s uncertainty and grow the institution in line with its strategic objective.

 Thus, he advises small institutions to consider a practical two-pronged approach towards defining ERM. First, it’s a method to validate that the controls and processes in place at an institution are working; secondly, it’s a way to ensure that the business strategy is generating the desired results.

However, the most perspectives on ERM are geared towards big institutions and there’s really no clear regulatory guidance, in terms of specifics for institutions under $1 billion assets to follow. As a result, there’s confusion at the smaller institutions over how to implementer, he pointed out.

Even so, some bankers at institutions of $400 million to $500 million in assets are indicating their desire to implement ERM. “Some of these smart CEO’s are saying: well look, I’d better start it now, because it’s easier for me to implement something now – or at least some sort of a framework now – rather than waiting until I’m at $1 billion,” Govil said.

Still, there at cost challenges – even for the big banks. For example, as part of their mandates, banks over $10 billion assets are required to hire a chief risk officer (CRO). “The problem we’re seeing is that they don’t have the proper budget or the (adequate) guidance,” he said. As a result, the CROs are “scratching their heads” over what to do and how to implement ERM.

One problem is that regulators still have not defined a very cohesive framework for ERM. For example, at industry conferences regulators define ERM in different ways. As an example, Govil said that one regulator recently defined ERM as holding weekly meeting with other managers at the institution, talking with each other, and documenting risks and troubles they have seen.

“Really?” Govil reflected. “Weekly meetings as a substitute for ERM – that’s not much of a GPS system!”

“So you have real confusion,” he added. “And in times of confusion, what you have then is a real opportunity fir people – vendors, alike – to implement products that perhaps are not conducive to the true meaning of what ERM is.”

In fact, there is currently an unresolved industry dilemma regarding ERM that smaller institutions face. It’s basically a three-part recipe for unwarranted costs – consisting of confusion about ERM among bankers, rising pressures to comply from regulators, and vendors that are supplying products that purport to be ERM solutions – but which fail to really address real needs consistent with true ERM, he said.

When examiners go to an institution, they are taking note of risks, including any deficiencies involving credit management, corporate governance, or operational factors; and they are also scrutinizing whether an institution is growing rapidly.

In such situations, it’s easy for examiners to say: get a chief risk officer and implement an ERM program. For example, sometimes they are saying the institution needs to “start to develop” one.

In other situations, however, the examiners report is “very scathing and requires immediate action to implement something,” Govil said. This immediate urgency is what creates the confusion – because the institution feels required to go to a vendor to meet a regulatory deadline without really understanding what REM truly is.

“What’s wrong with some of these models that vendors are proposing is lots of them are simply risk assessment,” Govil pointed out. “Right now, what we’re seeing is that you’ve got products and services out there that purport to be, basically, risk assessments with colorful charts which are very expensive, mind you, that you can print and give to your regulators, and which look like you’ve done something and you’ve got ERM.”

“But the reality is that they are not a dynamic model which is going to help you achieve your strategic objectives,” he stressed.

“So without a framework – without a real dialogue in the industry that is just really not taking place at this point – the cost is becoming burdensome on institutions,” he added. “That’s because while you may be generating paper, you are not addressing the real objective of implementing ERM.”

Acknowledging that institutions already do lots of risk assessments, he noted that if you give them another “fancy way” to do a risk assessment, that’s great. “But many of them just stop right there,” he said.

A few vendor models, but not all, include “key performance indicators,” or KPI, which help the ERM system evaluate the direction that the institution wants to follow to achieve its strategic objectives.

Ideally, all of these features should be included in an ERM model: the ability to perform risk assessment, to identify controls, to validate the existence of those controls, and to use KPI to tie the strategic objectives to the entire process, he explained.

“KPI will help an ERM system evaluate the direction you’re going, in conformity with strategic objectives,” he said.  “The evaluation of control is a way for you to assess whether you have sustainability – in other words, am I running out of gas.”

“Your numbers could be right, but you may not have the resources, or the controls in place could be falling apart,” he said. “So an evaluation of those ongoing controls is very important, and it’s true ERM.”

Unfortunately, the most common deficiency in many ERM models is that they don’t have key risk indicators that also take into account what’s occurring outside the institution, to ensure that it can achieve its strategic goals. For example, while an institution may have good internal controls, it may be operating in a very weak, external local economic environment.

But for smaller institutions with $500 million assets or less, the expense of purchasing a “true ERM model” that includes all of those features can be cost-prohibitive, Govil said.

 Thus, he suggested that rather than feeling obligated to purchase an ERM model, they should start thinking about ERM from the standpoint of a basic framework.

For example, that approach may involve customizing key ratios for each functional area, such as liquidity and deposits, directly from the data on uniform bank performance ratios. By doing so, the institution can see how well it compares versus peers. It will be able to create a low and high threshold for each of the ratios, and then start to monitor if it falls within the given range, he said.

 Also smaller institutions desiring to grow to $1 billion assets can compare themselves to a larger “role-model” institution, which they are striving to emulate. This type of approach is not very costly. And then, as the institution gets closer to the $1-billion-asset-size threshold, it can create a more robust ERM structure, he said.

Clearly, the most common ERM pitfall for smaller institutions is thinking: “Hey it’s too costly, so I can’t implement it,” he said. When that mindset dominates, the tendency is to pare down and back off from the idea of implementing anything, which is a mistake. It’s important to remember that there are cost-effective ways of implementing different levels of ERM appropriate to an institution’s size and budget.

“ERM is here to stay,” Govil said. If implemented right, it can and should help senior level managers and the board to see the direction that the institution is taking. 

Comments

Add a comment

  • Required fields are marked with *.

If you have trouble reading the code, click on the code itself to generate a new random code.



 Image

OnCourse Staff

The OnCourse writing staff work to keep you informed about the most pertinent financial industry news of the moment



OnCourse Staff's Posts Subscribe to RSS Feed



New Jersey's Corporate Business Tax Legislation: A Look at the Impact for Banks
Correspondent Banking: The Challenges of Data Transparency
Training – An Investment and Risk Management Tool
Are You Gambling with Your BSA Program?
The Case of Foreign Banks and Heightened Scrutiny
IRS and New Jersey Tax Audits of Banks
State Taxation of Financial Institutions in Today's Environment
Does your 401(k) Plan need an Audit?
De-Risking of Foreign Correspondent Banks
Same Day ACH Credits – Phase One
FinCEN Finalizes Ruling on Beneficial Ownership and Ongoing Customer Due Diligence
Is the IRS Status of your Defined Benefit plan in Jeopardy?
The Dilemma of Banking Medical Marijuana Businesses and Other Indirect Risks
Is your Institution Monitoring Working Capital Lines of Credit?
Financial Reporting and Regulatory Update on the Horizon
BSA/AML Training: Is your program effective?
Planning in a Consolidating Banking Industry
To opt-out or not to opt-out, that is the question – A reminder on March 31, 2015 Call Report, Schedule RC-R, item 3.a
Anti-Money Laundering – The Age of Technology
FFIEC Releases Revised BSA/AML Examination Manual: So what’s new?
OFAC Consolidates Non-SDN Listings
Coping with HOPA
Coping with the CFPB’s Ability-to-Repay Rule
Appraisal Disclosure Rule
Cybercriminals Broaden their Attacks in Social Networks
The Importance of Segregating a Bank’s Credit Function from its Lending Function
Appraisal Management Companies in Regulatory Crosshairs
All About the Home Owners Protection Act
Requesting Current Financial Information
Countdown to Windows XP End of Life and Support: Are you still at Risk?
314(b) Distinct Advantages for Financial Institutions
Where is the Document?
The Credit -- Er, IT Crisis?
Building a Better Hen House
Ready the Ramparts! : IT Security and the Modern Bank
Wag the Dog
Consumerization of Technology and its influence on Information Security
Keeping the Balance: IT Security and the Org Chart
IT Security: "IT's" About Process
Detective, Reactive and Preventive: Evolving Your IT Security
Do You Know The Security Features of the New $100 Bill?
Segregation of Duties for Wire Transfer Processing
Summarizing ACAMS White Paper on EDD and AML Risk Assessments (Industry Survey)
Allowance for Loan Loss Tips and Tricks
Community Banks Slowly Warm Up to Private Student Loans
Has your Bank updated the Adverse Action Notice?
How Does Your Bank Handle Customer Requested Maintenance Changes?
OCC Releases Booklet on "Common Sense" Community Banking
New SAR Filing Updates
Is your BSA/AML automated monitoring system up to par?
The Importance of BSA Training
Office of Foreign Assets Control (“OFAC”) introduces the OFAC SDN Fuzzy Logic Search Tool
Filing the New CTR Forms: What you need to Know
FFIEC Proposed Risk Management Guidance on Social Media: Beware and Prepare
Pandemic Preparedness: Are you testing your Pandemic Plan?
FFIEC issues revised “Supervision of Technology Service Providers” booklet
Is Your Institution's Marketing UDAAP Compliant?
What is Enterprise Risk Management?
New OCC Guidance Released on Investor Owned Properties
Electronic Work Papers - Why P&G Made the Switch
OCC to Toughen Exams in Response to United States Senate Permanent Subcommittee On Investigations
Clarifying Regulatory Obligations Regarding Continuing Activity SAR Filings
Federal Regulatory Agencies Proposal New Rule
Risk management - Smaller institutions and the benefits of ERM
Strengthening Your Loan Maintenance Monitoring
New Lending Proposal from CFPB
FDIC Reaches Settlement on Overdraft Fees
FRB Guidance on Foreclosures
Loan Denials and Withdrawals – Tips to Sure Up your Process
The Summer of CFPB Proposals
Community Lenders Seize Market Share From Big Banks by Using Advanced Online Lending Technology
Dodd-Frank Rule to Change Legal Lending Limit Monitoring Requirements
The ABCs of a TDR
Supreme Court ruling for the Freeman, et al. v. Quicken Loans, Inc case
New FinCEN Guidance for CTR Aggregation for Businesses with Common Ownership (FIN – 2012 –G001)
Senior member of House of Financial Services Committee Introduces Overdraft Protection Act
FinCEN is looking to streamline the financial institution reporting process by issuing mandatory E-filing reporting requirements.
Curry: Operational Risk Now OCC’s Top Concern
JOBS Act Client Alert - Rules 506 of Regulation D
New Rules Proposal for Servicers Coming from the CFPB
Wall Street Receives Volcker Rule Clarity
De-stressing with stress testing
Banks Participate in Information Sharing to Battle Online Theft
IT security: Is your program still effective?
Banking Solutions: ALLL and GAAP in Agreement
How are the most recent regulatory enforcement trends that banks are facing today affecting internal audit? Why?
What are the most recent regulatory enforcement trends that banks are facing today?
Mobile banking: How do we get there?
UBS further struggles with $2 Billion loss by Rogue Trader
Capital One Becomes Dodd-Frank Test as Nation’s Fifth Largest Bank
Community Banks to receive US Funding for Small Businesses
FDIC fields questions about overdraft guidance
Negligent Hiring – A mistake can cost more than just money!
Regulatory Burden – Managing the Pain
From Embezzlement to Imprisonment: Former Citigroup employee faces charges with $19.2 million in bank fraud
TDR or Not to TDR …Much Ado about Nothing?
Finding the Right Hire
Model behavior: Is your ALM model capturing your bank’s risks?
ALLL best practices: Pay attention to qualitative factors
Abandoned Property Law, and its new New York State of Mind
Consumerization of Technology and its influence on Information Security
FDIC releases Provisions on Dodd-Frank to help Community Banks
Social Media in the Employment Arena – It Gets Funky!
The Proof is in the Pudding: Affects of Dodd-Frank on Community Banks
Banks and Businesses get "swiped" over Fees
A little bit of this, and a little bit of that: Fed Unveils list of Banks Helped during Financial Crisis of 2008
IT Security: "IT's" About Process
To Test or Not to Test; That is the Question
2011 Failed Bank List Hits 25
Wag the Dog
Committee on Financial Services to Hold Hearing on the Effects of Dodd-Frank on Small Biz and Banks Today
2011 Failed Bank List up to 18
A Culture of Whatever: On the Path to Proper Governance
The Test Drive: Leasing or Buying a HR IT Platform
Detective, Reactive and Preventive: Evolving Your IT Security
Cracking the ALLL Code: How to Develop the Right FAS 114 Methodology
Double Digits: Bank Closings up to 11 in 2011
FCIC Releases Report on the Causes of the Financial Crisis
Part of the In Crowd: Thoughts on the Dodd-Frank Act
Another One Bites the Dust: Regulators Close 4 Banks
Keeping the Balance: IT Security and the Org Chart
On Notice: FDIC Issues Rule for Temp Unlimited Deposit Insurance
2011 Failed Bank List Up to 3
Welcome to OnCourse
Stick 'Em Up!
Time for a Tune-Up: The Necessity of a HR Audit
Visa Instituting Two-Tiered Debit Card Interchange Structure
The First Failed Banks of 2011
The Credit -- Er, IT Crisis?
Painting a Masterpiece: The Art of the ALLL Reserve
The Law on Your Side: Understanding HR Regulations in 2011
Building a Better Hen House
Ready the Ramparts! : IT Security and the Modern Bank
No Respite from RESPA