One of the most frustrating things about the banking world (and life in general) is that there is often a disconnect between how things should be and how they really are.
That happens for a lot of reasons. Sometimes it’s because doing things the right way seems like a lot of work, and it seems easier to take a short cut. But just because something is easier or faster, doesn’t make it right.
Consider the difference between making a strategic decision using enterprise risk management (ERM) vs. a siloed approach. This chart shows a siloed approach to decision making. Faced with the risk of losing small business lending market share to unregulated nonbank competition, a financial institution decides to offer unsecured small business loans funded within 24 hours. The competitors are doing it. The FI wants to remain competitive. Decision made.
But that decision-making process, isn’t really a process. It’s a shoot by the hip, gut decision. Some of the potential risks are probably brought up, but there isn’t any kind of systematic discussion to ensure risk is analyzed thoroughly. And forget about communication. Without a process, not everyone is in the room who needs to be. Maybe compliance is invited in, maybe it isn’t. What about IT? Marketing? Other key departments? By failing to invite input, the opportunity to uncover risks (and opportunities is lost).
Worse yet, once the decision is made and marching orders are passed on, this siloed approach is likely to produce redundancies.
Consider third-party risk. Cyber risk, reputation risk, compliance risk and even credit and financial risk are all impacted by third-party risk. Will each department individually address third-party risk? If so, not only does this create an inefficient duplication of resources, but it also creates the opportunity for conflicting results. With different areas using different standards for assessing elements of third-party risk, there will likely be conflicting work that leads to complications.
It’s a simple, ordered chart, but an ineffective one because there are no connections.
Strategic Decision Making with ERM
The ERM chart does not offer the same calm vibes. It’s busy. There are arrows pointing in every direction. It’s revealing overlap and a need for communication, and that sounds like work.
Except the ERM approach will actually lead to less work.
An FI that uses an ERM approach to strategic decision making knows that it needs everyone in the room before a decision is made. It uncovers problems and conflicts early on, allowing them to be addressed at the beginning when a program has the most flexibility. It allows different areas to leverage existing work and reach a consensus. And it leads to smarter decision making. That leads to less work for everyone.
The key to making ERM work is baking it into the strategic decision-making process. Don’t make a decision and then pick up the phone to call your CFO and say, “Hey, we just signed a contract with a new vendor for lending. How does it look?” By then it’s too late to do anything about it.
ERM is about understanding the interconnected nature of risk and having systems in place to uncover them. It’s about considering risk from the very beginning and working together to make more-informed decisions.
If your FI hasn’t embraced ERM or doesn’t have systems in place to ensure ERM is informing your strategic decisions, now is the time to put them in place. It may seem easier to put the decision off or keep things the way they are, but the truth is you’re wasting resources and probably spending more time cleaning up messes that could have been prevented with a little foresight.
How do you connect different departments and
business lines to master risk management?