RISK MANAGEMENT

Once again it is cold and flu season, which is why we were intrigued by a recent study on the subject. While many of us will try such tricks as repeatedly washing hands, using hand sanitizer, not using some else's pen and generally staying away from sniffling children, the fact is that we are still probably going to get a cold. In short, the study found that the average adult catches 2 or 3 colds per year, while the average child catches between 6 to 10. Cold season aside, bankers face risks in their business every day, so managing those risks has become very important. The regulators will tell you they want all bankers to have the capability and infrastructure to be able to identify, measure, monitor and control risk. To survive in such a competitive marketplace, independent banks are growing and changing faster than they ever have before. By its very nature, growth escalates risk as organizational complexity rises. The problem is that now, more than ever, banks have to develop and launch new products faster if they want to maintain or expand their market share. In fact, a study of where bank CEOs (allowing multiple responses) anticipate to find growth in the next 3Y indicates more than 40% expect to do so by innovating products and services; 35% anticipate doing it through acquisitions, 25% plan on increasing the number of products and services they offer; and 25% plan to squeeze out more productivity (primarily through IT). Given the myriad complexities to launching a successful risk management program, we thought some quick tips might help our independent bank clients get further down this road. As stated above, the goal of a comprehensive risk management program is to identify, measure, monitor and control risk. To do that, bankers will have to incorporate a strong risk management governance structure and appoint someone strong to run it. This Chief Risk Officer ("CRO") will be responsible for not only setting credit limits to counterparties and customers, but also establishing other parameters including writing and distributing policies and procedures for employees to follow. The CRO begins by developing a comprehensive risk profile, including an assessment of current risks. Note that the assessment should be aligned across all business units and functions and incorporate a review designed to understand where strengths and gaps might exist. To ensure the risk process unfolds properly, banks may want to start with smaller bites, focusing in on discrete risk factors rather than trying to launch an enterprise-wide solution right out of the gates. Over time, these various risk "pipes" should be combined into a comprehensive program, but working in smaller components has a greater chance of success. Note that any risk initiatives implemented should also be evaluated to determine their impact on both strategic initiatives and profitability. Finally, any successful enterprise-wide process includes scenario analysis, back up systems and an active quantification of risk. Washing one's hands doesn't guarantee one won't catch a cold, but it is a good first step in an overall risk management program.