PROPER STAIR CONSTRUCTION

Building a good staircase takes time and talent. It is not an easy task because improperly constructed stairs can lead to accidents. Each riser must be an exact height and each landing area must be an exact length. As with stairs, where construction is critical, so is the process of constructing Enterprise Risk Management (ERM). Managing risk is an essential part of generating long-term returns for shareholders and ERM should play a critical role. The key with any ERM process lies in being able to balance the amount of risk a bank is willing and able to take, against any potential reward. ERM systems should be constructed to measure, monitor, manage and report on all types of risk across all lines of business. So, what steps can banks take as they begin to adopt ERM? One of the first is to break their business into distinct units. These can include finance, lending, funding, etc. One that is done, within each unit, risks can then be identified and classified. One of the best ways to do this is by focusing on 4 key areas. These can be categorized as financial, operational, strategic and hazard. Financial risks should include those that arise from price movement (interest rate, foreign exchange, asset value, etc.); liquidity (cash flow, options, etc.); credit (default, upgrade, downgrade, etc.); hedging; etc. Operational risks should capture the risk from business operations (product development, capacity, product failure, etc.); IT (capability, availability); reporting (budgeting, taxation, accounting), etc. Strategic risks are those that occur due to competition, customer requirements, demographic trends, capital availability, regulatory issues, reputation, etc. Finally, hazard risks include fire, property damage, business interruption, liability, disability, theft, etc. During this first collection phase, bankers should focus efforts on material threats or areas they think they might be able to exploit for competitive advantage. In the next phase, bankers should begin to quantify the risks. This can be done by capturing qualitative or quantitative data that can then be analyzed through a sensitivity analysis process. To begin, a simple spreadsheet can be used and then upgraded as data is collected. Another key consideration for banks trying to enhance their ERM is to begin to determine correlations among different assets, liabilities, portfolios and groups. While data may not have been collected historically, bankers can begin to do so as they identify risk drivers and linkages. Over time, this will help the bank begin to determine the impact of a given risk event on performance metrics. Expanding on this, bankers should also try to determine the size and contribution of each risk. Put another way, more effective decision making can only be done by aggregating risk and then prioritizing it. Once data is collected, it should then be used to assist with setting strategy. Such forward-testing and analysis of strategic objectives should include the impact on metrics and thresholds. In this manner, products and services can be taken out for a "test drive" before they are fully implemented. This allows banks to determine the inherent risk-reward framework of new initiatives and whether they should be retained, avoided or sold off. Finally, bankers will need ongoing reporting. Whether monthly, quarterly or semiannual to start, reporting of risk between groups and across the company is critical to management and the board. As with building stairs, setting up an ERM process is not easy. However, banks that take the time to properly measure each step along the way stand a better chance of maximize the value of their company.