We were talking to a group of bankers the other day and when we asked what topic they thought would be very helpful for us to cover in this publication; they all playfully agreed the best one that had yet to be run was the topic of sex. Given that there are so many articles, magazines, videos and other such items devoted to this topic already; we thought our time might better be spent focusing in on other things 'sex,' but a bit more banking industry related [such as - sexisyllabic (6 syllables), sexlocular (6 cells for seeds), sexpartite (divided into 6 pieces), sextant (astronomical instrument used to determine latitude and longitude at sea), or sextans (a bronze coin of ancient Rome)]. Yes, we know all of this is a stretch, but we challenge anyone to try to start an article with 'sex' and have it go anywhere even close to banking without getting quickly into trouble.
Now that we have that out of the way, the only clear direction to head given such a salacious introduction is toward risk management. When managing risk, at a minimum, bankers need to make sure a process is in place to identify, measure, monitor, and manage various risks. This includes a basic process of thinking through areas of the bank that carry the most risk from management's perspective and then identifying controls that can be wrapped around those areas to make sure enough controls are in place so everyone can sleep at night. Many areas of the bank contain risk, so focusing resources on improving overall governance, incentive structures, information technology, infrastructure and internal controls have moved beyond interesting ideas and into the realm of prudent management.
To get a handle on areas where improvement can be made in risk management, look no further than this most recent credit crisis. While research continues into the root causes of such a catastrophic event, certain risk management basics have bubbled to the surface. To ensure risk remains at an acceptable level, it is critical for financial companies including community banks to establish, measure, and adhere to a level of risk acceptable to the firm and as set by the board of directors. Banks should also modify compensation programs that conflict with risk control objectives of the organization. In addition, inadequate or fragmented technological infrastructures that hinder effective risk identification and measurement should be reviewed and upgraded as necessary. Next, bankers should make sure anyone in the organization that takes risk is regularly audited and transactions are reviewed by independent risk managers and other control personnel.
One of the best ways to get started in risk management is for the board of directors to set up a separate risk management committee. Once that happens, the job of such a committee is to debate risk appetite, set risk limits, challenge management on business assumptions and focus in on the tradeoff between risk and return throughout the organization. This process takes time and effort, but it is worth it and is a best practice.
Another way community banks can enhance enterprise risk management is to embrace practices such as having effective bank-wide risk identification and analysis; applying independent risk management processes consistently and rigorously across the bank; making sure the bank has effective processes in place to manage funding liquidity, capital and the balance sheet; and making sure the board and management receive regular, responsive and informative risk measurement reporting to quickly identify potential issues.
As with the discussion of 'sex,' risk management can also be difficult to talk about, but it is nonetheless an important topic in today's banking industry. Even taking small steps to move forward will start your bank down the sexcentenary (600 year) process required for any high quality risk management program.