Season 2 | Ep. 24: The Importance of Risk Appetite Statements
Podcast

Season 2 | Ep. 24: The Importance of Risk Appetite Statements

June 4, 2024

Service Credit Union | Tyler Pihl - VP Enterprise Risk

In this episode of the Risk Intel Podcast, we invited Tyler Pihl, VP - Enterprise Risk at Service Credit Union back to the show to share best practices and guidance on crafting risk appetite statements. Tyler provides valuable insights on rewriting and maintaining risk appetite statements, integrating risk management into organizational culture, and shares concrete examples with our audience. Continue reading or watch the full episode below to learn more.

If you missed our last conversation with Tyler Pihl, click here to learn about how to create a proactive risk culture.

Rewriting Risk Appetite Statements

Sometimes rewriting risk appetite statements is essential for aligning them with the evolving strategic goals and regulatory environment of an organization. This process requires a thorough reassessment of the current risk landscape and ensuring that the statements reflect the organization's current and future ambitions. It involves detailed workshops and consultations with key stakeholders, including the management team and the board, to gather diverse perspectives and create a cohesive, updated statement for each area of risk.

“When we get through this process, they’re [management team and the board] going to be all in. We’re going to have the board aligned, we’re going to have management aligned, and the CEO ultimately is supportive of that”

Tyler explains how workshops are crucial for understanding the broad spectrum of risks the organization faces and for ensuring that the new risk appetite statement is not only comprehensive, but also practical and actionable. By involving a wide range of stakeholders across the organization, it will ensure that your statements are comprehensive and widely accepted, setting a strong foundation for effective risk management.

Maintaining Risk Appetite Statements

Maintaining risk appetite statements is crucial to ensuring they remain relevant and useful over time. This involves regular reviews and updates to reflect changes in the internal and external environment, including shifts in market conditions, regulatory changes, and evolving organizational objectives. Regular reviews ensure that the statements continue to guide decision-making processes effectively and remain aligned with the organization's risk profile.

When Service Credit Union was rewriting their risk appetite statements in 2020, they created three components:

  1. Find out what the appetite is for each risk: this was found through the discussions with the management team and board. They discussed each risk, had surveys to find out where they perceived the risk to be vs where they want it to be, then everyone discussed until they were in alignment with the risk appetites
  2. Create statements on what the risk appetite looks like operationally
  3. Listed different actions the bank took as either consistent or inconsistent with the created risk appetite statements
“What’s allowed it to stay the test of time is, they are detailed enough in all three of those sections where you’re not calling out anything specific, but it gives you guide posts to work with it”

Annual reviews help keep the risk appetite statements aligned with the organization's current risk exposure and strategic objectives. These reviews often involve reassessing the effectiveness of the risk management strategies in place and making necessary adjustments to address any gaps or emerging risks. This ongoing process ensures that the risk appetite statements are not static documents, but instead a dynamic tool that evolve with the organization.

Integrating Risk Management into Organizational Culture

Integrating risk management into the organizational culture is vital for ensuring that risk considerations are embedded in daily operations and decision-making processes. This integration fosters a proactive approach to risk management and enhances the organization's resilience. By making risk management an integral part of the culture, employees at all levels are more likely to understand and adhere to the risk appetite, leading to more consistent and informed decision-making across the organization.

“We try to get our culture into our risk appetite statements and say this is how we want to do business. The CEO and the management team have built up a group that believes in doing business that way…it’s really allowed us to stand the test of time"

Embedding risk management into the culture means that risk awareness becomes a natural part of how business is conducted. This cultural integration helps ensure that all employees, from top executives to front-line workers, understand their role in managing risk and are empowered to make decisions that align with the organization's risk appetite. This approach not only improves risk management outcomes but also strengthens overall organizational cohesion and performance.

Risk Appetite Examples

Tyler helps us understand a little bit more by sharing a few examples of some of their risk appetite statements.

  • Junk Fees: As regulators increase scrutiny on fee structures, particularly those deemed as "junk fees," organizations must adapt their approaches to remain compliant while maintaining their reputation and member satisfaction. The organization's approach to junk fees demonstrates a commitment to member financial well-being and transparency, even when it means adjusting fee structures to align with regulatory expectations and member needs. For example, Tyler explained how Service CU conducted detailed analyses and member consultations to understand the impact of potential fee reductions, ensuring that decisions were data-driven and member-focused. This approach highlights the importance of balancing regulatory compliance with member needs, ensuring that changes in fee structures do not negatively impact those who rely on these services.
  • Strategic Risk Appetite: Strategic risk appetite statements guide the organization's investments in technology and innovation, ensuring these efforts align with long-term strategic goals. A well-defined strategic risk appetite allows the organization to take calculated risks in areas that promise future growth and competitive advantage. By clearly defining their appetite for strategic risks, the organization can confidently invest in new ventures and technologies, knowing these efforts are aligned with their broader strategic objectives. For instance, significant investments in digital transformation and technology upgrades were guided by the strategic risk appetite statements, ensuring these initiatives were not only supported but also aligned with long-term goals.
“So when we came out with this, we went through a core conversion, we onboarded a CRM, we changed a lot of the technology we were using as an organization to look ahead and say, you know, this is going to put us in a position for future growth."

These strategic investments are designed to enhance the organization's capabilities and position it for future growth, demonstrating the practical application of risk appetite statements in driving strategic decisions.

Conclusion

This episode provided valuable insights into the continuous improvement of ERM practices. Rewriting and maintaining risk appetite statements, integrating risk management into the organizational culture, and using real-life examples to illustrate these principles help organizations navigate complex risk landscapes. By embedding these practices into their core operations, organizations can achieve a balanced approach to risk that supports strategic growth and regulatory compliance. This episode serves as a comprehensive guide for organizations looking to refine their ERM practices and the importance of seeking a risk expert or partner when crafting new risk appetite statements to meet your strategic goals.

RMA RIsk Maturity Framework

Powered by SRA Watchtower

Take the self-assessment today to
measure your institutions risk maturity.
SCHEDULE a demo
risk maturity framework

EXPERIENCE. WISDOM. KNOWHOW.

Book an

SRA CONSULTING

discovery session

SCHEDULE NOW
enterprise risk management for credit unions
Three ways to tap into the people, technology and insights of SRA Watchtower.
We're focused exclusively on the serving the financial & Insurance industries.

DISCOVERY 
SESSION

Discovery Session
Schedule a 30 minute discovery call with an SRA Watchtower risk expert to understand your challenges or opportunities ahead to see how Watchtower's holistic risk intelligence platform can support your goals.
SCHEDULE NOW

WATCHTOWER
DEMO

watchtower demo
Look inside Watchtower, the holistic risk intelligence platform to learn how it helps executives navigate risk and drive growth.
BOOK TODAY

Risk Intel
Podcast

Risk Intel Podcast
Listen and learn from SRA Watchtower risk enthusiasts, customers, and experts across the financial industry through our weekly risk focused podcast.
REGISTER

RMA RIsk Maturity Framework

Powered by SRA Watchtower

Take the self-assessment today to
measure your institutions risk maturity.
SCHEDULE a demo
risk maturity framework