In the latest Risk Intel Podcast episode, Edward Vincent, CEO of SRA Watchtower, hosts an enlightening discussion with Cathy Jackson, Director of Watchtower Implementation, and Claire Jordan, VP of Product. This episode is a deep dive into best practices for evolving an Enterprise Risk Management (ERM) program, focusing on regulatory guidance, quantitative vs. qualitative metrics, peer data, and risk appetite. Here’s a comprehensive summary of the key points discussed.
This episode is Part 3 in our Evolving Your ERM Program Series. For Part 1 on building a baseline of KRIs, click here. For Part 2 on a historical overview of ERM and the trend toward more timely and frequent data collection, click here.
Claire kicks off the discussion by highlighting the importance of regulatory guidance in shaping an ERM program. She references the collaborative effort between SRA Watchtower and the Risk Management Association's Mid-Tier CRO Council to create the RMA Risk Maturity Framework, Powered by Watchtower. This framework serves as a benchmark for evaluating the maturity of risk programs. The framework allows institutions to compare their ratings against benchmarks set by peers, providing a clear picture of where they stand in terms of risk management maturity.
The creation of measurement points and criteria to assess a risk program’s maturity is a crucial step in this process. These standardized metrics enable organizations to have a consistent set of diagnostics to evaluate their risk management practices. By segmenting data by asset size, institutions can ensure that their comparisons are relevant and meaningful. This approach not only fosters better regulatory compliance but also drives continuous improvement in risk management practices.
Cathy then delves into the industry’s shift from qualitative to quantitative measurements. Historically, risk management relied heavily on qualitative insights, but the need for a more sophisticated approach became apparent over time. The introduction of quantitative metrics allowed banks to make more informed decisions by providing concrete data points for analysis. These metrics, guided by regulatory cues such as acceptable capital levels and CRE concentrations, have become essential for validating and comparing performance within peer groups.
"The early days of risk management was very qualitative in nature... [but] a more sophisticated approach was needed to run the banks," Jackson discusses.
The transition to quantitative measurements has enabled amore data-driven approach to risk management. This evolution has allowed institutions to move from subjective assessments to objective evaluations, leading to more accurate risk assessments and better decision-making. Quantitative metrics provide a clear picture of trends and performance, enabling banks to identify potential risks and opportunities more effectively. By leveraging these metrics, institutions can enhance their risk management practices and achieve greater stability and success.
Claire outlines the essential components required to create effective quantitative benchmarks. She emphasizes the need for a robust data set that is large, credible, and accurate. Data should be aggregated, normalized, and sourced from multiple systems if necessary. The accessibility of this data is crucial, meaning it should be automated and not manually entered, ensuring accuracy and ease of use.
"It's important to make sure that we have that robust set of data that's easily available to our clients and then aggregate that data, normalize it, and then allow the user to compare their ratings against that," Jordan explains
Maintaining benchmarks regularly to reflect changes in the economic or political landscape is also vital. This dynamic approach ensures that benchmarks remain relevant and useful over time. By regularly reviewing and updating benchmarks, institutions can adapt to changing conditions and maintain a competitive edge. The ability to compare performance against peers provides valuable insights that can drive strategic decisions and improve overall risk management practices.
Finally, Cathy ties the discussion together by addressing the concept of risk appetite. She explains that peer benchmarks provide valuable insights into how banks are positioned relative to their peers. However, an institution's risk appetite must be based on its own philosophy, complexity, and capacity. Developing a robust risk appetite involves performing a thorough analysis of identified risks, crafting qualitative and quantitative risk appetite statements, and aligning these statements with the institution’s current risk exposure.
"It's important to reconcile the risk appetite and those tolerances that you've come up with the current level of risk exposure you have so you can plan and take steps to bring those two more into alignment," says Jackson.
The next step is reconciling these statements with the bank’s actual risk levels and taking steps to bring them into alignment. By doing so, institutions can ensure that their risk-taking activities are in line with their strategic goals and capacities. This alignment is crucial for maintaining stability and achieving long-term success in a dynamic and often unpredictable environment.
This episode of the Risk Intel Podcast offers valuable insights into the evolution of ERM programs. By focusing on regulatory guidance, the shift towards quantitative metrics and benchmarking, and the alignment of risk appetite with peer data, institutions can enable a proactive risk management strategy. Stay tuned for the next episode, where the discussion will conclude with a focus on decision-making and sharing ERM information within organizations and with regulators.
Contact SRA Watchtower today to learn how we can help evolve your ERM program