Creating the bank enterprise risk management function of the future
Banks today face an unprecedented pace of change and high uncertainty, dealing with significant threats ranging from bad employee behaviours to sophisticated cybercrime, trade wars and climate change. These trends severely challenge the formulaic approaches to enterprise risk management (ERM) in place at many banks today. Our work supporting leading global banks convinces us that ERM functions must transform themselves, so they can guide their institutions through threats and opportunities while simultaneously meeting the expectations of all stakeholders. This paper discusses the abilities that the ERM function of the future will need, across three dimensions:
- Delimiting the bank’s appetite for risk taking: supporting banks to set limits on risk taking dynamically, accounting for the institution’s values, strategy, skills, and competition.
- Detecting new risks and weaknesses in controls: working with businesses and functions in an agile way to understand new threats and changes to existing ones.
- Deciding on the risk management approach: implementing more agile governance processes and approaches to risk mitigation and controls.
Enhancing these abilities requires ERM to take four steps:
- Define its own vision and mandate for creating value for the bank.
- Shift its ways of working in core areas, with an agile approach that applies cross-functional teams and rapid decision making.
- Set its responsibilities beyond the core in areas of risk management that benefit from transparency and coordination with businesses and functions.
- Ensure the right ERM talent, with new capabilities and knowledge, including a better understanding of the business, digital innovations , and agile management.