18 Hoosier Banker July 2015 DIRECTORS / SENIOR MANAGEMENT The recent financial crisis is slowly fading from our memories, yet its lasting effects continue. One area that is garnering increasing attention from regulators and examiners is risk management. Regulators are of the general opinion that, if bankers are not collectively considering all their risks, then they are not really managing risk, which could foster the type of poor decision-making that led to the financial crisis in the first place. Rather, a bank’s risk areas should be viewed as interactive parts of a solid whole, each affecting the other. This approach, called enterprise risk management (ERM), helps both management and the board of directors gain a complete picture of all risk areas and how they work together to ultimately affect a bank’s overall performance. The Office of the Comptroller of the Currency (OCC) has defined eight risk areas that should remain a top priority for all banks: credit, interest rate, liquidity, price, operational, compliance, reputation and strategic. An essential factor with ERM is the ability to set key risk indicators (KRIs) — a set of markers that help proactively identify changes in the probability of risk incidents — that take subjectivity out of the risk rating. In other words, management will no longer rely on educated opinion alone to make decisions. Overcome the Obstacles to Establishing ERM Financial institutions must ensure they are implementing an ERM program that is tailored to their size and complexity. Start with a strong business plan for the coming three years, apply all the specific risk measurements, then branch out from there. The obstacle we are facing is a change of culture for banks and bankers — because nobody really likes change. What bank management must do is challenge thought processes and take a proactive approach to culture change. Banks that welcome this change will find that it will enhance their relationship with regulators and possibly improve their exam cycle. While there is no guarantee that an exam will be easier, if the bank’s compliance rating is outstanding, its exam cycle likely could occur only every three years, rather than annually. Remember, regulators are looking for this approach, so anything banks can do to be proactive is good. Evaluate Your ERM Needs Start by taking a look at your most recent exam results, and identify areas that concerned the examiners. Then determine what steps will take you out of a reactive mode and into a proactive mode for managing risk. Further, review your internal and external audits. The hope is that your auditors will catch issues, report them to the board, and get them corrected before the examiners come in. Also make sure you have no repeat findings — those risks identified over more than one exam or audit cycle — or address them immediately, if found. Execute Your ERM Plan Once you have taken a hard look at your audit and exam findings, it About the Author Keith Monson is chief risk officer of CSI, Paducah, Kentucky. He maintains an enterprise-wide compliance framework for risk assessment and reporting, plus other key components of CSI’s corporate compliance program. With nearly 25 years of banking experience, Monson has a range of compliance expertise, having served as a chief compliance officer for financial institutions of various sizes and as a compliance consultant. The author can be reached at 800-545-4274, email: keith.monson@csiweb. com. CSI is an associate member of the Indiana Bankers Association and is an IBA Preferred Service Provider in three areas: CSI Secure Connect, CSI Managed Services & Locktite Vault, and CSI WatchDOG Social Compliance. Banish the Separative Approach to Risk Management
RkJQdWJsaXNoZXIy MTg3NDExNQ==