OUR THOUGHTS ON:

Enterprise Risk Management Program Challenges for Community Banks

Financial Services|Risk Advisory/Internal Audit

By Donald Owens

Have you ever assembled a large outdoor play set or watched a family member or friend attempt to do so?  The first step in the process is to account for all the critical components of the structure before beginning the assembly. When looking at the parts spewed across the back lawn, you can easily identify them (e.g., swings, slides, ladder).

The next step is the actual assembly and integration of the critical components into a safe and sound structure to which one’s most valuable assets can be entrusted.  Needless to say, the task is daunting.  Absent clear and specific instructions, the desired outcome may not be achieved, and unintended hazards may arise. 

In a metaphoric way, the outdoor play set describes the struggles that the banking community is encountering as its members with assets between $10 – $50 billion are tasked with constructing robust enterprise risk management (ERM) programs that adhere to the requirements set forth by the governing agencies (e.g., FDIC, FED, OCC).   As banks review the regulations, bulletins and alerts that the agencies have published in response to the mandates contained within Section 165 of the Dodd-Frank Act, it quickly becomes clear that there does not exist specific instructions on how to design an effective ERM program that achieves the expectations that are clearly addressed in the agencies’ material.  The design of the program and its respective framework, practices and supporting tools is left to the ingenuity of each bank.  No patented off-the-shelf solution awaits you. The institutions that have implemented effective ERM programs that align with the agencies’ directives have done so by identifying and capturing the cumulative knowledge and expertise residing within their own institutions.  These banks have taken inventory of the tools and techniques they have in place to manage risks. They have recognized the need for extensive collaboration across business lines and support functions to assess and measure risks and their potential impact to the business as a whole, realizing the interdependencies that exist between functions.

Contrary to risk management activities in most other industries, tailor-made ERM programs and solutions have not trickled down from the early adopters in the financial services industry.  However, these early adopters do have great hindsight and expertise that can be leveraged, as do the agencies that have observed these programs over the years.   Establishing an ERM program may simply be a matter of documenting the existing risk management activities and demonstrating how the activities interrelate and support a robust risk management and governance culture.   It is critical that the ERM program be continuously challenged and updated, knowing the environment in which banks operate continuously changes as do the risks.   By leveraging the expertise, tools and techniques that reside both internally and externally to the bank, an ERM program will emerge that fosters a safe and sound environment, which will aid in protecting a bank’s most valuable assets.

© 2014 Schneider Downs. All rights-reserved. All content on this site is property of Schneider Downs unless otherwise noted and should not be used without written permission.

This advice is not intended or written to be used for, and it cannot be used for, the purpose of avoiding any federal tax penalties that may be imposed, or for promoting, marketing or recommending to another person, any tax related matter.

Material discussed is meant for informational purposes only, and it is not to be construed as investment, tax, or legal advice. Please note that individual situations can vary. Therefore, this information should be relied upon when coordinated with individual professional advice.

© 2018 Schneider Downs. All rights-reserved. All content on this site is property of Schneider Downs unless otherwise noted and should not be used without written permission.

comments