How Important is Enterprise Risk Management ?

• Enterprise Risk Management.  Arguably the largest evolutionary change in risk management for financial institutions has been the elevation of the risk management function to a key role in firm management. Risk is truly an overriding firmwide concern in modern financial institutions and a centralized oversight group is needed to provide governance and coordination over risk management activities throughout the firm. Traditional basic roles of the risk organization include setting and monitoring risk limits for each area of the firm and oversight of risk reporting. In addition, functions requiring firmwide governance and coordination are also needed in an effective risk management structure. These include:
  • Integration of Risk Calculations and Data Management. Systems that analyze risk are often constructed by front office personnel and tailored to the needs of individual product groups. As new products proliferated and became more complex, risk systems tended to become highly customized. While customized analytics are unavoidable, an important first step in integrating these systems is to standardize data rules and storage. A common data model is a key to allowing systems to function together, and integrated action among data owners is needed to enforce this commonality. A single data repository is another option that firms are exploring – a “single source of truth” for all data used in risk calculations. Finally, missing data and poor data quality are universal concerns. Obtaining and “scrubbing” data are high priorities in ensuring proper risk calculations.
  • Consistent Risk Management Processes. As risk management becomes more visible and demands for aggregation become greater, governance structures are vital to ensure that risk management activities are consistent across the firm. Risk management calculations must have uniform parameters such as the assumptions used in VAR and Economic Capital. Common assumptions and data for market risk, credit risk and liquidity risk is also a key governance challenge. Finally, governance over alignment between financial P&L and risk metrics like VAR requires common trade capture, common hierarchies and common cutoff times. Gaps in these areas give rise to time-consuming reconciliation processes between finance and risk systems.
  • Coordinating Overlapping Regulatory Requirements. Risk management reporting has undergone dramatic changes as regulators demand ever-deeper insight into the details of risk analytics. Most large financial institutions face demands for multiple risk metrics from multiple regulators, and it is challenging for these institutions to maintain regulatory risk reporting that is both consistent and efficient. Regulatory demands from different groups can often overlap or require slightly different forms of the same calculation. Centralized oversight can ensure that separate risk groups aren’t performing the same or similar calculations. The goal is to avoid duplication of effort and to safeguard against reporting contradictory results to regulators.

Since the financial crisis of 2007 – 2008 risk management has become a major priority of economic policy around the world.  Financial institutions have been forced by shareholders and regulators to develop and demonstrate more refined understanding of their firmwide risk