Risk is inherent in every commercial enterprise — especially banks. Today bankers face tough challenges to arrive at even a modest bottom line due to the current economic situation. Moreover, the plethora of new regulations arising from the Dodd-Frank Act has increased compliance costs substantially as banks must be able to operate in an environment that is safe, sound and compliant. The five most crucial risks facing banks today are:
1. Credit risk.
2. Interest rate risk.
3. Compliance risk.
4. Operational risk.
5. Strategic risk.
Banks must implement and maintain an enterprise risk management assessment and program that can assess and manage the inherent risk and the management risk of all of these crucial risks. To be effective, the ERM program must also include (i) the employees and committees responsible for managing the risk, (ii) the reports and ratios used to monitor risk, (iii) internal controls established to manage the risk, (iv) audits and the results thereof conducted to measure risk and the effectiveness of management to control the risk, and (v) the status of all of the risks and specific documentation to support the risk rating or assessment. The ERM must be conducted on an annual basis with quarterly updates and must be presented to the board of directors.
The bank’s chief risk officer should be responsible for not only implementing the ERM program, but also making recommendations regarding how to mitigate and manage all risks. The ideal candidate for a CRO would be someone who has a vast knowledge of the most critical banking functions, including but not limited to, (i) compliance, (ii) commercial lending, (iii) operations, (iv) interest rate risk/pricing, and (v) strategic planning. While no one person can be the proverbial “jack of all trades” when it comes to banking, it is imperative that the CRO possess a level of knowledge that will enable him or her to identify, manage and mitigate risk. Moreover, an effective CRO should be able to train staff accordingly in establishing safe and sound procedures and internal controls so that all risks are controlled appropriately.
A successful ERM program must also implement effective policies that will govern critical bank functions such as (i) compliance, (ii) lending, (iii) liquidity and contingency funding, (iv) interest rate risk, (v) capital planning, (vi), asset review and allowance for loan and lease losses, (vii) asset/liability management, (viii) information technology, and (ix) vendor management. Furthermore, all banks must strive to increase earnings in order to ensure their sustainability. Dynamic strategic planning must combine a bank’s senior management team’s business development objectives that will maximize earnings, minimize costs and incorporate an effective ERM.
Another key element for a successful ERM program is monitoring. Senior management must continually monitor risk through effective internal controls and reports as well as regularly scheduled audits. Audits, both internal and external, should be conducted to ensure that the bank is compliant and operating in a safe and sound manner. The bank’s CRO should conduct his or her own audits as well as schedule internal and external audits that will cover the following areas: (i) accounting, (ii) compliance, (iii) BSA, (iv) information technology, (v) lending, (vi) liquidity, (vii) payroll, and (viii) entity level controls.
All audits should be reviewed by the CRO and then discussed with senior management especially when there are exceptions to be addressed. If necessary, action plans should be documented for significant exceptions and the CRO must ensure that all exceptions are corrected. Additionally, all audits should be presented to the bank’s audit committee along with the corrective actions taken.
Training is also a critical element for any financial institution to appropriately manage all risks, especially with the ever-growing number of regulations with which banks must comply. BSA, fair lending, flood and HMDA remain critical areas of concern for bank regulators. Banks must continue to train their employees on these regulations.
However, training is equally as important for other areas such as interest rate risk, concentrations in commercial real estate, bank stress testing, pricing, allowance for loan and lease losses and financial reporting. The CRO should implement a training program that utilizes face-to-face training, Web-based training and seminars/webinars on a continual basis to ensure compliance and effective risk management.
All regulators are expecting banks to manage their risks and document their procedures for doing so. Implementing and administering an ERM program is the most effective way to manage these risks and it is crucial to a bank’s sustainability in today’s marketplace.
Mark Freyer is vice president of compliance and risk at the $334 million asset Hamilton Bank in Baltimore, Md. For more information, visit www.hamilton-bank.com.
Copyright (c) June 2013 by BankNews Media