Home / Risk Management Services / Enterprise-wide Risk Management

Enterprise-wide Risk Management

The recent global financial crisis demonstrated that institutions with good Enterprise-wide risk management (ERM) managed to survive. Conversely, weaknesses in ERM contributed to the downfall of others. A sound approach to ERM increases a firm’s resiliency to unexpected events and, if implemented effectively, is a source of comparative advantage. This has not gone unnoticed by the global regulatory community, which has responded with heightened regulatory scrutiny and expectations for ERM across the industry.

We work with clients to determine appropriate risk appetite strategies and to build the infrastructure to support and monitor risk appetite. This includes strong governance structures based on a “three lines of defense approach,” control frameworks, and reporting templates. Our team of former banking industry specialists includes subject matter experts on product risk, transaction execution risk, IT/system risk, compliance risk. We also have acquired in depth knowledge  of the regulatory response to the recent financial crisis, including the Basel III, Capital Requirement Directive IV, EU Capital Requirements Regulation, and all the wealth management compliance directives.

An effective enterprise-wide risk management framework relies on four elements:

1 – Internal Environment

  • Board of Directors and executive management commitment and direction (tone at the top)
  • BoD and executive management risk appetite and strategy
  • Relations with regulators
  • Stature of risk management and other control functions
  • Expectations of businesses for managing risk
  • Design and use of incentives (including risk-based performance measurement)

2 – Governance and Structure

  • BoD and management committee structures and effectiveness
  • Policies and supporting procedures
  • Roles, responsibilities, organizational structure
  • Adequacy of reporting to allow timely and effective governance
  • Outsourcing

3 – Risk Management (for all risks individually and on a consolidated basis)

  • Risk identification
  • Risk measurement (including economic capital and stress testing)
  • Risk reporting and monitoring
  • Risk mitigation (including tolerances, limits, standards, prohibitions, pricing for risk, and hedging)
  • Financial and operational contingency planning

4 – Independent Control Functions 

  • Independence of the Chief Risk Officer (CRO), Compliance Head, Internal Auditor
  • Independence of Credit Review Function, Arrears Management Unit (for Banks)
  • Risk assessment and prioritization
  • Planning, scoping and reporting
  • Issue identification, prioritization and resolution
  • Resource adequacy
Back to Risk Management Services