HomeBusinessWhat’s wrong with risk management in financial institutions?

What’s wrong with risk management in financial institutions?

admin 0
Share:
whatsapp
pinterest
linkedin

With the financial crisis still looming over the world economy, regulators are increasingly trying to regulate financial institutions. This has led to an overload of staff who have to comply with the legislation.

In the process of churning out more and more paperwork to keep legislators happy, many financial institutions have lost themselves, especially when it comes to managing their business risks.

Risk management is often viewed as a business inhibitor rather than an aid to business growth.

If we go back to the first principles, we see that Risk Management was introduced to:

  1. Protect the business
  2. Protect shareholders
  3. Protect the public

In any business, if one can identify risks before they materialize and put in place some safeguards, this would be a prudent practice.

For example, if you look at a typical sales process, you could identify risks related to customer satisfaction and customer retention rates. So as a measure, we could establish some metrics around customer complaints. Your risk appetite could be, say, 70-100 customer complaints a month.

If the level of complaints exceeded 100, this could be investigated and steps could be taken to reduce customer complaints. Similarly, if the level of complaints dropped below 70, this could be an indication of falling sales or lack of reporting and steps could be taken to rectify this.

Of course, there can be ups and downs in profits, however, every company has a duty to take care of its shareholders to maximize the return on investment.

To do this, there must be responsibility for mistakes and mistakes. And therein lies the problem! Risk management follows a “blame culture”.

The Operational Risk Manager will blame operational staff for not reporting accurately.

The Group Risk Manager will blame the Risk Manager for not incorporating the Risk Management framework into the business.

The Risk Manager will blame the Group Risk Manager for not performing audits and controls.

The Chief Risk Officer will blame the Chief Risk Officer for failing to implement safeguards to manage the company’s risk appetite.

The CEO will blame the chief risk officer and simply say that it is their responsibility, not mine.

The IT department is blamed for anything to do with the computer hardware or software.

It reads like a children’s storybook, but unfortunately it’s too true!

Earlier in this article I said that “To have a useful risk management framework, there must be accountability.” Now by responsibility I don’t mean guilt. What I mean is responsibility for rectifying mistakes, bad practices, and non-compliance with policies and procedures.

If the responsibility lies with the person who did not follow the procedure, there is a real possibility of not reporting. We see companies like: Enron, Worldcom, Andersons, The Royal Bank of Scotland, in the news too often and this undermines the public’s trust in the regulatory practices of any large organization.

To move away from the blame culture, the risk department should be divided into separate sections and, at a minimum, the following:

  1. Risk Audit Section: whose only job is to find problem areas and critical points within the risk framework, by carrying out a series of Risk Audits. This section should report directly to the head of internal audit. In addition, the Head of Internal Audit must be completely independent from the risk function.
  2. Risk Management Reports Section: production of daily, weekly, biweekly, monthly reports, etc. reports and management information.
  3. Risk management policy and procedures – whose role is to ensure that the organization truly learns from its mistakes by ensuring that policies, procedures and controls are in place so that similar mistakes do not occur again.

Whenever possible, risk professionals should be cross-skilled with multidisciplinary specialties. For example, Information Technology and Risk Management, or Finance / Accounts and Risk Management, or any other combination that can help the business. Now I say this from experience, as I am: a chartered tax advisor; A risk management professional; An IT specialist, a Master Coach and a certified NLP trainer, but that’s another story!

What makes these cross-skilled Risk Managers an asset to any organization is that they can understand technical language as well as the inner workings of the areas and departments in which they have specialties. This, in turn, means that fewer errors and mistakes are made when departments need to communicate with each other and when handing over work to other departments. Or, indeed, simply hosting an effective meeting would help organizations tremendously.

Furthermore, if the departments themselves, from the CEO to the people at ground zero, could effectively communicate with subordinates, peers and executives using language that takes us away from the culture of blame, this would mean that Risk Professionals could work effectively to reduce Risk. instead of hiding from mistakes.

So, in summary, I would conclude that effective communication at all levels, as well as true responsibility for future actions and not for the past, will lead to greater confidence in Risk Management as a whole.

Leave a Reply

Your email address will not be published. Required fields are marked *