Cross-Risk Governance Integration: Control the Release Valve on the “Pressure Cooker” of Risk in 2020
January 16, 2020
2020 will continue cross-risk regulatory pressure focus; be positioned and enabled to control the release valve on the “pressure cooker”
by Andrew Domino, Chief Operating Officer
With economic predictions running the gamut, a 2020 election bringing political uncertainty, and new regulations in the works, we are often asked by clients, “Where should I focus our compliance efforts?” Our answer: “Cross-risk governance integration.”
These four words represent quite a bit of work. Here’s why.
Simply put: each new year brings change. 2020 is no different and, arguably, it may even be more severe. Why does that matter? The greater the change, the more exposed you’ll be to risk.
So, it’s time to ask yourself, is your company where it needs to be in terms of its risk management policies and operations?
That depends. According to a recent (November 2019) Federal Reserve report, financial institutions with less-than-satisfactory ratings generally do exhibit weaknesses in one or more areas. These include compliance, model, and operational risk management.
If your company had unresolved weaknesses in 2019, you can expect these to gain momentum in 2020.
You can expect weaknesses to significantly challenge your risk management program, strain your resources and distract attention from other key activities.
You’re not off the hook if you’ve invested in a risk management program. In fact, even though most financial institutions have made this investment, we still see weaknesses resulting from one or more of these common, and often governance-related, pitfalls:
- Programs that were built in siloes with fragmented governance
- Inconsistent and insufficient communication across first, second, and third line of defense risk leaders and managers
- Lack of accountability that policies, processes and systems are implemented effectively and adhered to for all bank material products
- Minimal integration of strategic planning and risk management across risk types and functions
- Unclear expectations for escalation, root cause analysis, remediation and validation
- Informal, inconsistent or misunderstood definitions and taxonomies
If you encountered these pitfalls in 2019, be assured that they will undercut any investments that your organization makes in its risk management program in 2020. They’ll also leave you vulnerable to time-consuming, costly and distracting regulatory scrutiny.
Worried about risk management governance vulnerability as you head into 2020? Evaluate your program against these principles:
1. Your board and senior leadership are evolving their governance roles
- There is cultural recognition that continuous improvement applies as much to risk governance as it does to operational performance.
- Your board has approved the risk management policies, processes and systems established by senior management.
- Risk management policies have been tied to your financial institution’s risk appetite and strategic plan.
2. Program expectations and accountabilities that are communicated to staff result in an authentic risk management culture
- Roles, responsibilities and accountabilities are understood across the organization.
- Employee performance is measured against these responsibilities.
3. Integrated and effective governance structures ensure objectivity and consistency
- Established committees which are composed of a cross-section of the organization allowing for independence and objectivity.
- Meaningful risk topics, from emerging risks to validation of closed issues, are regularly discussed, addressed, and documented.
4. Dedication to critical governance routines show adherence to the culture of risk
- Communication which flows both horizontally and vertically and includes the escalation of both good and bad news.
- Clear expectations as to how exceptions are to be analyzed, remediated and validated.
Matching your current environment to the principles above gives you a holistic assessment of your risk management governance and allows you to identify which actions your organization needs to take to strengthen your risk management program in the new year.
Be prepared for pressure testing in 2020 — invest for the future
Whether preparing for an economic downturn, meeting changing customer needs, or implementing data and technology initiatives, your risk management framework and governance effectiveness will be pressure tested in 2020.
Acting on weaknesses uncovered by your assessment is just first step to shoring up your cross-risk governance integration. You’ll also need an action plan and must manage its execution (no small task).
To achieve the best practices associated with your company’s size and complexity, find a trusted partner with proven expertise in risk management frameworks at both the macro, (i.e., governance) and the micro (e.g., control-specific) levels.