This article compares the similar concepts of enterprise risk management and integrated risk management, and considers what risk practitioners can learn from an analysis of the best practices of each in order to strengthen their businesses.
Integrated risk management is a topic that many quantitative analysts sought to cover decades ago. To many, it was obvious that some risks were correlated and should be monitored using an integrated framework.
After conducting research and improving their methodologies, many financial institutions started to take into account the interconnection of different risks, but this effort was not completed before the subprime crisis occurred. The crisis highlighted two different risks – credit and liquidity – that had a dramatic combined impact, which served as a catalyst for the senior management of banks to begin evaluating their risk management frameworks to adopt an enterprise risk management (ERM) approach.
Although the two concepts are similar, enterprise risk management focuses more on the framework than the methodology, helping monitor risks and anticipate what can go wrong. In that sense, it is beneficial to integrated risk management. There is one risk, however, that banks continue to overlook – the risk of focusing on the framework rather than the risk itself.
Building a technical framework is one of the first steps when starting a successful enterprise risk management project. Ideally, IT systems should be accessible by all and provide consistent levels of information. Although banks do not need all the available analytical dimensions to analyze each type of risk, it is important they consider new methodologies or reports that may require other dimensions. For example, the Basel framework or European Banking Authority (EBA) reports will require more and more dimensions for their new templates. Some banks discovered too late that the way they aggregated data in their systems was not granular enough to produce consistent regulatory reports, forcing them to correct and manually manipulate the data. The number of regulations will certainly increase over the next few years, leading to more regulatory reports – and will only boost the return on investment of a good framework.
“Given the central role of effective, firm-wide risk management in maintaining strong financial institutions, it is clear that supervisors must redouble their efforts to help organizations improve their risk management practices… We are also considering the need for additional or revised supervisory guidance regarding various aspects of risk management, including further emphasis on the need for an enterprise-wide perspective when assessing risk.”1
After the recent crisis, no CEO wanted to be in charge unless they had a clear view of their institution’s situation. This requirement necessitated an automated solution in which people could collaborate on providing the most accurate view of their bank. Moreover, the Bank for International Settlements (BIS) committee added rules (i.e., BCBS 239) that forced banks to generate more granular data to better assess their risks, heightening the pressure already coming from their senior management and supervisors. According to BIS, the final objective should then be to have an integrated risk management framework where many risks can be jointly simulated by different levels of granularity (i.e., using both top-down and bottom-up approaches).
One benefit of an enterprise risk management framework is that it gives people access to information that was previously only readily available to other teams. For instance, ALM teams will gain ready access to probability of default (PD) and loss given default (LGD) data or risk-weighted assets (RWAs) data from risk departments. This information is necessary for many purposes, including liquidity reporting. Similarly, risk departments will have ready access to the P&L for each transaction and will be able to analyze not only the risk, but also the return on each portfolio in real-time, better informing pricing and new business decisions. Furthermore, when teams have the opportunity to learn more about the models and outputs of other teams, it enables a new mindset – one that, for example, encourages analysis of related information that leads to the building of more relevant reports.
“The financial crisis has underscored how insufficient attention to fundamental corporate governance concepts can have devastating effects on an institution and its continued viability. It is clear that many banks did not fully implement these fundamental concepts. The obvious lesson is that banks need to improve their corporate governance practices and supervisors must ensure that sound corporate governance principles are thoroughly and consistently implemented.”2
The quote by Danièle Nouy highlights that a technical framework is simply not enough – governance is key. Banks must remove silos between departments for a proper enterprise risk management framework to work. Unfortunately, many banks think that a standardized database is sufficient, as they often forget that a cultural change needs to be made, too.
“Risk comes from not knowing what you’re doing.”
As data is available to everyone, many believe that all monitored risks are consistent. In reality, people work with different assumptions and backgrounds, and consequently, different methodologies. Each team could perform integrated risk management with a robust methodology without owning a single technical platform. This platform is nice to have but is not mandatory for comprehensive integrated risk management. As models can be accessed by anyone, risk managers often think that it is better to use advanced methodologies or complex simulations. They forget, however, why they are performing these calculations, which increases the risk instead of mitigating it.
Moreover, even if ERM seems to be powerful, robust risk management can be performed on a small sub-portfolio within the bank and may sometimes be more efficient than only looking at the global picture. ERM is not only about the global picture, but also about breaking down the risks at each level of the organization. For example, in a group consisting of a small investment bank and a large retail bank, the risks taken by the investment bank can be considered less substantial within the group. The retail subsidiary will work extensively with the investment bank, transferring positive income into it and decreasing the investment bank’s relative risk. This transfer does not make the small subsidiary (i.e., the investment bank in our example) less risky, but is merely seen as a relatively small risk for the group. The reality is that this investment bank could be unprofitable without anyone noticing it until a big crisis revealed the truth. Good practices would require a dedicated risk management team for this small entity – and not only for a large ERM platform.
Enterprise risk management must not be seen as the final objective, at least not if banks consider it an IT project only. ERM also involves people and processes, especially if banks want to achieve effective integrated risk management. They need to keep in mind that new types of risks will arise. A rigid framework could prevent risk managers from focusing on the main risks and instead lead them to perform the same analysis on risks that are no longer relevant.
“It is not the strongest or the most intelligent who will survive, but those who can best manage change.”
It is clear now that ERM is a process that can be applied by everyone at every level of a bank to set its strategy. It is designed to identify the potential risks in different subsidiaries and teams across a global company. One primary objective is to set a risk appetite where all the risks are correlated because, as recently witnessed, risk management has failed when done in silos.
The recent crisis could be seen as an excellent opportunity to implement an ERM platform, which is now required by most of the regulators and senior managers in banks. The fact that each crisis came from a different risk driver will force risk managers to keep changing their methodologies and metrics. However, banks must keep in mind that a cultural change is needed if they want to leverage ERM as part of an effective integrated risk management framework.
1 Ben S. Bernanke, Risk Management in Financial Institutions, Federal Reserve Bank of Chicago's Annual Conference on Bank Structure and Competition, May 2008.
2 Danièle Nouy, Chair of the Corporate Governance Task Force and Secretary General of the French banking commission, commenting on The Basel Committee on Banking Supervision’s Principles for enhancing corporate governance, March 2010.
Director, Business Development - EMEA
Nicolas is responsible for thought leadership on ALM, liquidity, and market risks for the EMEA region to help financial institutions define a sound risk management framework.
Details how global risk managers can comply with new regulations, better manage risk, and meet business and industry demands.
Previous ArticleCCAR and DFAST Stress Testing Survey Results
In this webinar, experts from Moody’s Analytics will demonstrate the three steps to managing liquidity, compliance and the business.
Funds transfer pricing (FTP) is of growing concern to banks and regulators. But what does FTP have to do with stress testing? A comprehensive FTP framework can help organizations use the results of stress tests to forecast their P&L across departments.
May 2015 WebPage Nicolas Kunghehian
This webinar looks at the need for data quality when managing volatile ratios in a short period of time, improving performance in a low interest rate environment and fulfilling the detailed reports required by supervisors.
April 2015 WebPage Nicolas Kunghehian
Integrating different risks in a single framework greatly benefits all financial institutions – leading to better communication, risk assessment, and long-term performance.
November 2013 WebPage Nicolas Kunghehian
This article illustrates that a crisis can occur, or be exacerbated, when risks are managed in different silos in banks. It first defines the different types of risks that can be correlated and provides examples that illustrate how banks should model the different risks together.
September 2013 WebPage Nicolas Kunghehian
The presentation looks at what is the impact of the new Basel III regulation on the liquidity framework, what are the best practices for Asset & Liability Management, Economic scenario generation and calculation techniques, Managing the Basel III ratios
January 2012 Pdf Nicolas Kunghehian
This presentation gives examples of how stricter rules on higher capital requirements will impact on the Liquidity coverage ratio (LCR) and capital allocations. It finds there will be more constraints for banks, and touches on the importance of liquidity buffers; but it also champions shared ownership, better risk management and better performance management as the necessary response to Basel III.
June 2011 Pdf Nicolas Kunghehian
New regulations under Basel III tightened the regulatory framework and led to a greater focus on liquidity risk management. This presentation looks at how Basel III achieves this. It also offers a breakdown of the results of the QIS liquidity ratios, all of which point to a need for better and more comprehensive performance management.
May 2011 Pdf Nicolas Kunghehian