Featured Product

    Leveraging ERM as Part of an Effective Integrated Risk Management Framework

    This article compares the similar concepts of enterprise risk management and integrated risk management, and considers what risk practitioners can learn from an analysis of the best practices of each in order to strengthen their businesses.

    Integrated risk management is a topic that many quantitative analysts sought to cover decades ago. To many, it was obvious that some risks were correlated and should be monitored using an integrated framework.

    After conducting research and improving their methodologies, many financial institutions started to take into account the interconnection of different risks, but this effort was not completed before the subprime crisis occurred. The crisis highlighted two different risks – credit and liquidity – that had a dramatic combined impact, which served as a catalyst for the senior management of banks to begin evaluating their risk management frameworks to adopt an enterprise risk management (ERM) approach.

    Although the two concepts are similar, enterprise risk management focuses more on the framework than the methodology, helping monitor risks and anticipate what can go wrong. In that sense, it is beneficial to integrated risk management. There is one risk, however, that banks continue to overlook – the risk of focusing on the framework rather than the risk itself.

    Enterprise risk management as a new set of tools

    Building a technical framework is one of the first steps when starting a successful enterprise risk management project. Ideally, IT systems should be accessible by all and provide consistent levels of information. Although banks do not need all the available analytical dimensions to analyze each type of risk, it is important they consider new methodologies or reports that may require other dimensions. For example, the Basel framework or European Banking Authority (EBA) reports will require more and more dimensions for their new templates. Some banks discovered too late that the way they aggregated data in their systems was not granular enough to produce consistent regulatory reports, forcing them to correct and manually manipulate the data. The number of regulations will certainly increase over the next few years, leading to more regulatory reports – and will only boost the return on investment of a good framework.

    “Given the central role of effective, firm-wide risk management in maintaining strong financial institutions, it is clear that supervisors must redouble their efforts to help organizations improve their risk management practices… We are also considering the need for additional or revised supervisory guidance regarding various aspects of risk management, including further emphasis on the need for an enterprise-wide perspective when assessing risk.”1

    -Ben Bernanke

    After the recent crisis, no CEO wanted to be in charge unless they had a clear view of their institution’s situation. This requirement necessitated an automated solution in which people could collaborate on providing the most accurate view of their bank. Moreover, the Bank for International Settlements (BIS) committee added rules (i.e., BCBS 239) that forced banks to generate more granular data to better assess their risks, heightening the pressure already coming from their senior management and supervisors. According to BIS, the final objective should then be to have an integrated risk management framework where many risks can be jointly simulated by different levels of granularity (i.e., using both top-down and bottom-up approaches).

    Transcend information silos

    One benefit of an enterprise risk management framework is that it gives people access to information that was previously only readily available to other teams. For instance, ALM teams will gain ready access to probability of default (PD) and loss given default (LGD) data or risk-weighted assets (RWAs) data from risk departments. This information is necessary for many purposes, including liquidity reporting. Similarly, risk departments will have ready access to the P&L for each transaction and will be able to analyze not only the risk, but also the return on each portfolio in real-time, better informing pricing and new business decisions. Furthermore, when teams have the opportunity to learn more about the models and outputs of other teams, it enables a new mindset – one that, for example, encourages analysis of related information that leads to the building of more relevant reports.

    “The financial crisis has underscored how insufficient attention to fundamental corporate governance concepts can have devastating effects on an institution and its continued viability. It is clear that many banks did not fully implement these fundamental concepts. The obvious lesson is that banks need to improve their corporate governance practices and supervisors must ensure that sound corporate governance principles are thoroughly and consistently implemented.”2

    -Danièle Nouy

    The quote by Danièle Nouy highlights that a technical framework is simply not enough – governance is key. Banks must remove silos between departments for a proper enterprise risk management framework to work. Unfortunately, many banks think that a standardized database is sufficient, as they often forget that a cultural change needs to be made, too.

    The risk of too much information

    “Risk comes from not knowing what you’re doing.”

    -Warren Buffett

    As data is available to everyone, many believe that all monitored risks are consistent. In reality, people work with different assumptions and backgrounds, and consequently, different methodologies. Each team could perform integrated risk management with a robust methodology without owning a single technical platform. This platform is nice to have but is not mandatory for comprehensive integrated risk management. As models can be accessed by anyone, risk managers often think that it is better to use advanced methodologies or complex simulations. They forget, however, why they are performing these calculations, which increases the risk instead of mitigating it.

    Figure 1. Enterprise risk management: different levels of granularity
    Enterprise Risk Management
    Source: Moody's Analytics

    Moreover, even if ERM seems to be powerful, robust risk management can be performed on a small sub-portfolio within the bank and may sometimes be more efficient than only looking at the global picture. ERM is not only about the global picture, but also about breaking down the risks at each level of the organization. For example, in a group consisting of a small investment bank and a large retail bank, the risks taken by the investment bank can be considered less substantial within the group. The retail subsidiary will work extensively with the investment bank, transferring positive income into it and decreasing the investment bank’s relative risk. This transfer does not make the small subsidiary (i.e., the investment bank in our example) less risky, but is merely seen as a relatively small risk for the group. The reality is that this investment bank could be unprofitable without anyone noticing it until a big crisis revealed the truth. Good practices would require a dedicated risk management team for this small entity – and not only for a large ERM platform.

    Enterprise risk management must not be seen as the final objective, at least not if banks consider it an IT project only. ERM also involves people and processes, especially if banks want to achieve effective integrated risk management. They need to keep in mind that new types of risks will arise. A rigid framework could prevent risk managers from focusing on the main risks and instead lead them to perform the same analysis on risks that are no longer relevant.

    “It is not the strongest or the most intelligent who will survive, but those who can best manage change.”

    -Charles Darwin

    A cultural transformation to improve the chances of success

    It is clear now that ERM is a process that can be applied by everyone at every level of a bank to set its strategy. It is designed to identify the potential risks in different subsidiaries and teams across a global company. One primary objective is to set a risk appetite where all the risks are correlated because, as recently witnessed, risk management has failed when done in silos.

    Figure 2. Example of integrated risk management for a single portfolio
    Example of Integrated Risk Management
    Source: Moody's Analytics

    The recent crisis could be seen as an excellent opportunity to implement an ERM platform, which is now required by most of the regulators and senior managers in banks. The fact that each crisis came from a different risk driver will force risk managers to keep changing their methodologies and metrics. However, banks must keep in mind that a cultural change is needed if they want to leverage ERM as part of an effective integrated risk management framework.


    1 Ben S. Bernanke, Risk Management in Financial Institutions, Federal Reserve Bank of Chicago's Annual Conference on Bank Structure and Competition, May 2008.

    2 Danièle Nouy, Chair of the Corporate Governance Task Force and Secretary General of the French banking commission, commenting on The Basel Committee on Banking Supervision’s Principles for enhancing corporate governance, March 2010.

    Featured Experts
    As Published In:
    Related Articles

    Bank RegTech Talks Webinar Series: The Rise of Integrated Balance Sheet Management

    With greater clarity of the regulatory compliance environment than at any time since before the financial crisis, banks have an excellent opportunity to get off the compliance treadmill and move forward with strategic technology platforms for managing risk.

    November 2017 WebPage Karen MossNicolas Kunghehian

    Liquidity Risk: Some Practical Challenges Remain, but this is the time to Automate & Integrate

    This whitepaper covers the challenges and best practices for closer alignment of liquidity risk management and regulatory reporting.

    October 2017 Pdf Nicolas KunghehianKaren Moss

    Interest Rate Risk in the Banking Book: Meeting the Practical Challenges

    The new Basel Committee on Banking Supervision (BCBS) standards for IRRBB come into force January 1, 2018. This paper looks at the standards from a practical implementation point of view and raises some of the main challenges.

    September 2017 Pdf Nicolas Kunghehian, Anne Deotto

    Aligning Liquidity Compliance and the Business – A Three Step Approach

    In this webinar, experts from Moody’s Analytics will demonstrate the three steps to managing liquidity, compliance and the business.

    January 2016 WebPage Nicolas Kunghehian, Pierre Mesnard

    Building a Comprehensive FTP Framework for Stress Testing, Risk Appetite, and Forecasting P&L

    Funds transfer pricing (FTP) is of growing concern to banks and regulators. But what does FTP have to do with stress testing? A comprehensive FTP framework can help organizations use the results of stress tests to forecast their P&L across departments.

    May 2015 WebPage Nicolas Kunghehian

    Data Quality for Accurate Liquidity Management

    This webinar looks at the need for data quality when managing volatile ratios in a short period of time, improving performance in a low interest rate environment and fulfilling the detailed reports required by supervisors.

    April 2015 WebPage Nicolas Kunghehian

    Integrated Risk Management: Overcoming Bank Silos to Optimize Stress Testing

    Integrating different risks in a single framework greatly benefits all financial institutions – leading to better communication, risk assessment, and long-term performance.

    November 2013 WebPage Nicolas Kunghehian

    Breaking the Silos in Stress Testing

    This article illustrates that a crisis can occur, or be exacerbated, when risks are managed in different silos in banks. It first defines the different types of risks that can be correlated and provides examples that illustrate how banks should model the different risks together.

    September 2013 WebPage Nicolas Kunghehian

    Créer et maintenir une culture des stress tests

    La récente crise financière a mis l'accent sur le besoin de plus de stress tests comme un des principaux outils de la gestion des risques. Une organisation centralisée de la gestion des scenarios doit être au centre de l'architecture de la gestion des risques de l'entreprise.

    March 26, 2012 Pdf Nicolas Kunghehian

    Managing Liquidity Risk Under Regulatory Pressure

    The presentation looks at what is the impact of the new Basel III regulation on the liquidity framework, what are the best practices for Asset & Liability Management, Economic scenario generation and calculation techniques, Managing the Basel III ratios

    January 2012 Pdf Nicolas Kunghehian
    RESULTS 1 - 10 OF 12