Risk Angles: Five Questions on Aligning Risk and Value
Organizations of all sizes understand that risk is a reality, inherent in doing business. In turn, risk management has long been a corporate function. But as risks have grown more complex – due to factors ranging from globalization to technology to regulations to public scrutiny – companies are realizing that their risk management functions may not be as effective as they should be, which has implications for shareholder value. To preserve value and navigate the expanding risk universe more effectively, organizations are exploring ways to change the way risk is viewed and managed. They’re looking to embed risk management as a discipline across the enterprise – and in turn, meet future expectations in a prudent, profitable manner.
In this issue of Risk Angles, Peter Matruglio answers five questions about aligning risk and value, and Scott Baret takes a closer look at how the financial services industry is addressing risk.
|What’s driving the demand for a shift in how risk is managed?||Financial concerns and a need for more effective risk management across the enterprise. For many organizations, cost reduction efforts aren’t enough to offset diminishing margins, so they’re looking to change their business models or pursue new strategies to strengthen earnings as well as their ability to access capital to support growth. The increase in regulatory requirements and the rising cost of compliance is another big driver. This is tied closely to the situation many organizations face in that their technology infrastructure for compliance and risk management was created in a piecemeal fashion and isn’t serving their needs for data quality, access, and analysis.|
|What’s wrong with traditional approaches to governing and managing risk?||In the traditional model, risk management is viewed as the responsibility of a centralized corporate function, which can lead other functions to misunderstand or downplay their role in managing risk, even when it resides in their area. Or, a particular function might develop a risk response to meet its own needs, say a new regulation or market threat, that isn’t coordinated with other organizational risk efforts. We often see technology solutions that are implemented ad hoc or bolted on to existing systems. So even though the organization ostensibly has centralized risk oversight, there are numerous siloes operating independently, making it difficult to understand the big picture and address risk holistically.|
|How can embedding risk management into business processes drive positive shareholder value?||Shareholder value is mostly driven by the organization’s ability to gain more returns on its capital than the cost of that capital. So, if you want to improve shareholder value, you look to deploy capital more effectively by paying attention to external market demands, competition, regulations, and the like, while shoring up internal business management and risk management. Improving risk management requires organizations to address those siloed, ad hoc conditions we discussed, and create alignment across the organization. One effective way to create alignment is to embed risk management into business units and functions at the level of people’s daily responsibilities.|
|How is that alignment achieved?||We’re calling that alignment “risk transformation”. Risk transformation integrates risk management into the conduct of business, resulting in an opportunity to strengthen not only the management and governance of risk, but also the management of capital, operations, and supporting IT infrastructure. On a deeper level, risk transformation strives to embed risk management into employees’ daily activities so that it becomes an instinctual part of their business behavior. This cultural shift helps the organization achieve a holistic approach to risk management that is aligned with the business’s strategies. When appropriate accountability for risk management is transferred to the businesses and functions, which share risk responsibility with the risk management function, accountability becomes clearer.|
|What steps can an organization take to begin this transformative journey?||“Dividing and conquering” the approach to risk by addressing four key cornerstones can help organizations achieve risk transformation – it’s their choice which cornerstone(s) to work on and to what extent. The first cornerstone is Strategy – considering business and risk strategy together so that they support each other, and addressing the risks to the business strategy as well as the risks of the business strategy. Second is Governance and Culture – looking at things like the organization’s level of Risk Intelligence and its risk management and governance frameworks. The third cornerstone looks at how risk is managed within the Business and Operating Models. Are there clear accountabilities, authority, and decision rules at all levels? Finally, there’s the Data, Analytics, and Technology cornerstone, which considers how to align and leverage investments in risk management, internal control, and data management and analysis across the organization.|
A closer look: Enhancing the value of risk in financial institutions
By Scott Baret
Globally, many banks are working to meet the Basel III capital requirements, and generally need to improve their risk weighted asset (RWA) usage. When financial institutions lack a standardized, sustainable process for addressing regulatory and compliance risk, reputational and brand risk often increase as well. As a result, financial organizations perceive an urgent need to streamline their overly complicated compliance process and improve operating efficiency as well as the customer experience. For many, this involves changing their operating model so that controls are embedded within functions and stakeholders understand governance roles and responsibilities and routinely consider the regulatory impacts of business initiatives. This integrated approach simplifies regulatory compliance while improving operational efficiency, controls, and risk management.
Financial institutions looking to undertake a risk transformation can start with the following three steps:
- Have the conversation. Virtually every major financial institution, across all lines, is wrestling with risk management, capital, liquidity, regulatory, and operational demands. Any senior executive or director in a financial, operating, marketing, compliance, risk management, or other role can raise the subject of alignment and transformation, because virtually every area of the organization faces similar challenges. However, these challenges are best addressed in a team setting.
- Assess the current state. Consider the factors affecting your organization’s strategic execution through measures such as revenue, income, costs, risks, capital, and shareholder expectations. Consider also the impact of regulations and rules regarding capital, liquidity, risk data, risk governance,and risk reporting. What is the current state of alignment in the organization? What is the level of maturity – fragmented, integrated, comprehensive,or optimized – in specific businesses and functions?
- Consider the possibilities. Which opportunities to enhance alignment of risk and operational management seem obvious? How might you respond to regulatory changes and new risks in a coordinated manner? Where are your highest priorities? How can you more clearly define your desired enterprise risk profile and ways of achieving, maintaining, and communicating it?
By participating in this poll, you consent and acknowledge that your responses may be disclosed without attribution by Deloitte in future publications and you are authorized to respond to the poll on behalf of your company.*
*Please review the guidelines before providing your comments.
As used in this document, “Deloitte” means Deloitte LLP and its subsidiaries. Please see www.deloitte.com/us/about for a detailed description of the legal structure of Deloitte LLP and its subsidiaries. Certain services may not be available to attest clients under the rules and regulations of public accounting.