Managing Operational Risk in the
Financial Services Industry with ERM
Financial services organizations are under intense scrutiny from regulators, customers, investors, employees, and even the public at large to efficiently manage operational risk.
One misstep – say a compliance problem or data breach – can jeopardize customer confidence, raise the ire of regulators, and result in costly fines. And that’s especially unwelcome news for an industry already contending with decreasing margins and increasing competition from nontraditional sources in a rapidly digitizing world.
These days, there is no patience or forgiveness for disparate risk management systems that obscure the truth.
The complex operational risks of financial services firms need to be viewed collectively, not individually. You must be able to connect the dots between all risks to make intelligent decisions that will achieve your goals. And a growing number of financial services firms are turning to Enterprise Risk Management to manage operational risk more consistently, more efficiently, and more accurately.
ERM pulls all of the pieces together so you can anticipate, assess, mitigate, and monitor every form of operational risk throughout your organization. It helps you understand the full impact of risk – negative and positive – so you can minimize threats, capitalize on opportunities, and build resilience. With ERM, risk transforms from an organizational liability into a strategic advantage.
Having the right technology is critical to managing operational risk efficiently and objectively across the enterprise. But that’s just the beginning. To be successful, the ERM mindset must be embedded into the very fabric of the organization. After all, risk is everywhere.
This guide will help you understand what ERM is, how it can be used to manage operational risk, and how to begin holistically managing risks and opportunities in a truly integrated way.
WHAT IS ERM – AND HOW CAN IT BE USED TO MANAGE OPERATIONAL RISK?
Operational risk arises from any threat that could disrupt operations. It includes many risk types – e.g., compliance, third party, cyber, fraud – that relate to serving customers and operating internally. Effectively managing these risks requires oversight and transparency across virtually all of an organization’s processes and business activities.
And that’s where ERM comes in.
ERM is a structured, proactive, and continuous process that is applied across the organization to better understand all risks, how they relate to each other, and the cumulative impact on the organization. It looks to increase an organization’s value by both minimizing losses and maximizing opportunities for growth.
Applying ERM to operational risk brings consistency, clarity, and efficiency to managing the diverse risks included under the operational umbrella. ERM adds discipline and accountability, transforming operational risk management from a subjective, manual list of disparate activities to an objective, data-driven, purposeful process.
With ERM, you can reduce the risk of operational damage by proactively identifying and managing potential threats – which is particularly critical in the high-stakes world of financial services.
Equally important is to recognize what ERM is not. It is not just one more risk management tool that works independently of other technology.
True ERM integrates risk management across the organization. It breaks down departmental silos and helps all disciplines work together more efficiently. It also recognizes that risks are interrelated, helps eliminate duplicate efforts, and provides the big-picture view necessary to identify trends and potential risks early enough to do something about them.
ERM @ WORK
Say an employee opens an email and clicks on a link which turns out to be a phishing scam. The immediate risk is that the employee’s information has been stolen. However, there is also the risk that corporate, financial, or client data has been compromised. The slower the response, the greater the harm.
ERM can help minimize the fallout from such a risk event. All relevant information is already in one place where it can be instantly shared, discussed, and acted upon. ERM facilitates collaboration across the business to quickly pinpoint the problem, mitigate the damage, and institute controls to prevent future harm to operations.
With ERM you can understand the situation, prioritize actions, and report on results – all in record time.
HOW ERM STRENGTHENS OPERATIONAL RISK MANAGEMENT
The idea of managing risk on an enterprise-wide basis may seem daunting. But migrating toward ERM is essential for next-generation operational risk management.
Here are five ways ERM creates value specifically for financial services organizations:
HOW ERM TECHNOLOGY CAN HELP MANAGE OPERATIONAL RISK
Managing operational risk at an enterprise level is virtually impossible with spreadsheets or other manual methods. It takes the power of today’s cloud-based technology for financial services organizations to bring together multidisciplinary teams that can respond quickly to emerging threats and build agility and resilience for the future.
ERM software integrates all risk-related information into one source – which alone adds value to the organization by increasing efficiency in the process, as well as accuracy and consistency in the data. The software also can:
- Identify threats – including compliance, third party, cyber, fraud, and human behavior.
- Digitize operations – to minimize human error.
- Assess the impact of risks – both positive and negative with real-time analytics.
- Visualize interdependencies between risks – by frequency, severity, and exposure for both insurable and noninsurable risks.
- Enhance communication – with automated workflows, reporting, and dashboards.
- Prioritize risks – so you can take action where it matters most.
10 QUESTIONS TO ASK A PROVIDER OF ERM SOFTWARE FOR FINANCIAL SERVICES FIRMS
Technology is critical to implementing ERM in a financial services organization. Success depends on selecting the vendor that understands the needs of the organization, as well as of every stakeholder.
Here are 10 questions to help you make the right choice:
1. How secure is the system?
Financial information is sensitive. Make sure your vendor offers end-to-end security in the form of password policies, security roles, encryption, and audit logs. Vendors with a cloud-based platform should be able to explain how the data is secured and guarded. Data centers also should be audited regularly.
2. How reliable is the system?
Look for a system that is fast and reliable. Technology should provide information on-demand, with virtually no wait times for queries, searches, or analysis. Invest in a system with minimal downtime from a vendor that offers up-to-the-minute details on planned maintenance.
3. Is it scalable?
The world of financial services is constantly changing, and risks are always evolving. Give priority to a solution that can expand with your needs without costly and time-consuming overhauls.
4. Is it integrated?
Look for a system that includes a multitude of solutions – heat maps, risk assessments, risk hierarchies, risk registers, reporting and analytics, and more – that can be used across operational-risk disciplines. End-to-end integration minimizes errors, maximizes collaboration, and gives you more powerful insights for better decision-making.
5. Who should be included in the buying process?
ERM touches many functional areas, and it’s important for all voices to be heard – especially beyond the second-line risk function. And if the C-suite holds the purse strings, be sure to detail the tangible ways ERM will benefit the business.
6. Can we take the software for a test drive?
Take the time to request a demo. How easy and intuitive is the user experience? Are all the features you need accessible from a tablet, phone, and laptop? Are the reports and analytics sophisticated enough for your needs? And are they easy to do?
7. Whom will we be working with?
Technology is great, but people make the real difference. You want to work with people you like and trust. Will the person answering your call or email know you, your organization, and the financial services industry – and will they be able to resolve issues within a reasonable amount of time?
8. What about implementation?
Find out how long implementation typically takes, what the process is, what information is needed from you, and who is involved. And ask what type of support is offered post go-live and the expected response time.
9. What is included?
Have a clear understanding of what features and services are included in the pricing structure, and what it might cost if your needs change.
10. Will you have our back?
Always make sure the vendor has demonstrated expertise in the financial services industry, as well as technology and risk – and the longevity and resources to go the distance with you.
HOW TO BUILD SUPPORT FOR ERM
Managing uncertainty, while creating and protecting value at a strategic level, has obvious appeal to risk managers and leaders alike. In reality though, different departments, isolated by disparate technology, can end up working at cross purposes.
With old-school techniques like spreadsheets, there is no practical way to eliminate this tunnel vision. But with an integrated ERM program, you can.
Today’s ERM software can break down the silos and pull all the pieces together for a powerful 360-degree view of all operational risk within your enterprise. It can aggregate large amounts of data to uncover the individually rare, but collectively important, problems that make up a significant portion of things that go wrong. And you have the insight to react quickly and change the trajectory.
The whole is truly greater than the sum of the parts.
Already thin margins and stretched staff, however, can make it a challenge to generate enthusiasm for what can be a significant undertaking. And it can feel uncomfortable at first to involve disciplines outside the risk management department. Is it worth the time and effort to implement a new approach?
The answer is yes.
ERM software will certainly boost productivity by eliminating duplicate efforts. And being able to manage operational risk proactively instead of reactively will likely reduce costs of future risk events. But the real value lies in ERM’s ability to enhance your ability to make intelligent decisions that will help you achieve your strategic goals.
ERM doesn’t eliminate risk – of course – but it will minimize surprises. And if something unexpected does happen, you’ll have the knowledge, tools, and culture to turn those challenges into opportunities for success.