Enterprise Risk Management and Risk Appetite in a COVID- 19 World
Enterprise Risk Management (ERM) is a global, widely accepted approach to identifying, assessing, measuring, and managing the key risks faced by an organisation, including critical interdependencies between risks. As an ongoing process, ERM in its nature is therefore intended to manage risks of a financial institution holistically and can play an instrumental role in aiding financial institutions to achieve their strategic goals and performance objectives.
Unfortunately, many financial institutions still regard ERM as a routine necessity and do not realise the potential to use it as a competitive advantage. As a result, the discipline of risk management suffers from being static, siloed, and independent from the core business. For these financial institutions to become more resilient and competitive, ERM must evolve to be dynamic and agile, thereby enabling improved risk management from an enterprise-wide perspective and must be able to adapt to the new realities brought about by the global pandemic.
Undoubtedly, COVID-19 has changed the world as we know it, representing the biggest test for financial institutions’ risk frameworks since the 2008 financial crisis. One could argue the pandemic is a classic ‘Black Swan’ event, which, prior to its emergence, was viewed by everyone in the industry as a very low likelihood, albeit a high impact event. As the Black Swans’ egg hatched, and financial institutions moved into ‘pandemic reality’, the risk profile of financial institutions have also significantly changed. The rapid onset of COVID-19, underpinned by the strict containment measures implemented globally, reminded everyone that pandemic risk is real and can alter an organisations’ risk profile rapidly. Financial institutions are now faced with the prospect of having to respond quickly, and effectively, to a “new” business environment. Dynamic and integrated risk management, including the ability to determine risk appetite, and decide on mitigating actions in real time, is becoming critical.
Why the need for effective ERM?
In these current volatile times, risk environments demand an agile risk management approach, enabling the ‘capture’ emerging opportunities, and where the need exists for risk management to be elevated from mere prevention and mitigation to dynamic, strategic enablement, and value creation. Rather than simply avoiding downside risk brought about by COVID-19 an agile and effective ERM framework empowers an organization to take informed risks, enabling growth. During this pandemic, financial institutions may be required to alter their risk appetite, enabling them to take advantage of growth opportunities, as market conditions evolve. For example, a financial institution may need to assess its risk appetite statement for all key risks to accommodate rapid shifting customer behaviours, digital capabilities, competitive landscapes, and global trends. The financial institution should understand the risk implications of its chosen strategy, enabling it to promptly re-evaluate its strategy to one with a more suitable risk profile, as emerging risks appear on the radar.
It is therefore critical for banks to embed a robust risk appetite framework, as part of their organisational ERM framework, with clear risk appetite statements, thresholds identified, and associated limits for all key risks.
Financial institutions should ensure their defined risk appetite remains within an acceptable risk threshold and ensure alignment of the risk appetite with the institutions’ strategy. This should enable the financial institution to position itself to take certain risks and seize opportunities that might otherwise be overlooked. Financial institutions should not simply adjust risk limits solely to avoid breaching certain thresholds, as this could be considered poor risk management practice. Further, it may hamper the institutions’ ability to monitor risks effectively and to identify potential deterioration in the institutions’ risk profile. Similarly, it is important for the institutions’ strategy and business objectives to be in harmony with its risk appetite set by board. For financial institutions’ risk frameworks to be effective, the institutions’ risk appetite should permeate its culture, in other words, become ‘institutionalized’. A strong risk culture is now more crucial than ever, as risk culture is a critical element to an institutions’ resilience in the face of challenges. Embedding a strong risk culture is the mechanism enabling institutions to move from passive, point in time risk management, to a proactive, integrated, and agile risk management model.
In conclusion, Winston Churchill is credited with saying, “Never let a good crisis go to waste”. Financial institutions should therefore learn from the pandemic and the challenges it has brought about, to proactively work towards embedding a dynamic and agile ERM framework. Such frameworks should be supported by a robust risk appetite framework, and strong risk culture, as essential value-add and competitive components of its risk management toolbox, both now and in a post-pandemic world.
Compiled by Carla Bester, Arise Risk and Compliance Specialist