
Convergence is key
SPONSORED STATEMENT
Global companies are elevating to mission-critical status the need to converge and better co-ordinate risk and control activities, according to a Risk Convergence Market Pulse online survey conducted by Ernst & Young and OpRisk & Compliance. Of the 92 organisations surveyed, 84 report that these tasks are now 'imperative' or 'very important'.
Despite near unanimous agreement about the necessity of convergence, there remains some debate as to why it is so important. Nearly all respondents (97%) believe improving the quality of risk information is the driver, followed closely by providing an enterprise-wide view of risk, clarifying roles and responsibilities, and managing costs. Half the companies surveyed go on to cite growing risk management fatigue and the need to expend significant time and money to comply with risk requirements as frequent issues and challenges within risk management and regulatory compliance programmes.
Given these myriad responses, it is not surprising to find organisations citing the chief risk officer as the most likely sponsor of convergence and co-ordination activities, followed closely by the board/chief executive officer.
Chris Richardson, a senior manager in Ernst & Young's financial services risk management practice, advises companies that there are some fundamental operating model considerations that, if employed, can improve both the quality of risk information and the underlying processes. "However, most organisations are starting from the bottom up in one area: responding to the business comments around fatigue," he cautions. "Therefore, they can lose sight of the real driver: the multidimensional provision of quality risk information across the entire organisation. This must include defining business requirements, data requirements and technology enablers across the risk management functions before initiating work." For companies to realise this holistic vision, Richardson adds, risk management convergence must be a 'top-of-the-house' decision.
Survey respondents agree that they face significant hurdles in obtaining joint development and buy-in as well as an inherent lack of flexibility and resistance to change. In fact, 57% of the respondents cite these issues as either 'very challenging' or 'challenging' as they design or implement risk management convergence solutions. Expect this trend to be exacerbated if the C-suite does not sponsor this agenda; C-level support offers a way to get people inside an organisation to co-operate.
Approximately 37% of respondents are also challenged by the need for improved communication and the development of clear messages. The business case for risk management convergence in an organisation is a very important tool – it is critical to get it right. It must articulate the vision, roles and responsibilities, and accountability of affected functions as well as state the benefits. So why is this difficult to communicate?
Historically, operational risk and compliance practioners have been focused on the measurement and management of operational risk. They have not focused on articulating the benefits of performing certain activities or identifying the positive effects of observing and analysing loss and indicator data with compliance or audit findings. But the business units are beginning to expect more value from the risk management investment, and no longer see project plans or descriptions of near misses as sufficient. These expectations put the risk management community outside its collective comfort zone. Focusing on the sole components of operational risk, compliance and information security frameworks is no longer enough. Risk practitioners need to take a step back and contemplate a new and different way of operating. But today, confusion prevails: a majority of survey respondents (52%) agree that their target operating model is difficult to define. No wonder organisations are finding the business case difficult to articulate.
Finally, respondents note that messaging to the regulatory community, while important, does not present a significant challenge. Clearly, risk management convergence aims to enhance risk management practices; it does not aim to reduce risk coverage or levels of assurance. Respondents equally support the view that risk management convergence does not require a massive re-engineering programme, reinforcing the view that most see a series of relatively smaller projects as the way forward.
Given the responses to the survey, a logical question arises: "What do I do next?" Ernst & Young's Richardson offers the following: "It is C-suite buy-in you're aiming for, so the risk functions need to collaborate as a group." Organise a working group of the key risk management/control disciplines, perhaps, to identify areas causing the organisation the greatest pain. Identify one or two key areas to focus on, and do a 'deep dive' into them to truly understand the impact to the risk and control units, and the business at large. By doing this you will be in a better position to articulate the benefits of the convergence effort in practical terms.
Understanding the benefit allows you to prioritise the sequence of enhancement initiatives and subsequently take a top-down approach. Presenting a business case based on this type of information will increase the chances of C-suite sponsorship, sufficient budget and clear ownership of a mandate for a positive change.
The results of the survey indicate that risk management convergence is moving beyond a concept to a design principle that the industry believes is important. They also suggest that the journey is just beginning.
Ernst & Young is a leader in providing audit, tax and advisory services to the banking, capital markets, asset management and insurance sectors within the financial services industry. Further information about Ernst & Young and its approach to a variety of business issues can be found at www.ey.com/perspectives.
Chris Richardson (chris.richardson@ey.com) is a senior manager with Ernst & Young's financial services risk management practice.
Only users who have a paid subscription or are part of a corporate subscription are able to print or copy content.
To access these options, along with all other subscription benefits, please contact info@risk.net or view our subscription options here: http://subscriptions.risk.net/subscribe
You are currently unable to print this content. Please contact info@risk.net to find out more.
You are currently unable to copy this content. Please contact info@risk.net to find out more.
Copyright Infopro Digital Limited. All rights reserved.
You may share this content using our article tools. Printing this content is for the sole use of the Authorised User (named subscriber), as outlined in our terms and conditions - https://www.infopro-insight.com/terms-conditions/insight-subscriptions/
If you would like to purchase additional rights please email info@risk.net
Copyright Infopro Digital Limited. All rights reserved.
You may share this content using our article tools. Copying this content is for the sole use of the Authorised User (named subscriber), as outlined in our terms and conditions - https://www.infopro-insight.com/terms-conditions/insight-subscriptions/
If you would like to purchase additional rights please email info@risk.net
More on Risk management
Grim repo warning spotlights BNP Paribas booking model
Federal regulators may be targeting French bank’s Paris-based book of US Treasuries
Lifetime achievement award: Stephen Kealhofer
Risk Awards 2023: KMV co-founder helped usher in a new era of credit risk analysis – at banks and investors
Risk Awards 2023: The winners
BNP Paribas takes top derivatives prize, lifetime award for Stephen Kealhofer, Nomura wins rates
Markets Technology Awards 2023: This year’s model
Vendors are offering greater modelling flexibility. What if that’s not enough?
Op risk data: Wells Fargo walloped to the tune of $1.7bn
Also: AML breaches at Danske and Santander; Russia’s Radiotechbank scammed. Data by ORX News
Court allows lawsuit against Credit Suisse to proceed
Shareholder alleges board and senior execs breached fiduciary duties by failing to oversee risk
NSCC and OCC to enhance co-operation on large cash calls
New deal would improve management of options expiries, but will stop short of cross-margining
Capitolis registers swap dealer in strategy refresh
Vendor’s SBSD registration may facilitate unique multi-seller platform for equity swap business