
Convergence is key
SPONSORED STATEMENT
Global companies are elevating to mission-critical status the need to converge and better co-ordinate risk and control activities, according to a Risk Convergence Market Pulse online survey conducted by Ernst & Young and OpRisk & Compliance. Of the 92 organisations surveyed, 84 report that these tasks are now 'imperative' or 'very important'.
Despite near unanimous agreement about the necessity of convergence, there remains some debate as to why it is so important. Nearly all respondents (97%) believe improving the quality of risk information is the driver, followed closely by providing an enterprise-wide view of risk, clarifying roles and responsibilities, and managing costs. Half the companies surveyed go on to cite growing risk management fatigue and the need to expend significant time and money to comply with risk requirements as frequent issues and challenges within risk management and regulatory compliance programmes.
Given these myriad responses, it is not surprising to find organisations citing the chief risk officer as the most likely sponsor of convergence and co-ordination activities, followed closely by the board/chief executive officer.
Chris Richardson, a senior manager in Ernst & Young's financial services risk management practice, advises companies that there are some fundamental operating model considerations that, if employed, can improve both the quality of risk information and the underlying processes. "However, most organisations are starting from the bottom up in one area: responding to the business comments around fatigue," he cautions. "Therefore, they can lose sight of the real driver: the multidimensional provision of quality risk information across the entire organisation. This must include defining business requirements, data requirements and technology enablers across the risk management functions before initiating work." For companies to realise this holistic vision, Richardson adds, risk management convergence must be a 'top-of-the-house' decision.
Survey respondents agree that they face significant hurdles in obtaining joint development and buy-in as well as an inherent lack of flexibility and resistance to change. In fact, 57% of the respondents cite these issues as either 'very challenging' or 'challenging' as they design or implement risk management convergence solutions. Expect this trend to be exacerbated if the C-suite does not sponsor this agenda; C-level support offers a way to get people inside an organisation to co-operate.
Approximately 37% of respondents are also challenged by the need for improved communication and the development of clear messages. The business case for risk management convergence in an organisation is a very important tool – it is critical to get it right. It must articulate the vision, roles and responsibilities, and accountability of affected functions as well as state the benefits. So why is this difficult to communicate?
Historically, operational risk and compliance practioners have been focused on the measurement and management of operational risk. They have not focused on articulating the benefits of performing certain activities or identifying the positive effects of observing and analysing loss and indicator data with compliance or audit findings. But the business units are beginning to expect more value from the risk management investment, and no longer see project plans or descriptions of near misses as sufficient. These expectations put the risk management community outside its collective comfort zone. Focusing on the sole components of operational risk, compliance and information security frameworks is no longer enough. Risk practitioners need to take a step back and contemplate a new and different way of operating. But today, confusion prevails: a majority of survey respondents (52%) agree that their target operating model is difficult to define. No wonder organisations are finding the business case difficult to articulate.
Finally, respondents note that messaging to the regulatory community, while important, does not present a significant challenge. Clearly, risk management convergence aims to enhance risk management practices; it does not aim to reduce risk coverage or levels of assurance. Respondents equally support the view that risk management convergence does not require a massive re-engineering programme, reinforcing the view that most see a series of relatively smaller projects as the way forward.
Given the responses to the survey, a logical question arises: "What do I do next?" Ernst & Young's Richardson offers the following: "It is C-suite buy-in you're aiming for, so the risk functions need to collaborate as a group." Organise a working group of the key risk management/control disciplines, perhaps, to identify areas causing the organisation the greatest pain. Identify one or two key areas to focus on, and do a 'deep dive' into them to truly understand the impact to the risk and control units, and the business at large. By doing this you will be in a better position to articulate the benefits of the convergence effort in practical terms.
Understanding the benefit allows you to prioritise the sequence of enhancement initiatives and subsequently take a top-down approach. Presenting a business case based on this type of information will increase the chances of C-suite sponsorship, sufficient budget and clear ownership of a mandate for a positive change.
The results of the survey indicate that risk management convergence is moving beyond a concept to a design principle that the industry believes is important. They also suggest that the journey is just beginning.
Ernst & Young is a leader in providing audit, tax and advisory services to the banking, capital markets, asset management and insurance sectors within the financial services industry. Further information about Ernst & Young and its approach to a variety of business issues can be found at www.ey.com/perspectives.
Chris Richardson (chris.richardson@ey.com) is a senior manager with Ernst & Young's financial services risk management practice.
Only users who have a paid subscription or are part of a corporate subscription are able to print or copy content.
To access these options, along with all other subscription benefits, please contact info@risk.net or view our subscription options here: http://subscriptions.risk.net/subscribe
You are currently unable to print this content. Please contact info@risk.net to find out more.
You are currently unable to copy this content. Please contact info@risk.net to find out more.
Copyright Infopro Digital Limited. All rights reserved.
You may share this content using our article tools. Printing this content is for the sole use of the Authorised User (named subscriber), as outlined in our terms and conditions - https://www.infopro-insight.com/terms-conditions/insight-subscriptions/
If you would like to purchase additional rights please email info@risk.net
Copyright Infopro Digital Limited. All rights reserved.
You may share this content using our article tools. Copying this content is for the sole use of the Authorised User (named subscriber), as outlined in our terms and conditions - https://www.infopro-insight.com/terms-conditions/insight-subscriptions/
If you would like to purchase additional rights please email info@risk.net
More on Risk management
UBS takeover of Credit Suisse to trigger higher G-Sib surcharge
At 14.2%, UBS’s CET1 capital ratio is more than sufficient to absorb the deal
Nasdaq exec criticises VAR models in erratic energy markets
FIA Boca 2023: Model being adopted by rivals is “bad choice” for unpredictable assets, says exchange tech official
Ice exec rejects cloud for critical infrastructure
FIA Boca 2023: SVP Bland “can’t imagine” outsourcing critical infrastructure; DRW’s Wilson warns of concentration risk
Dealing with multi-currency inventory risk in FX cash markets
A market-making model that considers correlation, transaction costs and market impact is presented
Top 10 operational risks: focus on third-party risk
Ion hack deals industry painful reminder on drawbacks of outsourcing
Capitolis chief risk officer to depart
Two months after firm registered as swap dealer, signatory of SEC filing announces retirement
Top 10 operational risks: focus on cyber risk
All firms fear data breach; smaller banks also concerned over IT disruption
One-fifth of CME clearing members hit by Ion hack
Advisory committee heard CFTC believed it could “play a more direct role” in cyber security practices