ERM: is the industry all bark and no bite?

Although some 65% of financial services firms responding to OpRisk & Compliance’s latest intelligence survey say they have an enterprise-wide risk management (ERM) strategy in place, industry experts say that this may be a case of all bark and no bite.

This latest survey – sponsored by Dublin-based financial services risk management software firm Ci3 – showed that firms are preparing to spend a substantial portion of their budget on enterprise-wide risk management over the coming year, and believe that there are solid benefits to instilling an ERM culture in their organisations.

Nearly two-thirds of firms expect to achieve improved overall business operations and efficiencies from ERM and 47% say they expect greater overall transparency in the organisation. Meanwhile, 45% are hoping for improved product pricing and risk capital allocation.

However, implementing ERM is down to a "business case" argument, even though many regulators are backing a move toward ERM – especially the US Federal Reserve and the UK Financial Services Authority. This may be, in part, down to a different perception about what the "outputs" of ERM should be. The benefits that these regulators are interested in – greater board of director involvement in the company and better corporate disclosure and reporting – are only expected as benefits of ERM implementation by 35% of the firms that responded to the OpRisk & Compliance survey.

In a separate question on the benefits of an ERM program, firms indicated that "instilling a firm-wide risk management culture" was their top reason for implementing a framework, while "better information about risks reported to senior management" ranked second and the integration of credit, operational and market risks ranked third. Implementing ERM for "compliance with regulatory ‘push’ for ERM at firms" and for "easier implementation of Basel II" ranked last.

So firms do not seem to see ERM as a "compliance" issue as such, which industry observers say may be hampering its ability to get budget and resources within firms up until now. Asked if he thinks firms are doing enough to implement ERM, Richard Pike, SWORD product director at Ci3 in Dublin, said: "Definitely not. It seems that everyone sees that ERM is beneficial but very few have actually grasped the nettle. Either they are too busy with Basel, SOX, and so on, or they just haven’t got their heads around it."

Adds Pike: "If people see that an ERM program will help with the overall compliance headache that they have, I think it will blossom, otherwise it may go nowhere as they concentrate on compliance tasks first. Of course, if the regulators make Basel II pillar II a focus of ERM, which they seem to be doing in some markets, then it will get very serious in the next year or so."

Many op risk executives note that there has been perennial optimism around ERM – it is a subject that has been discussed by consultants and industry thought leaders as a kind of holy grail for the better part of a decade now. But, as Pike notes, as an initiative, it often gets pushed aside as funds are spent on specific compliance initiatives with targeted deadlines.

In fact, some 64% of firms have not purchased a software product to help facilitate enterprise-wide risk management. Given the size and scope of the ERM project, one risk management executive at a top London bank says this is fairly shocking but not unexpected – in fact, although such a high number don’t have a solution in place, only 26% cited a lack of a technology product as a challenge when implementing ERM. Also, about 35% of respondents have no intention of buying a technology platform that can integrate op risk and ERM, in spite of the logic of doing so.

One of the biggest challenges of implementing ERM at the moment seems to be people-focused. Forty-seven per cent of respondents cited the "lack of appropriate people" to implement an ERM program as a challenge their firm faces, making it the top challenge. A "lack of understanding by business unit heads" ranked second, with 44% of respondents selecting that factor, while "a lack of financial return for what is an expensive project" ranked third with 32%. Twenty-nine per cent cited a lack of support from senior management, while 26% said they were faced with a lack of adequate financial resources.

In the free-form section of this question, respondents added that issues such as "ambiguity around ERM definition and operationalisation", "a basic lack of risk appetite and knowledge in the company", and "people skills and knowledge about ERM practices" were roadblocks. Wrote one respondent: "The person in charge is not qualified. He is just there for window-dressing. Thus, it reflects management’s commitment."

Spending on ERM has also not been as strong as many would have liked. The top spending item has been "staff", with spending on technology second and management third. While specific data on past spending was not collected in this survey, one can assume that spending has not been robust since an earlier question showed that 64% haven’t actually purchased a software product.

However, many respondents did say that spending is set to rise in 2007, with 31% predicting an increase between 10% and 24%, while 23% saw an increase between 1% and 9%.

But on the other side of the coin, 22% of respondents don’t expect a change in spending on ERM by their firms in spite of all the talk and the interest by regulators, while 18% are actually anticipating a decrease.

So has a new day dawned for enterprise-wide risk management? The answer is far from clear, in spite of the renewed emphasis being placed on this subject by regulators and industry thought leaders. OR&C


sponsor’s analysis

url: tel: 00 353 1662 4233

The Survey of Enterprise Risk Management by Operational Risk & Compliance, in partnership with SWORD, makes it clear that the respondents understand the benefits of a clear enterprise risk management (ERM) framework but seem to be having problems articulating the benefits and convincing senior management to devote resources to such a project.

Enterprise risk management involves the creation of a risk management framework that covers all risk types in a firm. For anyone working in a senior risk management capacity, it is obvious that this kind of joined-up thinking across the entire organisation has great benefits in terms of clarity, risk ownership and risk mitigation. While the survey shows that 65% of institutions do indeed have a strategy in this regard, only 29% have purchased a system to bring this strategy to life.

As identified in the survey, many people see the challenge to ERM being a lack of buy-in from the business and a lack of appropriately skilled resources. We suggest that the current compliance projects be used to assist in this area. If an institution were to take an holistic view of risk management and compliance, it is possible to create one single overarching risk and control framework to cover all risk types and all compliance requirements.

Such an approach will also enable risk teams to utilise resources that currently work on compliance programs (like SOX) and leverage the firm’s expenditure in these areas.

The survey also shows that creating a firmwide risk culture is a key benefit in ERM. If people can be shown that the risk and compliance efforts are part of one overall framework it should help to instil this culture at a quicker pace than usually possible. This may also help to release the resources necessary to implement the ERM strategy which is what most risk managers strive to achieve.

Only users who have a paid subscription or are part of a corporate subscription are able to print or copy content.

To access these options, along with all other subscription benefits, please contact or view our subscription options here:

You are currently unable to copy this content. Please contact to find out more.

You need to sign in to use this feature. If you don’t have a account, please register for a trial.

Sign in
You are currently on corporate access.

To use this feature you will need an individual account. If you have one already please sign in.

Sign in.

Alternatively you can request an individual account here