Risk Management (RM) is the core focus for Financial Institutions (FIs) of all size. RM can, in fact, create value. The pressure to have proper RM procedures in place has increased, given the attention that regulatory bodies have placed on such issues, as well as the introduction of stricter capital requirements.
Tackling RM problems and having suitable RM procedures in place has become an essential step before small banks can grow. Within small FIs, there is frequently a lack of understanding of what RM means and what aspects it can involve. Sometimes, RM is seen as the ability to trade and take risk to increase the returns, and other times, risk is seen just as a set of policies that are required but don’t provide a broader context. Occasionally, there is a very active and involved board that requests the implementation of RM practices, but due to the lack of knowledge at the operational level, such requests may never be implemented appropriately.
In my work I develop RM frameworks for small and medium sized banks considering all regulatory and legal requirements but also focusing on three major components of RM
- Risk Culture — Every employee and every stakeholder of an FI needs to understand the main sources of risks in the institution. This understanding should be incorporated into the daily workflow, and all processes, actions, and decisions need to reflect the exposure to risk. Employees should also understand that new sources of risk arise as business expands or increases. While a set of “best-practices” can be developed over time, no FI can reach the status of running free of uncalculated risk.
- Risk Structure and Policies — Policies provide the framework for RM. They organize the control mechanisms that help the FI operate in a sound manner. Structures ensure that the processes are well-defined and the sources of risk minimized. Certain aspects surrounding policies and structures are frequently defined in domestic laws and guidelines. The regulatory framework set by the rules of Bank for International Settlement and translated into domestic law requires a detailed set of rules, policies, and structures to steer risk management. In theory, a series of standard guidelines should exist around RM policies. However, they should be adjusted to reflect the state of development of the FI, the plan for future growth, and the prevalent rules for the industry. It is important that policies and guidelines reflect the particular character of an institution. Therefore, relying on “prefabricated templates” is not recommended. It is preferable to go through the effort of designing an organization’s own policies.
- Risk Reporting — RM should be considered a multi-step process that includes identifying, measuring, reporting, and managing risk. The main source of information for the risk manager, management, the board, and other potential stakeholders can be risk reports. As a result, it is important that such risk reports are produced incorporating information as accurately as possible and that the information is prioritized and well-documented.
On this site, I will provide more insight into my work with banks around the world on Risk Management