Governing Risk: A Top-Down Approach to Achieving Integrated Risk Management

by Joan McGowan, January 13, 2016
Industry Trends
Global

Abstract

In reaction to the business failures of the early 2000s, many large financial institutions worldwide spent in excess of $25 million on rolling out enterprise risk management (ERM) frameworks. These initiatives failed and left institutions in a deeply vulnerable position as they faced the fallout of the financial crisis. One of the most notable reasons for this large scale failure was that the lack of engagement by the Boards of Directors and executive management in risk strategies and risk functions. They were satisfied that risks were adequately measured if their organizations were compliant. Ultimately, they failed to understand and take accountability for complex risks that spanned multiple businesses lines and support functions.

In the report Governing Risk: A Top-Down Approach to Achieving Integrated Risk Management, Celent provides a risk management taxonomy and governance framework that enables institutions and their technology partners to address the myriad of risks facing financial institutions in a structured and holistic way. Such a framework will quickly pay for itself by helping institutions avoid large-scale fines and reputational damage, as well as allow management to focus on optimizing long-term value creation within the bounds dictated by the institution’s risk appetite.

To fully integrate risk management, financial institutions must take a phased approach to the different risk disciplines. Prioritization begins by creating a risk governance framework that is owned by the Board.

“A strong governance framework should provide clear and cohesive guidance, policies, procedures, controls, and communication across the organization. And, most importantly, the technology enablers (big data crunching techniques, in-memory computing and dynamic reporting) are now readily available to make the implementation of an integrated risk management program much easier,” says Joan McGowan, a senior analyst with Celent’s Banking practice and author of the report.

The report looks at best practices for integrating risk governance, conduct risk, model risk management, stress-testing, and operational risk. It addresses the regulatory challenges financial institutions face and shows how a strong compliance foundation can not only check the box, but also add value to a bank’s risk program and provide greater confidence in the organization’s ability to innovate safely.

Celent is a research and advisory firm dedicated to helping financial institutions formulate comprehensive business and technology strategies. Celent publishes reports identifying trends and best practices in financial services technology and conducts consulting engagements for financial institutions looking to use technology to enhance existing business processes or launch new business strategies. With a team of internationally based analysts, Celent is uniquely positioned to offer strategic advice and market insights on a global basis. Celent is a member of the Oliver Wyman Group, which is a wholly-owned operating unit of Marsh & McLennan Companies [NYSE: MMC].

Media Contacts

North America
Michele Pace
mpace@celent.com
Tel: +1 212 345 1366

Europe (London)
Chris Williams
cwilliams@celent.com
Tel: +44 (0)782 448 3336

Asia (Tokyo)
Yumi Nagaoka
ynagaoka@celent.com
Tel.: +81 3 3500 3023

Table of Contents

Executive Summary

1

Introduction

2

 

Key Research Questions

3

Celent Risk Taxonomy

4

Risk Governance

5

 

The Three Lines of Defense

5

 

Regulators’ Call to Action

6

 

Integrated Risk Governance Framework

7

 

Risk Governance Best Practice Approach

8

Conduct Risk

10

 

Regulators Demand Increased Risk Ownership

11

 

Conduct Risk Management Framework

13

 

Conduct Risk Governance Best Practice Approach

14

Model Risk Management

16

 

Modeling Taken Out of the Hands of the Modelers

16

 

Model Risk Management Policy Framework

17

 

Model Risk Management Best Practice Approach

17

Enterprise Stress Testing

19

 

Stressing Over Tests

19

 

Stress Testing Consequences

22

 

Stress Testing Challenges

22

 

Stress Testing Best Practice Approach

23

Operational Risk Management

25

 

Regulators Demand More Work

25

 

Operational Risk Management Framework

25

 

Operational Risk Management Best Practice Approach

26

Data Aggregation and Risk Analytics

28

 

Regulators Set the Bar High for Risk and Finance Data

28

 

Finance and Risk Data Integration

30

 

Risk Analytics

31

 

Reporting and Data Visualization

32

Impact and Recommendations

34

Appendix

35

Leveraging Celent’s Expertise

37

 

Support for Financial Institutions

37

 

Support for Vendors

37

Related Celent Research

38

Sign in to download reports and access personalized information