Enterprise Risk Management – a bank’s size matters

Susan Schmidt Bies

Bies's main theme was that Enterprise Risk Management (ERM) should be an integral part of any bank's business but that there was no single solution for all banks. She said that "all banking institutions should seek ways to improve risk management, but that the methods to improve risk management should depend on the size and sophistication of the institution". Bies used the example of compliance risk in highlighting the differing challenges that firms of different sizes faced. She stressed the need for the compliance function to be dynamic and proactive and to be involved when businesses or processes were changed and not just for regulatory changes.

Bies was supportive of the use of the COSO framework as a basis of ERM citing its flexibility for use by both small and large entities. This recommendation may not have the support of all as there are many in Europe and the US who believe that COSO is excessively prescriptive and process driven. She was, however, on more popular territory in emphasising the increasing importance of operational risk and its increasing relevance today for bankers who have been able to shed much of their interest and credit risk through the use of financial products. Information security was also an example of an area where regulators were intensifying their efforts and where enterprise-wide approach was needed.

In conclusion, Bies said that regulators wished to see risk management and corporate governance structures in proportion to their business activities and risk taking. "It simply does not make sense for small organisations to adopt the most sophisticated risk management practices – but that does not absolve such smaller institutions of their responsibility to improve risk management".