Enterprise risk management (ERM) could help meet the challenges of key risk areas such as compliance risk and operational risk in the financial sector, said Susan Schmidt Bies, US banking supervisor and Member of the Board of Governors at the US Federal Reserve.
"Firms may be practicing good risk management on an exposure-by-exposure basis, but they may not be paying close enough attention to aggregation of exposures across the entire organisation" Schmidt Bies said at a recent Enterprise Risk Management Roundtable presentation. Whilst ERM is a broad subject and currently can mean different things to different people, it is able to meet the challenges posed by multiple risk types across complex and changing organisations. Last year, COSO published its ERM framework and it is this framework, with its eight interrelated components, which Schmidt Bies and the Roundtable are promoting.
Schmidt Bies identified both compliance risk and operational risk as two key risk areas where ERM could help financial firms. Compliance risk, which she defined as the risk of legal or regulatory sanctions, financial loss, or damage to an organisation's reputation and franchise value, arose when there was a failure to comply with the laws, regulations, or codes of conduct. Schmidt Bies said that the Federal Reserve expected banking organisations to have in place an infrastructure that could identify, monitor, and effectively control the compliance risks that they faced.
Regarding operational risk, bankers today can largely shed much of their interest-rate and credit risk through sales of loans, use of financial derivatives and sound models to manage the risks that are retained. However operational risk remained an internal task and the Federal Reserve was increasing its supervisory activities in this area and viewed that an increasing number of financial accounting failures were attributable to this type of risk.
Schmidt Bies went on to say "An enterprise-wide approach is appropriate for setting objectives across the organisation, instilling an enterprise-wide culture, and ensuring that key activities and risks are being monitored regularly. Senior management must be involved in ERM, since they are the ones who decide the level and types of risk the organisation is comfortable with accepting and what controls and risk mitigants will be employed. Organisations should look at the discipline of enterprise risk management as a way to ensure that they effectively deal with uncertainty and the associated risk and opportunity." | 
