About a-team Marketing Services
The knowledge platform for the financial technology industry
The knowledge platform for the financial technology industry

A-Team Insight Blogs

The Fallacy of Managing Big Risks: Why Enterprise Risk Management (ERM) Often Fails to Deliver to Boards and What to Do About It

Subscribe to our newsletter

By Andrew Smart, Head of Enterprise Risk Management at KRM22.

Anyone who has served on the executive team or board of a regulated capital markets firm will have at least a passing familiarity with Enterprise Risk Management (ERM). Many have probably experienced it first hand, perhaps sitting through a presentation of the firm’s latest ‘Top 20’ risks. The usual suspects will likely have included market, credit, liquidity, counterparty, technology, cyber, third party / outsource, people, and conduct risk.

Enterprise Risk Management is a holistic, integrated, portfolio approach to risk management that focuses on consistently managing risks, regardless of type across the enterprise. The purpose of Enterprise Risk Management is to improve the firms’ ability to deliver its objectives and sustainably create shareholder value. One of the key outputs from the ERM process is an integrated view of the firm’s overall risk profile and how it is changing overtime. Risk exposures are typically consolidated through a risk taxonomy or hierarchy, thus enabling the reporting of ‘the big risks’. (Figure 1)

Figure 1 – Typical view of risk management 

An often-overlooked benefit of ERM is its use as a framework to understand the relationships and interactions between risk types as well as individual risks within these categories. Viewing risks through an ERM lens also highlights how individual risks rarely fit within a single risk type, as shown in figure 2.

The real value of ERM is the generation of insights that are not possible to uncover within the traditional risk type silos. These insights are the drivers behind better risk management and business decision-making.

Figure 2 – Understanding the relationships and interactions within risk types

Therefore, ERM delivers two core capabilities:

  1. The ability to consolidate risk exposures through risk types to provide a holistic, enterprise view of risk
  2. The ability to understand the relationships and interactions between risk types and individual risks to generate powerful insights that support better-informed business decision-making

Firms that leverage ERM platforms often focus on the first of these core capabilities, i.e. ‘the big risks’, leading them to miss out on the benefits that can be derived from the holistic view of relationships between different risks.

Typically, this means that for many executive teams and boards the implementation of an ERM approach results in a series of colour-coded dashboards which identify their ‘big risks’, but fail to provide an in-depth analysis to enable them to ask the right questions, challenge the right topics and drive the right conversations for better strategic and operational decisions.

Too often, those risk dashboards present the consolidated and aggregated risk exposure for the ‘Top 20’ risks types as defined at one point in time and have since been reported on each month or quarter, failing to take the rapid evolution of the risk landscape into account. Insights into the firm’s real risk profile, including the dynamic interaction between risks and the possible emergence of future risks or control weaknesses, therefore get lost within these consolidated and aggregated risk exposures. Whilst providing a consolidated view is of some value, it rarely provides actionable insight, leading to ERM fatigue on the executive and board level.

To drive board engagement in the ERM process and deliver powerful business insights, firms need to ensure that their ERM processes and systems deliver on both core capabilities. By understanding these relationships between risks, firms can drive a more engaging conversation with their boards, generating more insightful analysis and efficient reporting.

The fallacy of ERM is that it is about managing the ‘big risks’; in fact, this is, or should be, just one part of an ERM programme.

An ERM programme should deliver two core capabilities:

  1. The ability to consolidate risk exposures through risk types to provide a holistic, enterprise view of risk
  2. The ability to understand the relationships and interactions between risk types and individual risks to generate powerful insights that support better-informed business decision-making

Importantly, when implementing an ERM programme, firms should never lose sight of its real purpose – to enhance the firms’ ability to deliver its objectives and create sustainable shareholder value.

Subscribe to our newsletter

Related content

WEBINAR

Recorded Webinar: Proactive RegTech approaches to fighting financial crime

Financial crime is a global problem that costs the economy trillions of dollars a year, despite best efforts by financial services firms, regulators, and governments to stem the flow. As criminals become more sophisticated in how they commit financial crime, so too must capital markets participants working to challenge criminality and secure the global financial...

BLOG

Confluence Partners Manaos to Provide SFDR Reporting Solution

Confluence Technologies, a solutions provider helping investment managers solve complex data challenges, has partnered Manaos, the investment data management platform designed and incubated by the securities services business of BNP Paribas, to provide a reporting solution for Sustainable Finance Disclosures Regulation (SFDR). The partnership allows Confluence to provide an end-to-end SFDR solution to asset managers...

EVENT

RegTech Summit New York

Now in its 8th year, the RegTech Summit in New York will bring together the regtech ecosystem to explore how the North American capital markets financial industry can leverage technology to drive innovation, cut costs and support regulatory change.

GUIDE

Regulatory Data Handbook 2023 – Eleventh Edition

Welcome to the eleventh edition of A-Team Group’s Regulatory Data Handbook, a popular publication that covers new regulations in capital markets, tracks regulatory change, and provides advice on the data, data management and implementation requirements of more than 30 regulations across UK, European, US and Asia-Pacific capital markets. This edition of the handbook includes new...