Enterprise risk management (ERM) requires a “robust framework design and collaborative approach to capture a black swan event before its occurrence,” said Brenda Boultwood, Senior Vice President of Industry Solutions at MetricStream. She was the second of two speakers at the GARP-sponsored webinar on Black Swans and Reputational Risk held on August 26, 2014.
Black swan events are “close to impossible to estimate impact and likelihood,” such as the Japan 2011 tsunami, or Hurricane Katrina. The complexity of these types of risk “requires that we focus on what is most important” in strategic risk management, said Boultwood, naming four principal areas: regulatory compliance, market conditions, competition, and the organization’s internal environment.
Boultwood identified some trends in emerging risks. They become prominent when the business process is changing (such as during mergers & acquisitions) and they often involve new product development (examples she cited are mobile banking and multi-family lending).
ERM is witnessing a convergence of several areas including operational, IT, regulatory, credit and market risks. There is an increasing pace of regulatory changes as well as stringent enforcement and information overload. But the stakes are higher than ever—with attention from rating agencies, board of directors, and investors.
Unreliable quantitative risk metrics, especially for black swan events, is forcing an evolution in the approach to risk management, said Boultwood. She cited concerns over the application of the VaR model, and an over-dependency on historical data, as well as omission of key risks.
The solution, said Boultwood, is to build an risk framework that would apply end-to-end to business processes. This framework would be part of an integrated approach, supported by governance processes that establish the right risk appetite.
An integrated risk framework would leverage risk analytics to visualize emerging risks and would build stronger key risk indicators (KRIs) that are linked to the emerging risks and are defined by the business units themselves.
A 360 degree risk assessment will help determine the risk appetite. She emphasized the “need to understand how [different components of risk] are linked to the organization, and what customer groups and suppliers” are affected.
Boultwood showed the plan risk treatment, which is a graph on severity versus frequency axes that helps organizations choose whether to mitigate, avoid, accept, or transfer risk. [See diagram.]
Organizations must build a robust risk management program and Boultwood urged the audience to see technology as the enabler. It will identify and document risks, assess and analyze risks from multiple perspectives (including KRI reporting and heat maps), and monitor and report risks.
A good ERM system “will allow us to establish risk intelligence for business performance,” she said. Approaching ERM nirvana? ª
Click here to view the webinar, Black Swans, Reputational Damage and Strategic Risks: The 360-Degree ERM Solution. Brenda Boultwood’s portion covers slides 20 to 45.