Ten Benefits to Having a Complete ERM Program. “I can’t give you any feedback on your Enterprise Risk Management ( ERM ) Program. You’re the only small community bank that at $250MM in assets, has a complete ERM Program. Keep doing what you’re doing.” Those were the words of our FDIC examiner when I presented to them the first complete ERM program for the bank I helped start. At that point back in 2012, the bank had just reached the $250MM asset size and was about seven years old. During another conversation, the FDIC examiners told me that the bank “had a strong foundation and a solid infrastructure.”

As the CFO & COO of the bank and later as the CRO, those words made me feel good and I can tell you I slept well the almost ten years I spent with the bank from inception until I left to start Malzahn Strategic. However, those words also left me with the feeling that I was on my own, with very little guidance to continue developing the ERM program. The lack of guidance is precisely one of the main reasons small community banks and credit unions are not ready, nor able in many cases, to create a complete ERM program. The other reason is because creating an ERM program is not, at least not yet for small community banks and credit unions under a certain asset size, a regulatory requirement.

I would never want more regulatory requirements for banks and credit unions. Instead, I strongly recommend that institutions under $500MM in assets establish a complete, yet simple, ERM program. There are several ERM software packages available. However, some are too expensive and too cumbersome for institutions to use. They simply don’t have the time, resources, internal expertise, or the energy to devote to such programs. But small community banks and credit unions don’t have to use those sophisticated and intimidating software packages. What the regulators want is for institutions to know all their risks, put mitigating factors in place, and be aware of the residual risks they have in every area. Regulators want to know that you know your story from the risk perspective.

Even though credit risk is one of the biggest risks for community financial institutions, they now also have to focus on other important risks such as technology and operational risk. Unfortunately all the risks are interrelated. If one high risk area is affected, the ripple effects flow to the other risk areas such as capital, earnings, legal, or reputational, for example.

There is the perception that creating a complete ERM program is monumental and institutions then tend to focus on certain pieces such as Cyber Security, or Compliance, or the Disaster Recovery Plan, and they are not looking at the “enterprise-wide” approach. They are missing opportunities to make their bank or credit union the best it can be. They are missing all the benefits of having a complete ERM program. So today I would like to share Ten Benefits to Having a Complete ERM Program:

1. Establish best practices enterprise-wide. When you create an ERM program, it forces you to look at your entire organization and many of the practices that get implemented are best practices that will help the organization overall, not just to mitigate a specific risk.
2. Increase efficiencies. The same way, as you establish new best practices, you find other ways of doing things and, as a byproduct, your institution becomes more efficient. Efficiency ratio is a key measurement of profitability and most are looking for ways to become more efficient.
3. Establish an ERM process. One of the best practices that you should establish is an “ERM process,” which means now you have a process to run new ideas through. For example, if you are thinking of adding a new division or a new product, you answer a series of questions such as “What are the new risks we will have by adding this new division or product?” and “How are we going to mitigate those new risks?” “Is the reward worth the new risks?” Going through this process will eliminate not only new unnecessary risks, but will also save your staff valuable time wasted on new products or divisions that may not be profitable.
4. Build the team. One of the best results of creating an ERM program is creating an ERM team. When creating an ERM team, carefully select one person from each area to represent that area and to bring their opinion and expertise to the table. This practice not only helps create a complete program but it also builds the team. Now each team member learns about other areas and learns the importance of each of those areas. They also see how the organization works as a whole, as one company.
5. Create awareness, enterprise-wide. When you establish an ERM program across the organization, employees learn about other areas and become aware of potential risks the company may encounter in the future. The program, as a byproduct, creates a “risk aware” culture. Everyone is looking out for the good of the company.
6. Opportunity to assess risk, enterprise-wide. The process of conducting a risk assessment organization-wide, uncovers risks that most owners/leaders had not thought about in the past. As you put in place mitigating factors, and educate the staff, you improve processes across the board and are able to eliminate some of the risks.
7. Prepare for the future. There is nothing like knowing your current risks and potential new risks to help you prepare for the future. The process of testing your processes, current systems, disaster recovery plan, or business continuity plan, opens your eyes to be prepared for the future.
8. Create accountability. The ERM team meets with regularity through the year (even as little as quarterly) and team members have an on-going list of monitoring and reporting tasks. Results of testing, running new products through the ERM process, and the reporting to the Board of Directors, creates continued accountability within the organization.
9. Educate and involve the Board of Directors. Very few community banks or credit unions have completed a Board Risk Appetite and Tolerance Statement. But this is a very important step to complete. This is the summary of all your institution’s policies along with the level of tolerance/risk you’re willing to take in the various risk categories. From here, you can sound the alarm when you are approaching the high level of tolerance in the various risk categories.
10. Create a sound infrastructure and a solid foundation. Putting in place a complete, yet simple, ERM program, in the end creates a sound infrastructure and a solid foundation upon which your institution will grow into the future.

Tell your story from the risk perspective. Once your ERM program is complete you will feel equipped to tell your institution’s story from the risk perspective—not just the credit risk perspective but from all potential risks you could possibly be faced with now and in the future.

NASCAR Racing and Strategic Planning – What it Takes to Win the Race! I recently went with my husband and son to the Kansas Speedway in Kansas City, KS to watch my very first NASCAR (National Association for Stock Car Auto Racing) race. The experience was amazing and one I will never forget.

In the middle of the race (when cars were going around and around and there were no cautions for about one hundred laps) I got inspired to write this article as I saw a clear analogy between NASCAR racing and strategic planning. Since I had no paper or pen, I typed myself an email on my phone! Needless to say, it took me a while to type this entire article with one finger yet I thought it was worth it to share with you my observations as a result of this wonderful experience:

• I reflected on the importance of each race team having a strategic plan that everyone knows and understands. If only the driver knows the plan and the vision then the crew cannot support him/her. The same way, you can’t lead and run a company on your own. You need your crew and they need to know the specific strategies to win the race. Every person on the team has a job to do in order to win. If one lug nut is not tight correctly on the wheel, the car can lose that wheel and will be out of the race. At the minimum, will lose valuable time that can cost the team the victory.

• The driver is key but is not the most important person on the team. He/she drives the car but if the car is no good, he/she, nor the team, are going anywhere…the crew that prepares the car and supports the driver is hugely important to win the race. For example, if their driver is in first place and goes to the pit for gas or to change tires and the crew is not fast and accurate, the driver can lose the first place easily—in a matter of milliseconds.

• I also noticed there is constant communication on the ground among the team and between the “spotter” and the driver. The same should happen in a company. The leader needs to communicate with the leadership team and they, in turn, should communicate with the rest of the staff continually in order to keep the momentum going.

• The NASCAR teams are very organized and do things orderly. They follow rules. Every game, every sport, every team, every industry has rules. The best players follow the rules. They take them seriously because there are consequences and penalties if they violate the rules. In NASCAR’s case, someone can die if they don’t follow rules. Even though in corporate America daily decisions may not be life or death, the decisions leaders make do affect the lives of the employees.

• There are things ahead that only the driver can see or feel. He/she needs to communicate and alert the crew immediately to come up with a plan of action. For example, the driver may be the only one to notice that something is wrong with the car. At the same time, there are things ahead that only the spotter can see and need to tell the driver to watch for it. For example, if the spotter sees a wreckage and there is a fire, he/she needs to tell the driver if he/she can get through the smoke or not. If the driver makes a bad move, he/she can wreck and completely lose his car and in some instances his/her own life. The entire team loses—no car, no team. They have to trust each other. The driver’s life may depend on it. Again, the same happens in a company. Sometimes the leader sees things ahead and other times the staff sees things that are coming up that could affect the company’s performance.

• You could say the race is not fair. One driver could have the lead for most of the race (even one hundred laps!) and lose at the very last minute because of a wreck caused by one bad move or by another driver that cut him/her off or hit his/her car at the wrong angle and sent him/her spinning off the track. The same happens in life. Your company can be doing excellent for many years and all of a sudden the unexpected happens. One of your key employees leaves, or the market crashes, or a new competitor comes to town. It can be anything and you need to keep in mind that in those moments is when you have opportunities to start over or fix things that have been broken or on hold for a while in your company.

• I also noticed that if there were no cautions and the cars just went around and around it becomes boring. There is no action or adventure. That’s when companies get in a routine and start doing the same thing over and over. The employees become unchallenged, the customers get bored, and the leadership becomes stale. It’s time for a change and move things around. Time to introduce new ideas and do things differently.

• Finishing the race is what matters in the end. There was one car who went to the garage four times and every time he started a lap he had to go back and get something else fixed but he/she finished the race. In fact, drivers are rewarded with points for every race they finish regardless of how many laps they were behind. What goes on their record is that they finished. The same happens in business. Every time a company tries something new and it doesn’t work, the team needs to figure out new strategies to continue the race but they must never give up. They must finish the race.

Even though all the teams want to win and they all have strategies, there is only one winner. Only one driver and one team gets the trophy. Only one driver gets to do the “burnout” after crossing the checkered flag! Sometimes, however, even when you have the best team and the best strategy, life may throw a dart at you and your company and you don’t win. In those moments, you need to remember past successes, gather your team, pick up the pieces and with your head up, start over. The most important thing is to never give up and finish your race!