Malzahn Strategic - Minneapolis, MN skyline

Ready for Takeoff

Ready for Takeoff

Ready for Takeoff? An Enterprise Risk Management Guide for Bank CEOs As a bank CEO, you are the pilot of a complex and dynamic aircraft—your institution. Just like an airplane pilot must ensure everything is in order before takeoff, you too must confirm that all aspects of your bank are ready for the journey ahead. This involves meticulous planning, adherence to regulations, assembling the right team, and preparing for potential challenges.

While the consequences of an airplane disaster differ from a bank failure, both scenarios significantly impact lives daily.

Let’s delve into the critical components and a straightforward “risk assessment” that ensure a successful flight:

The Right Crew

Your crew is pivotal to your bank’s success. Imagine your First Officer as your Senior Leadership Team. Are they prepared to step up if needed? Have they received the proper training, and has it been tested?

Consider the flight attendants—equivalent to your tellers, customer service representatives, universal bankers, personal bankers, and business development officers. Are they delivering top-notch customer service? What about your ground crew, representing your operations teams, credit administration, compliance, audit, risk, technology, and human resources? Are they efficient in their behind-the-scenes roles, ensuring smooth operations and customer satisfaction?

A successful airline crew works harmoniously, striving to be the best. Similarly, your bank’s employees must be proud of their roles and work together towards the common goal of being a top-tier institution.

The Right Processes

Processes are the backbone of both aviation and banking. Does every team member follow their specific job checklist? Are potential risks mitigated? For instance, has your bank passed its safety inspections and regulatory checks? Are employees up-to-date with their training, especially concerning new technologies and cybersecurity?

A pilot’s attention to weather and procedures before takeoff is akin to your focus on the bank’s environment and regulatory landscape. Rigorous processes ensure both planes and banks operate safely and efficiently.

The Right Services

In-flight services can make or break a passenger’s experience. Does your in-flight crew prepare adequately to ensure customer satisfaction? Similarly, your bank must offer services that meet your customers’ needs. Are you providing a range of products and services that cater to your clients?

Consider the marketing of your flights—are you promoting your bank’s offerings effectively? Just as airlines need to align their services with passenger expectations, your bank must continuously evolve to meet customer demands.

The Right Passengers

Passenger management is crucial for airlines, especially regarding those seated in the exit rows. They must be capable and willing to assist in emergencies. Likewise, in banking, you must ensure you have the right customers in key positions—your Centers of Influence (COIs). These are the clients who can bring new business, deposits, or serve on advisory boards.

Having the right passengers—or customers—ensures that in times of need, your bank can rely on them for support.

Translating the Analogy to Banking

In our analogy:

  • The pilot is you, the CEO.
  • The copilot or First Officer represents the bank’s Senior Leadership Team.
  • The flight attendants are your front-line employees—tellers, customer service reps, etc.
  • The ground crew includes your operations, compliance, risk, and other behind-the-scenes teams.
  • The passengers are your customers.

While a pilot’s responsibility is for passengers’ lives, a CEO’s responsibility extends to their customers’ livelihoods. Here’s a checklist to ensure your bank is “Ready for Takeoff”:

  • Do you have the right staff in place?
  • Is there a succession plan?
  • Are your employees continually trained on their roles, new technologies, and cybersecurity?
  • Is your bank safe and sound?
  • Are your COIs effectively placed to help grow and sustain the bank?
  • Are you effectively marketing your products and services?
  • Is your bank prepared for potential disasters?

As a bank CEO, this analogy aims to help you ask the right questions about risk management. Think of your bank holistically and understand how managing risk and enhancing the customer experience are intertwined. As you implement new strategic objectives, keep these questions in mind. Your goal is to confidently say, “Ready for takeoff,” ensuring your crew is prepared, your customers are satisfied, and your bank is secure, guiding you toward your vision.

As always, we’re here to help

Six Essential Components to Formalize Your ERM Program - Part II

Formalize your ERM Program

In Part I of this two-part blog, we focused on the first three components to help formalize your ERM program. They are: the Enterprise Risk Management (ERM) Risk Assessment, the ERM Policy, and the Board Risk Committee and its Charter. In Part II, we focus on the next three essential components that are also very important when formalizing your ERM Program.

Internal ERM Committee and Charter

One of the first steps in formalizing your ERM Program is to form an internal ERM Committee. One common question is, who should be on this committee? The number of members is not as important as having all the areas of the institution represented. One person can represent more than one area. Risk can come from any area of the institution so it’s crucial to protect every aspect of it. Let’s dig in deeper on the components of the internal ERM Committee Charter:

  • Purpose: To assist the Board in its oversight of management’s responsibility to identify and manage existing and emerging risks at the enterprise level. This encompasses the identification, mitigation, monitoring, reporting, and management of all risks. The Committee ensures then that the processes and resources to manage and mitigate the risks identified are adequate.
  • Goal: The goal is to assist the Board in understanding all the risks the institution faces as it accomplishes its vision and strategic objectives. The Committee establishes the program to help anticipate emerging risks, identify current risks, prioritize top risks, and manage all risks.
  • Role of the Risk Leader: We explain the role of the risk leader in the next component below.

Dedicated Risk Leader

One common mistake community banks and credit unions make is to give the “hat” of risk leader to an already full-time employee. This employee is typically the compliance officer, BSA officer, or internal auditor. While employees with these backgrounds are excellent candidates to lead risk management, they are already overloaded with these critical functions. Often, one person already has all these responsibilities plus now they must also be the new risk officer.

Part of the Board’s “tone at the top” regarding ERM is to allocate adequate resources to it. Naming an already full-time employee with this new responsibility does not provide the appropriate resources. The result is an incomplete ERM Program and a burnt-out employee. Another significant aspect of the Board’s support of ERM is to emphasize its importance by communicating to all staff. Giving an employee the risk leader’s responsibilities without the authority that goes with the job only leads to frustration.

Lastly, new risk leaders need training. Most often risk leaders come from other areas of the institution such as the ones listed above. Risk management may be completely new to them, and they need the appropriate training and resources.

Risk Leader Responsibilities

The titles for the risk leader vary. But the most common are Vice President of Risk Management, Risk Manager, Risk Management Officer, Risk Officer, and Chief Risk Officer. Below are the responsibilities of a dedicated Risk Leader.

  • The primary responsibility is to develop a comprehensive enterprise-wide program to include all the institution’s areas and ensure it’s followed. The risk leader ensures the implementation of sound policies, processes, procedures, and best practices. Risk leaders lead the effort to identify and mitigate existing and emerging risks. Lastly, they are responsible for monitoring all mitigating activities, and report on all efforts to the Board regularly.
  • Chair the internal ERM Committee meetings. Ensure someone documents the minutes of the meetings and provides them to the Board.
  • Create awareness enterprise wide about the ERM Program and educate all staff on its purpose and what it entails.
  • Build the team as one person cannot implement nor maintain the entire ERM Program.
  • If the risk leader is in the role of Chief Risk Officer, this role oversees other areas. Some of those areas include compliance, audit, IT Security Officer, CRA, collections, and fraud.

Board Risk Appetite and Tolerance Statement

There is some confusion as to what this “statement” entails. Typically, institutions write one-paragraph describing their “appetite statement” and that’s it. Very few understand the depth of this document and what it tells the reader, which is typically examiners and auditors.

The Board Risk Appetite and Tolerance Statement describes the Board’s appetite for risk and the tolerances established for each risk category. The “appetite” is the qualitative part of the statement that describes the “what,” your pursuit of risk. In other words, what products and services your institution wants to offer to your customers. It also describes what initiatives you’re willing to embark on and your level of risk appetite for every risk category.

The “tolerance” is the quantitative part of the statement that describes how much you’re willing to lose. Again, your level of tolerance for risk in each risk category. The risk categories include Credit, Liquidity, Interest Rate Risk, Technology, Operational, Reputation, HR, Compliance/Regulatory/ Legal, Model, Capital, Customer, and Earnings.

When to Start Formalizing Your ERM Program

If your institution is below $500 million in assets, examiners may only provide best practices and recommendations. They ensure you have the big components under the ERM Program. They include Cybersecurity, IT, DRP, BCM, Compliance, Audit, Liquidity Contingency Plan, Capital Plan, and Vendor Management. If your institution’s asset size is between $500 million and $1 billion, examiners will start asking you about formalizing your ERM Program. Once you reach the $1 billion asset size, you are expected to have a more comprehensive and formal ERM Program. Incorporate the six essential components to formalize your ERM Program described here, and you will be on your way.

Hopefully this two-part blog that describes the six key components to formalize your ERM Program helps you start the process. If you need help formalizing your ERM Program, feel free to reach out. As always, we’re here to help!

Books by Marcia Malzahn