Malzahn Strategic - Minneapolis, MN skyline

Six Essential Components to Formalize Your ERM Program - Part I

Six Essential Components to Formalize Your ERM Program - Part I

Your institution may be missing six essential components to formalize your ERM program. Enterprise Risk Management (ERM) is like a puzzle made of several essential components. The ERM Program has sub-programs under it and all institutions have most of the sub-programs in place. However, they lack six essential components to formalize their overall ERM Program.

In Part I of this two-part blog, we’ll focus on the first three components:

ERM Risk Assessment

Bankers who attend our ERM webinars, share that they have never conducted an overall ERM Risk Assessment. Community banks and credit unions conduct dozens of risk assessments yet lack this foundational one to formalize their ERM Program. The goal of this risk assessment is to identify the top risks of the institution along with the mitigating strategies. This two-page report is what the Board needs to understand their top risks.

Clients ask how many risks should be considered “top risks” from all the ones identified through the ERM Risk Assessment. Typically, you identify over twenty risks, but we recommend listing the top ten. It is difficult to focus on more than ten. Having said that, your institution still must watch all the risks identified in the process at the same time.

We assess 14 risk categories when conducting an ERM Risk Assessment for our clients. They are: Liquidity, Interest Rate Risk (IRR), Capital, Earnings, Compliance/Regulatory and Legal, Technology, Operational, Model, Customer, Human Resources, Credit, Strategic, and Reputation. This list is longer than the one provided by some regulators. However, it makes it a comprehensive assessment of all the risk categories at the highest level.

The result of this assessment is to arrive at your top risks and understand the existing mitigating strategies. And also, to continually improve. We list the plans for improvement under each risk category with a responsible person and timeline assigned to each task.

Enterprise Risk Management Policy

Part of formalizing your ERM Program is to establish the policy that your institution will abide by. The policy addresses the ERM framework for your organization and should cover the following sections:

  • Risk Governance: Describe the risk governance structure and where the ERM function is within the institution. This section describes your lines of defense to manage risk at all levels. This section lists the roles and responsibilities of the Board, Risk Committee, Senior Leadership, and the Risk leader.
  • ERM Function and Committee: It is important to form an internal ERM Committee where all areas of the organization are represented. This section describes the responsibilities of the internal ERM Committee which is primarily to provide an independent oversight of ERM. If your institution has an ERM department then list the function and who comprises the team.
  • Risk Categories: List all the risk categories your institution assesses during the ERM Risk Assessment and what you do with the results.
  • Risk Appetite and Tolerances: Your policy should describe your institution’s appetite for risk and how you plan to manage those risks. The policy states that you use tolerances (or metrics) to measure the risk taken in each risk category. It also states how you ensure your institution stays within your tolerances.
  • Risk Culture: It is important to include your institution’s risk culture and how you communicate with the entire staff about your approach to risk management. This statement should always include the “tone at the top” regarding risk culture.
  • Risk Management Processes: This section describes how you approach your risk management activities. The three phases of ERM are risk identification and assessment, risk mitigation and elimination, and measuring, monitoring, and reporting.
  • Annual Policy Review: Finally, your policy states that the Board of Directors reviews and approves the policy annually.

Board Risk Committee and Charter

It’s surprising how few community banks and credit unions have a formal Board Risk Committee. Some directors confuse it with the Audit Committee and feel they are covered. Credit Unions have a Supervisory Committee but that’s not the same as a Risk Committee either. The purpose of the Board Risk Committee is to oversee the overall risk management of the institution. It focuses on identifying and managing current and emerging risks to the institution. This function is different from the Audit Committee’s function to oversee the audit function and financial controls.

Each Board Committee must have its own Charter with the following sections:

  • Purpose and Authority: This section describes the purpose of the Risk Committee and the authority of the committee on the various functions.
  • Composition and Meetings: The Charter specifies how many times per year the Committee meets, the minimum number of directors, and the members. Other areas listed are the term of the office, who the committee chair is, and how the minutes are handled.
  • Responsibilities and Duties: This section describes the general responsibility of the Committee, the risk management framework, and the duties of the Risk Officer.
  • Annual ERM Program Performance Evaluation: The internal ERM Committee reviews and updates the entire ERM Program and the components. They then present it to the Board Risk Committee for their approval. Lastly, the Board Risk Committee presents it to the entire Board for final approval.

In Part I we focused on the first three of the six essential components to formalize your ERM Program. In Part II of this blog, we will focus on the next three essential components. They are the Internal ERM Committee and Charter, the dedicated ERM Leader, and the Board Risk Appetite and Tolerance Statement.

If you need help formalizing your ERM Program, feel free to reach out. We’re here to help!

Part 2 is here!


12 Online Banking Features That Are Essential for Business Success

12 Online Banking Features That Are Essential for Business Success

After working with many institutions over the years, we’re convinced that there are a minimum of 12 online banking features that are essential for business success. One of the most important systems your institution invests in is your Online Banking Platform (OLB) – yet many of our clients have purchased OLB systems that are missing several features and are not able to offer them as services.

The Online Banking Platform is the primary delivery mechanism through which business customers access your treasury management services. It is the foundation of your business-focused digital banking strategy. Your Online Banking Platform, at a minimum, must be available 24 hours per day and offer complete access via web and mobile interfaces. Today, we’re focusing on the web-based online banking capabilities and their integration with treasury management services.

Let’s Evaluate your Current Business Offerings:

  1. Does your Online Banking Platform integrate well with your core system?
    1. Rate your institution from 1-5 with a 1 having no integration and a 5 with a completely human “hands off” integration.
  2. Does your Online Banking Platform integrate well with each of the TM services you offer your business customers?
    1. Rate your institution from 1-5 with a 1 having no integration to backend TM services and a 5 with a completely human “hands off” integration.
  3. Do you have a separate OLB Platform for consumers and businesses?
    1. Rate your institution from a 1-5 with a 1 having one platform for both and a 5 for two separate platforms customized for each customer type.

If you scored less than a 5 on our evaluation, read on, we’ve got some great advice for you. If you scored a 12-15, either you are one of our clients or you have a very robust OLB/TM system.

Let’s discuss the 12 Online Banking Features That Are Essential for Business Success:

Let’s start with the minimum expectations of your Online Banking Platform for business customers:

  • The system allows multiple users with multiple security levels under a single business entity.
  • The system allows multiple businesses under one umbrella (i.e., holding company and subsidiaries).
  • The system offers multifactor authentication (MFA) options (hard token, soft token, or biometric).
    • Side note: We no longer consider text messaging safe for business OLB system access. It is still too easy to SIM swap a mobile phone.

Your business customers should be able to conduct all or most of their banking business on this platform.

Basic Banking Functions

  1. Initiate internal transfers. Businesses need to make transfers between their main operating account and other accounts such as payroll and savings accounts. Initiating internal transfers is a must. Certain business owners who have their personal accounts with you may need to transfer funds between personal and business accounts. These businesses are typically solopreneurs or Single Member LLC entities. Your OLB system should allow this function and it typically occurs via the consumer platform.
  2. Initiate stop payments. Businesses with high check writing activity may need, from time to time, to place stop payment on a check. Your OLB platform should allow them to initiate the stop payment with all the appropriate information and submit it online. Often we see clients with a completely manual process behind the scenes as if the customer showed up at a branch. Instead, the system should be able to automatically place the stop payment and process the charge.
  3. View current and previous day transaction information. The ability to download previous day information has been available from the early days of online banking. Businesses should be able to download their bank information to their accounting software anytime. The next step will be to download real time transactions (items that post that day).
  4. Electronic Bank Statements. Businesses expect the ability to download their monthly bank statement via PDF format for at least the last 18 months. Many institutions offer longer availability, but most businesses usually need 18-24 months’ worth of data.
  5. View check images. Along with statements, businesses need to view images of checks that cleared, or items deposited. It is especially important to be able to view checks deposited via remote or mobile deposit capture. Again, the expectation is a minimum of 18 months availability.
  6. Originate payments via BillPay. Small businesses enjoy the capability of issuing payments via the BillPay service which is typically free. As their volume of payments increases, you can offer other ways of paying their bills like ACH origination (see below).

Many of the above basic banking functions may be for smaller businesses with low transaction volume. We typically see these types of customers enrolled on the consumer (retail) OLB platform. Your large customers may also as for these functions, so be sure your business OLB system can do them also.

Treasury Management Services

  1. Initiate domestic and international wire transfers. As your business customers grow or as you acquire larger commercial customers, they will need Treasury Management services. They will need the capability to initiate domestic wires and international wires. It is important to offer this service with multifactor authentication and the ability to set up multiple authority levels. The more robust OLB platforms allow the business customer to do self-administration where they assign the authority levels to their users.
  2. Account Reconciliation service. The ability to download daily account transactions also allows the business customer’s accounting software to reconcile to the bank daily. Account Reconciliation is one of the oldest TM services; however, not all OLB platforms offer it.
  3. View PDF Account Analysis Statements. Your TM customers will expect to receive their monthly Account Analysis statement via the OLB platform. This capability is a big challenge for certain core systems that do not produce the Account Analysis statements digitally. They look like a “raw statement” and is not presentable to the customers without major manual work. Some institutions even have to print them to statement paper first and then digitize them because the core is antiquated.
  4. Originate ACH payments. One of the top-selling TM services you must offer to your business customers is ACH Origination. For businesses that pay lots of bills via check, the ability to pay bills via ACH saves them time and money. Your TM business customers should be able to upload their ACH batches via your OLB platform.
  5. Access Check and ACH Positive Pay. Your business customers should be able to upload their Check or ACH batches via your OLB platform. This is another important TM service that typically is not integrated (or not well) with the core. Therefore, operations staff must do a lot of manual workarounds to make it work correctly. All done behind the scenes so customers “feel” like the system is working as intended. This process can be costly and inefficient for the institution.
  6. Connect to Remote Deposit Capture. Finally, your RDC customers should be able to connect to their RDC service through the OLB platform. Again, it takes integration between the core system, the RDC provider (if other than the core provider), and the OLB platform.

It is important to continually offer convenience and safety to your business customers when using your OLB platform. I hope this list of 12 online banking features that are essential for business success will serve as a foundation to improve upon.

Looking for assistance with refining your Treasury Management department? As always, we’re here to help.


Books by Marcia Malzahn