"Changing the Risk Management Status Quo"

While in a meeting with a potential client last week we were discussing all the various methods in which the risk management team was retrieving data to produce reports for the senior management team.  Between the data from their core system, reports from 3rd party vendors, risk assessments done internally, risk assessments done by outside consulting firms, internal audit reports, and other spreadsheets and word documents used to track various risk and compliance related functions it's not surprising managers go home at night wanting to throw down a few glasses of wine. 

Although I don't work in a bank or credit union, I can certainly relate to what this prospective client was going through.  As a past Vice-President of a twenty-five million dollar business unit, I was constantly bombarded with data from many different sources. Consolidating the data was a challenge and if it wasn't for the supportive admin team that organized and consolidated the information I would have struggled presenting to the executive team. 

However, the reality facing many smaller banks and credit unions is the lack of resources and subsequently they are left with one of two options: maintain the status quo or seek outside vendors for assistance. Personally, I prefer to look beyond the status quo because if you're not constantly searching for ways to improve your business model and streamline operations you will either become a takeover target or go out of business. The larger goal should always focus on forward progress. The problem most managers face with bucking the status quo trend is senior management. Senior management is trying to limit expenses while you are caught in the middle trying to do more with less. They realize it's not just an investment of dollars, but also time. Does that sound familiar?  

As I was finishing writing this week's article I learned that this potential client is now a customer. I shared this story because I'm sure many of you reading it can relate. Changing the status quo is not an easy task, especially in today's business environment.  

If your institution is contemplating changing the status quo for your ERM program, consider FI Compliance Solutions. Let our team share with you how our solution, ERM 365 can change the status quo by combining Software, Services, and Support - Progress for your institution starts at just $250 per month.

Sincerely, 

Eric Strohl
President & CEO
FI Compliance Solutions

"Risk Monitoring – Your questions answered!"

Greetings! 

While speaking at a recent risk management conference to bankers and credit union folks, I was surprised by the number of questions following my presentation.   Instead of the usual two or three, I was peppered with over a dozen questions and only five short minutes to address them all. Fortunately, multi-tasking is a necessity in my profession so I was able to quickly summarize their questions and address them within the allotted time. Below is a transcript of the questions, along with my responses. Enjoy this week's reading. 

"What are we supposed to be monitoring and how often should we be doing it?" "Where do we get started? What do you recommend we do first?" Clearly, this group was overwhelmed and needed some direction so I asked some key questions to get a better understanding of their concerns.

I responded: 'What were the results of your last risk assessment(s)? Have you had any recent internal or external audits that produced any findings? What were the results of your last regulatory exam? What are the things that keep the board and management up at night?'

It's all about priorities. Your focus should be on the results of those assessments, audits/exams. By utilizing information at your disposal you can create an effective starting point for your risk monitoring program.  Once you have that information, then you can build upon your program and establish monitoring for key compliance or operational issues. 

The last question and arguably the most important was, "How is it going to get done?" The how is the tricky part since most institutions today use word documents and excel spread sheets, which are limited in the functionality needed to monitor risk. The first thing you want to do is create a rule or identify the item you would like to monitor. 

A few examples of rules could be: The institution on a quarterly basis monitors the performance of all 3rd party relationships, verifying services are being performed according to statements of work and or contracts OR capital reserves must be maintained at a level between 3 and 8%.  

Once you have the desired rule in place, then you need to determine what controls (policies and procedures) are in place to ensure the rule is being followed. Additionally, you need to be able to track the current status of the rule based on a desired frequency. Is it being done - Yes or No? Is it within limits, approaching limits, or outside limits? 

Finally, the key to bringing it all together is reporting. The board does not want to sift through piles of paper or binders to get this information. They want a color coded dashboard so they can quickly see where the problems are and drill down into the details if need be. 

The moderator is waving her hands, I'm out of time for now...until next week.

Sincerely, 

Eric Strohl
President & CEO
FI Compliance Solutions .