Mitigating Non-Financial Risks with ERM
Non-financial risk (NFR) events are wild cards for banks, credit unions, and other financial institutions, as they can have financial, regulatory, and reputational implications on a worldwide scale.
NFRs force stakeholders to reflect on the implications of these risks. What they’re discovering are the benefits of utilizing an enterprise risk management (ERM) and governance, risk, and compliance (GRC) platform for monitoring and mitigating NFRs.
The unique threats of NFR
Banks and financial institutions are accustomed to taking on financial risk and generating profit from it. NFRs, however, are a very different kind of threat, as they can include:
- Operational challenges, including external environmental factors, system downtime, or fraud
- Regulatory compliance failures, including financial crime risk and legal risk
- Integrity risk and violations of codes of conduct
- IT and cybersecurity risk
Direct financial consequences of NFRs are not the only concern. Reputational damage can severely impact a financial institution.
There are also the personal consequences for senior management. Regulators increasingly hold senior managers accountable for misconduct or failure to comply with laws and regulations.
All of this, and the prospect of still tighter regulation in the future, puts pressure on banks to manage NFR.
How can an ERM help navigate NFRs?
Many companies manage NFRs by boosting headcounts, creating new governance structures, and making operational improvements. Unfortunately, too much time is spent firefighting and remediating risks. These distractions don’t allow for proactive planning.
Non-financial risks can be complex or unfamiliar to organizations. Managing them often requires a company to change the way it integrates risk and control programs. One possible response includes establishing a common operating and data model to support an ERM/GRC platform. Leveraging ERM/GRC structures and processes supports identifying, assessing, and responding to NFR-related risks.
ERM and GRC play central roles in cross-functional coordination and harmonization of risk management across an organization by:
- Defining the overall vision and strategy for the risk assessment program
- Developing and maintaining enterprise-wide standards and tools for identifying, assessing, and measuring risks, including risk taxonomy, the regulation library, scoring methodology, and business hierarchy
- Bringing together relevant expertise across the firm to address complex transversal risk issues
- Ensuring oversight of the firm’s risk assessment program
The dynamic nature of non-financial risks requires that institutions embrace ERM and GRC. An ERM/GRC solution provides a powerful way for financial institutions to manage NFRs by encouraging a broader, integrated perspective for risk mitigation.