SRA’s ERM Watchtower is a “Top Down” or strategic approach to enterprise risk management and it enables banks to use an online system to efficiently monitor, manage, and mitigate their top risks across the bank. Key risks are those risks which prevent the bank from achieving its strategic goals and financial plans or negatively affect its capital position, and ERM Watchtower allows banks to closely track and monitor those risks. ERM Watchtower helps banks manage eight risk categories which have been defined by banking regulators as Strategic, Reputational, Credit, Liquidity, Interest Rate, Operational, Compliance and Legal, and Pricing.
Regulatory authorities have defined multiple “Risk Attributes” within each risk category and ERM Watchtower helps banks aggregate, identify and score those risk attributes on a risk weighted basis. It then supports the identification of “Top Risks” which are periodically reported to the Board of Directors and the Executive Management Team along with action plans and risk owners to mitigate those risks.
ERM Watchtower provides a central point for managing risk improvement activities and audit or regulatory findings, all of which have risk owners and due dates. Because Watchtower establishes a risk profile for each risk category, it also supports the development of risk-based capital plans and capital stress tests.
Anyone in the bank with access to ERM Watchtower (including Board Members) can access the information highlighted below (fig. 1), which was created for a sample bank. This screen shows a summary of the bank’s “Risk Profile”, the “Direction of Risk” over seven risk categories with each risk divided between the “Inherent Risk”, the “Quality of Risk”, and the “Residual Risk.”
With the risks scored in each risk category, on a risk weighted basis, ERM Watchtower then helps the bank identify the top risks within the bank. The following screen (fig. 2) shows some, but not all, of the top risks in this sample bank.
Top Risk Drilldown
Watchtower then enables a user to drill down on each of the top risks to learn the latest status. One of the top risks for the sample bank is the “Aggressiveness of Strategic Initiatives and Goals.” The following screen (fig. 3) reports the status of this risk and describes the risk, the risk owner, the current status, and the plan to mitigate this risk.
ERM Watchtower helps banks identify their top risks by reviewing and scoring specific “Risk Attributes” within each risk category. The following screens (fig. 4, 5) shows the summary screen for Credit Risk. The risk score is divided between the Inherent Risk and the Quality of Risk. Many of the risk attributes have been redacted, but their scores are shown. The higher the risk score, the higher the risk. In this example, the level of loans to deposits and assets and a redacted score have the highest Inherent Risk score of 48, and a redacted attribute has the highest Quality of Risk score of 30. These three risk attributes are considered the top risks within credit.
From the summary page (fig. 6), one can then review the individual attributes which comprise credit risk. The bank’s growth rate is one of the Inherent Risks scored by Watchtower. The following screen shows the risk score for the bank’s growth rate along with the trend over the previous four quarters. It also describes this Inherent Risk attribute.
The next two screens (fig. 7, 8) show the scoring legend and the specific elements which are being measured to determine the risk score for the bank’s growth rate. Each score is based on the following scoring legend as well as median values of the bank’s peer group. (The peer group includes all banks with the same asset sizes as the bank’s UBPR peer group.)
Each Inherent Risk Score includes a dedicated space (fig. 9) to justify the current rating, plans for improving the rating, and any relevant external feedback from bank examiners, internal auditors, loan reviewers, etc. In some cases, the justification is obvious and no statement is needed. In this case, the bank’s strategic plan calls for higher than average growth and as a result it has a 4.2 rating. This rating suggests that the bank is taking above average risk to achieve its growth plans, and the bank accepts this risk and is taking the following actions to mitigate this risk.
Quality of Risk
The following screen (fig. 10) shows the risk score for a Quality of Risk attribute which in this case is Credit Culture. Unlike Inherent Risks, which are largely quantifiable and objective, Quality of Risks are not quantifiable and more subjective. The screen shows the risk profile trend over the past four quarters and a description of the attribute.
Because Qualitative Risks are not quantifiable, they are measured by answering a series of questions about the attribute being assessed. The next two screens show the scoring legend (fig. 11) and some of the questions (fig. 12) used to determine the bank’s Qualitative Risk Score for Credit Culture.
The average of these scores is 1.8 which is improved from 3.0 in the prior quarter. The justification for these scores is shown below (fig. 13) along with plans for improving this score. In addition, Watchtower includes external feedback from bank examiners, auditors, loan reviewers, or other third parties which are relevant to the attribute being assessed. External comments can help the bank address areas needing attention as well as help avoid “repeat findings.”
Risk Improvement Activities
The next screens (fig. 14, 15) show how ERM Watchtower facilitates the managing of Risk Improvement Activities. Risk Improvement Activities can include risk mitigation plans, Internal Audit issues, Regulatory findings, etc.) As the next two screen shots show, the bank can get a snapshot of the activities across risk areas and then it can drill down to see the latest status on an item. In this example, we drill down on the activity regarding new product introductions.
Finally ERM Watchtower can provide storage for all key documents of your ERM program including strategic appetite statements, ERM policies, procedures, etc.