March 2022
Governance, Risk Culture
The board of directors (BOD) are responsible for defining and implementing the bank’s value system. The board must:
- create and nurture an ethical work culture that focusses on the qualities of trust and integrity. Some banks have a business integrity committee whose role includes whistle-blower issue management;
- define and monitor the bank’s risk profile;
- ensure the formulation of enterprise risk governance;
- approve the risk appetite framework & statement;
- ensure that the bank is committed to a culture of continuous improvement of services and processes;
- ensure that the decisions are focused on generating shareholder value;
- avoid conflicts of interest arising from the concentration of power at the board;
- ensure a balance of expertise amongst members;
- distinguish independent directors from non-executive directors;
- have independent auditors conduct a performance review annually;
- implement a whistle-blower policy.
Corporate governance principles for banks https://www.bis.org/bcbs/publ/d328.pdf
The core elements of an effective whistle-blowing policy are:
- The purpose is to encourage and support the reporting of suspected or actual misconduct or unlawful activity within the bank;
- to protect the whistle-blower’s identity and to protect the person from any retaliation that may arise as a result of the disclosure;
- to protect the whistle-blower’s identity and to protect the person from any retaliation that may arise as a result of the disclosure;
An example for whistle-blowing policy:
https://danskebank.com/-/media/danske-bank-com/file-cloud/2020/6/whistleblowing-policy.pdf?rev=9bd7a8f800ee4382a41dc04dd97607dbBuilding Block Approach
The following are the components of the approach. The measurement approach for each of these are available as articles in www.BankERRM.org and www.PBORM.org
| Measurement-i | Human Capital Maturity (pborm.org) | ||||||||||||||||
| Measurement-ii | Enterprise Architecture (EA) Maturity; (bankerrm.org) (Needs to be aligned with Business Architecture) | ||||||||||||||||
| Measurement-iii | Process Maturity; (pborm.org) | ||||||||||||||||
| Measurement-iv. | Enterprise Data Governance Maturity; (bankerrm.org) | ||||||||||||||||
| Measurement-v. | Analytics Maturity; (bankerrm.org) Data should be viewed from a customer, business and legal perspective. |
||||||||||||||||
| Measurement-vi. | Operating Model Maturity (pborm.org) | ||||||||||||||||
| Evaluation-vii. | Enterprise Risk Adjusted Return Management Evaluation; (bankerrm.org) Treasury Operations Maturity Enterprise Intraday Liquidity Management Risks in Lending Asset Liability Management Operations and Operational Risk Management Evaluation (pborm.org) |
||||||||||||||||
| Measurement-viii. | Operations and Operational Risk Management Evaluation (pborm.org) | ||||||||||||||||
| Measurement-ix. | Enterprise I.T. Governance (pborm.org) – this includes some aspect of Enterprise Architecture and Data Governance. |
The building block approach to measuring the Enterprise Governance Matuirty is a collaborative effort of senior business and technology managers. The scores for each of the disciplines are inter-related and have a degree of dependency. Therefore, it is easy for the governance, risk and compliance team to verify inconsistencies in the evaluation and scoring.
Using a score of 1 (min) to 5 (max), the examples below illustrate the advantage of the building block approach in ensuring the accuracy of the approach and individual scores:
A complex banking operating environment cannot give itself a 3 for its Business and Enterprise Architecture Maturity. The operating model of a complex environment cannot have a high score as optimisation of business processes is costly and complex.
If the scoring results show a 2 for Enterprise Architecture Maturity or a 2 for Process Maturity and a 4 for Data Governance Maturity, then the inconsistency in the scores is obvious.
- If the score for Data Governance Maturity is 3 and the Customer Experience Management Maturity is 4, then there could be an inconsistent interpretation of the performance measures.
- If Enterprise Risk adjusted Return Management Maturity is 2 and the ROI in technology is 4, then there is sufficient cause for an investigation of the Risk Models and IT Governance.
A bank’s management might believe that it has invested in the best risk models and technology but could find itself losing market share to its competitors. The maturity indices are useful in assessing a bank’s competitive advantage and the risk management capability.
KannanSubramanianR@BankERRM.org
March 2022