Direct financial consequences of NFRs are not the only concern. Reputational damage can severely impact a financial institution.
There are also the personal consequences for senior management. Regulators increasingly hold senior managers accountable for misconduct or failure to comply with laws and regulations.
All of this, and the prospect of still tighter regulation in the future, puts pressure on banks to manage NFR.
How can an ERM help navigate NFRs?
Many companies manage NFRs by boosting headcounts, creating new governance structures, and making operational improvements. Unfortunately, too much time is spent firefighting and remediating risks. These distractions don’t allow for proactive planning.
Non-financial risks can be complex or unfamiliar to organizations. Managing them often requires a company to change the way it integrates risk and control programs. One possible response includes establishing a common operating and data model to support an ERM/GRC platform. Leveraging ERM/GRC structures and processes supports identifying, assessing, and responding to NFR-related risks.
ERM and GRC play central roles in cross-functional coordination and harmonization of risk management across an organization by:
- Defining the overall vision and strategy for the risk assessment program
- Developing and maintaining enterprise-wide standards and tools for identifying, assessing, and measuring risks, including risk taxonomy, the regulation library, scoring methodology, and business hierarchy
- Bringing together relevant expertise across the firm to address complex transversal risk issues
- Ensuring oversight of the firm’s risk assessment program
The dynamic nature of non-financial risks requires that institutions embrace ERM and GRC. An ERM/GRC solution provides a powerful way for financial institutions to manage NFRs by encouraging a broader, integrated perspective for risk mitigation.