In the dynamic world of financial institutions (FIs), strategic decision-making is crucial for achieving growth and maintaining stability. Yet, it is not uncommon to witness a new management team eager to make an impact, opting for a quick fix like onboarding a new digital service provider to enhance the institution’s digital footprint. While this may seem like a positive step forward, the lack of a structured approach to decision-making and risk assessment can lead to significant governance issues.
The Pitfalls of Reactionary Decision-Making
Without a structured framework for strategic planning and risk management, financial institutions often find themselves in a reactive mode, responding to events as they unfold rather than proactively shaping their future. This can lead to several issues:
- Undefined Risk and Success Metrics: Without clear identification and documentation of risks and expected outcomes, success is often gauged subjectively. This can result in management relying on emotional assessments, and failure is met with blame rather than constructive analysis.
- Lack of Accountability: When there are no defined metrics or benchmarks, it becomes challenging to measure the effectiveness of initiatives. This lack of accountability can lead to finger-pointing and a failure to learn from mistakes.
These issues are more widespread than one might think. According to the 2019 North American Pulse of Internal Audit survey by the Institute of Internal Auditors, only 30% of internal audit departments in the U.S. regularly identify and monitor key risk indicators (KRIs). An alarming 23% of the 500 companies surveyed do not use them at all. This oversight highlights a significant gap in corporate governance and risk management practices across the industry.
The Role of KRIs and KPIs in Corporate Governance
Key Risk Indicators (KRIs) and Key Performance Indicators (KPIs) are essential tools for effective governance and risk management. They provide valuable insights into the organization’s risk landscape and help shape strategic goals and risk appetite. When properly implemented, these indicators enable the board and management to:
- Measure Performance: KPIs help determine whether the organization is meeting its strategic objectives and operating within its risk tolerance.
- Identify Emerging Risks: KRIs can signal potential threats or opportunities, allowing management to adjust strategies proactively.
- Make Informed Decisions: With clear metrics in place, the board and management can make decisions based on data rather than intuition, reducing the likelihood of costly missteps.
Common Barriers to Implementing Strategic Objectives and Risk Indicators
Despite their benefits, many financial institutions struggle to implement strategic planning, risk management, and performance tracking effectively. Some common barriers include:
- Desire for Perfection: In a constantly evolving operating environment, some FIs hesitate to define strategic plans or risk appetites, fearing they may quickly become outdated. However, successful institutions understand the importance of flexibility and regularly adjust their plans based on new data and insights.
- Avoiding Transparency: By not setting clear expectations, management can avoid the appearance of failure. However, this lack of transparency can lead to poor governance. Addressing issues from a business management perspective should be seen as an opportunity for growth, not a negative reflection.
- Data Confidence Issues: If an institution lacks confidence in its data, it may not see the value in setting KPIs. However, the adoption of a consistent process for data collection and analysis is crucial for identifying risk opportunities.
- Fear of Uncovering Risks: Management may avoid using KRIs due to fear of contradicting their instincts or uncovering too many risks. However, without measurements, it is impossible to understand whether risks are increasing, stable, or declining.
- Lack of Experience: Some management teams may not have experience with ongoing success and risk monitoring, leading them to skip this critical step in strategic planning.
What KRIs and KPIs Reveal About Risk and Performance
When an organization sets strategic objectives, KPIs serve as a tool to understand whether those goals are being met within the expected risk tolerance. KRIs, on the other hand, provide insights into the frequency and impact of risks. For example:
- Higher Risk Frequency: If a particular risk is occurring more frequently than anticipated, it may indicate that the residual risk is higher than expected, necessitating a reassessment of the control environment.
- Lower Risk Frequency: Conversely, if risks are occurring less frequently, this could signal that the residual risk is lower than anticipated, potentially allowing for a greater risk appetite.
- Unmet Expectations: When performance falls short of expectations, it may be necessary to adjust the risk appetite, either by allowing more or less risk.
- Exceeding Expectations: If performance consistently exceeds expectations, it may be worthwhile to explore opportunities by increasing the risk tolerance in certain areas.
Real-World Application: A Case Study
Consider the example of a $1 billion financial institution looking to expand its digital footprint. Success in this initiative can be measured through various metrics, such as:
- Customer Engagement: Monitoring the number of new digital accounts opened, member usage, and penetration rates.
- Financial Performance: Assessing increases in fee income and revenue generated from digital services.
- Operational Efficiency: Evaluating internal costs, including labor, and the overall financial impact.
Similarly, risks associated with the digital expansion can be monitored through indicators such as:
- Financial Loss: Tracking financial losses attributed to the digital project.
- Customer Complaints: Measuring the volume and nature of customer complaints related to the new digital services.
- Regulatory Compliance: Ensuring that the digital services meet regulatory requirements to avoid penalties and sanctions.
The Importance of Proactive Risk Management
To effectively manage these risks and measure success, it is essential to establish a system of regular monitoring and reporting. This includes setting milestones and triggers for the board and senior management. For example, if the risk appetite for financial loss is set at $100,000, management should not wait until this threshold is reached to alert the board. Instead, they should establish interim milestones, such as $20,000, $40,000, and $60,000, to keep the board informed and engaged.
When key risk indicators are triggered, the board and management should analyze the underlying causes. This may involve conducting a risk vs. reward analysis, evaluating the effectiveness of existing controls, or adopting a wait-and-see approach to determine whether the issue is an isolated incident or indicative of a broader trend.
The Consequences of Failing to Monitor Indicators
Neglecting to monitor risk and performance indicators can have serious consequences. Not only does it expose the institution to regulatory scrutiny, but it also limits its ability to respond proactively to challenges and capitalize on opportunities. This reactive approach can hinder the institution’s ability to adapt to changes and recover quickly from setbacks.
Conclusion
For financial institutions to thrive in a competitive and ever-changing environment, effective governance and risk management are non-negotiable. By setting strategic objectives, defining key risk and performance indicators, and regularly monitoring progress, FIs can make informed decisions that drive success and minimize risk. Without these practices, even the best-intentioned strategic initiatives can lead to unforeseen challenges and missed opportunities.
Is your organization ready to elevate its risk management and governance framework? Don’t let reactive decision-making and undefined risk tolerance hold you back. Empowered Systems’ Connected Risk Enterprise Risk Management (ERM) solution provides the tools you need to proactively identify, monitor, and manage risks across your enterprise. With robust Key Risk Indicators (KRIs) and Key Performance Indicators (KPIs), our solution empowers your board and management to make data-driven decisions, align strategic objectives with risk appetite, and stay ahead of emerging risks.
Start making informed, strategic decisions that drive success and resilience. Discover how Connected Risk’s ERM solution can transform your approach to risk management. Contact us today to schedule a demo and take the first step toward smarter governance and sustainable growth