Current Entries  |   RSS Feed  |  

The news for Financial Services firms and Banks has been particularly grim over the last couple weeks.  There has been a litany of pressures and consequences at both macro and micro levels, such as:

• The Federal Housing Finance Agency suit announced last Friday over the misrepresentation of private-labeled mortgage-backed securities to Fannie and Freddie - a reminder of the bailouts and pain of three years ago.
• The anticipated formal delay announced last Thursday by the Federal Reserve Board on the release of Dodd-Frank rules - though many are pleased with the hope of a thoughtful roll-out, the ambiguity is difficult to manage.
• The announcement from the Treasury Department two weeks ago that JP Morgan Chase agreed to settle for $88M over OFAC violations.

And the list goes on ... yet the OFAC violation most caught my attention.  In our last couple blogs we outlined what maturity means for enterprise risk management - going from "launching" characteristics with risks not well understood, a reactive focus, and costly approaches to a significantly more mature and flexible environment that manages complexity, is scalable, defensible, and competitively opportunistic.  In reading the JP Morgan Chase press release there is a comment that could provide insight into their current organizational risk and compliance mindset.

For some context* ... the settlement represents the largest U.S. bank penalty for sanctions violations.  The violation was reported to JPMorgan by another institution.  There were over 1700 wire transfers involving over $175M in assets that violated Cuban Asset Control Regulations.  Per the Treasury Department, “'even after the problem was called to the attention of senior management, "the bank failed to take adequate steps to prevent further transfers."

In response, JPMorgan Chase noted that there was no intent to violate the OFAC regulations and that these violations represent a tiny percent of their total wire transfer volume.  But the most interesting statement was that they are moving "forward with enhancements to (their) global OFAC compliance program."

The challenge of this statement is that as long as compliance and risk management are viewed as a "program" - there is little sense that risk management is being incorporated into the DNA of the bank operations.   As mentioned in previous blogs, until the management of risk and compliance is incorporated into the day-to-day, month-to-month, and year-to-year operating mechanisms of an organization, it is very dependent on the charisma and capability of a Program Leader, Risk Director, or Chief Risk Officer.

Regardless of circumstances and vision, one core question that needs to eventually be addressed with risk and compliance management is how much value is being generated based on the investment in risk—and what can you do to improve the value-for-cost ratio. Responsive, agile organizations will generate more value for the cost they invest, efficiently managing risk but also seizing opportunities that others can’t or shouldn’t. Slow or unequipped companies pay the price in terms of higher costs, less value, and greater exposure.

Few companies today could answer the question of how much value they are generating relative to their investment in risk management because they don’t have a good handle on any part of the equation: they don’t know how to quantify the impact of the outcomes they see from their current risk investment, and while they can easily compile the total cost of their current investment in all forms of risk management and response, they don’t know how much better they could be at managing risk and seizing opportunities if they matured the organization's capabilities.

Even if the upside strategic opportunity isn't yet fully understood, for JPMorgan Chase and all other institutions, the lesson is that $88 Million + legal fees + internal organizational costs adds up to a lot of attention on the future value of Enterprise Risk Management being incorporated into the processes, technology, and management culture.

(*) source: American Banker, 25-Aug-11 "JPMorgan to Pay $88 Million for OFAC Violations"
 
Click here to view our recent webinar with IDC Financial Insights on Enterprise Risk Management