Current Entries  |   RSS Feed  |  

One year later, the Dodd-Frank law is still in labor pains - only 12%* of the 400 rules have been delivered with still no clarity on really how much risk it will eliminate for businesses and their customers. Ironically, the complexity in regulations and oversight themselves creates one of the more significant risks near term - risk to profitability, risk to transparency, and risk to compliance.

If firms do a poor job of managing the regulatory waters, at best they can lose out to nimbler firms that are better at compliance; at worst, they may drop a ball and be subject to fines or other penalties.  In addition, most provisions result in significant downward pressure on profitability, upward pressure on capital, and increased emphasis on the requirement for system stability.

The regulatory and economic tsunami is forcing everyone to rethink how they handle re-regulation, how their staff reacts to them and what tools to leverage to minimize exposure or for some strategic firms, tools to identify new opportunities. So why the churn – or why has risk management in its current form failed the financial industry – is it a lack of vision, organizational maturity, or both?

Many firms are trapped in an Incomplete and Reactive mode – the first level of maturity. They generally wait until a new event occurs or requirement is established and then develop a risk management response specific to that need.  They really do not have a thorough understanding or prioritization of their points of risk.  Their primary mode of risk management is costly, largely ineffective, and mostly audit-centric.   They may very well be considered a low-risk institution and largely resting on their laurels and experience.  The challenge they face is a changing environment and mounting costs; also there is the likelihood that their experience depends on a few key leaders and subject-matter-experts.  As that talent retires or moves to new roles, they are left exposed.

Once companies realize that a reactive mode leaves them continually behind the curve and is too expensive (in every sense of the word), they shift their gaze from the “now” to the “near future” and begin Managing and Filling Gaps in their approach to risk management and response. They likely begin with a qualitative risk survey and begin to explore a full understanding of what risk management may mean.  Too many stop there but some engage the leadership in this understanding and begin to define what it means to link risk management to the other key capabilities and needs in the business: day-to-day operational and P&L management, strategic planning, cost reduction and service initiatives, implementation of new operating systems and platforms … all along growing awareness and hopefully organization buy-in.

Of course it doesn’t stop there.  A few organizations have moved beyond these levels to begin redefining, re-architecting, and ultimately seizing strategic advantages from their risk performance.  Watch for more to come on this topic next week. 

(*) source: Davis Polk via WSJ, 21-Jul-11   
 
Click here to view our recent webinar with IDC Financial Insights on Enterprise Risk Management