THE MOST COMPREHENSIVE MORTGAGE COMPLIANCE SOLUTIONS IN THE UNITED STATES.

LENDERS COMPLIANCE GROUP belongs to these National Organizations:

ABA | MBA | NAMB | AARMR | MISMO | ARMCP | ALTA | IIA | ACAMS | IAPP | MERSCORP

Thursday, April 23, 2020

Reputation and Strategic Risks

QUESTION
We are a mid-sized bank in the northwest. For years, we have been reading your FAQs. Often, we use them in our weekly operations and compliance meetings. 

What we like is you get to the point, no funny or fringy stuff, and your explanations pan out time and again. Our concern now is about risks, particularly two risks: reputation risk and strategic risk. 

Although other risks seem to be quantifiable, these risks have an intangible quality to them. How would you define these risks? Also, what features are involved in these risks?

ANSWER
When I get such wonderful and kind words from a reader, I feel humbled and grateful. Our work covers virtually all areas of mortgage banking compliance, and we work with tiny to huge companies. The FAQ is more than just a labor of love for us. It is our way of staying in touch with you, listening to you, giving you feedback and support. Thank you for subscribing!

I have written and spoken extensively about risks. We provide regulatory compliance support, but we are purveyors of risk management, specifically, “mortgage risk management” – a term that I coined many long years ago. 

If you want to read one of many articles and White Papers I have authored on risk, such as Risk Management Principles, please click HERE. For other articles, click HERE.

In its purest form, the purpose of the risk identification process is to aggregate risks for evaluation and consideration relative to a management’s or a Board of Director’s risk appetite. To effectively carry out an ongoing risk aggregation process, institutions need to develop a method for defining and categorizing risks throughout the institution. So, I suggest you describe the method to be applied, list the risks categorically, and provide their respective features thereunder.

You would want to include categories for market risk, operational risk, reputation risk, strategic risk, all of which generally apply to most businesses; additionally, credit risk, legal and compliance risk, and liquidity risk, which apply to financial institutions. 

Your question concerns the risk categories or reputation and strategic risks. Although these appear to be less quantifiable and more qualitative than then other risks, I think you will be surprised at just how quantifiable are the features associated with reputation and strategic risks.

The following is a brief outline for you to consider.

Reputation Risk

Reputation risk arises due to negative publicity or public opinion (either real or perceived) that may adversely affect the institution’s brand image. 

This risk can impact clients, employees, communities, or shareholders and is often a secondary result of one of the other risk categories:
  • Corporate scandals (i.e., accounting irregularities, governance)
  • Industry-related risk (i.e., insurance, mutual funds)
  • Inherent nature of business (i.e., payday lending, embassy accounts)
  • Third-party relationships (i.e., clients, service providers)
  • Employee morale (i.e., layoffs, corporate change)
  • Employee activities (i.e., e-mails, rogue trading)
  • Regulations (i.e., fines, violations, untested regulations)
  • Litigation
  • Client service (i.e., system availability, processing errors)

Strategic Risk
Strategic risk is the risk that the institution’s business strategy and objectives do not allow the institution to achieve its vision, mission, and purpose. 

The responsibility for managing this risk rests with the board of directors and senior management. 

Any inability to execute the corporate plan generally is a result of one of the other general risk categories and may focus on such areas as:
  • Financial goals
  • Business, product, delivery channel, or geographic directions
  • IT plans (i.e., outsourcing, hardware, and software solutions)
  • Organizational structure
  • Succession plans
  • Relationship management
  • Customer service

When we do an internal audit, we undertake an evaluation of the risk management initiatives. I suggest you do the same!

Jonathan Foxx, Ph.D., MBA
Chairman & Managing Director
Lenders Compliance Group