QUESTION
We are a mid-sized bank in the northwest. For
years, we have been reading your FAQs. Often, we use them in our weekly
operations and compliance meetings.
What we like is you get to the point, no funny
or fringy stuff, and your explanations pan out time and again. Our concern now is
about risks, particularly two risks: reputation risk and strategic risk.
Although
other risks seem to be quantifiable, these risks have an intangible quality to
them. How would you define these risks? Also, what features are involved in
these risks?
ANSWER
When I get such wonderful and kind words from
a reader, I feel humbled and grateful. Our work covers virtually all areas of
mortgage banking compliance, and we work with tiny to huge companies. The FAQ
is more than just a labor of love for us. It is our way of staying in touch with
you, listening to you, giving you feedback and support. Thank you for
subscribing!
I have written and spoken extensively about
risks. We provide regulatory compliance support, but we are purveyors of risk
management, specifically, “mortgage risk management” – a term that I coined
many long years ago.
If you want to read one of many articles and White Papers I have authored on
risk, such as Risk Management Principles, please click HERE. For other articles, click HERE.
In its purest form, the
purpose of the risk identification process is to aggregate risks for evaluation
and consideration relative to a management’s or a Board of Director’s risk
appetite. To effectively carry out an ongoing risk aggregation process,
institutions need to develop a method for defining and categorizing risks
throughout the institution. So, I suggest you describe the method to be applied,
list the risks categorically, and provide their respective features thereunder.
You would want to include
categories for market risk, operational risk, reputation risk, strategic risk,
all of which generally apply to most businesses; additionally, credit risk, legal
and compliance risk, and liquidity risk, which apply to financial institutions.
Your question concerns the risk categories or reputation and strategic risks. Although
these appear to be less quantifiable and more qualitative than then other
risks, I think you will be surprised at just how quantifiable are the features associated
with reputation and strategic risks.
The following is a brief outline
for you to consider.
Reputation risk arises
due to negative publicity or public opinion (either real or perceived) that may
adversely affect the institution’s brand image.
This risk can impact
clients, employees, communities, or shareholders and is often a secondary
result of one of the other risk categories:
- Corporate scandals (i.e., accounting irregularities, governance)
- Industry-related risk (i.e., insurance, mutual funds)
- Inherent nature of business (i.e., payday lending, embassy accounts)
- Third-party relationships (i.e., clients, service providers)
- Employee morale (i.e., layoffs, corporate change)
- Employee activities (i.e., e-mails, rogue trading)
- Regulations (i.e., fines, violations, untested regulations)
- Litigation
- Client service (i.e., system availability, processing errors)
Strategic Risk
Strategic risk is the risk that
the institution’s business strategy and objectives do not allow the institution
to achieve its vision, mission, and purpose.
The responsibility for managing
this risk rests with the board of directors and senior management.
Any
inability to execute the corporate plan generally is a result of one of the
other general risk categories and may focus on such areas as:
- Financial goals
- Business, product, delivery channel, or geographic directions
- IT plans (i.e., outsourcing, hardware, and software solutions)
- Organizational structure
- Succession plans
- Relationship management
- Customer service
When we do an internal audit, we undertake an evaluation of the risk management initiatives. I suggest you do the same!
Jonathan Foxx, Ph.D., MBA
Chairman & Managing Director
Lenders Compliance Group
