In many ways the report highlighted the significance of managing enterprise-wide risks for the benefit and survival of banks and other financial institutions. The report distinguished management and control functions with strategic decision making of the top-level management (i.e., board) in their risk related roles. The alignment of an entity’s risk appetite and risk tolerance with the formulation of corporate strategy and its implementation was highlighted in the report.
The report emphasizes on the management of strategic risks (e.g., risk associated with the M&A and divestment activities of the entity, launch of new products, etc.) that traditionally remained outside of the domain of the conventional risk and capital management including internal control functions.
The report recommended a separate board risk committee in addition to entity’s audit committee, with appropriate overlap. The key responsibility of the board risk committee was proposed to advise the Board on the overall risks (i.e., in both upside and downside perspectives) in taking strategic decisions. The independent and statutory role of the Chief Risk Officer (CRO) was also emphasized with high importance and the presence of CRO in the board risk committee is recommended as mandatory. In addition to over-sighting risk matters, the CRO is proposed to be responsible to brief, train and prepare the Non Executive Directors on key risk topics for the entity so that they can contribute on the risk related strategic decision making discussions in the Board room. This means that the future generation of CROs should have a broader and clear understanding on specific entity’s overall (i.e., enterprise-wide) risks and their potential short and long term impact, its culture, business models, as well as the dynamics of the market in which the entity operates.
While growing the risk awareness across the organization, in particular at the business units level (who originate risk of the business), and reporting their opportunity and danger at the top management level, a CRO should essentially act as a communicator of risk matters between the executives and the board of the entity, and to some extent with the external advisors. Consequently, a high-level judgmental capability of a CRO supported by the relevant business sector experience is absolutely essential to perform such challenging job.
In addition, the review explicitly recommended the practice of the notion of Enterprise Risk Management (ERM) as a necessary requirement for all financial firms in order to formulate their corporate strategy and monitoring the performance of its implementation at any point of time.
However, the process and techniques of determining an entity’s overall risk appetite and risk tolerance in accordance to its dynamic risk profile (which is an essential requirement of ERM) is extremely challenging. In essence, the associated factors that constitute an entity’s overall risk appetite and risk tolerance level and their measurement criteria are still unrevealed. These topics certainly need in-depth investigation and they could be future research agenda for risk professionals and consultants.
The Walker report including submissions is available on http://www.hm-treasury.gov.uk/walker_review_information.htm
