Top risk areas for financial institutions and three key risk-management strategies

A version of this article was previously published in the June 2019 edition of the Western Bankers Association’s  WesternBanker Magazine.

When it comes to managing risk, most financial institutions focus their time and energy on regularly scheduled risk assessments. However, in many situations, these limited-scope risk assessments don’t provide the insight necessary to effectively identify risks — let alone manage them.

There are three key elements to successfully managing risk:

• Performing regularly scheduled, comprehensive risk assessments
• Taking a risk-based approach and focusing time and resources on high-risk areas
• Developing and implementing programs to manage and mitigate risk

Following is a comprehensive overview of each of these strategies, and steps your organization can take to implement them.

Comprehensive risk assessment

During risk evaluations, many organizations rely on risk-assessment heat maps to determine their organization’s vulnerabilities. While these maps reveal high, medium, and low risk areas within a company and the likeliness and impact of a negative event, they don’t help a company determine why risk exists or which action each risk rating requires.

To receive a more informative assessment, decision makers need to understand risk context and trends through evaluating a variety of factors, such as:

• Root cause of the risk
• Likelihood of a negative event
• Impact of a negative event
• Preparedness to respond to a negative event
• Trajectory of risk — increasing, decreasing, or flat
• Activities to manage or reduce risk
• Residual risk if mitigating activities are accomplished
• Description of the environment

A thorough risk assessment that analyzes these elements allows an organization to pinpoint and address risk areas based on each area’s specific circumstances. It can also inspire an organization to create new mitigation strategies that help prevent or manage future exposure. New mitigation strategies can take the form of policies and procedures, systems, processes, education, and personnel.