In a survey carried out by PwC on financial institutions in Eastern Africa relating to risk management, some Rwanda respondents observed that while business is becoming more sophisticated locally, the process of re-evaluating and enhancing risk management capabilities has not evolved at the same speed.
This is consistent with the views of industry players in the wider Eastern Africa region. Based on the PwC 2011 Risk Survey Report, banks had a mixed perception of their preparedness in handling the full spectrum of risks inherent in their business. The quality of risk management was ranked among the top five risks perceived as most severe by the industry.
The quality of risk management in an organisation is underpinned by the risk management processes and the infrastructure put in place to support these processes. This is the second of the four components of an effective enterprise wide risk management framework identified in our article last week. The two components are a wide subject in themselves. This article thus restricts itself to risk related information gathering, analysis and reporting as well as performance measurement on a risk adjusted basis.
Today, Rwanda’s financial
institutions face an increased need to provide frequent and accurate financial, risk and compliance reporting information to both internal and external stakeholders. In Rwanda, as elsewhere around the world, financial institutions face numerous challenges related to the aggregation of risk, compliance, and financial information to support external risk reporting requirements.
The design of appropriate risk information aggregation mechanisms is complicated when the underlying source data is unreliable or inaccurate. To assess whether risk concentrations are properly identified, evaluated, and reported to relevant stakeholders, financial institutions should shift from siloed reporting of financial, risk, and compliance information to an integrated reporting framework that is based on customer and product data elements. In this model, an institution would design the collection and analysis of information at customer level or individual products level.
The customer and product master data should be the nucleus around which risk, compliance, and finance information is aggregated. In the long run, this master data also forms a foundation for gaining insights into customer performance and experience.
Typically, these data elements are collected independently and often gathered multiple times, which drives inefficiencies, inconsistencies, and increased risk to the financial institution.
To remediate this, the initial stages of building an effective risk management framework should be geared towards creating a common customer and product data model. Once an enterprise-wide customer and product data model is developed, financial institutions can be able to reconcile finance, risk, and compliance data.
This avoids a situation where the information maintained by the finance, risk, and compliance functions is different.
In promoting a risk management culture, performance assessment at both the business unit and at an individual level should be risk adjusted, aiming at balancing business benefits and risks. What ‘benefits’ means here depends on application. It could be revenues, profits etc.
Risk-adjusted performance is critical to evaluate risk relative to risk appetite and strategic planning.
For example, it is not enough for a branch of a bank to grow the loan book at the branch level. There should be risk-adjusted performance assessment for the branch based on the quality of this loan book. While risk-adjusted performance measures exist, they are frequently unavailable or unreliable at the lower levels of business units. This results in an unbalanced focus on top-line or bottom-line growth, hindrances to the effective deployment of capital and as evidenced by the recent global financial crisis, the creation of detrimental incentive effects from a risk management perspective.
Staff incentive plans should then become more closely linked to risk-adjusted performance.
The author is a Manager with PwC Rwanda