A response framework for improving risk management in financial services

While the global financial crisis has had only a muted effect in our region, it has undoubtedly given us some useful lessons, particularly on risk management. Consistent with this, a financial services risk survey carried out by PwC showed that banks in Rwanda and in the wider Eastern Africa region recognise the need to address skills shortages that affect risk management quality.
 Samuel Kariuki
Samuel Kariuki

While the global financial crisis has had only a muted effect in our region, it has undoubtedly given us some useful lessons, particularly on risk management.

Consistent with this, a financial services risk survey carried out by PwC showed that banks in Rwanda and in the wider Eastern Africa region recognise the need to address skills shortages that affect risk management quality.

As banks in the region strive to reach under-served customers in new and innovative ways and respond to the ever complex customer needs, the consequent convergence of opportunities and risks will significantly influence the way they do business.

Better skills, motivated employees, a culture of integrity and an embedded risk management strategy are the keys to success in our market.

One lesson learnt from the global financial crisis was that financial services institutions that fared better during the crisis were those that were able to recognisze and act upon the need for continuous improvement in risk management. This is relevant to the financial services industry in Rwanda, which faces risks to similar to those facing other players in the region, namely a high dependence on technology, competition from new entrants and fraud. The challenge for most institutions lies in identifying, prioritiszing, implementing, and harvesting the benefits from improvements in risk management, and maintaining these benefits as the institution’s environment changes, creating new and different demands. In developing a response framework that addresses these challenges, an institution should consider three steps.

Firstly, the institution should critically evaluate its strengths and weaknesses in the way it governs and manages risk across its business units. To be effective, this review should be conducted independently of line management although it should have their support. The review should consider, both individually and jointly, the risk management capabilities of the business, the risk and control functions, and the internal audit function. It should also consider the adequacy of governance and organization structures, culture and staff incentives, risk management and measurement processes, as well as resources and the supporting IT infrastructure. Such an analysis would be more comprehensive than the traditional reviews conducted by the internal audit function.

Following this diagnostic, management should then target the identified weaknesses through a coordinated program of actionable initiatives. In many cases, these initiatives will require fundamental change in some areas of the business, such as implementation of risk adjusted performance measurement tools, rebalancing of the role of the corporate risk function relative to the business, and turning stress testing into a business-as-usual management tool. Naturally, executing these initiatives will take time, effort and coordination and brings with it its own set of risks. It would also require dedicated program management resources and a focus on long-term benefits.

Finally, an institution should regularly reassess the adequacy of risk management capabilities relative to the size and complexity of the institution. A recommended best practice is for institutions to reassess their risk management capabilities at least annually and report the results to the audit or risk committees of the board of directors. In addition, changes to the size and complexity of an institution should trigger the reassessment of risk management capabilities.

There is no one-size-fits-all approach to governance and risk management. The specifics of any one business model directly affect the governance and control operating model. However, regardless of the spectrum of risks that an institution considers as the most critical, risk management should be an explicit contributor to business decisions. By spearheading change in the areas of strategy definition, risk-adjusted performance measurement and incentives, risk functions will be positioned to assume a far more proactive posture than in the past.

The author is a Manager with PwC Rwanda
samuel.g.kariuki@rw.pwc.com

ADVERTISEMENT