Cyber IT Supervisory Forum eBook

WHY FINANCIAL INSTITUTIONS SHOULD CARE ABOUT RISK • Regulations require banks and credit unions to enact audit & reporting programs, risk management programs, and risk management systems • Increased scrutiny from 3

• Risk & Strategy are two sides of the same coin …leading financial institutions aim to manage risk, rather than eliminate it • Financial institutions with robust risk management exhibit greater enterprise value

1

4

regulators during periods of market turmoil (Silvergate, SVB, Signature) & innovation (emergence of fintech partners)

2

• Cost of inaction related to risk management can be especially high

5

 Fines  Remediation  Operational uplift  Reputational damage/ public relations  Client & colleague retention  Cost of capital  Enhanced regulatory oversight

Financial institutions need a mechanism to quantify, aggregate, evaluate, and report on risk activity over time

BEST PRACTICES OF BUILDING AN ENTERPRISE RISK MANAGEMENT PROGRAM

SRA Watchtower Believes it All Starts With These Four Key Elements 1 2 3

4

Standardization Start with a core set of standardized key risk indicators…Essential KRIs is what we call it

Timeliness Data monitored at

Benchmarked Utilize a consistent, quantitative methodology, & intersect with an institution or regulator’s risk appetite

Reporting Permissioning and connectivity enables controlled data exchange between institution and regulators

least monthly, facilitating more frequent regulatory conversations