Dodd-Frank may have been designed for large financial institutions, but its regulations mandating formation of risk committees are being imitated across non-financial industries, according to a report by the Risk Management Society.
“The regulations that were designed for financial institutions have become a best-practice and have been quickly adopted by other industries,” said John Phelps, director of business risk solutions for Blue Cross & Blue Shield of Florida Inc. and the 2013 RIMS president. “Now if you want to stay competitive, adapting to these requirements is something your organization needs to achieve.”
Based on interviews with practicing risk professionals from the RIMS board of directors, the report, “Exploring the Risk Committee Advantage,” looks at the types of committees and roles that risk professionals can take.
While committees of between 8 and 12 people may take various forms, establishing a liaison to a company’s board is essential, especially if the company is public. Leadership involvement allows the groups to overcome challenges to their effectiveness, such as time constraints among members.
“Getting buy-in from leadership is easier now,” said Gloria Brosius, director of risk management and insurance programs for Farm Credit Council Services Inc. and a RIMS board director. “Natural disasters, economic implosions, cyberattacks have organizations on high alert. Today, many more boards appreciate the value of strong risk management capabilities.”
The types include a committee of the board and C-suite and operational risk committees.
The first addresses the board’s oversight responsibility for risk management, including long-term strategic risks. The second typically comprises some executives and risk managers, and is more common at smaller companies; the third might include vice presidents and directors and, as the name suggests, focuses on operational exposures and developing specific risk control and financing strategies.
Another key takeaway from the report is the potential for risk committees to “bridge the operational gap,” the report said, by functioning as the knowledge center or hub of an organization and helping to align its units with overall strategic objectives.
As a case in point, the report cited the 2014 RIMS Marsh Excellence in Risk Management XI survey, in which participants were asked to identify “the biggest gaps in the performance of my organization’s risk management function.”
For C-suite respondents, this included educating others on key risk management practices and integrating them with operations. For risk professionals, the answer was almost identical: integrating with operations.