Attorneys have long played a key role in helping clients to understand and mitigate risk. Doing that requires smart attorneys to adapt over time as business changes though. And the field of Enterprise Risk Management (ERM) is undergoing just such a sea change today.
ERM is becoming one of the hottest areas in the risk management discipline today, with new advances in technology and communications creating both opportunities and challenges in the space.
For those not familiar with the concept of Enterprise Risk Management, the Risk Management Society defines it as “a strategic business discipline that supports the achievement of an organization’s objectives by addressing the full spectrum of its risks and managing the combined impact of those risks as an interrelated risk portfolio.”
[QUIZ] Unlock More Time In Your Day With A Smarter Workflow
See how much time your firm could be saving. Use our free law firm time savings calculator to uncover efficiency gains and take control of your day.
In particular, ERM is a significant evolution versus traditional risk management techniques in that it encompasses all areas of an organization and looks at the overall set of risks that result from interrelated processes, people, and structures across the organization. This complexity is useful for attorneys as they can help clients to get a more holistic view of the challenges an organization faces.
Early research in ERM showed that less than a third of companies had adopted an ERM framework, with most companies that had such a system having been pushed to develop one either by internal risk managers, the firm’s Board, or regulatory authorities. Over time, ERM has started to become more important.
The Financial Crisis of 2008-2009 made it clear that risks can develop where few expected them and even the largest organizations need to carefully assess their level of exposure to a variety of different risk factors. In addition, since the Crisis government regulators have taken a harder line on risk management practices in a variety of industries. Further adding to the importance of ERM, rating agencies like Moody’s and Standard & Poor’s have begun to incorporate a company’s ERM practices into their rating methodology not only for insurance and banking firms, but for non-financial firms as well.
ERM not only makes sense from a risk mitigation stand point, but there is increasing evidence that it can have financial benefits as well. In a 2008 research study, Simkins and Ramirez found that effective ERM programs can enhance the financial performance of the firm. An important part of this improved financial performance is making corporate governance standards and ERM practices work together. The two are related but distinct. Corporate governance centers on monitoring and managing the firm on behalf of shareholders in accordance with regulations, while ERM is concerned with evaluating and controlling the risks in the organization. In essence, a good corporate governance system is akin to having a watchful manager, while an effective ERM program is like having a sage outside business advisor who reins the manager in when they are taking on too much risk. The two go hand-in-hand and are complementary, but distinct.
Your Definitive Resource On Decrypting Crypto, Digital Assets, And Web3
"Decrypting Crypto" is a go-to guide for understanding the technology and tools underlying Web3 and issues raised in the context of specific legal practice areas.
In fact, ERM needs to work not only with corporate governance functions but with other functions across an organization. A 2006 research paper coauthored between insurance executive Brian Nocco and financial economist Rene Stulz noted that to develop an effective ERM system, firms need to decide on a risk “appetite” and then figure out how to measure the risks the firm is bearing. With that completed, management at the organization can then decide which risks to retain and which risks should be transferred to others either through insurance, financial products like swaps, or even jettisoning excessively risky non-core business lines. In the case of Nationwide Insurance, for instance, the firm attempts to limited “non-core” risk exposures related to financial markets like interest rate and equity risks while taking on core insurance-related risks. Nationwide is certainly not alone in needing to address this issue and decide as an organization which risks are core to the business and which should be mitigated or offloaded wholesale.
Indeed, ERM is often a more complex issue than many observers recognize at first. For instance, during the Financial Crisis, many outsiders faulted firms for flawed risk management processes and claimed that a lack of proper risk management was an important driver of the Crisis. Yet as some studies have shown, many of the decisions made by risk managers were flawed but reasonable at the time they were made. Risk management can fail for a variety of reasons that are often misunderstood. Choosing the wrong risk metrics and mismeasuring risks are often issues that all ERM systems need to confront. Similarly, communication between risk managers and top management can also break down and lead to ineffective guidance and information for decision makers. Current risk management practice can be improved today by accounting for data from past crises and using that data to model potential future crisis scenarios. A variety of statistical tools can aid in this forecasting process. These models enable firms to create effective scenario planning tools based on forward-looking economic data and analysis. Economists still have very limited ability to predict economic crises at a macroeconomic level, but the challenges of these crises and their after-effects are better understood.
Arguably the most valuable aspects of Enterprise Risk Management are the use of economic capital models and the creation of dedicated risk management positions within an organization. Ideally, a dedicated risk manager should report directly to the CEO or the Board to cut down on communications issues. This is particularly important at insurance companies and financial firms. A 2014 study showed that these steps add significantly to cost savings at a firm, and help boost the bottom line. The authors found that in the case of insurance companies, the addition of an economic capital model yielded an 8.4% increase in the cost efficiency of life insurers, translating into $63 million in cost savings (based on average total costs within the sample of $751 million). The addition of such an economic capital model also boosted organizational return on assets (ROA) by 0.54%, with overall ERM programs improving ROAs by anywhere from 0.34% to 0.89% with cost savings ranging from $19.8 million to $73.6 million. Similarly, a 2011 study and a 2014 study both found that ERM programs increase firm value in capital markets.
Michael McDonald is an assistant professor of finance at Fairfield University in Connecticut. He holds a PhD in finance. Michael consults extensively with organizations ranging from Fortune 500 companies to start-up businesses on financial matters through Morning Investments Consulting. Michael has served as an expert witness in legal disputes, and is an arbitrator with the Financial Industry National Regulatory Authority (FINRA). Michael can be reached at [email protected].