Season 2 | Ep. 47: Establishing a Resilient ERM Framework: Insights from Two Seasoned Chief Risk Officers
Podcast

Season 2 | Ep. 47: Establishing a Resilient ERM Framework: Insights from Two Seasoned Chief Risk Officers

November 12, 2024

Guests: Dan Bailey, Former CRO and Eric Bonnell, SVP & Director of ERM, First Financial Bank Texas

In this episode of the Risk Intel Podcast, host Ed Vincent invited Dan Bailey, a risk consultant at Certified Risk Partners and former Chief Risk Officer of a $22B Bank and Eric Bonnell, SVP & Director of Enterprise Risk Management at First Financial Bank Texas to join the show to share insights from their extensive experience developing ERM programs in financial institutions. As former and current CROs, they’ve both worked to set up risk frameworks that align with regulatory expectations and operational needs.

Setting a solid ERM foundation not only meets regulatory requirements but also gives an institution a structured approach for proactive risk management. This episode underscores the importance of starting with the basicsestablishing consistent language, defining clear risk tolerances, and building out a framework that aligns with both short-term and long-term organizational goals. By prioritizing a foundational structure, Dan and Eric’s insights suggest institutions can better identify, manage, and report on risks, making ERM a more effective tool for informed decision-making.

Cultivating a Risk-Aware Culture

Dan and Eric both believe that successful ERM relies on a strong risk-aware culture. In their experience, ERM is more effective when all members of the institution understand its importance and see themselves as part of a cohesive risk management team. Dan compares the role of a risk manager to that of a coach, where alignment and clarity on risk goals allow each team member to contribute effectively. By promoting this collaborative approach, institutions can drive a cultural shift that emphasizes responsibility and shared ownership of risk.

A risk-aware culture doesn’t develop overnight; it requires ongoing education, communication, and engagement. Both Dan and Eric underscore the importance of buy-in from leadership and other departments, as their support helps embed risk awareness into daily practices. When employees view ERM as a shared goal rather than a compliance task, the institution is better positioned to identify, mitigate, and monitor risks consistently and effectively.

Business Resilience and Strategic Adaptability

In today’s ever changing environment, business resilience is more important than ever. Dan highlights resilience as a core element of ERM, viewing it as essential to the institution’s ability to maintain operations during crises. While resilience is often tied to business continuity, Dan stresses that it should go further, encompassing the ability to anticipate and prepare for strategic risks tied to new products, services, or economic changes. This broader focus on resilience enables institutions to adapt quickly to shifting landscapes and maintain operational stability.

Eric adds...

"Resilience isn’t just about withstanding crises; it’s about fostering a mindset of adaptability and readiness for future challenges. Building resilience requires cross-functional collaboration and a focus on strategic alignment, making ERM not only a protective measure but also a tool for strategic planning.

Institutions that cultivate this resilience can respond more flexibly to market changes, regulatory pressures, and evolving customer expectations, ultimately enhancing their competitive edge.

The "I Triple M" Approach to Risk Management

Dan introduces his “I Triple M” approach—Identify, Measure, Mitigate, and Monitor—as a streamlined methodology for comprehensive risk management. This approach provides a clear framework that encourages consistent assessment and response to risks, allowing institutions to address threats in a structured manner. By breaking down ERM into these four steps, Dan's method simplifies risk management for institutions, helping them systematically evaluate and control risk exposures.

For institutions, adopting a structured approach like this can improve both the efficiency and clarity of risk management efforts. With each step building upon the previous one, this approach allows risk managers to establish an effective rhythm for identifying and addressing risks.

This cyclical process also enables institutions to continuously monitor risk, allowing them to respond more proactively and strengthen their overall ERM framework. - Dan explained

The Risk Manager as Coach, Partner, and Change Agent

Eric expands on the role of a risk manager, describing it as multifaceted and people-centered. He sees risk managers as not only coaches but also partners and change agents within their organizations. This role requires an empathetic approach to navigating organizational challenges, guiding teams through risk changes, and fostering alignment on ERM goals. By balancing guidance and partnership, risk managers can help departments embrace change while keeping risk management objectives in focus.

This coaching mindset also supports the change management aspect of ERM, especially as institutions evolve and grow. Effective risk managers can bring departments together, establishing trust and promoting a culture of open communication around risk. This alignment not only helps in achieving ERM goals but also reinforces the institution’s resilience, as teams become more adaptable and risk-conscious.

Overcoming Resource Constraints and Demonstrating ROI in ERM

One of the challenges Dan and Eric highlight is scaling ERM resources as institutions grow. Eric discusses the burden of limited resources, especially around manual tasks such as generating key risk indicators (KRIs), which can strain teams and limit efficiency if you don't have a way to automate processes. He notes that while ERM can often be a resource-intensive process, it’s crucial to demonstrate its return on investment (ROI) to senior management in order to secure needed budget expansions.

Both Dan and Eric stress the importance of illustrating the ERM journey and showcasing milestones to leadership. By demonstrating progress and highlighting how ERM protects and benefits the institution, risk managers can make a strong case for additional support and technology, like an ERM Platform. With adequate resources, institutions can better implement automation, track KRIs, and ultimately achieve a more robust ERM program.

Aligning Stakeholders and Embracing Continuous Improvement

The episode concludes with a focus on aligning stakeholders to a shared risk vision. By building strong partnerships across departments and regularly engaging stakeholders in ERM discussions, institutions can foster a collaborative approach to risk management. Dan notes that this alignment ensures that ERM goals are consistently communicated, helping departments understand their role in the larger risk landscape and work together toward common objectives.

Continuous improvement in risk management maturity is also essential to long-term success. Both Dan and Eric emphasize that ERM is an evolving discipline, requiring institutions to remain adaptable and forward-looking. As risk landscapes shift and new challenges arise, continuous improvement efforts help institutions refine their ERM practices, remain compliant with regulations, and maintain a proactive approach to managing emerging risks.

Conclusion: A Holistic and Adaptive ERM Approach

This episode underscores the value of building a strong ERM foundation, cultivating a risk-aware culture, and adopting a structured approach to managing risk. Dan Bailey and Eric Bonnell provide practical insights for implementing ERM that goes beyond compliance, aiming for a truly integrated and proactive risk management process. Through their experiences, they demonstrate that ERM requires continuous improvement, resource investment, and a shared vision to succeed.

For institutions seeking to enhance their ERM programs, contact SRA Watchtower today. By investing in building a solid risk framework, cultivating a risk-aware culture, and focusing on continuous improvement, organizations can transform ERM into a strategic asset that supports both immediate and long-term goals.

Guest Bios:

Dan Bailey, Managing Director of Certified Risk Partners a risk management advisory-consulting-implementation firm.  

Dan has been actively involved in the risk management and IT industries for 25+ years.  Dan has achieved and maintains multiple industry-related certifications.  He also serves in a Board/Executive advisory capacity with the University of Texas at Dallas and DRJ. www.certifiedriskpartners.com or email him at dan@certifiedriskpartners.com

Eric Bonnell, SVP, Director of Enterprise Risk Management

Bonnell joined First Financial from a $21 billion bank, where he was instrumental in developing their enterprise risk management framework (ERM) as they matured over the $10B asset-size regulatory threshold and beyond. He has also served in a number of other operational and risk management-related roles within the financial services and insurance industries that bring valuable experience. Eric is a native of New York, where he earned a Bachelor of Arts in Computer Science from Manhattan College and a Master of Science in Computer Information Systems from Iona College. He graduated from the ABA’s Stonier Graduate School of Banking and Wharton Leadership Program at the University of Pennsylvania. He holds the designations of Certified Information Privacy Professional (CIPP/US), Certified in Risk and Information Systems Control (CRISC), and Certified Information Systems Security Professional (CISSP).

RMA RIsk Maturity Framework

Powered by SRA Watchtower

Take the self-assessment today to
measure your institutions risk maturity.
SCHEDULE a demo
risk maturity framework

EXPERIENCE. WISDOM. KNOWHOW.

Book an

SRA CONSULTING

discovery session

SCHEDULE NOW
enterprise risk management for credit unions
Three ways to tap into the people, technology and insights of SRA Watchtower.
We're focused exclusively on the serving the financial & Insurance industries.

DISCOVERY 
SESSION

Discovery Session
Schedule a 30 minute discovery call with an SRA Watchtower risk expert to understand your challenges or opportunities ahead to see how Watchtower's holistic risk intelligence platform can support your goals.
SCHEDULE NOW

WATCHTOWER
DEMO

watchtower demo
Look inside Watchtower, the holistic risk intelligence platform to learn how it helps executives navigate risk and drive growth.
BOOK TODAY

Risk Intel
Podcast

Risk Intel Podcast
Listen and learn from SRA Watchtower risk enthusiasts, customers, and experts across the financial industry through our weekly risk focused podcast.
REGISTER

RMA RIsk Maturity Framework

Powered by SRA Watchtower

Take the self-assessment today to
measure your institutions risk maturity.
SCHEDULE a demo
risk maturity framework