In this episode of the Risk Intel Podcast, host Ed Vincent invited Dan Bailey, a risk consultant at Certified Risk Partners and former Chief Risk Officer of a $22B Bank and Eric Bonnell, SVP & Director of Enterprise Risk Management at First Financial Bank Texas to join the show to share insights from their extensive experience developing ERM programs in financial institutions. As former and current CROs, they’ve both worked to set up risk frameworks that align with regulatory expectations and operational needs.
Setting a solid ERM foundation not only meets regulatory requirements but also gives an institution a structured approach for proactive risk management. This episode underscores the importance of starting with the basics—establishing consistent language, defining clear risk tolerances, and building out a framework that aligns with both short-term and long-term organizational goals. By prioritizing a foundational structure, Dan and Eric’s insights suggest institutions can better identify, manage, and report on risks, making ERM a more effective tool for informed decision-making.
Dan and Eric both believe that successful ERM relies on a strong risk-aware culture. In their experience, ERM is more effective when all members of the institution understand its importance and see themselves as part of a cohesive risk management team. Dan compares the role of a risk manager to that of a coach, where alignment and clarity on risk goals allow each team member to contribute effectively. By promoting this collaborative approach, institutions can drive a cultural shift that emphasizes responsibility and shared ownership of risk.
A risk-aware culture doesn’t develop overnight; it requires ongoing education, communication, and engagement. Both Dan and Eric underscore the importance of buy-in from leadership and other departments, as their support helps embed risk awareness into daily practices. When employees view ERM as a shared goal rather than a compliance task, the institution is better positioned to identify, mitigate, and monitor risks consistently and effectively.
In today’s ever changing environment, business resilience is more important than ever. Dan highlights resilience as a core element of ERM, viewing it as essential to the institution’s ability to maintain operations during crises. While resilience is often tied to business continuity, Dan stresses that it should go further, encompassing the ability to anticipate and prepare for strategic risks tied to new products, services, or economic changes. This broader focus on resilience enables institutions to adapt quickly to shifting landscapes and maintain operational stability.
Eric adds...
"Resilience isn’t just about withstanding crises; it’s about fostering a mindset of adaptability and readiness for future challenges. Building resilience requires cross-functional collaboration and a focus on strategic alignment, making ERM not only a protective measure but also a tool for strategic planning.
Institutions that cultivate this resilience can respond more flexibly to market changes, regulatory pressures, and evolving customer expectations, ultimately enhancing their competitive edge.
Dan introduces his “I Triple M” approach—Identify, Measure, Mitigate, and Monitor—as a streamlined methodology for comprehensive risk management. This approach provides a clear framework that encourages consistent assessment and response to risks, allowing institutions to address threats in a structured manner. By breaking down ERM into these four steps, Dan's method simplifies risk management for institutions, helping them systematically evaluate and control risk exposures.
For institutions, adopting a structured approach like this can improve both the efficiency and clarity of risk management efforts. With each step building upon the previous one, this approach allows risk managers to establish an effective rhythm for identifying and addressing risks.
This cyclical process also enables institutions to continuously monitor risk, allowing them to respond more proactively and strengthen their overall ERM framework. - Dan explained
Eric expands on the role of a risk manager, describing it as multifaceted and people-centered. He sees risk managers as not only coaches but also partners and change agents within their organizations. This role requires an empathetic approach to navigating organizational challenges, guiding teams through risk changes, and fostering alignment on ERM goals. By balancing guidance and partnership, risk managers can help departments embrace change while keeping risk management objectives in focus.
This coaching mindset also supports the change management aspect of ERM, especially as institutions evolve and grow. Effective risk managers can bring departments together, establishing trust and promoting a culture of open communication around risk. This alignment not only helps in achieving ERM goals but also reinforces the institution’s resilience, as teams become more adaptable and risk-conscious.
One of the challenges Dan and Eric highlight is scaling ERM resources as institutions grow. Eric discusses the burden of limited resources, especially around manual tasks such as generating key risk indicators (KRIs), which can strain teams and limit efficiency if you don't have a way to automate processes. He notes that while ERM can often be a resource-intensive process, it’s crucial to demonstrate its return on investment (ROI) to senior management in order to secure needed budget expansions.
Both Dan and Eric stress the importance of illustrating the ERM journey and showcasing milestones to leadership. By demonstrating progress and highlighting how ERM protects and benefits the institution, risk managers can make a strong case for additional support and technology, like an ERM Platform. With adequate resources, institutions can better implement automation, track KRIs, and ultimately achieve a more robust ERM program.
The episode concludes with a focus on aligning stakeholders to a shared risk vision. By building strong partnerships across departments and regularly engaging stakeholders in ERM discussions, institutions can foster a collaborative approach to risk management. Dan notes that this alignment ensures that ERM goals are consistently communicated, helping departments understand their role in the larger risk landscape and work together toward common objectives.
Continuous improvement in risk management maturity is also essential to long-term success. Both Dan and Eric emphasize that ERM is an evolving discipline, requiring institutions to remain adaptable and forward-looking. As risk landscapes shift and new challenges arise, continuous improvement efforts help institutions refine their ERM practices, remain compliant with regulations, and maintain a proactive approach to managing emerging risks.
This episode underscores the value of building a strong ERM foundation, cultivating a risk-aware culture, and adopting a structured approach to managing risk. Dan Bailey and Eric Bonnell provide practical insights for implementing ERM that goes beyond compliance, aiming for a truly integrated and proactive risk management process. Through their experiences, they demonstrate that ERM requires continuous improvement, resource investment, and a shared vision to succeed.
For institutions seeking to enhance their ERM programs, contact SRA Watchtower today. By investing in building a solid risk framework, cultivating a risk-aware culture, and focusing on continuous improvement, organizations can transform ERM into a strategic asset that supports both immediate and long-term goals.
Dan Bailey, Managing Director of Certified Risk Partners – a risk management advisory-consulting-implementation firm.
Dan has been actively involved in the risk management and IT industries for 25+ years. Dan has achieved and maintains multiple industry-related certifications. He also serves in a Board/Executive advisory capacity with the University of Texas at Dallas and DRJ. www.certifiedriskpartners.com or email him at dan@certifiedriskpartners.com
Eric Bonnell, SVP, Director of Enterprise Risk Management
Bonnell joined First Financial from a $21 billion bank, where he was instrumental in developing their enterprise risk management framework (ERM) as they matured over the $10B asset-size regulatory threshold and beyond. He has also served in a number of other operational and risk management-related roles within the financial services and insurance industries that bring valuable experience. Eric is a native of New York, where he earned a Bachelor of Arts in Computer Science from Manhattan College and a Master of Science in Computer Information Systems from Iona College. He graduated from the ABA’s Stonier Graduate School of Banking and Wharton Leadership Program at the University of Pennsylvania. He holds the designations of Certified Information Privacy Professional (CIPP/US), Certified in Risk and Information Systems Control (CRISC), and Certified Information Systems Security Professional (CISSP).