Season 2 | Ep. 31: Setting the Standard: Building a Baseline of Key Risk Indicators for Financial Institutions

In this episode of the Risk Intel Podcast, Ed Vincent, host and CEO of SRA Watchtower, invites Cathy Jackson, Director of Watchtower Implementation, back to the show to delve into the transformative shift in risk management within financial institutions. This discussion is part one of a multi-part series focusing on best practices for enhancing enterprise risk management (ERM) programs or building new ones to operate in a risk-informed decision-making environment. Here, we summarize the key points discussed, focusing on the criteria for identifying baseline Key Risk Indicators (KRIs), their characteristics, the value of adhering to a standard set, the importance of consistent monitoring, and critical risk data sources.

Criteria to Consider When Identifying a Baseline Set of KRIs

Identifying a baseline or standard set of KRIs is crucial for effective risk management. According to Cathy, a strong starting point is to consider metrics already being measured and reported within the institution. These often include data provided to senior management, the board of directors, and regulators. Here are key criteria suggested:

• ‍Existing Metrics: Start with what is already being measured and reported
• Strategic Alignment: Ensure KRIs are aligned with the company’s strategic plan and risk appetite statements
• Accessibility: Opt for data that is easily accessible, such as call report data, general ledger, and core systems
• Operational Relevance: Include additional metrics related to operational activities, information security, and other pertinent areas

“You’re already measuring it (KRIs) against your forecast, your budget and your strategic planning. Why not add the risk lens to what you’re already measuring?”

Cathy highlights the essential group of KRIs is only about 45 to 50 KRIs, usually already being measured and aligned with the strategic plan. Some financial institutions (FI) may even have risk appetite statements that align with these metrics for each area within the FI. After that,  she states many FIs she works with add another 20 or 30 depending on how complex their risk management program is.

Identify Where the Data Originates

Data for KRIs typically comes from various sources within the institution:

1. General Ledger: Financial data and transaction records
2. Customer Information System: Data related to customer activities and profiles
3. Core Systems: Centralized data systems that support the institution’s primary functions
4. ALCO Reports: Information used to monitor Interest Rate Risk and Liquidity Risk
5. Third-Party Risk Management Systems: Data on third-party interactions and risk assessment
6. BSA Monitoring Systems: Information on compliance with the Bank Secrecy Act

Cathy emphasizes the importance of integrating data from multiple sources. The comprehensive approach ensures a holistic view of the institution's risk landscape. By leveraging diverse data sources, FIs can create a more accurate and detailed picture of their risk profile, leading to more informed and effective risk management strategies.

Key Characteristics of Effective KRIs

Effective KRIs share several key characteristics that Cathy says make them invaluable for risk management:

1. Accessibility: The data should be readily available and currently measured within the institution.
2. Timeliness: Ensure the data is up-to-date, allowing for real-time risk assessment
3. Quantifiability: Metrics should be quantifiable to facilitate benchmarking and comparison
4. Relevance: The data must be relevant to the institution's operations and strategic goals
5. Benchmark Ability: Metrics should allow for comparison with peers and adherence to regulatory standards

“When you’re measuring examiner recognized and examiner understood metrics, it does allow them to draw better conclusions about the health of the bank’s risk position”

The Value of Adhering to a Standard Set of KRIs

Cathy shared that adhering to a standard set of KRIs offers numerous benefits, these include:

• Familiarity and Understanding: Standardization breeds familiarity, enabling stakeholders to understand and expect results, and spot deviations promptly
• Regulatory Compliance: Consistent KRIs facilitate communication with regulators by using recognized and understood metrics
• Efficiency: Utilizing existing data reduces friction, making the integration process smoother and more efficient

Overall, standardizing KRIs enhances the clarity, consistency, and reliability of risk management practices, leading to better decision-making and more robust regulatory compliance.

Why Monitoring a Consistent Set of KRIs is Important

Monitoring a consistent set of KRIs, even as supplemental KRIs come and go, is vital for several reasons:

• Trend Analysis: Regular monitoring helps in spotting trends and potential issues earlier, allowing for proactive adjustments
• Early Warnings: Consistent monitoring provides early warnings of emerging risks, enabling timely interventions
• Strategic Decision-Making: A stable set of KRIs provides a solid foundation for making informed, strategic decisions

Cathy recommends reviewing these KRIs at minimum on a quarterly basis, though she does prefer when FIs are reviewing this monthly. The more often the review, the quicker trends can be spotted (whether positive or negative trends), allowing the institution to be proactive vs reactive. It helps stakeholders and the board of directors to focus on the desired outcome from that risk perspective and adjust strategy as needed, instead of getting to the end of the quarter and having to justify why certain outcomes were or were not met.

Conclusion

In summary, establishing and adhering to a standardized set of KRIs is essential for effective risk management in financial institutions. By focusing on existing metrics, ensuring they are timely, quantifiable, relevant, and benchmarkable, institutions can streamline their risk management processes. Consistent monitoring not only helps in early detection of risks but also supports strategic decision-making and regulatory compliance. As Cathy Jackson aptly put it, "Standardization breeds familiarity," making it a cornerstone of robust risk management practices.

Stay tuned for the next episode of Risk Intel, where Ed Vincent and Cathy Jackson will explore the importance of timeliness and frequency in data monitoring.

Connect With Us To Learn About SRA Watchtower - The Holistic Risk Intelligence Platform