Brian's Blog


Building an actionable risk management program provides security and a clear response to any emerging event. For many in the banking, technology, and venture capital communities, it has been an intense few weeks. The increased industry activity that impacts enterprise risk includes:

  • The revelation of questionable financial decision-making hiding in plain sight.
  • Seemingly reasonable “flight to safety” by some depositors moving deposits to Systemically Important Banks (SIBs).
  • Technology firms worried about access to cash for basics such as making payroll.
  • The Federal Deposit Insurance Corporation (FDIC) making an unprecedented move in providing an unlimited deposit insurance guarantee.
  • The SIBs depositing billions with their smaller industry siblings to shore up confidence in the banking system.
  • Recent bi-partisan groups rallying around reassuring depositors through the proposed roll-back of pre-COVID deregulation.
  • The addition of risk protection through other regulators, such as the U.S. Securities and Exchange Commission (SEC), to evaluate cybersecurity guidance for Financial Firms.

All the while, the chances of entering an economic downturn this year have significantly increased.

It was three years ago this month that we experienced a COVID-induced economic shutdown that was unlike anything ever seen before. And just like that experience, as business leaders, we have a responsibility to protect our shareholders, clients, and employees. This protection starts with evaluating, managing, and governing business risk – we consider this enterprise risk governance.

Preventative Measures in the Face of Adversity: Where Do You Begin?

As we ideate on how businesses in all industries should be readying for additional economic disruptions and preparing for post-recession economic growth, we must enact business resiliency and risk governance principles, which are established through solid risk management solutions. These risk management principles apply equally to businesses in all sectors. Due to the immediacy of the topic at hand, we will focus on the banking and technology sectors as examples.

Key areas of risk on which to focus during these uncertain time include::

  • Third-Party Risk Management (TPRM): Third-party Risk Management (TPRM) is often thought of as a burden brought about by procurement. But if approached appropriately, TPRM starts with an alignment with the overall business strategy. Third-party firms that a business works with can be in a position to align with and enhance the business’ reputation – to protect that reputation.
  • Financial Risk Management (FRM): Financial Risk Management (FRM) takes many forms. It relies on having solid financial reports on a company and the third parties with which it does business. The size of the organization is not always a good predictor of the condition of the financial statements’ trustworthiness, nor their accurate interpretation. For example, a footnote in SVB’s financial statement highlighted its liquidity risk, but this got past quite a few “third-party” CFOs (depositors), TPRM reviewers, and Board Members.
  • Operational Risk and Controls Evaluation: It often makes sense for a business to have an explicit risk appetite statement. The U.S. financial services regulators require the largest of banks to have risk appetite statements, but this is helpful for businesses of all shapes and sizes. Ensuring that the Board is aligned with senior management in its on-going decision-making process prepares the organization for when situations occur like the recent bank fallout.
  • Operational Risk Management: Operational risk requires controls development, evaluation, and testing to go one step further, by ensuring that key areas of the operation are secured. Two key areas of any business’ operation include cybersecurity and data. In recent conversations with boards, we often hear cybersecurity risk and threats of cyber-attacks being a large threat and source of uncertainty.

Three years ago, as we entered the unfortunate COVID era, businesses that were prepared, or at least reacted quickly to the circumstances, emerged the strongest. As we enter the latest chapter of economic uncertainty, as business leaders, we have a responsibility to protect our shareholders, customers, and employees. For our businesses to emerge on the other side stronger than ever, our responsibility is to evaluate our organization’s risk and act to ensure ongoing business resiliency for long-term success and sustained growth.

Auto Text
Auto Image
Auto Drop
Actions: E-mail | Permalink |