ERMA: The Path to Getting a Handle on Your Enterprise Risk Management Efforts
Managing enterprise risk can seem impossibly complex. Let AffirmX’s Enterprise Risk Management Assessment (ERMA) solution help you get a handle on where your institution is on an enterprise-wide level and where to focus your efforts going forward. ERMA evaluates and scores an institution’s efforts to implement and maintain an ERM program. Through a series of questionnaires, interviews of key staff members, and a review of strategic documents, AffirmX will assess the institution’s efforts in the following seven key categories:
- Interest Rate
AffirmX will assign risk ratings for the institution’s management in each of these categories. AffirmX will prepare a detailed assessment report along with an executive summary for the institution’s board of directors and senior management.
What We Review
The assessment will consider such documents and materials as:
- Risk assessments the institution has conducted within each of the seven risk categories.
- Assessment of the institution’s opportunities and risks, such as Key Performance Indicators (KPIs) and/or Key Risk Indicators (KRIs).
- Documentation of risk directives and controls in all seven categories of risk, including use of policies and procedures as well as initiatives/goals/objectives of the institution.
- Documentation related to risk monitoring in all seven categories of risk including.
- Loan portfolio reports by product type with underwriting enhancements, such as LTV, CLTV, FICO, etc.
- Delinquency reports by lending portfolio and/or loan loss reserve analysis reports (ALLL).
- Internal classification and watch list reports.
- Charge-off reports.
- Strategic documents related to borrower factors, including Board of Director reports on loan portfolios, business plan reports, credit committee reports, etc.
- Loan portfolio reports by product.
- Loan concentration reports.
- Lending policy or related documents that reflect concentration limits and/or penalties and, if applicable, divesting requirements for level overages.
- Divesting strategy documents as applicable.
- Loan portfolio reports, including pricing reports and use of prepayment penalties, etc.
- Payoff reports, including maturity reports and early payoff prior period reports.
- Loan portfolio reports that reflect counter-party relationships, such as use of PMI insurance or other guaranties from entities, including government entities (SBA, Freddie Mac, etc.).
- Interest rate risk policies including asset/liability management (ALM) policy that include interest rate risk sensitivity guidelines and parameters.
- ALM program (model) assumptions and output (internal or external) including NEV, income simulation, GAP, etc.
- Rate schedules, including deposit/share and loan products.
- ALCO meeting minutes, background on ALCO committee members, background, experience and area(s) of responsibility as it relates to ALM.
- Funds management policy and supporting documentation.
- Summary of credit lines available and used (listing source, rate, balance, term, maturity).
- List of investments, including name and maturity.
- Cash management forecasting reports for monitoring liquidity.
- Projected balances of material balance sheet account reports.
- Investment policy and supporting documentation.
- List of investments, including name and maturity.
- Analysis reports of price risk on investment securities.
- Complaint management policy and program, including tracking system.
- Complaints received and how handled, including support documentation.
- Collections policy and tracking with support documentation.
- Strategic plan.
- Business plan.
- Competition assessment reports, including pricing reports on competition.
- Capital plan.
- Regulatory examination reports.
- Other assessment reports, including auditor reports.
- Product assessment needs reports (either as a separate or part of another strategic assessment report) internally or externally prepared.
- HR policy program document.
- Organizational chart and key position description.
- HR reports on personnel injuries or other related reports on safety, health, etc.
- Insurance policies, including property insurance, health, E&O, etc.
- Insurance claims and support documentation.
- Information technology program documentation, including policy, program, assessments, testing, training, etc., including reports on data integrity, system restoration, information security practices and IT infrastructure assessments.
- Annual financial accounting audit reports.
- Vendor risk management program documentation and assessments reports.
- Internal routines and controls policies and program, including use of certifications, vacation policy, segregation of duties, etc.
- Fraud monitoring reports, including filed SARs not related to BSA/AML/OFAC.
- Legal/litigation summary reports.
- Compliance risk assessment reports, including internal and/or external reports.
- BSA/AML/OFAC assessment reports, including internal and/or external reports.
Upon completion of our Enterprise Risk Management Assessment, we will create a risk rating using the ERMA tool in the AffirmX Risk Intel Center platform indicating our findings in the seven key areas as well as a cumulative Enterprise Risk Management score.
We also provide a full, written report and along with an executive summary. The report will include findings and recommendations for addressing any noted deficiencies.
AffirmX’s Enterprise Risk Management Assessment services will not only help you address regulatory expectations, they will also better position your institution to present established controls effectively as well as to modify controls/artifacts as necessary to improve internal monitoring efforts.
Contact us to learn more or to receive a no-obligation proposal for AffirmX’s Enterprise Risk Management Assessment services.