How to Evaluate Risk Management Units in Financial Institutions?

Abstract

Based on the existing Enterprise Risk Management framework and current government regulations, “banks are required to establish risk management units (RMUs) to review and evaluate their risks, monitor them, and to advise top management.” Currently an integral part of the risk governance and management process, RMUs in financial institutions have become increasingly important since the 2007–2008 financial crisis.This article details the authors' creation of an index to evaluate the performance of risk management units in financial institutions, and then examines some of their findings. The index transforms twelve parameters into a simple and convenient index that isolates the RMU's activities from the rest of the organizational risk management process, its risk preferences and the activities of the rest of the units. The index's parameters are divided into three dimensions of the RMU's performance: professionalism, organizational status and relationship with top management and the board.The authors found a positive relationship between their RMUI and some important risk governance characteristics: CROs who are among the five highest paid executives at the bank, banks with at least one independent director serving on the board's risk committee having banking and finance experience and boards with greater efficacy.