Communication, Repetition Key to Good Risk Management
DALLAS–What can risk managers learn from a purple dinosaur?
Debbie Dunn, executive vice president of risk and operations with SWBC, San Antonio, said watching Barney and Friends, the popular PBS children’s show, while her kids were growing up reinforced the effectiveness of effective communication.
“We had that show on all the time, and one of the most persistent messages of the show was repetition,” Dunn said here at the recent Mortgage Bankers Association’s Risk Management, Quality Assurance and Fraud Prevention Forum. “This is a foundation of good business practices.”
Dunn said risk management begins as a question of tolerances. “You need to know where you stand in the conversation,” she said. “Then you have to build a foundation based on clear roles, responsibilities, reporting and repetition.”
Decisions made in the board room are implemented in the cubicles, Dunn said. “Policies and procedures have to be clearly spelled out,” she said. “It’s very important to set the foundation to achieve your goals. Regardless of the sized of the organization, you have to keep your eye on the ball.”
This attention to detail is particularly important for risk managers as the Oct. 3 implementation deadline approaches for the Consumer Financial Protection Bureau’s TILA/RESPA Integrated Disclosure Rule. “If you’re going to lead a TRID implementation, you have to make sure your controls are in place,” Dunn said. “You have to see if procedures are being followed as they happen-it cannot be a reactive practice.”
Dunn emphasized that resolving issues through a “post-mortem” does the least good for those who were most impacted. “No one hired me to tell them what they should have done,” she said. “I was hired to prevent those things from happening.”
Timothy Marrinan, senior advisor with Ernst & Young, New York, echoed Dunn’s sentiment, noting that the industry’s “robo-signing” controversy, in which banks were accused of signing off on foreclosure and delinquency actions with minimal human interaction, had broad ramifications for a number of financial institutions.
“Everyone was caught flat-footed by that,” Marrinan said. “When I called in my staff to analyze this, we realized that this was entirely new exposure of liability to us.”
Marrinan said today’s regulatory schema present enormous challenges to risk managers. He noted in the 1970s, the average bill signed into law ran eight to 10 pages; by contrast, the Dodd-Frank Act ran more than 2,000 pages and included more than 300 new and modified regulations.
“This is not your father’s legislation anymore,” Marrinan said. “The stakes are far higher for banks and financial institutions than ever,,,the landscape has changed dramatically even from just five or six years ago.”
Marrinan added that the new regulatory environment appears to be more draconian than in the past as well. “Today, you don’t just need compliance-you need layers of compliance,” he said. “It’s hard to find a single standard that fits into a black-letter box. You have to have clear procedures in place to address these standards.”
Nick Kiritz, senior principal with Promontory Financial Group LLC, Washington, D.C., stressed the importance of solid risk management data. He noted in 2008, Fannie Mae and Freddie Mac had to restate many of their financial numbers, which he said resulted in a round of introspection among regulators and institutions.
“We saw a great deal of retesting of models to make sure that their numbers were correct,” he said. “You have to have good analytics and good data. For most companies, the leadership of a company are not data analysts, so they’re going to look at data in a very black and white way. So it’s critical that you as a risk manager have an intuitive understanding of how your models work and know how to use the data effectively.”
Kiritz said no model is infallible. “A model is indicative, but it is not reality,” he said. “If you don’t understand your modelers, you’re not going to understand your model.”