WASHINGTON – Risk management used to rely upon a silo approach,with managers or committees managing only risks within theirdesignated areas of responsibility, enterprise risk managementconsultant Marcus Faust told CUERM trainees Tuesday at the Capital Hilton.

Faust works for RP Financial, an Arlington, Va.-based financial servicesconsulting firm.

He said successful ERM governance must expand beyond the silostructure, facilitating communication across risk-taking functions,and consider the inter-relationship of risks.

Faust cautioned that each credit union's risk governancestructure depends upon its size and complexity. Large, complexinstitutions will require dedicated resources, which usually meansat least one full-time risk officer.

Smaller credit unions can assign the risk officer role tosomeone who wears more than one hat. However, regardless of size,the ERM must maintain a sense of independence, and the designatedrisk chief must carry some political weight, Faust said. That meansthe risk officer must have a direct line to the board.

“But, we're not talking about a whistleblower, because it shouldnever come to that,” he said.

According to Faust, properly structured ERM governance shouldinclude a board ERM committee, a management ERM committee, and adesignated chief risk officer.

The board committee births the process, overseeing the ERMframework, establishing the comprehensive risk strategy and policystatements, and conducting the annual performance evaluation of therisk officer, which keeps the position independent of the CEO andother senior managers, Faust said.

Board ERM committees should include risk representatives fromother committees, such as the credit committee, and will inviteboth risk-averse directors as well as directors that push theircredit unions to adopt new products and strategies.

The management ERM committee, which Faust described as the“working” risk committee, assists the chief risk officer inidentifying and assessing material risks. Setting up a managementERM committee also helps to instill a culture of risk managementthroughout the credit union, he added.

Chief risk officers can come from a variety of disciplines, notnecessarily just a financial or audit function, he said. Whatever aCRO's background, the position presents a challenge to consider allrisk categories.

For example, Faust said, CROs with a financial managementbackground are often challenged to look beyond credit, market andliquidity risks. CROs with an audit background find it difficult tolook beyond individual audit exceptions, “failing to see the forestfor the trees,” he added.

Faust instructed the group about proper committee charters andpolicy statements and concluded his session with a list ofchallenges for credit unions developing ERM programs. He said thoseinclude a lack of board support, which often stems from a lack ofeducation on the topic, a failure to designate one person to fillthe CRO role, and a lack of effective controls.