Facing increased regulatory scrutiny and an expanding risk landscape, banks are enhancing RCSA programs to better evaluate these risks and assess their readiness to handle them.
The RMA/PwC Risk and Control Self-Assessment Survey highlighted the industry’s increased focus on the RCSA program as an important tool for managing operational risk across the enterprise. Aside from offering insights into areas such as data consistency and methodology, the survey results reflected the growing importance of technology to risk management and reporting—and the role leadership plays in building an enterprise-wide risk management culture.
“Improved technology becomes critical as the organization grows,” said Thomas MacDonald, EVP and chief risk officer of Maine Community Bank. Too many institutions still rely on manual processes, like spreadsheets, to manage their risk programs. Adopting a centralized risk platform could help by connecting risk areas, for better insight and reporting. “That functionality will also aid in the challenge of breaking down silos,” he said.
In an increasingly digital world, the nature of risks can change quickly. Couple this with the increased regulatory scrutiny that followed recent banking crises and the need to more efficiently manage resources, and banks are having to improve their flexibility and risk management tactics to adapt. “Luckily there are a lot of switches, levers, and buttons that can be adjusted to make the RCSA program work for many different situations,” said Jason McDaniel, VP and operational risk manager at Zions Bancorp.
Communication and culture-building can help. Creating a risk culture across the organization, respondents said, is key. “Culture-related challenges continue to be a significant obstacle that banks face in optimizing their programs,” McDaniel said. “RCSA programs are broad and complex and can only be successful if there is a strong top-down culture throughout the organization to own and manage risks.”
Respondents said they shared highlights of survey findings with their leadership teams and others within enterprise risk management to provide key stakeholders “with the confidence in the integrity and conceptual soundness of our methodology,” said Pat Eglinton, SVP of operational risk at First Citizens Bank.
For some, the survey was a way to sense-check their programs against industry peers and make improvements to their RCSA program, where necessary. It “provided the platform to challenge our developed approach with insights … that challenge our effectiveness, including the granularity and frequency of certain activities,” Eglinton said. Feedback from larger institutions is one way Maine Community Bank’s MacDonald steers his program as his bank grows. “It allows our bank to learn from those that have previously addressed [certain] issues, and to learn from both their mistakes and successes,” he said.
For others, understanding what the rest of the community is up to simply reinforced that they were already on the right track. Zions, for instance, has had a strategic roadmap for its RCSA program in place since 2018. While the survey “hasn’t highlighted any significant gaps or changes we need to make, it definitely helped validate our plan,” McDaniel said.
Respondents agreed that the survey was a rallying point for focusing effort and moving forward together as an industry. “Cultivating meaningful relationships with industry peers is crucial to advancing both the RCSA approach and, more broadly, ORM (operational risk management) as a practice,” affording leadership an opportunity to “progress … towards advanced practices,” Eglinton said. “Without industry trades, such as RMA, and collaborative industry peers, developing, implementing, and advancing risk programs in an environment of shifting regulatory expectations would be impractical,” he added.
Read the executive summary of the survey report here.
Read an interview with two of the survey’s creators—PwC Principal Kevin Barry and PwC Partner Alex Pflepsen—here.