Here is an essay on ‘Enterprise Risk Management in Banks’ for class 11 and 12. Find paragraphs, long and short essays on ‘Enterprise Risk Management in Banks’ especially written for school and college students.

Meaning of Corporate Risk:

Corporate risk means a company’s operation and revenue being adversely affected on account of risk. The business of a bank suffers due to several risks. The range of risks include interest rate risk, exchange risk, default risk, liquidity risk, business risk, financial risk, market risk and operation risk.

Adverse movements of interest rate or currency rate affect the value of the bank’s assets, liabilities or income. Non-payment of sums due by debtor due to inability or unwillingness to meet the contractual financial obligations is known as credit risk. Labour strike, machinery breakdown, government policy, changes in customer preferences, mismanagement of finance etc. may lead to loss or even collapse of business.

The business may suffer by interplay of price risk, interest rate risk, commodity risk, foreign exchange risk which are otherwise called market risk. It can also be due to the inability of the bank to sell its assets in the market readily at reasonable price.


Corporate Risk Management:

Corporate risk management refers to the process which a company adopt to contain its risks at the tolerance level. It is a planned approach to deal with various risks faced by a corporate. Risks can be primary risks or secondary risks.

Primary risks are those risks that are inherent to the business. For example the risks in an industry arising out of industrial accidents are primary risk also known as inherent risk. But the risk in investments of surplus cash in stock markets is secondary in nature. The problems arising out of economic downturn or political instability affecting all most all business enterprises is called systemic risk.

But problems of a particular company arising out of its own action or inaction is called unsystemic risk. A company having high degree of unsystemic risks, loses confidence of the stakeholders, i.e., the suppliers, customers, employees, shareholders and consequently suffer decline in its activities and earnings.

Risk Management Approach:


The following are the steps in risk management:

1. Risk identification

2. Risk analysis

3. Risk transfer


4. Risk sharing

5. Risk retention

6. Risk avoidance

Loss control is the ultimate purpose and can be achieved only by managing the risk effectively. Risk retention is the best way when the loss is small, whether the occurrence of the risk is frequent or infrequent. Risk sharing can be done with insurance company or by Collective approach (joining with other companies in the same field).


There is subtle difference between risk avoidance and risk transfer. The avoidance is not making the investment or not doing the business. But the transfer is outsourcing the risky job or insuring the risk.

The risk transfer in currency holding or investment in securities is usually done through derivative contracts viz. Futures,Options and Swaps.

Every bank encounters risks, based on its business, economic, social and political factors, the status and prospects of the industry level of competition, internal factors like competence and vision, industrial relations, capabilities of its staff etc. Identification of one or more risks affecting the bank is risk identi­fication.

Risk Analysis and control means after identification of risks, they are analyzed, quantified appropriate control measures are initiated to mitigate the risk of loss. In nutshell corporate risk management means a systematic planned and holistic approach in managing and mitigating the adverse consequences of the risks that affect the corporate.

Enterprise Risk Management (ERM):


Enterprise wide risk management or Enterprise risk management (ERM) is the improved version of corporate risk management. The risks encountered by the financial institutions are not only financial but also non-financial and all of them are not easily identifiable or quantifiable.

Risk Management of the entire organization, appreciation of risks, immediate and beyond, probable develop­ments in future when taken into decision making it indicates that the organiza­tion knows how to respond to various risk situations and also when to accept business opportunities and when to reject.

Several aspects are considered and coordinated in order to create a right framework for enterprise wide risk management. The exercise is not simply meant to avoid losses but more impor­tantly to take advantage of the opportunities to increase business and profit.

Risk Management in Banks:

The Banks more often focus on credit risk and market risk and other risks tend to get underplayed if not overlooked. Risks are there in every single activity of the bank and not taking a holistic view of risk management may lead to adverse consequences. Operational risk is one which banks have started taking into account only recently.


Operation risk is the risk of loss resulting from inade­quate or failed internal process, people and systems or from external events. Reputation risk may arise due to fraud or staff incompetence which invite adverse coverage in the media or invite investigations by the regulators which tarnish the image of the bank. Therefore right approach for the bank is enterprise risk management.

Business Strategy Risk:

It is the risk faced by bank operating in a complex economic environment affecting the structure, product, pricing and customer relations. An investment bank might consider issuing complex and novel instruments as safe and profitable while the same may be considered as risky by the cautious commercial banker.

The important point is that each decision shall be appropriate to particular institution and its managers should be aware that the risks taken commensurate with the bank’s policy. They have to communicate the nature and extent of such risks unambiguously to appropriate authorities of the enterprise. Improvement of risk models, risk reporting and integrity of database are important issues to the banks in Risk Management.

The credit risk, market and operational risks and the other risks viz liquidity risk, asset liability mismatch risks, interest risk, currency risk etc. are to be dealt with comprehensively. Focus should be not merely growth but sustainable growth. The first step to efficient risk management is identification and quantification of the risk and then decides on the risk management process.


Reward structures and performances measurements must reflect the company’s culture. Incentives should not be based on growth of revenue alone but should be based on a growth that is sustainable. A proper approach to risk management includes the appointment of a chief risk officer to evaluate and accept or modify the risks. Alignment of capacity to bear risk and the actual risk exposure is an ongoing process.

Right information at right time and right place will help right risk management process. New products and new businesses should be subject to stringent risk norms. The financial reporting and disclosure practices shall reflect accounting transparency and clarity. The issues relating corporate governance must be given due consideration.

Internal control systems and other safeguard mechanisms should be strengthened for protection against frauds. The bank should not venture into those products and / or business in which it lacks expertise or skill to assess commercial feasibility and the attendant risk and if it is necessary to enter such business it should be done with extra care and circumspection.

The managers who are entrusted with the responsibility of managing risks of the organization have to regularly monitor the activi­ties. The scope of risk management is to help bank to take calculated risks to create value and not to resort to avoidance of risks. Risk management is the responsibility of everyone in the organization and not merely risk management department and the chief risk officer.

Understanding Risk Management:

Many banks make the mistake of dealing with risk in piecemeal. In other words each unit or department identify its own risk and manage on its own without coordinating with other departments. ERM adopts holistic approach and not divided approach.

Therefore the following aspects need to be considered for proper risk management:


1. The risks faced by the bank

2. The magnitude of each risk

3. The frequency of occurrence of these risks

4. The relationship between different risks.

The risks are to be managed to maximize stakeholder’s value. Uncertainty and Risk are there in almost all activities of the bank. It is possible to anticipate and deal with uncertainty in a near perfect manner. There are tools to deal with uncertainty and risk. Unless the uncertainties are unraveled and the risk is understood and quantified to the extent possible the organization will be groping in the dark and suffer surprise shock.

There are three situations in acceptance of risk:


(i) The risk that is inherent to the business and that cannot be avoided.  

(ii) The risk not inbuilt but necessary to take in the interest of business growth and profit.  

(iii) The risk that bank cannot accept.  

Scope of Risk Management:

Risk management does not end in defending against the loss. A good risk management process has potential for generating sustainable competitive advantages in the long run. How so? The organization by developing the required expertise and knowledge, encourage people to take risk than shun the risk. By understanding and controlling it, an organisation can take decisions in pursuing new opportunities by taking risk and avoid certain business opportunities for eliminating risk.

Each institution should carefully scrutinize its business plan and understand risks associated with its activities. Usually diversification makes risk less severe although, entering new area may cause new risks. But unplanned diversification in unrelated area will spell disaster, unless the organization has necessary skill to manage.

There are successful companies like Tata and Reliance who have built up a portfolio of business ranging from salt to steel and textile to telecom respectively. Whether it is financial organizations, manufacturing or trading organizations, Companies that do not have a strat­egy to cope with changing technology may find themselves at a disadvantage. The most commonly discussed risk is financial risk.


Another risk is envi­ronment risk. In some cases, environment risk could even threaten the very existence of the company, as it is well illustrated by the example of Union carbide in Bhopal (India). Environmental risk affect manufacturing industries erectly but affect financial institutions indirectly.

Political risk arises from the possibility of political decisions or events that may adversely affect company’ profitability. Importance shall be accorded to high standards of legal and regulatory compliance, ethical practice and corporate governance. Business Ethics is rapidly emerging as one of the most important disciplines of manage­ment. Ethical lapse will result in legal problem or reputation loss.

Types of Risk:

a. Technology Risk:

Technology changes are responsible for growth or decline of companies. New technologies threaten established firms unless they adopt in time or take alternative steps. Mobile phone largely replaced landline telephone and likewise stenciling is forgotten with the advent of photo copying.

b. Legal and Regulatory Risks:

There are two types regulation one is self-regulation and the other by the government and the govt., appointed regulators. Compliance of the rules and regulations is called for in both cases and any violation will cause damage to the organization. Self-regulation will facilitate in avoiding violations of stringent government regulations. Banks have to have a good understanding of the legal and regulatory environment in which they operate.


c. Product Liability Risk:

Product liability arises when a defective product or poor service that cause injury to persons or damages to property. The liability largely falls on the manufacturing companies. It affects the bank on account of deficient service.

Integrated Approach in Risk Management:

A bank exposed to financial risk when the value of its, assets, liabilities, operating incomes and cash flows are affected by changes in financial param­eters such as interest rates, exchange rates, stock indices etc. Financial risk management aims to reduce the volatility of earnings and boost the confidence of investors in the bank.

The bank in view of varieties of business handled and their growing complexity should move away from ad hoc transaction driven financial risk management towards bank-wide risk management which takes into account the interconnectivity of risks and the way risks affect business decisions and process.

Broad Issues in Financial Risk Management depends on internal expertise and experience to monitor risk. A well designed asset liability management programme, a simple but comprehensive models for stress testing, sensitivity analysis, measuring value at risk should be in place and applied regularly.

The developments that can trigger large changes has to be anticipated, identified and need to be carefully monitored. The probable developments that can produce positive impact or negative impact on business shall be identified and managed.

Financial Risk Management:


Steps involved in financial risk management are Identification of risks, analysis of risks, quantification of risks and initiate risks control measures. Banks can deal with financial risks in various ways. It can avoid risky business whose values are uncertain. When risks cannot be avoided it can limit the loss, by hedging.

Concentration in exposure is a serious risk. Instead of concentrating business in one industry, market or place it can diversity across several indus­tries, markets and places. Transferring the risky business to another party can eliminate the risk. e.g. outsourcing, sale of N.P.A.

Using Derivatives and Insurance:

Since derivative are complex and risky weapons in the hands of inexperienced or reckless traders, banks must establish a framework for effectively managing and controlling derivatives trading activities. The increasing sophistication of banks approach to credit risk management has created tremendous potential for credit derivatives.

Today banks can convert illiquid assets into liquid assets. It can also protect against adverse changes in the interest rate by derivatives or swap. But at the same time banks should avoid over dependence on derivatives. Recent event of subprime crises (USA) is a case in point.

Although the insurance is good for risk transfer it could cover only acciden­tal or unintentional losses. Losses that occur overtime, due to wear and tear, normal depreciation are not insurable.

Insurance company insists that losses should be easily verifiable and quantifiable. Further insurance company may reject the claim on technical grounds or the company itself may fail and subject to these conditions insurance is a good answer for risk management.

Business Risks:

Business risk can be internal on account of incompetency and inefficiency of staff and external due to competition. In order to retain competitive edge, ranks have to offer products that provide value to customers. If a bank does not have a product or if it has a product, which is inferior to what competitors are offering it cannot succeed in the long run. Each new product involves new risk and hence new risk management. In India there are regulatory compulsions on banks and insurance companies for risk mitigation in their day to day activities.

Systems and Procedure:

The systems and procedure of the organisation should enable managers to know what risks are being taken, quantify them and assess whether they are within prescribed limits. The Senior Management should understand the Risk Profile of the bank as a whole, formulate policy on risk acceptance, establish controls for risk management, establish systems to record and report, proce­dure for checking compliance of internal and external rules and regulations and the manner of periodic review of risk taken, its impact, benefits and problems and modifications if any required.

A management control system will be ineffective without relevant information to monitor and control risk. The information should be easily accessible. Management information Sys­tems (MIS) help in collecting, processing and presenting information to the Management to help them take better decisions. In general MIS generate two types of reports control and information reports.

Control report focus on the comparison and analysis of actual performance with standard or projected performance. Information report gives data on the state of affairs at periodic intervals. Auditing and testing should be undertaken periodically to check the robustness of the systems, procedures and controls. Audits are to be risk focused and set standards to assess the effectiveness and efficiency of the system in use.


Thus ERM is a comprehensive risk management process but complex and bristling with difficulties in implementation. However, it should not deter the organisation from implementing it. Enterprise risk management requires an overall understanding of the company’s operations as well as financial policies and in the long run ERM will prove to be the right approach in risk management.