Enterprise Risk Management
Home > Expertise > Risk Management

Enterprise Risk Management

Representative Engagements

Best-in-class enterprise risk management (ERM) contributed to the success of those institutions weathering the global financial crisis. Conversely, weaknesses in ERM contributed to the downfall of others. A sound approach to ERM increases a firm’s resiliency to unexpected events and, if implemented effectively, is a source of comparative advantage. This has not gone unnoticed by the global regulatory community, which has responded with heightened regulatory scrutiny and expectations for ERM across the industry.


Promontory has extensive experience in all aspects of ERM, including building the infrastructure to support it. Given the paucity of comprehensive written expectations in the area of ERM, Promontory has developed its own proprietary standards and methodologies, which have been favorably received by financial institutions and their regulators.

The standards we employ to assess the effectiveness of ERM programs and practices are informed by our collective experience as regulators and industry practitioners, our knowledge of best practices employed by the financial institutions we have served globally, as well as by regulatory requirements and expectations around the world.

We work with clients to determine appropriate risk appetite strategies and to build the infrastructure to support and monitor risk appetite. This includes strong governance structures based on a “three lines of defense approach,” control frameworks, and reporting templates. Our team of former regulators and industry specialists includes individuals with expertise in specific areas of risk management, such as credit, compliance, liquidity, and market and operational risk management. We are expert in the details of the regulatory response to the financial crisis, including the Dodd-Frank Act and Basel III and how they affect regulatory expectations.

Generally, Promontory organizes its standards for an effective enterprise risk management framework into four main components. These components, and their subcomponent principles and standards, are:

 Internal Environment  

  • Board and executive management commitment and direction (i.e., tone at the top)
  • Board and executive management risk appetite
  • Relations with regulators
  • Stature of risk management and independent control functions
  • Expectations of businesses for managing risk
  • Design and use of incentives (including risk-based performance measurement)


Governance and Structure  

  • Board and management committee structures and effectiveness
  • Policies and procedures
  • The role, responsibilities, organizational structure, and independence of the CRO and the enterprise risk management function
  • Adequacy of reporting to allow timely and effective governance


Risk Management, for all risks individually and on a consolidated enterprise basis

  • Risk identification
  • Risk measurement (including economic capital and stress testing)
  • Risk reporting and monitoring
  • Risk mitigation (including tolerances, limits, standards, prohibitions, pricing for risk, and hedging)
  • Financial and operational contingency planning


Independent Control Functions, such as Audit, Credit Review, Model Validation and Compliance Testing

  • Risk assessment and prioritization
  • Planning, scoping and reporting
  • Issue identification, prioritization and resolution
  • Resource adequacy
  • Independence

Representative Engagements

  • We conducted a comprehensive review of risk management practices for one of the country’s largest financial institutions. We reported our findings directly to a special committee of the board of directors. Our review encompassed risk management governance as well as credit risk, capital management practices, liquidity management practices, loss forecasting, market risk, credit risk and operational risk.
  • We assisted a large investment bank in establishing a risk management framework consistent with best practices for a large, complex banking organization. Our work began with a comprehensive assessment of existing risk management practices against expectations for a bank holding company. Based on this assessment, we developed a plan for improving risk management across a number of areas.
  • We assisted a large bank holding company in enhancing its enterprise-wide reporting on compliance and operational risk. We reviewed the bank’s ERM infrastructure for scope, relevance, and usefulness in light of legal and regulatory requirements, regulatory guidance and sound industry practice. In the operational risk area, we created a risk segmentation framework by business area (over 70 business lines) and risk that rolled up for enterprise-wide reporting. As part of our work, we made use of the bank’s general ledger categories for tracking losses to make Basel II economic capital calculations. We integrated those categories into the risk segmentation framework to create enterprise-wide risk information. We assisted management in defining and building databases to hold supplemental information (not captured in the G/L system) relevant to risk management, such as “near misses” – control failures that did not result in measurable losses. We also assisted management in enhancing reporting around remediation efforts, in particular by enhancing project management and issue tracking databases and related reporting.
  • In response to regulatory criticisms, we assisted a smaller commercial bank in designing and implementing a risk management program. We assisted this institution in implementing a credit risk management program, including an enhanced loan classification program and enhanced allowance for loan and lease loss methodology. We also designed an enterprise-wide reporting package.
  • Promontory conducted an independent review of corporate governance, management structure and risk management at a large regional bank, with a report submitted to both the board of directors and the regulator. The risk management review focused on overall governance and structure and in-depth analysis of credit risk, liquidity risk and capital management functions.
  • Promontory conducted a review of the risk management organization, governance and function at a large regional institution. Our work focused on providing a roadmap for the newly installed chief executive to conduct a change-management exercise that would improve the governance of risk management and disseminate best practices in risk management, with particular focus on credit risk, market and liquidity risk, capital planning, operational risk, compliance risk, and independent control functions.
  • We assisted a large regional bank in conducting an evaluation of its anti-money laundering compliance program, and compared it against its peer institutions.

Enter Below Code :