• Denise Rinear
  • Published: 08 September 2023


Data management is now established as an emerging specialty in most financial services companies, including community banks – and a mature ERM function is a role model for effective use of data. 

We’ve all heard the statement “you cannot manage what you cannot measure”.  In the case of Chief Risk Officers and other professionals working in Enterprise Risk Management (ERM), they cannot provide oversight of business activities and risks they cannot measure – and this poses a particular challenge when the scope of activities under their leadership is increasing. Data governance, model governance, and risk scenarios are all in scope for risk management functions and their effective delivery requires specialized skills. 

The ERM function is expected to identify and monitor risk exposures across the enterprise, identify the amount of risk the institution has in each exposure, and ensure that risk-taking activities do not exceed the company’s risk appetite. To achieve that mandate, an ERM team needs to be able to capture the appetite for risk as well as the board-approved tolerances and limits used to measure that appetite.

To achieve those goals, ERM is responsible for gathering, aggregating, and reporting on data used to establish the risk profile of the institution. ERM teams identify and capture the quantitative and qualitative data that serves as early warning when the institution approaches the limits it established. The value of ERM is in the early warning it provides. 

Data demands emerge in two similar, but distinct ways. The ERM team uses and analyzes available data from around the institution, and also evaluates and uses data sourced and analyzed by various first line functions. The risk professionals reporting to the executive team and board need assurance that the data they are analyzing and reporting has been sourced and evaluated with skill and integrity.  If the data quality is not there, the ERM team needs the skill set to recognize the data limitations and act on them.  

Often, the number and nature of risk management activities is out of alignment with ERM staffing, and risk professionals struggle to keep up. It is common for risk professionals to find that their day-to-day activities and accountabilities are not specifically articulated in their job descriptions. As a result, ERM skill sets may not match the actual requirements of the role. The mismatch is happening more and more frequently around activities related to data management, data analysis, and management reporting. 

The default approach to ERM staffing tends to be heavily weighted toward recruiting individuals from operations or audit.  An operations or audit background is often useful for operational risk management, but those skill sets alone do not meet the needs of today’s ERM leaders.

Data management and reporting, then, become critical features of ERM value creation. It has also become a key focus for regulatory authorities: in 2020, the Office of the Comptroller of the Currency (OCC) fined a large financial institution $400 million due to its inability to demonstrate the quality of data used for regulatory and management reporting. 

It is critical that specific members of an ERM team – if not everyone in the team – should possess skills that include data management, data analysis, and management reporting. Specifically, look for those who can demonstrate an understanding of database design, data lineage, business process mapping, account & file management, pattern identification, data sampling techniques, data integrity, and business communication. Even a familiarity with management reporting software, graphs, and charts can be a big move forward in communicating what data tells us and where critical deficiencies lie. 

An appropriate mix of skills and capabilities is the goal. When staffing an ERM team, data skills are necessary but not sufficient. A mature ERM team also requires individuals with a depth and breadth of banking knowledge to be effective across all financial services functions. An effective ERM team needs a balance of banking knowledge and the ability to gather, analyze, and understand what the institution’s data reveals about its performance and risks.  

In summary, the core business knowledge required of ERM leaders should be complemented by proven data and analysis skills. Settling for anything less will only result in a less effective ERM program.  

For more insights about effective staffing of an ERM Program, Contact Capco’s Community Bank Consulting team. We can advise you on your ERM program design and support the development of your data management tools and processes.