43 Getting To ERM

McKinsey Working Papers on Risk, Number 43

Getting to ERM
A road map for banks and other financial institutions

Rob McNish
Andreas Schlosser
Francesco Selandari
Uwe Stegemann
Joyce Vorholt

March 2013
© Copyright 2013 McKinsey & Company

Contents
Getting to ERM: A road map for banks and other financial institutions
Introduction

1

ERM framework and industry insights

4

The ERM framework: Thinking about ERM holistically

4

ERM industry insights

4

How to run an ERM diagnostic in banks and other financial institutions

8

The ERM diagnostic 

10

Benefits for managers from an ERM diagnostic

11

McKinsey Working Papers on Risk presents McKinsey’s best current thinking on risk and risk management. The papers represent a broad range of views, both sector-specific and cross-cutting, and are intended to encourage discussion internally and externally. Working papers may be republished through other internal or external channels.
Please address correspondence to the managing editor, Rob McNish (rob_mcnish@mckinsey.com).

1

Getting to ERM: A road map for banks and other financial institutions
Introduction
Few observers of recent years would question that risk management as a discipline has been changing in important ways. In fact, we can argue that risk management is undergoing a quiet revolution, moving from an essentially compliance-driven, quantitative control function toward a senior-management capability relevant at the highest levels of decision making and strategy setting. Enterprise-risk-management (ERM) capabilities and competencies are at the heart of this change. But the journey to an integrated firmwide-riskmanagement capability is not a straightforward one and several misconceptions and prejudices must be overcome along the way.
In the financial sector, complex quantitative approaches to managing risks have been augmented by new top-down processes beginning with heightened board oversight and accountability. Hard questions have been asked by