Let’s speak plainly. The banking and financial industry is mired with acronyms. Especially in risk management. Among many practitioners and executives, there is mystery behind their true definitions and implications, often by design. Let’s fix this and get to the heart of the matter.
ERM is Enterprise Risk Management, a business concern and activity. It is strategic and is typically utilized by Executives, Boards and Management.
ERM purpose is to provide a holistic view of the risk profile of the firm and monitor strategic and risk imperatives that impact the firm’s performance, achievement or lack of achievement of its critical objectives.
GRC is Governance, Risk and Compliance, a risk practitioner concern and activity. It is tactical and is typically executed by the first- and second lines of defense within banks. Specifically, it generally relates to operational, I.T. and compliance risk.
GRC encompasses day-to-day risk assessments and control tasks that must be performed at the line of business/department level. GRC task functions concentrate on compliance and operational risk verticals within banks. Areas such as state and federal regulatory compliance, vendor compliance and oversight, systems security, access and permissions exist in the realm of GRC.
IRM is Integrated Risk Management, a technology concern and activity. It is typically executed by operational and I.T. systems experts.
IRM encompasses a complex task of multiple systems and code integration for internal tactical/departmental systems to communicate with one another. It requires building interfaces between internal systems that perform unique tasks in individual departments. The term itself was coined in 2018 in a bank industry software analysis report on vendors. In most instances, it is time and resource intensive, technologically unfeasible and cost prohibitive for medium and smaller institutions.
Banks and other financial industry firms are bombarded with “consulting speak.” Practitioners are often confused – rightly so – as these invented and needlessly confusing terminology adds more complexity to a process intended to reduce complexity. Executives are often led into decisions that are inflexible, drive-up costs, complexity and waste time, indeed, counterproductive to the problems that practitioners are seeking to solve.
SRA is the only acronym you need to know to navigate risk and drive growth.
SRA is unique in that it is both a state-of-the-art technology platform and a hands-on consulting group of proven, veteran bankers.
SRA Watchtower is the only risk management platform that enables banks and financial institutions to both navigate risk in the context of driving growth – both of which are critical to the safety, health and prosperity of banks.
Supporting the application of this sophisticated technology platform is an elite group of banking and financial services practitioners with deep experience in government, enterprise and local banking, technology, risk, finance, credit and academia.
Our purpose is crystal clear: We enable banks and financial institutions to clearly understand and manage its holistic risk in relation to its growth strategies.
With SRA, banks can safely, securely and responsibly drive growth. Through our technology platform and our people, we apply the four fundamental principles of effective risk and growth management:
1. Continuous data from diverse sources
2. A central system of record
3. A clear and common language
4. Evaluating risk in the context of growth
SRA delivers best-in-class people and technology to apply the best practices of effective risk and performance management