Enterprise Risk Management in Financial Services

By Sunder Krishnan, Chief Risk Officer, Reliance Life Insurance

One of the largest life insurance companies in India, Reliance Life Insurance has 7 million policy holders and a distribution network of close to 1,230 s. Having worked across different banking institutions, Sunder Krishnan holds the position of Chief Risk Officer at Reliance Life Insurance and looks after the Enterprise Risk Management, Legal Compliance, Secretarial, Internal Audit, Claims and more.

Introducing the Need:
Events such as the fraud on PNB by the diamond giants with potential collusion of internal management have shaken the foundations of governance, compliance and risk Management. For a Start-up company establishing the pillars of governance, risk and compliance has become a much more important necessity than ever before, as absence or inadequacy of the above pillars would only mean burgeoning demons of corruption, risk management failures, fines and ill-repute galloping a much larger and complex organization. As one expert put it, it is far better not to achieve business growth rather than grow recklessly.

The need for ERM in the financial services sector, as with other business sectors, is driven by external and internal pressures. Some of the external pressures are common to all businesses - calls for corporate governance reforms from stock exchanges, accounting bodies, institutional investors, and government regulators in countries around the world. Other external pressures are to the financial services sector. They come from bank and insurer regulators and legislators who want to assure that policyholders and customers - as well as the financial system as a whole are protected from unwarranted risks, even as the industry is deregulated.

The internal pressures come from business conditions and risks unique to this industry, especially those that arise from operating in a more competitive environment.

What is ERM?
ERM is the planning and controlling of business activities to minimize the likelihood of an event, and reduce any impact on the company. Enterprise risk management (ERM) is defined as an organization’s enterprise risk competence—the ability to understand, control, and articulate the nature and level of risks taken in pursuit of business strategies - coupled with accountability for risks taken and activities engaged in.

An ERM framework and model supports a management competency to manage risks well, comprehensively, and with an understanding of the interrelationship/correlation among various risks. The successful institution incorporates a robust ERM capability and strategy as part of its culture by integrating what already exists to create a comprehensive and integrated view of the institution’s risk profile in the context of its business strategy.

"When a start-up makes that all-important decision to grow, there are huge risks to deal with and there are even more on-going risks associated with being a large company"

The Building Blocks 


The enterprise risk management framework's structure applies regardless of the size of the institution or how an institution wishes to categorize its risks.

The ERM framework is designed to support the depth and breadth of activities by providing a structured approach for identifying, measuring, controlling, and reporting on the significant risks faced by an organization.

Enterprise Risk Management allows financial institutions to take responsibility for the risk management process and enables them to gain insights into their organization by involving all parts of the institution.

All businesses have risk, and with many start-ups failing within their first four years, somebody needs to take responsibility for managing risk, even in a small company.

When a start-up makes that all-important decision to grow, there are huge risks to deal with and there are even more on-going risks associated with being a large company. What was a basic risk management solution, now is no longer enough – you need an enterprise risk management framework.

Different risks could cover financial, operational, reporting, compliance, governance, systemic, strategic, people and reputational.

Each risk has two different angles. The likelihood of its occurrence, and the potential consequences of its severity. Once you have identified how severe each risk is and the likelihood of it, you should be able to answer if the benefits of mitigating each risk outweighs the cost of taking the risk

Steps to Enterprise risk management –

  • Identify acceptable risk
  • Prioritize risks
  • Establish contingency plans
  • Look for insurable risks
  • Embed risk management across the organisation
  • Implement a risk management technology solution
  • Monitor, review and analyze all risk data

    The modern Risk management practices are all about use of Analytics to predict lag indicators and prepare.


    Ultimately, an enterprise risk management strategy can provide answers to three basic business questions:

  • Should we do it (aligned with business strategy, risk appetite, culture, values, and ethics)?
  • Can we do it (people, processes, structure, and technology capabilities)?
  • Did we do it (assessment of expected results, continuous learning, and a robust system of checks and balances)?
  • Startup slogan: Better now than later.                               

Current Issue