Pub. 8 2017 Issue 2

www.wvbankers.org 18 West Virginia Banker R egulators accept that banking, entails risk and that it is essential to its economic function. However; that being said, their view is that banks should know what risks they are taking on, why they are doing so and should ensure that risk is properly assessed. In fact, regulators now insist that banks define their “risk appetite and risk tolerance”, and require that appetite and tolerance limits to be understood and owned by the board. For many people risk appetite and risk tolerance are phrases that are used interchangeably and are often thought to be the same thing. However, they are very different concepts. The difference between the risk appetite and the risk toler- ance is that the appetite represents the level of risk you pur- sue to make a profit and the tolerance represents how much risk you can tolerate before financial distress occurs. So far, so good. However, in practice defining risk appetite is not at all straightforward. Simply stated, risk appetite is a broad-based description of the desired level of risk that a bank will take while trying to achieve their strategic goals. Risk tolerance reflects the acceptable variation in outcomes related to specific performance measures linked to objectives the entity seeks to achieve. Let’s see if we can further simply the difference in risk appe- tite and risk tolerance. Risk appetite is amount of risk that the board determines is an acceptable amount for the bank to take in a specific area. Exactly how much of the bank they are willing to put at risk to obtain a reward for offering a specific product or service. The appetite for risk will impact the risk-taking behaviors the bank and its staff take. It is not possible or even practical to measure the risk appetite. However, that being said, when you (or the person responsible for risk assessments) inter- view the board and other stakeholders during the initial risk identification or planning process, you can observe their risk attitude. The risk attitude sets the risk appetite. For instance, does the person state the willingness to obtain the goal at all costs, or are they reserved in what they are willing to gamble to obtain the goal? That is the risk appetite. A willingness to obtain the goal at all costs, represents a high-risk appetite and conversely, playing it safe, represents a low risk appetite. Determining the risk appetite is a crucial first step in begin- ning the overall risk assessments for the bank. Once the risk appetite has been determined, the next step is to set risk tolerance levels. The risk tolerance is the degree, amount, or volume of risk (typically as a percentage of capital) that the board will allow to be put at risk while trying to ob- tain the strategic goals. Now, here you may notice that the very term ‘risk tolerance’ indicates the ability to measure identified risks. Simply stated, risk tolerance is tangible limits that are designed to set specif- ic boundaries for senior management to operate. These lim- its must be measurable, realistic and capable of being mon- itored. Usually expressed in minimum and maximum limits. Risk tolerance, on the other hand, describes a boundary on risk-taking. Tolerances can be quantitative and/or qualitative. Qualitative risk tolerances may set out the bank’s risk aversion to a specific type of risk, while quantitative levels will establish limits on the amount of risk the bank is willing to take. These tolerance levels must contain a plan that will bring the bank back within the desired levels if the bank falls outside the established limits. These limits are used by senior man- agement to manage the bank to obtain the desired strategic goals set by the board. Defining and formalizing your risk appetite and risk tolerance levels will put your bank ahead of the curve in overall risk management, as these two steps are crucial in beginning a risk assessment; therefore, an overall risk management pro- gram.  Darla Fogarty is the Director of Compliance and COO is Compliance Alliance. Is There a Difference in Risk Appetite and Risk Tolerance? By Darla Fogarty, Compliance Alliance Summer 2017 19 West Virginia Banker P&C Risk Management: Maintain Company Driver Safety Standards By Dirk Hanket, ABA Insurance Services I n a prior SafeTalk, I wrote about “Negligent Entrustment,” the legal doctrine that permits an injured plaintiff to recover damages when an employer grants company vehicle access to a person it knew or should have known posed an unnecessary risk to other motorists. As a follow-up, this article addresses how an employer could have or should have known that a driver potentially posed a significant risk to other motorists. We recommend that employers order Motor Vehicle Records (MVRs) once a year on all drivers who operate either company-owned vehicles or personal vehicles for company business. They should also be ordered as part of a new hire’s employment evaluation. Obtaining an MVR is relatively easy: an online search will produce sev- eral nationwide vendors from which an employer can obtain MVRs. While an in- surance agent or carrier may also order MVRs as a check on driver acceptability, it is the employer’s ultimate responsi- bility for evaluating employee drivers and determining whether an employee would be an acceptable driver based on several factors: • How often will the employee be required to drive? • What are the average travel dis- tances? • Are there any extenuating circum- stances that would warrant an ex- ception to the written acceptability criteria? An insurance carrier or agent will typ- ically obtain MVRs on an annual basis, shortly before the policy effective or expiration date, based on the driver schedule at that time. Assuming the bank hires employees throughout the year, or assigns driving duties to an employee who previously was in a nondriving position, the bank then has an obligation to evaluate that employee at the time those events occur. Once written acceptability guidelines are in place, a bank can evaluate employees on a uniform basis. Driving violations are typically grouped into categories A, B and C (see chart). Some insurance carriers consider a driv- er unacceptable if there have been any Type A violations in the past 5 years. Other carriers use a 3-year monitoring period. Some carriers lump all speeding violations into the Type B category, regardless of the magnitude of the speeding violation. A common standard is allowing no more than one Type B or C violation over the past 12 months and no more than 2 of these violations in the past 3 years. While some question why Type C violations are included, these violations could be indicative of a lack of concern for vehicle safety or main- tenance that could then translate to a bigger risk on the road. When develop- ing acceptability guidelines, we suggest that banks closely align guidelines with their insurance carriers to avoid poten- tial conflicts. When a driver exceeds the allowable criteria, what are your options? • Do not allow the employee to drive on company business. • If borderline (i.e. certain violation(s) will drop out of the evaluation peri- od shortly), place the employee on watch. Subsequent violations may warrant more restrictive action. • Consider an exception, preferably with the insurance carrier’s approv- al, if there are extenuating circum- stances. For example, if a newly  P&C Risk Management Continued on Page 20