Creating the Right ERM Program for YOUR Community Bank€¦ · functional areas of the organization...

Creating the Right ERM Program forYOUR Community Bank

ICBA – Community Banker University®October 30th, 2018

Marci Malzahn

President & Founder

Marci Malzahn – Malzahn Strategic• Professional Highlights:

• 23 years in banking: from teller to EVP/CFO/COO and CRO

• Started a bank in 2005 – Bank grew to $325MM in 10 years, now $725MM

• 5 years in nonprofit:

• CFO overseeing Finance, IT and HR

• Managed a $32MM budget, 28 employees

• 4 years with Malzahn Strategic consulting

• Professional Awards:• 25 On The Rise – Hispanic Chamber of Commerce

• Forty Under 40 – Minneapolis/St. Paul Business Journal

• Top Women in Finance – Finance and Commerce Newspaper

• Outstanding Women in Banking – North Western Financial Review magazine

• Education:• B.A. Business Management, Bethel University

• Graduate School of Banking, Madison, WisconsinCopyright 2018 Malzahn Strategic

Marci Malzahn – What I Do Now

Consulting and Coaching: • Strategic Planning

• Enterprise Risk Management

• Talent Management

Speaking:• Banking/Business

• Inspirational/Motivational

• Faith based

Writing:• Devotions for Working Women – A Daily Inspiration to Live a

Successful and Balanced Life

• The Fire Within – Connect Your Gifts with Your Calling

• The Friendship Book – Because You Matter to Me

Copyright 2018 Malzahn Strategic

http://malzahnstrategic.com/

https://www.amazon.com/El-Libro-Amistad-Importas-Spanish/dp/0996797165/ref=sr_1_4?ie=UTF8&qid=1513891594&sr=8-4&keywords=marcia+malzahn

https://www.amazon.com/gp/product/1931945675

https://www.amazon.com/dp/product/0996797106

https://www.amazon.com/The-Friendship-Book-Because-Matter/dp/0996797130

Training Overview – Part I

• How Community Banks Can Survive and Thrive

• Strategic Plan Components

• ERM Building Blocks:

• Integrate All Areas into ERM

• The ERM Puzzle & Three Ongoing Phases

• New Definition of Banking Risk

• Top 8 Risk Categories plus a Few Others

Definitions Elements Components Areas


Training Overview – Part II

• ERM Risk Assessment Matrix – Definitions & Example

• List of Annual Risk Assessments

• Create the Risk Appetite and Tolerance Statement

• Implement Your ERM Program

• Integrate Your ERM Program into Your Strategic Plan

• Benefits from ERM Program

• Keep the Process Fun – Ongoing! – Flowchart


How Can Community Banks Survive and Thrive?

Do the right thing.

Do things right the first time…

ConsistentlyMarci Malzahn

ERM does both for your bank!


Increase Shareholder Value

• Establish best practices through ERM

• Create efficiencies

• Increased Board Governance knowledge

• Embrace ERM company-wide

• Use ERM to ensure strategies align with your organization’s mission, vision, and core values

• Ethics and culture are at the core of ERM


Embrace ERM at YOUR Bank

• Regulatory focus is increasing around ERM

• Regulators are expecting banks of all sizes to have a framework in place to address ERM – starting with BSA/AML and IT

“The whole concept of ERM continues to be pushed down to smaller and smaller institutions, and it certainly applies to anyone that’s crossed that $1 billion

threshold.”

Charles Umberger, EVP/CLO Waynesville NC

Article Embracing ERM at Community Banks by Monica Meinert


Create Your Own Strategic Plan

• Your plan must be unique

• Integrate ERM into Strategic Plan• Integrate other key components into ERM

• Integrate Talent Management into Strategic Plan


Strategic Plan Components

Strategic Plan

ERM

Marketing

BusinessPlan

Financials

Talent

Capital


ERM Building Blocks

Areas

Elements

Definitions

Components


Definition of ERM

Enterprise Risk Management (ERM) is a structured, consistent and continuous process across the whole organization for identifying, assessing, and deciding on responses to and reporting on opportunities and threats that affect the achievement of its objectives.

Institute of Internal Auditors (IIA)

ERM is a discipline that an organization can use to identify events that may affect its ability to achieve its strategic goals and to manage its activities consistent with its risk appetite.

Federal Reserve Board Governor Bies’ definition


Definition of ERM

Enterprise Risk Management (ERM) is “a process, effected by an entity’s board of directors, management and other personnel, applied in strategy-setting and across the enterprise, designed to identify potential events that may affect the entity, and manage risk to be within its risk appetite, to provide reasonable assurance regarding the achievement of entity objectives.”

Committee of Sponsoring Organizations of the Tradeway Commission (COSO)


http://www.coso.org/

My Definition of ERM

“An enterprise-wide continuous process to protect all your organization’s assets while allowing you to fulfill your vision.”

Marci Malzahn


ERM Building Blocks – Elements

ERM

Planning

Policies

Practices

Parame-ters

Protect-ion

Outcomes


ERM Building Blocks – Components

ERM

Comm. Charter &

Policy

Identify & Assess ALL

Risks

ERM Risk Assess. Matrix

Conduct Annual

Risk Assess.

Risk Appetite & Tolerance

Stmt.

Integrate into Strat.

Plan


ERM Committee Charter Components

• Purpose and Goal of Committee

• Committee Composition and Meetings

• Role of the CRO or ERM Committee Chair

• Responsibilities• Design and Implement Risk Management Practices

• Execute and Monitor Risk Management Practices

• Annual Evaluation


ERM Committee Members

Risk Management: CRO or Risk Manager (Chair)

Finance/Accounting, Budgets, Asset/Liability

Compliance Deposit and Loan Operations

Internal Audit Marketing

Credit Risk/OREO/Watch List, Loan Policy Shareholder relations, Board Director

IT, Disaster Recovery, Security Program HR (Payroll, personnel files, HR laws, 401K plan)

Cash/Treasury Management (Wire transfers, ACH, OLB, Remote Dep, Mobile Banking)

Sales Teams:Business Banking, Private BankingConstruction, Development, MortgageConsumer/Retail Banking


ERM Building Blocks – Areas

ERM

IT Security Program

Compliance

Succession Planning

Capital

DRP

Liquidity Contin-gency

Plan

Internal Audit


Integrate Each Area into ERM

• IT Security Program

• Compliance Program (Compliance Management System)

• Internal Audit Program (Internal Controls)

• Liquidity Contingency Funding Plan (CFP)

• Succession Planning (at all levels)

• Capital Planning DRP

Disaster Recovery Plan Vendor Management Program

Business Continuity Plan Social Engineering

Cyber Security Program Controls & Policies


IT Security Program Key Components

IT Security Program

DRP

Cyber Security

Vendor Mgmt.

Security Controls

Social Engineer-

ing

BCP


The ERM Puzzle


Three Ongoing Phases of ERM

Identifying and Assessing

Risk

Mitigating or Eliminating

Risk

Monitoring and

Reporting Risk


Identifying and Assessing Risk

• Use Risk Assessments enterprise-wide to identify risks and assess the types of risks

• Also identify unique and specific risks to your organization• (i.e. succession planning, relationship concentration, industry

concentration)

• Categorizing each risk across the organization by criticality and confidentiality

• Rate risks by: Impact and probability and vulnerability and speed of onset


Mitigating and Eliminating Risk

• Determine the steps your institution will take to mitigate risks identified

• Determine how your institution can eliminate certain risks

• Ensure your institution is comfortable with the residual risk

• Establish policies, processes, and procedures (also systems and outsourced expertise) to mitigate and eliminate risks


Monitoring and Reporting Risk

• Ongoing monitoring of risks identified• Establish accountability across the board

• Ensure policies, procedures, and systems in place are being followed AND are working (measuring)

• Ongoing reporting of risks and status to Board of Directors• Provide results from monitoring efforts

• Directors learn about risks, get updates, understand their liability

• Use tools such as “heat maps”


New Definition of Banking Risk

The potential that events will have an adverse effect on an institution’s current or projected financial condition and

resilience

• Financial Condition: Includes impacts from diminished capital (impact from losses, reduced earnings, and market value of equity) and liquidity

• Resilience: Recognizes the institution’s ability to withstand periods of stress (based on stress testing)


Top 8 Risk Categories 1-4

1.Credit – Obligor’s failure to meet the terms of any contract with the institution

2.Interest Rate – Movements in interest rates (repricing, basis, yield curve, and options risk)

3.Liquidity – The institution’s inability to meet obligations when they come due (Contingency Funding Plan)

4.Price – Changes in the value of either trading portfolios or other obligations that are entered into as part of distributing risk


Top 8 Risk Categories 5-8

5.Operational – Inadequate or failed internal processes or systems, human errors or misconduct, or adverse external events

6.Compliance – Violations of laws or regulations, or nonconforming to prescribed practices, internal policies, and procedures, or ethical standards.

7.Strategic – Adverse business decisions, poor implementation of business decisions, or lack of responsiveness to changes in the banking industry and operating environment.

8.Reputation – Negative public opinion. Inherent to All bank activities.


Plus a Few Other Risks

1.Technology – Risk in all technologies used

2.Customer – Risk from dealing with fraudulent entities

3.Human Resources Management – Violations to HR laws

4.Earnings/Profitability – Losses in investments and earnings other than credit


Plus a Few Other Risks

5. Legal – Failure to comply with statutory or regulatory obligations, lawsuits

6. Capital – Direct losses to capital due to all risks being interrelated

7. Model – Potential for adverse consequences from decisions based on incorrect or misused model outputs


ERM Risk Assessment Matrix -Definitions

• Risks: Identify each risk in your institution

• Inherent Risk: Risk of an activity with no controls in place (Low, Moderate, High)

• Consequences: If the risk occurs, identify damage

• Risk Mitigating Factors: Activities that can control the risk and consequences of it happening

• Monitoring Tool(s): Tools used to monitor risks


ERM Risk Assessment Matrix -Definitions

• Plans for Improvement: If current mitigating factors are insufficient, describe plan to improve

• Status: Tracking mechanism to track progress on plans for improvement (establish accountabilities)

• Residual Risk: The risk that remains after controls are taken into account

• Trend of Risk: Increasing, Stable, Decreasing – provides a baseline for future assessments of this risk


Types of Risks

Technology Transaction/Operational Strategic

Reputational Compliance/Regulatory Liquidity

Interest Rate Risk Credit Administration Legal

Human Resources Earnings/Profitability Capital

ERM


Develop Assessment Criteria

• Develop a common set of assessment criteria (scale) to be used across all functional areas of the organization (simple yet comprehensive).

• Scales should help in ranking and in prioritizing risks (i.e., 1 = Incidental, 2 = Minor, 3 = Moderate, 4 = Major, 5 = Extreme).

• Risks as well as opportunities are usually assessed in terms of impact (how it will affect the entire enterprise) or likelihood (i.e., 1 = Rare, 2 = Unlikely, 3 = Possible, 4 = Likely, 5 = Frequent)

• Ask the questions of vulnerability (how susceptible?) and speed of onset(how fast could the risk arise? 1 = Very Low, 2 = Low, 3 = Medium, 4 = High, 5 = Very High; how fast could you respond/ recover?)


ERM Risk Assessment Matrix -Sample

Ris

ks Technology Operational/Transaction Strategic Reputation

Inh

ere

nt

Ris

kC

on

seq

ue

nce

sR

isk

Mit

igat

ors

Mo

nit

ori

ng

Too

l(s)

Pla

ns

for

Imp

rove

me

nt

Stat

us

Re

sid

ual

Ris

k

Tre

nd

of

Ris

k

Priority

Scale =

1-5

Impact

= 1-5

Likeli-

hood =

1-5

Vulnera-

bility =

1-5

Speed

of Onset

= 1-5


ERM RA Matrix – Example - Operational

Title Definition Example

Ris

ks

Identify each type of

Risk or "Risk

Categories"

Example Risk #1: Operational/Transaction

Inh

ere

nt

Ris

k

Risk of an activity with NO

CONTROLS in place. Scale =

Low, Moderate, HighModerate/High

Co

nse

qu

en

ces If this risk occurs, identify

damage with NO CONTROLS in

place (list everything that

could potentially go wrong)

*Risk to earnings (operational losses), capital, and reputation from problems

with service or product delivery *Internal fraud *Reputation Risk *External

Fraud *Lost opportunities due to lack of products or inability to service

customers (Earnings risk) *Staff turnover *Business disruption due to systems

failures *Low quality of due diligence



Ris

k M

itig

ato

rs List ALL the activities your bank

does in order to control (or

mitigate) this risk and its

consequences from happening

*On-going education for staff *Policies and procedures *Internal and external

audits *On-going maintenance of systems and equipment *Dual Control in

place *Segregation of Duties *Bond Insurance *Annual core system DRP testing

Mo

nit

ori

ng

Too

l(s) List ALL the tools your bank

uses and ALL the monitoring

activities already in place in

order to monitor this risk

*Internal and external audits (which include surprise cash audits) *Review

daily reporting *Vendor communications *Review of policies and procedures

*ATM Anti-Skimming devices

Pla

ns

for

Imp

rove

me

nt List the tasks, systems, new

procedures, new processes,

new talent to be hired, etc.

that your bank plans to

implement in the next 12

months to reduce/minimize,

improve or eliminate this risk

*Product enhancements *Policy & Procedure enhancements *Continue to

improve efficiencies



Stat

us

This is your tracking

mechanism to track progress

on Plans for Improvement.

There should be a person

accountable for each item.

Ongoing

Re

sid

ual

Ris

kRisk of an activity that remains

for the bank AFTER ALL

controls and mitigating tools

are in place. The risk that the

Board is willing to "tolerate."

Moderate

Tre

nd

of

Ris

k

Based on current market

conditions. Provides a baseline

for future assessments of this

risk. Scale = Increasing, Stable

or Decreasing

Stable to Increasing



Priority

Scale =

1-5

What is the priority ranking of

this particular risk in YOUR

bank based on Criticality (can

you run your bank without it?)

AND Confidentiality (how

sensitive is the data)?

Scale = 1-5

1=Incidental

2=Minor

3=Moderate

4=Major

5=Extreme

5

Impact

= 1-5

HOW will this particular risk

impact YOUR entire bank?

Scale = 1-5

1=Incidental

2=Minor

3=Moderate

4=Major

5=Extreme

5



Likeli-

hood =

1-5

How LIKELY (or probable) is

this particular risk to happen in

YOUR bank? Scale = 1-5

1=Rare

2=Unlikely

3=Possible

4=Likely

5=Frequent

4

Vulnera-

bility =

1-5

How SUSCEPTIBLE to this

particular risk is YOUR bank?

Scale = 1-5

1=Rare

2=Unlikely

3=Possible

4=Likely

5=Frequent

3

Speed

of Onset

= 1-5

How FAST could this risk arise

at YOUR bank? Scale = 1-5

1=Very Low

2=Low

3=Medium

4=High

5=Very High

5


Annual Risk Assessments - Examples

Credit

Fair Lending

UDAAP

Stress Testing

Portfolio

Individual Credits

Compliance

BSA, OFAC, AML

Wire Transfers

Unlawful Internet Gambling

ACH

Fraud

Red Flag

Technology

IT General

BCP & DRP

Vendor Mgmt.

Cybersecurity: Electronic/Internet

Mobile/Online/Web

RDC/Wires/ACH


Annual Risk Assessments - Examples

Internal Controls

A/P, ALLL, A/L, Branch Capture, Call Report, Capital, Cash Controls

Collateral safekeeping, OD, Dep. Processing,

Employee Accts.

Internal Controls

Fixed Assets, HR, Inc./Exp. Accts.,

Investments, Loan Processing, Official

Checks

Online entries/GL, OREO, Payroll, Prepaid Exp.,

Wires

Others

CRA, Consumer Complaint, Incentive Compensation Plan, Incident Response

Insurance Sales, Non-Deposit Investments, Pre-Need Trust, Safe

Deposit Box


Set Risk Management Appetite

• “Risk Appetite is the amount of risk an entity is willing to accept in the pursuit of value” (COSO).

• To determine risk appetite, Board and management should agree on 3 steps:• Develop Risk Appetite

• Communicate Risk Appetite

• Monitor and Update Risk Appetite


Categories of Risk Appetite

• Existing Risk Profile

• Risk Capacity

• Risk Tolerance

• Desired Level of Risk


Risk Appetite & Tolerance Statement

Appetite = Qualitative = The Pursuit of Risk

Tolerance = Quantitative = What You Can Bear

• How to build a Risk Appetite and Tolerance Statement• Set targets for each risk category

• Set tolerance levels for each risk category


Implement Your ERM Program #1

• Board of Directors sets the tone – support ERM team

• Create ERM Charter and form Committee

• Perform ERM Risk Assessment using Matrix• Assign responsibilities to Committee members and teams

• Committee is responsible for implementing ERM Program



• Complete all the ERM Components and its corresponding Risk Assessments• IT Security Program

• Compliance Program

• Internal Audit Program

• Liquidity Contingency Funding Plan (CFP)

• Succession Planning

• Capital Planning

• Board Risk Appetite and Tolerance Statement



• Assign accountability to members

• Meet at least quarterly

• Monitor monthly and report to Board of Directors

• Perform formal annual review of program

• Update and present to Board of Directors for annual approval


On-Going Monitoring & Reporting Opportunity & Risk Maps

COMBINED RISK AND OPPORTUNITY MAP EXAMPLE

Impact

Opportunities Risks

Extreme Major Moderate Minor Incidental Incidental Minor Moderate Major Extreme

Likelihood

Frequent

Likely

Possible

Unlikely

Rare

Source: Risk Assessment in Practice by COSO


On-Going Monitoring and Reporting: Heat Maps

HEAT MAP SAMPLE

Like

liho

od

ID Risk

1 Capital

2 Earnings

3 LiquidityImpact

1

2

3

Source: Risk Assessment in Practice by COSO


Integrate ERM into Your Strategic Plan

• As you conduct the ERM Risk Assessment – what are your strategies to mitigate and avoid certain risks?

• Know the bank regulations – know your local industry

• Establish policies to comply with regulations

• Establish procedures and processes to comply with policies

• Establish an organizational and operational infrastructure to support current size and scalable for future growth

• Establish Key Performance Indicators (KPI) and Key Risk Indicators (KRI) and reporting


Key Performance Indicators (KPI) Examples

Total Assets Texas Ratio

Total Liabilities Net Interest Margin

Net Income Loan to Deposits Ratio

ROE Assets Managed per Employee

ROA Tier 1 Capital Ratio

Efficiency Ratio Total Risk Based Capital Ratio

ALLL Yield on Earning Assets

OREO Cost of Funds


Key Risk Indicators (KRI) Examples

Global/General:• From global economy to your State to your City

• Unemployment Rate nationwide and in your State

• GDP

Local/Unique to Your Institution:• Lack of Risk Awareness at the Board level in your institution

• High employee turnover

• Loosening of credit standards

• Using some KPI’s as KRI’s


Board Risk OversightResponsibilities on ERM

Reviewing, challenging, and concurring with management on:

• Proposed strategy and risk appetite

• Ensure risks are managed within tolerance

• Alignment of strategy and business objectives with the organization’s mission, vision, and core values

• Significant business decisions including M&A’s, capital allocations, funding, and dividend-related decisions

• Approving management incentives and compensation

• Approve all major changes to risk policiesSource: COSO 2017 ERM Publication


CEO & Senior Management Responsibilities on ERM

• Sponsor the organizational governance for risk and compliance activities

• Delegate policy formulation and day-to-day risk oversight to Internal Risk Management committee

• Focus on the organization’s top ten risks and set strategies to mitigate those top risks

• Designate an internal “Risk Leader” to lead the organization’s ERM Program

• Monitor and report to the Board of Directors


Stages of Integration Progression

Reactive

Aware

Strategic


Reactive Stage

• Lack of board or senior management emphasis on risk

• No common risk lingo

• No risk management planning

• Ad hoc approach

• Missing coverage of risk areas


Aware Stage

• Some board and senior management support

• Risk leader identified

• Periodic risk profiling

• Key risks defined in common vocabulary

• Recognized need for ERM


Strategic Stage

• Proactive board and senior management involvement

• Risk managed and assessed across entire organization

• Common language and approach used and understood

• Real-time analysis of risk portfolio

What stage is your organization at?


ERM Building Blocks – Components

ERM

Commit-tee

Charter

Identify & Assess ALL

Risks

Risk Assess. Matrix

Conduct Annual

Risk Assess.

Risk Appetite & Tolerance

Stmt.

Integrate into Strat.

Plan


Integrate your Talent Management Program into your Strategic Plan

• Conduct a Talent Assessment

• The right (ERM) people in the right places

• The right positions to support current bank needs and projected growth

• Establish Succession Plan for all key positions of the bank

• Board Succession Plan

• Board training and ongoing all-staff education and training


Integration of ERM and Talent Management into Your Strategic Plan

Strategic Planning

Talent Mgmt.

ERM


Benefits from YOUR ERM Program

1.Establish best practices enterprise-wide.

2.Increase efficiencies.

3.Establish an ERM process (Strategic Risk Assessment for New Initiatives).

4.Build the team.

5.Create awareness, enterprise-wide.

6.Opportunity to assess risk, enterprise-wide.


Benefits from YOUR ERM Program

7.Prepare for the future.

8.Create accountability.

9.Reduce performance variability.

10.Enhance enterprise resilience.

11.Create a sound infrastructure and a solid foundation.

12.Tell your story from the risk perspective.


ERM – Fun and Ongoing Process!

• The tone at the top – Continued Board support

• Rotate who presents to the Board

• Have off-site meetings to increase focus and fun

• Celebrate the small accomplishments and milestones

• Form or participate in ERM peer groups – keep learning!

• Reward team for working together successfully


ERM Program Flowchart

Approval Process #1

Board of Directors

Tone at the Top

Board Risk Co.

President/CEO Designates

Internal ERM Leader

President/CEO and ERM Leader

select ERM Committee


Approval Process #2

Establish Bank ERM Committee

(formalize it)

Develop/Write ERM Committee Charter & Policy

Integrate ERM with Strategic

Plan


Phase I – Identify & Assess Risks #1

Set Risk Management

Appetite

Establish KPI’s & KRI’s (Tolerance)

Summary of ALL Types of Risks

(Identify Unique Risks)



List ALL Risk Assessments for each Risk/Area

Identify Risk Assessments

You Do & Missing

Incorporate ALL other ERM

Components/ Areas



Establish Standard

Assessment Criteria

Develop Ranking Scale to Prioritize

All Risks

Use Qualitative & Quantitative

Questions



Conduct All Risk Assessments

(track findings)

Assess Risk Interactions

(Interrelated)

Prioritize Risks based on Ranking

& Criteria


Phase II – Mitigate & Eliminate Risks

List Mitigating Factors for Each Risk (Systems,

Tools)

Establish Policies, Procedures &

Processes

Eliminate Some Risks if Possible


Phase III – Monitor & Report Risks

Identify Monitoring

Tools for each Risk/Area

Identify Improvement Plans for each

Risk/Area

Report on Monitoring Activities

Create Reporting Process


Ongoing ERM Process #1(Identifying & Assessing New Risks, Mitigating & Eliminating, and Monitoring &

Reporting on Risks)

Board Risk Appetite & Tolerance Statement

Establish a Strategic Risk

Assessment for New Initiatives

Establish ERM Committee

Ongoing Meetings


Ongoing Process #2(Identifying & Assessing New Risks, Mitigating & Eliminating, and

Monitoring & Reporting on Risks)

Monthly: Progress Reports

New Initiatives

Quarterly: Emerging Risks

Review ERM Matrix

Annually: Complete Review &

Approval of ERM Program


Resources• FDIC Risk-Based Assessment System – Financial Institution Letters (FILs)

https://www.fdic.gov/deposit/insurance/risk/FILS.html

• OCC Bulletin 2015-48 Updated Guidance on Risk Assessment System https://www.occ.gov/news-issuances/bulletins/2015/bulletin-2015-48.html#

• OCC Comptroller’s Handbook: Community Bank Supervision https://www.occ.gov/publications/publications-by-type/comptrollers-handbook/pub-ch-ep-cbs.pdf

• COSO (Committee of Sponsoring Organizations of the Treadway Commission) www.coso.org (2017 Publication “ERM – Integrating with Strategy and Performance”

• Credit Union Act https://www.ncua.gov/Legal/Documents/fcu_act.pdf

• NCUA (National Credit Union Administration) https://www.ncua.gov/regulation-supervision/Pages/default.aspx

• Credit Union National Association www.cuna.org


https://www.fdic.gov/deposit/insurance/risk/FILS.html

https://www.occ.gov/news-issuances/bulletins/2015/bulletin-2015-48.html

https://www.occ.gov/publications/publications-by-type/comptrollers-handbook/pub-ch-ep-cbs.pdf

http://www.coso.org/

https://www.ncua.gov/Legal/Documents/fcu_act.pdf

https://www.ncua.gov/regulation-supervision/Pages/default.aspx

http://www.cuna.org/

Questions?Thank you!

Marci Malzahn, President & Founder

[email protected]

Consulting: www.malzahnstrategic.com

Free Resource: 30 Minute ERM Strategy Session with Marcihttps://www.linkedin.com/pub/marcia-marci-malzahn/1/6/729

Speaking & Books: www.marciamalzahn.com@marcimalzahn

612-242-4021


mailto:[email protected]

http://www.malzahnstrategic.com/

https://www.linkedin.com/pub/marcia-marci-malzahn/1/6/729

http://www.marciamalzahn.com/

Creating the Right ERM Program for YOUR Community Bank€¦ · functional areas of the organization...

Documents

Transcript of Creating the Right ERM Program for YOUR Community Bank€¦ · functional areas of the organization...