Frequently Should Financial Institutions in Singapore Conduct Enterprise Risk Management (ERM) Reviews?
When it comes to conducting enterprise-level risk management (ERM), the frequency should be flexible based on your institution’s operations and regulatory expectations in Singapore. While an annual ERM review is common, MAS guidelines and industry best practices recommend reviewing your ERM framework every three years at a minimum—or sooner, in response to risk events. This aligns with the MAS ERM review frequency expectations under frameworks such as MAS Notice 126 and Technology Risk Management (TRM) Guidelines. This article highlights those scenarios and their importance to your business.
When Should Singapore Financial Institutions Review Their ERM Framework?
- Significant Changes in Work Practices – Triggers for ERM Review in Singapore
Work practices, technologies, and techniques keep coming up and even evolve each passing day. When it happens, in this case, significantly, there is a need for an enterprise-level risk review. If the regulations were based on the previous procedure, it is only logical to review them once the procedure changes. Failure to do so will mean that you aren’t in compliance.
- New Procedures or Machinery – When to Conduct an Ad-Hoc ERM Review
The reason for conducting the review under these circumstances is crucial. After all, new machinery, substances and procedures may pose new dangers and risks. Therefore, it is necessary to review and change the regulations to be compliant.
- Accidents and Injuries – Risk Management Best Practices for Singapore FIs
When injuries and accidents occur, we can always use them to learn as much as they are bad. Your company may have done all in its power to prevent them, but they happen anyway. That only means there is room for improvement. Reviewing the enterprise-level risk management will help identify the problem. Strive to identify the weaknesses leading to injuries or accidents throughout the investigation process. Identifying them makes it easy to solve them to avoid a repeat of the same in the future.
What Comes After an ERM Assessment? MAS Expectations for Risk Mitigation
After a review of the risk assessment, there are guidelines of how the company should proceed. The nature of the identified risks determines the next step. The ideal step is to eliminate it so that no one working in that company is at risk management. As much as that’s what everyone would want, it may not be practicable to achieve it. Therefore, if it is impossible to eliminate the risk, it would be madness to continue trying something impossible.
However, you shouldn’t just sit back and relax. Instead, find ways of minimizing the risk and controlling it using safe work procedures. Measures include providing workers with the appropriate protective gear. The control measures can be administrative or engineer-based, depending on the circumstances. Substitution may also be a suitable way of dealing with risk management.
MAS Requirements and ERM Review Triggers in Singapore
Singapore’s financial institutions (FIs) are required to set up an effective and flexible Enterprise Risk Management (ERM) system that meets the expectations of the Monetary Authority of Singapore (MAS) as they develop new regulations. While the guidelines for ERM reviews can differ, several guidelines provided by MAS indicate the best moments for reviews.
For instance, according to MAS Notice 126 (for insurers), managers should continuously assess and upgrade their risk management systems due to any major internal or external factors. Likewise, the MAS Technology Risk Management Guidelines note that risk management efforts should adapt to new technologies or cyber events. When it comes to fund management or banking, FIs follow guidelines from MAS to ensure their annual ERM review includes regular AML/CFT risk assessment and regular attendance at board risk committee meetings.
Various events usually cause organizations to carry out ERM reviews.
- Adoption of innovative products, tools or types of business activities
- Updates made to the risk appetite statement
- Mergers, acquisitions or reorganization of a business
- Problems that result in significant shutdowns or poor handling of regulations
- Repeated inner audit observations about uncategorized or unknown dangers
Risk assessments are recommended immediately whenever an external risk emerges or regulations are revised. Most financial institutions here use an annual review method, along with constant monitoring of risks and quarterly updates on those risks.
Fulfilling MAS requirements and regularly reviewing your risk management process help to secure your bank’s resilience and assure everyone that you run a well-governed organization.
Conclusion: Why ERM Review Frequency Matters for Singapore Financial Institutions
Reviewing risk assessment is one of the regulations that every company ought to comply with, no doubt. As much as it can be done after three years within the law, don’t forget to do it before that if the discussed issues arise. Otherwise, you will not be compliant, which can cause trouble. Keep in mind that reviewing is not the end of this exercise. The company should go all the way by finding ways to eliminate or control it. Otherwise, the review will be a waste of time.
