Mumbai, July 12, 2024 – The Reserve Bank of India's (RBI) latest guidelines on governance, risk, and assurance practices aim to bolster IT governance and cybersecurity posture of financial institutions. In this context, Hersh Shah, CEO of the Institute of Risk Management (IRM) - India Affiliate and India's Youngest Enterprise Risk Expert, was invited to be a part of a prestigious panel discussion organized by the Information Security Media Group (ISMG) and ServiceNow at Sofitel, Mumbai. The event brought together Chief Risk Officers (CRO) and Chief Information Security Officers (CISO) from Banks and Non-Banking Financial Companies to discuss the evolving landscape of cybersecurity and enterprise risk management (ERM).
During the panel discussion, Hersh Shah emphasized the importance of RBI’s forward-looking guidance in transforming the focus from traditional financial risks to a more comprehensive enterprise risk approach. He underscored the critical role of the first line of defense in enhancing the risk culture of banks, Non-Banking Financial Companies (NBFCs), and other financial institutions. Shah highlighted the necessity of adopting 'Jugaad,' a colloquial term for innovative problem-solving, in risk mitigation and cybersecurity and shared some practical out-of-the-box ideas from his Microfinance experience.
One of the key points in Shah's address was the shift in risk culture thinking. Traditionally, the emphasis has been on the "tone at the top," referring to the leadership's role in setting the risk culture. However, Shah advocated for a paradigm shift towards the "tone at the bottom." He argued that Risk Management Committees (RMC), Boards, and Chief Risk Officers (CROs) should focus on empowering and including the first line of defense in ERM implementation.
Shah elaborated on the need for a common shared belief about risk culture that fosters inclusion and encourages viewing risk positively as an opportunity. "The involvement of the first line of defense is crucial in building a robust and resilient risk culture," said Shah. "It's no longer just about the directives from the top, but the active participation and engagement of employees at all levels. We need to cultivate a sense of ownership where everyone feels responsible for managing risk."
Shah explained that when the tone at the bottom is effectively managed, it can lead to transformational results. This includes increased compliance, better identification and mitigation of risks, enhanced innovation, and overall improved organizational performance. "By fostering a positive risk culture at all levels, organizations can turn potential threats into opportunities, driving tangible impacts such as improved financial stability, stronger reputation, and sustainable growth," he added.
Shah also highlighted IRM's significant contributions to developing risk-intelligent financial services organizations in India and globally. He discussed how IRM’s global ERM exams and certifications are being pursued by professionals across various functions, not limited to the risk domain. This broader participation is fostering a more holistic understanding and integration of risk management principles within organizations.
IRM India Affiliate's efforts in promoting advanced risk management practices are aligned with RBI’s guidelines, helping institutions not only comply with regulatory standards but also build sustainable and resilient frameworks. Shah’s insights on the importance of a bottom-up approach in risk culture were well-received by the audience, emphasizing a shift that could redefine the future of ERM in the financial sector.
For more information on IRM’s initiatives and certifications, visit IRM India Affiliate's website.
About IRM India Affiliate
The Institute of Risk Management (headquartered in the UK), established in 1986, is the world's leading professional certifying body for Enterprise Risk Management (ERM) qualifications, training, and examinations. IRM India aims to develop risk-intelligent professionals who can lead their organizations towards resilience and sustainability. Through its globally recognized exams and certifications, IRM India Affiliate is shaping the future of risk management in India.
Missed our What's The Risk Shows? Here are the links:
Follow Us: