The concept of risk management, a coordinated activity to direct and control challenges or threats to achieving an organization’s goals and objectives1, is an important operational element for numerous organizations and entities, from businesses to government agencies.
The recent events in the banking industry point to the importance of, and need for, large institutions to examine risks across their organizations from a holistic perspective, in other words, at the enterprise level. For example, commentators identified a lack of enterprise risk management on the part of those involved as a factor in what occurred, as they only considered one type of risk – credit – and not interest rate risk. An established and robust enterprise risk management system would have identified the broader range of possible risks and given management the opportunity to mitigate them.
Did you know that Ginnie Mae is recognized as a “leading voice” within the Federal Government on the subject of Enterprise Risk Management (ERM)2?
A well-defined and integrated agency enterprise risk management program is an essential part of strategic planning. Such a program helps to minimize mission risks and enhances the probability of mission success by providing a structured approach for identifying, assessing, and managing enterprise risks. An agency's macro-level ERM program will provide the foundation for more detailed and integrated risk management efforts associated with particular programs, activities, or projects.
Managing risk at all levels of our corporation is vital not only to our business operations, but also to the success/viability of our mortgage-backed securities (MBS) program, and by extension, to the U.S. housing finance market. Mortgage-backed securities are the primary vehicle for U.S. home loans. They enable the mortgage lender to keep issuing more mortgages while not taking on significant risk, and they enable other investors to take smaller risks on groups of mortgages with confidence. This commitment to risk management extends from the origination process all the way through to the secondary market.
The importance of examining, assessing, and managing risk is enshrined in Strategic Goal #2, “Managing Program Risk,” recently included in our 2022-2026 Strategic Plan. This Goal contains two distinct, but related, strategic objectives:
Good corporate governance is achieved through ERM. Ginnie Mae's enterprise-wide and system-wide approach succinctly brings in issuer eligibility standards which are designed to strengthen systemic risk protections in the mortgage finance market. And while, counterparty risk management has high importance in our business, our ERM processes and Risk Taxonomy are robust and designed to examine and help mitigate potential failures in other areas, (for example, Operations, IT, HR, Legal, Vendor, etc.) that could significantly impact our business.
Ginnie Mae’s ERM structure rests on a foundation of best practices developed through numerous discussions with financial, business, and banking entities over many years. These discussions have yielded different perspectives as to how these organizations manage enterprise risk, many of which are incorporated into our current risk assessment and management activities. Ginnie Mae manages its enterprise risk by developing and implementing policies, procedures, and controls based on four key principles:
Ginnie Mae has a dedicated Office of Enterprise Risk (OER), led by our Chief Risk Officer, Greg Keith, a role which is now joining the senior executive/leadership ranks in many government and private sector organizations. Within OER, our Operational Risk Analysis Division (ORAD) is the ‘point’ group for a broad range of risk-related programs for Ginnie Mae, including ERM, Financial Risk, Vendor Risk, Operational Risks, and Cyber-Risk Analysis.
ORAD provides an independent validation of various functions, such as ERM, financial, operational and vendor risks, within Ginnie Mae. ORAD advises our senior leadership on matters related to risk appetite, risk mitigation controls, governance, and decision making. In addition, ORAD works to ensure that risk management considerations are a critical element within our strategic planning and budget development efforts. ORAD also offers clarification, guidance, and advice on risk management-associated subjects for both the U.S. Department of Housing and Urban Development (HUD), the Office of Management and Budget (OMB), and other U.S. Government agencies, sharing insights and best practices.
Staff from our ORAD Team also participate in the interagency Federal Enterprise Risk Working Group. The Working Group, which was established in 2014, is chaired by a representative from the U.S. Department of the Treasury and serves as the Federal Government’s ERM community of practice. Meeting monthly, the Working Group includes representatives from dozens of Federal Government departments, agencies, and organizations, and helps facilitate information sharing among the participating members. The Working Group allows us to share our extensive risk management knowledge with our peers and, in turn, to continue to refine and enhance our own efforts based on their experiences.
This past fall, the Working Group updated its ‘go-to’ publication, “Playbook: Enterprise Risk Management for the U.S. Federal Government.” The Playbook gathers, defines, and illustrates practices in applying ERM in the Federal context, as well as promoting a common understanding of ERM practices in agencies. The publication also assists Federal managers by identifying the objectives of a strong ERM program, suggesting questions agencies should consider in establishing or reviewing their approaches to ERM, and offering examples of best practices. Enterprise Risk Management (ERM) - Performance Community - MAX Federal Community
The success and widespread adoption of the Playbook reflects the contributions which Ginnie Mae provided to the Working Group based on our robust and sophisticated ERM processes and capabilities. It also illustrates the knowledge and expertise of our personnel, in all aspects of the risk management cycle, from risk identification and assessment to appetite determination and strategy development. We will continue to refine, expand, and adjust our ERM structure based on our own requirements, as well as interactions from our peers in both Government and the private sector.
1Playbook: Enterprise Risk Management for the U.S. Federal Government, (Fall, 2022 Update), Chief Financial Officers Council (CFOC) and Performance Improvement Council (PIC), November 28, 2022.
2“Enterprise Risk Management is an effective agency-wide approach to addressing the full spectrum of the organization’s significant risks by considering the combined array of risks and opportunities as an interrelated portfolio, rather than addressing risks only within silos.” Ibid.