The vendor is required to provide that enterprise risk management (ERM) solution and partner to assist with evolving state’s existing ERM program.
- Enterprise risk management (ERM) software requirements
1. Comprehensive risk management:
• The software must provide a comprehensive framework for identifying, assessing, mitigating, and monitoring and reporting on risks across multiple risk categories (e.g., credit, interest rate, operational, liquidity, strategic, compliance, reputational and it/cyber risks).
• The system should include reporting that accommodates the following:
o Risk prioritization and methodology
o Analysis per risk, including likelihood, severity, inherent risk, controls assessment, residual risk and direction of risk
o Follow-up and accountability to action plans
o Quarterly reporting related to key risk indicators, trends, management and board-level reporting
2. Integration with existing systems:
• The ideal software would seamlessly integrate with the bank’s existing systems or the ability to efficiently import relevant data to support the ERM program.
• The bank is not corporation insured and therefore does not file a call report; however, call report data is produced and can be extracted from the bank’s call report software.
3. Risk appetite and tolerance configuration:
• The software must allow for easy configuration and recalibration of risk appetite statements, thresholds, and tolerance levels.
4. Timely monitoring and reporting:
• The software should provide timely data analysis, customizable reporting, and dashboards to allow management to monitor risk exposure and make informed decisions.
5. Scenario analysis and stress testing:
• The software should enable scenario planning, stress testing, and forward-looking risk assessments based on potential economic and financial shocks.
6. Regulatory compliance:
• The software should be capable of aligning with applicable regulations and risk management industry standards.
7. User access control:
• The software should support role-based user access control to ensure integrity of the data contained within the system and ensure secure and restricted access to sensitive data and reporting.
- Capital plan: partner may provide the following:
• Research and trend analysis, bank performance trends, Basel iii impact and peer analysis trends
• Capital policy template that includes trend analysis
• Pro forma forecast model that supports high level assumptions that may include growth rate, ROAA, ROAE, tier 1 leverage ratio, total risk-based ratio, etc.
• Provides recommended capital plan buffer from ERM data
- Consulting partner requirements
1. ERM and capital planning program evolution:
• The consulting partner will help evolve the bank’s ERM and capital planning program by assessing current practices and identifying improvements.
• They will also assist in evolving policies and procedures that improve the risk management and capital planning framework.
2. Risk appetite model and statement:
• The consulting partner will support the bank in reviewing and defining its risk appetite model and statement, helping to ensure it aligns with business strategy and regulatory requirements.
3. Development of key risk indicators (kris):
• The partner will assist in evolving/establishing a set of kris that are relevant to the bank’s risk profile.
• These kris should facilitate early warning and proactive risk management.
4. Benchmarking against industry peers:
• The consulting partner will conduct benchmarking activities to evaluate the bank’s risk management practices and performance relative to other peer financial institutions.
• This includes trend analysis and the use of industry data to identify risks that are emerging or underreported.
5. Training and knowledge transfer:
• The consulting partner will be expected to provide training to the bank’s staff on effective risk management practices, tools, and methodologies, as well as knowledge transfer to ensure sustainability.
6. Change management and adoption support:
• The consulting partner will provide support during the implementation phase of both the ERM software and new risk management practices to ensure smooth adoption and organizational alignment.
- Work product
1. Software implementation:
• A fully functional ERM and capital planning software solution integrated with existing systems or the ability for the system to ingest the bank’s relevant data.
2. Risk appetite statement and model:
• Documentation of the new or revised risk appetite statement and model.
3. Key risk indicators (kris):
• A set of defined and validated kris that are relevant to the bank’s operational and strategic objectives.
4. Benchmarking report:
• A comparative report outlining how the bank’s risk management compares to industry peers, including trends and recommendations.
5. Training and knowledge transfer materials:
• Comprehensive documentation and materials used for training sessions, as well as any knowledge transfer documents that support long-term success.
6. Progress and final reports:
• Detailed progress and final implementation reports that include outcomes, lessons learned, and recommendations for future improvements.
- Questions/Inquires Deadline: April, 30 2025