HomeGovernance, Risk & Compliance › A Risk Manager Tells All

A Risk Manager Tells All

October 23, 2008

in

In January 2007 the world looked almost riskless. At the beginning of that year I gathered my team for an off-site meeting to identify our top five risks for the coming 12 months. We were paid to think about the downsides but it was hard to see where the problems would come from. Four years of falling credit spreads, low interest rates, virtually no defaults in our loan portfolio ,and historically low volatility levels: it was the most benign risk environment we had seen in 20 years.

So begins a revelatory first-person account of the credit crisis’ onset from the financial services trenches. The article was published by the Economist in August, and it remains one of the most illuminating pieces of writing about the crisis.

Why? Because it contains insights about emotions, behavior, and organizational culture that most of the “lessons learned” content starting to stream out of consulting firms (those with risk management and financial services offerings) glosses over. “The pressure on the risk department to keep up and approve transactions was immense,” reports the risk manager. “Psychology played a big part … In [the traders’] eyes, we were not earning money for the bank. Worse, we had the power to say no and therefore prevent business from being done. Traders saw us as obstructive and a hindrance to their ability to earn higher bonuses.”

No matter how elegant your GRC or ERM structure is, it’s little help if your organization treats risk management as a separate entity from the business (sort of like the “internal cop” perception that the internal audit has worked so long to overcome). In investment banks, risk management was the traders’ responsibility, too, and they failed to fulfill it.

Just as the customer centricity movement has largely ditched the notion of an operating separate customer-experience function because “customer experience is everyone’s job,” so, too, should organizations work to instill the idea that risk management is everyone’s job.

No, companies should not ditch their risk management functions; however, they should ensure that these functions operate as more than conservative foils to the brilliant, risk-taking rainmakers (who, in the financial services sector, by the way, graduate to the C suite).

After reading the article, click the “View all Comments” link at the end of the story; the discussion thread there is equally insightful.