Brave New World of Risk Confronts Financial Firms

No comments

On Jan. 13, 2010, Compliance Week and Deloitte presented an exclusive editorial roundtable about the risk challenges facing compliance and risk executives in the financial sector. The event was moderated by CW Editor Matt Kelly and co-hosted with Scott Baret and Deborah Parker-Bailey, a partner and director, respectively, in Deloitte’s capital markets and regulatory practices. The following article is a recap of the discussion and follow-up interviews to gain more insight.

THE PANELISTS

The following executives participated in the Jan. 13 roundtable on risk-management challenges facing chief risk officers in the financial sector.

Mark Abbott,

Managing Director,

Guardian Life Insurance

Joel Aronchick,

Chief Risk Officer,

Chubb Corp.

Lee Augsburger,

Chief Ethics & Compliance Officer,

Prudential Financial

Deborah Parker-Bailey,

Director, Governance, Regulatory & Risk Strategies Practice,

Deloitte

Scott Baret,

Partner, Regulatory & Capital Markets,

Deloitte

Nicole Degnan,

Senior Vice President, Finance,

The Blackstone Group

Howard Freeman,

Chief Executive Officer,

BBVA Securities

Alison Gregory,

Head of Enterprise Risk Management,

GlobeOp Financial Services

Manish Gupta,

SVP, Risk Management,

American Express

Mike Kelsey,

VP Compliance and Deputy CCO,

Capital One Financial Corp.

Ken Phelan,

Chief Risk Officer,

Fannie Mae

Ben Rosenthal,

SVP, Corporate Operational Risk Management,

Northern Trust Corp.

Anurag Saksena,

Chief Enterprise Risk Officer,

Freddie Mac

Dan Scherman,

SVP, Director, Risk Management & Trading,

Janus Capital Group

The increasingly sharp focus on risk in response to the financial crisis is transforming the job of risk-management executives throughout Corporate America. Risk managers in the financial-services sector, however, seem to be enduring the worst of it.

Yes, risk management has catapulted to the top of the industry’s awareness, and that’s a good thing for chief risk officers trying to hold the attention of boards, CEOs, and workforces who might previously have considered risk management a follow-on function to the core business. On the other hand, everyone else in the world is also discussing the importance of risk management—and Wall Street’s failures thereof in recent years.

Not surprisingly, then, when a dozen chief risk officers from the financial sector gathered for an editorial roundtable hosted by Compliance Week and Deloitte to discuss the subject, they uniformly said the biggest risk of all was that lawmakers or regulators in Washington might change the rules of risk management itself.

“There’s certainly more visibility on risk-management functions and processes like we’ve never seen before,” said Scott Baret, a partner in Deloitte’s governance, regulatory & risk strategies practice, who co-hosted the discussion. “There’s a clear appreciation that improvements are needed.”

Some worried that Washington’s coming regulatory overhaul will add still more layers of bureaucracy onto a sector that’s already highly regulated. Others stressed the need for risk managers to embed themselves still more in the strategic decisions and discussions financial institutions make, to minimize the threat of various risks as early as possible. And everyone wondered how that strategic approach could be squared with the bureaucratic atmosphere more regulation can create.

“Creating and adjusting risk-management tools to meet changing regulatory requirements is critical,” said Benjamin Rosenthal, senior vice president of corporate operational risk management at Northern Trust Corp. “But it should not lead to a situation where risk practitioners appear to meet regulatory requirements, yet fail to provide meaningful guidance that enables better risk-informed business and strategic decisions … Risk practitioners must remain focused on providing value to the firm.”

Everyone at the roundtable agreed on the broad risks that CROs should be managing: financial, operational, legal, and IT. They also included the new threat of liquidity risk, where swift changes in market sentiment might quickly push a company toward insolvency. (Think of Lehman Brothers or AIG in September 2008, when both firms quickly tanked into collapse because investors fled their derivatives-filled portfolios.)

But knowing what risks to monitor does not necessarily mean financial institutions know how to monitor them. Roundtable participants said that while using “dashboards” of key risk indicators is common practice, grouping such complicated variables into simplified categories of red, yellow, and green, for example, doesn’t paint a precise picture.

“I think it may be difficult for a board member to ascertain the nuances from any particular ‘yellow’ or ‘green’ line on a sheet full of charts,” says Daniel Scherman, director of risk management & trading at Janus Capital Group. “A sense of perspective from a time series is important, but … dashboards need to be the beginning, not the end, of the conversation between boards and senior management.”

Another participant went further, saying simplified labels can even create a false sense of security. He even sends business managers at his bank an annual reminder to “watch your greens,” he said, since high-risk areas always get plenty of attention—and then everyone overlooks the low-risk areas of the business that might be changing into more serious problems.

Future Role of the CRO

One question that stumped everyone was how the role of the CRO will change in the wake of the financial crisis, and how risk managers can seize the moment to strengthen their relationships with other senior executives and the board of directors.

“Nobody has coalesced around one model,” said Deborah Parker-Bailey, a director in Deloitte’s governance and risk practice. Chief risk officers, she said, should “reset the stage—to the extent that risk management didn’t have the right stature within the organization or wasn’t calibrated appropriately before—to make it more prominent within the organizations, and not wait for someone else to prescribe the solution.”

Baret described the transition as “Risk Management 2.0,” or moving from “risk monitoring to risk managing.”

“CROs have the ability right now to push over the precipice from monitoring to management activity,” he said. “Board members are looking for that to happen. The time to do that is now.”

Roundtable attendees heartily endorsed the idea of forging stronger ties with the board, and securing the CRO’s position as part of the company’s strategic team. Still, some fretted over pushback from boards and senior executives who persist in viewing risk management as a “service function” like marketing or IT, that enters the picture after major business decisions have been made.

Bailey said CROs must be “integrated into the strategic decision making and understand the activities and level of risk taking in the business lines, but they also have an obligation to have a semblance of independence and a broader perspective of the level of risk and correlation of that risk being taken by the organization.”

In other words, she said, they have to be the “watchdogs that analyze and report on that risk, regardless of the strategic issues and the business line needs. If anything didn’t work before, it was that the risk function got too close with the business lines and revenue generators, and didn’t do as good a job sounding the alarm where there was undue risk being taken on the balance sheet.”

style="margin-right:6px;margin-top:6px">

Ben Rosenthal, senior vice president for operational risk management at Northern Trust, speaks up. At left is Ken Phelan, chief risk officer for Fannie Mae; at right is Manesh Gupta of American Express.

Mark Abbott of Guardian Life Insurance makes a point as Mike Kelsey of Capital One Financial listens.

More than a dozen executives participated in the forum, with lively discussion that lasted two hours.

Several roundtable attendees hailed from the corporate compliance world rather than risk management; they expressed the same sentiments, saying that while compliance serves as an adviser to the business, it must also sit with the business in terms of accountability.

“Compliance officers need to be accountable for formulating compliance solutions and monitoring adherence to them,” said Michael Kelsey, vice president of compliance at Capital One Corp. “If these roles aren’t performed properly, the chances for success are significantly diminished.”

The most successful compliance programs, he said, are developed with close partnership between the business units and the compliance staff that supports them.

A companion question arose of what role the board of directors should play in risk management: whether it should be “nose in” and take more of a light-touch, oversight role; or “hands on” and play an active role in deciding what risks are managed in which ways. Either choice can make a CRO’s job more difficult if not handled properly.

“That's one of the more nebulous areas,” Baret admitted, since boardroom politics and directors’ personalities can often dictate what the board decides its role is.

Historically, risk oversight was usually assigned to one or more board committees; typically the audit committee took much of the job, or a “risk committee” of the board would specifically address financial risks. Now, however, many Wall Street firms are creating risk committees that oversee all risk management, where the CRO reports directly to the CEO and has a dotted-line path to the risk committee—a model that Parker and Baret endorse.

In many cases, Baret said, board risk committees delegate their authority to a management committee that’s chaired by the CRO. The challenge for the CRO then becomes knowing when to “sound the alarm” over material risks, and securing the organizational authority to discuss those risks frankly—including the power to “veto” transactions that expose their firm to risk unnecessarily.

Baret said CROs should educate their firms so that the risk function is treated as an integrated business unit and not a siloed support function, “integrated into the culture and seen as adding value to the organization.”

To be considered for participation in a future Compliance Week Roundtable, simply send an email to Compliance Week Publisher Scott Cohen. Thank you.

No comments

Brave New World of Risk Confronts Financial Firms

Interested in writing for CW?

Compliance Week accepts outside contributions from corporate chief compliance officers and other senior-level GRC practitioners. To learn more, contact the CW Editor.

No comments yet

Only registered users can comment on this article.

“For tracking litigation, enforcement, and regulatory developments, Compliance Weekshould be your prime source.”

Brave New World of Risk Confronts Financial Firms

Interested in writing for CW?

Compliance Week accepts outside contributions from corporate chief compliance officers and other senior-level GRC practitioners. To learn more, contact the CW Editor. googletag.cmd.push(function() { googletag.display('div-gpt-ad-B'); });

No comments yet

Only registered users can comment on this article.

“For tracking litigation, enforcement, and regulatory developments, Compliance Week
should be your prime source.”

Compliance Week accepts outside contributions from corporate chief compliance officers and other senior-level GRC practitioners. To learn more, contact the CW Editor.