Perhaps it’s time to start shooting those black swans.
For the last several months we’ve all heard more and more about risk management, primarily because a class of supposed geniuses on Wall Street ruined the economy for the rest of us. Now the buzzword in Washington is risk management, all the time. And the most feared risk of all is the “black swan” risk: that threat nobody has ever considered, and nobody can see coming. Think Sept. 11 attacks; think the rise of Google; think collapse of the financial markets.
Think again. The black-swan risk is not what chief compliance officers should worry about.
Originally I planned to write this post about executive compensation, and the government’s new insistence that companies analyze their pay policies to determine the risk that those policies might tempt executives to take foolish gambles with corporate resources. I was going to write about how difficult that analysis is, when I realized: regulators essentially want to know how likely it is that your executives will do dumb things if they stand to reap lots of money.
Well, that’s easy. Just scribble “inevitable” in the proxy statement and you’re done.
That got me thinking. The true risk in executive compensation, especially in the financial services sector, is that we give more money to people who deliver more results than their peers—not better results; more results. To reap your maximum reward, all you need to do is be one bit better than your rivals.
That dynamic, that you need only finish ahead of your peers to win the largest reward, doesn’t tempt people to do something that could be a black-swan risk. Why bother? If you bet the company and lose, you don’t get paid. Instead, it tempts people to do something just outside the company’s stated risk tolerance. And because compensation policies reward you for achieving that one extra point, you end up repeating the behavior again and again, pushing it just a bit further every time.
Engineers call this a feedback loop. Compliance officers would do well to call it boil-the-frog risk: Employees doing what they’ve always done, just a little bit cheaper/faster/bigger/whatever, introducing a tiny bit more risk into the system each time as they strive to finish first. And by the time you the compliance officer discover how much the feedback loop has amplified the total threat, the company is in boiling hot water.
Those risks are what brought down the financial markets last year, not bad strategic decisions made by boards and CEOs. A few clever Wall Streeters made good returns on low-risk mortgage-backed securities, so then a few more people peddled slightly more risky securities to achieve good plus 1 percent. Then came more people, bringing more risk, seeking more return, and so forth. Each specific transaction seemed pretty harmless, and so it entered into the investment world—and contributed to the feedback loop, until all those little risks suddenly, collectively crushed the economy.
Last week we published the story of Compliance Week’s latest editorial roundtable, exploring how internal audit departments are transforming into vital pillars helping companies with risk management. That is a wise and necessary transformation. But the simple truth is that black-swan risks are, by definition, beyond our ability to perceive. The much more pervasive and dangerous risk is that we fail to see the risks right in front of us, where they have always been, looping over and over, amplifying each time, until it’s too late.
If compliance executives want to watch for anything, watch for that.
No comments yet