What do risk officers worry about?
JPMorgan’s astonishing $2 billion-plus quarterly loss due to trading in credit default swaps from its London office spotlights the crucial role of the chief risk officer (CRO). What exactly are risk officers supposed to do? Is the CRO someone who fills out reports, becomes a fall guy for misplaced strategy or, as a key executive, makes management aware of the risks and has input to decisions made by the senior management team?
Taking on the role of a CRO is not for the faint of heart – even the title grants you a certain degree of unpopularity. You’re the bearer of potential bad news when it comes to strategic decision making. It is your job to provide your boss and peers with possible outcomes of scenarios they often don’t want to hear about. Yet, you are the first to be thrown under the bus when a risk suddenly surfaces and your company has no mitigation plan in place. You can’t say “I told you so,” so you roll up your sleeves and quietly prepare for the next event. Of course, every risk a company faces cannot be predicted and proactively avoided. As recent worldwide financial, economic and societal events have illustrated, it has become critical to employ a process driven by foresight.
To understand how to develop and implement a risk management strategy, we must first learn which emerging risks CROs are most concerned with today. According to a recent survey co-sponsored by the Joint Risk Management Section of the Society of Actuaries, Canadian Institute of Actuaries and the Casualty Actuarial Society, the top two risks reported were financial volatility and failed and failing states. Risk managers also cited cyber-security and the overall interconnectedness of infrastructure, followed by the threat of a Chinese economic hard landing, an oil price shock and regional instability.
From a broader perspective, the survey explains which emerging risk categories most distress risk managers. The economic category leads the pack (56 percent of managers named this as the biggest concern), followed by geopolitical (22 percent), technological (8 percent), societal (5 percent) and environmental (4 percent) risks.
The survey also polled risk managers on the role of strategic planning and incorporating the potential effects of evolving emerging risks into the decision-making process. This revealed that recent events such as the Japanese devastation, Middle East political unrest and European sovereign debt crisis have had great influence on the concerns of risk managers about future risks. The year 2011 marked the largest economic impact of physical disasters in history, which included flooding, monsoons, fires, earthquakes, volcanic eruptions and tornados.
Risk managers reported their top combinations of three risks, which was dominated by financial volatility when combined with failed and failing states, oil price shock and an Chinese economic hard landing.
Although it is the CRO’s duty to outline potential crises, the survey research showed that management teams increasingly believe that it is not a risk manager’s job to predict the future. For instance, in 2010, 77 percent of respondents felt that their companies expected them to be predictive. Nowadays, more than half of surveyed risk managers indicated that predicting specific scenarios is not part of the job. Rather, their role is to generate potential scenarios and their implications, shedding light on both the positive and negative outcomes.
In fact, nearly half of the responses indicated that risk managers were recognized for identifying in advance and avoiding risks, while only 31 percent were held accountable when a risk that had not been identified arose. In addition, risk managers increasingly have a seat at the table for strategic discussions; the survey showed that 84 percent of risk managers said they have C-level input and the power to influence strategic business opportunities, while only 7 percent reported having no input.
The importance of an established risk management process, which anticipates a variety of developments, was evident during the recent financial crisis. Many companies, particularly those dealing directly with financial risks, had a chief risk officer (CRO) established before the crisis. Traditionally, the CRO provided reports to the board and senior management. Now, companies are asking the CRO for their opinions about potential scenarios and understanding that these are not predictions. Indeed, for 2012, 59 percent of respondents expect increased enterprise risk management (ERM) activities, while 39 percent expect increased funding. It’s definitely a move in the right direction.
Truth be told, risk management is an ever-evolving discipline. The Great Recession pointed out both the shortcomings of implementation at many companies, as well as the potential for a strong risk culture driving the risk management process. As time passes from this crisis to the next (as there is always another one around the bend), recurring trends are becoming apparent and companies across the world are getting smarter about the essential need to move risk management from the back room to a position influencing strategic decisions.
PHOTO: Tightrope walker Ramon Kelvink Jr. walks on a high wire during the Summer Festival in Quebec City, July 13, 2009. REUTERS/Mathieu Belanger