What do risk officers worry about?
JPMorgan’s astonishing $2 billion-plus quarterly loss due to trading in credit default swaps from its London office spotlights the crucial role of the chief risk officer (CRO). What exactly are risk officers supposed to do? Is the CRO someone who fills out reports, becomes a fall guy for misplaced strategy or, as a key executive, makes management aware of the risks and has input to decisions made by the senior management team?
Taking on the role of a CRO is not for the faint of heart – even the title grants you a certain degree of unpopularity. You’re the bearer of potential bad news when it comes to strategic decision making. It is your job to provide your boss and peers with possible outcomes of scenarios they often don’t want to hear about. Yet, you are the first to be thrown under the bus when a risk suddenly surfaces and your company has no mitigation plan in place. You can’t say “I told you so,” so you roll up your sleeves and quietly prepare for the next event. Of course, every risk a company faces cannot be predicted and proactively avoided. As recent worldwide financial, economic and societal events have illustrated, it has become critical to employ a process driven by foresight.
To understand how to develop and implement a risk management strategy, we must first learn which emerging risks CROs are most concerned with today. According to a recent survey co-sponsored by the Joint Risk Management Section of the Society of Actuaries, Canadian Institute of Actuaries and the Casualty Actuarial Society, the top two risks reported were financial volatility and failed and failing states. Risk managers also cited cyber-security and the overall interconnectedness of infrastructure, followed by the threat of a Chinese economic hard landing, an oil price shock and regional instability.
From a broader perspective, the survey explains which emerging risk categories most distress risk managers. The economic category leads the pack (56 percent of managers named this as the biggest concern), followed by geopolitical (22 percent), technological (8 percent), societal (5 percent) and environmental (4 percent) risks.
The survey also polled risk managers on the role of strategic planning and incorporating the potential effects of evolving emerging risks into the decision-making process. This revealed that recent events such as the Japanese devastation, Middle East political unrest and European sovereign debt crisis have had great influence on the concerns of risk managers about future risks. The year 2011 marked the largest economic impact of physical disasters in history, which included flooding, monsoons, fires, earthquakes, volcanic eruptions and tornados.
Risk managers reported their top combinations of three risks, which was dominated by financial volatility when combined with failed and failing states, oil price shock and an Chinese economic hard landing.
Although it is the CRO’s duty to outline potential crises, the survey research showed that management teams increasingly believe that it is not a risk manager’s job to predict the future. For instance, in 2010, 77 percent of respondents felt that their companies expected them to be predictive. Nowadays, more than half of surveyed risk managers indicated that predicting specific scenarios is not part of the job. Rather, their role is to generate potential scenarios and their implications, shedding light on both the positive and negative outcomes.
Why did the SEC fail to spot the Madoff case?
– Mark T. Williams, a finance professor at the Boston University School of Management, is a risk-management expert and former Federal Reserve Bank examiner. The views expressed are his own. –
With Congress now probing the Bernard Madoff case, some claim the SEC missed the risk because of under staffing. Even if that’s an issue, one SEC enforcement officer using basic risk-management skills, asking probing questions, searching for clear answers, and exercising timely follow up could have helped in detecting this fraud before it grew to such a staggering size.
The central flaw at the SEC is that its current oversight approach is not sufficiently risk focused. Moreover, any changes in approach have tended to be in response to a specific event instead of incorporating an overall risk-based approach across all areas under their regulatory purview.
The SEC is responsible for overseeing registered broker-dealers, transfer agents, clearing agencies, investment companies and investment advisers, yet there is not a consistent risk approach used in all of these examinations. For example, in 2003, after widespread unlawful trading practices surfaced in the mutual fund industry, the SEC took steps to take a more risk-based approach.
Yet these higher examination standards were not viewed important enough to be applied to investment advisers such as Bernard Madoff. The weakness in the SEC’s existing examination approach can be best highlighted by the fact that, in the last 16 years, while Madoff’s firm was investigated 8 times, no fraudulent activities were ever uncovered.
As part of their broad regulatory mandate, the SEC is responsible for overseeing over 10,000 investment advisers. This agency needs to adopt a “where there is smoke there is fire” approach. The SEC must become risk focused in the scope and frequency of its monitoring and surveillance operations. Given the significant number of investment advisers, even if we assume that 99 percent are low risk, that still leaves 100 that need to be closely monitored and scrutinized.
The SEC should keep a detailed list of the top risky investment advisers and use it to prioritize and set review frequency. Currently, there is no clear indication that the SEC links review frequency or scope of exam with level of perceived riskiness. Former SEC Chairman Arthur Levitt recently indicated that only 10 percent of investment advisers are examined every three years. A wealth of new fraud can be dreamed up, hatched, and perpetrated at such firms in the interim.
Good work Mark. The SEC should never have let it get this far, if we had adopted a “where there’s smoke there’s fire” approach they might have been able to stop this from happening. I mean, if you are obviously making a substantial return that is significantly higher than everyone else supposedly in the same market as you, have done it consistently year after year, then something doesn’t add up. Don’t they have a team or teams risk management auditors that should have been able to pick this up? Also, what about the institutions and people that actually contributed millions of dollars through his feeder funds or directly, don’t they have a responsibility in researching where their money is going? I know, I myself, if I was investing 5 million to Madoff who supposedly told me he could earn a 12% return on my money, would want to know exactly how he was doing it, not that I could take my money and do it myself to avoid his fees but it just should have smelled fishy from the start. Hopefully we are on the right track now too safeguard these types of losses and schemes that these unethical businessmen are causing.
