Be prepared to weather the next storm - Enterprise Risk Management (ERM)
In the crisis just gone by, newer and complex financial products, ameba like organizations cause of heightened pace of M&A and ever changing relationships between different types of risks resulted in broken models, violated assumptions and ineffective risk management just when it was needed most. Couple it with continuously evolving regulatory requirements, an Enterprise Risk Management (ERM) is needed which can align risk function with strategic business imperatives, create a common language of risk and facilitate optimal levels of risk.
An ERM as we know helps in solving the eternal dilemma of decentralization versus centralization of Risk. While decentralization helps in letting risk managed by people who understand it best aka line managers across difference line of businesses, it also creates a risk of letting them stretch beyond permissible limits to achieve their short term targets. Now, one would argue that a perfectly defined incentive management, the one that encourages long term sustained profitability over short term volatile profits, is the key to address these issues. True but not completely and that I will leave for another day.
Coming to the other side, centralized risk management is a much better choice as it is a top down approach, it helps in aligning business objectives with risk management, but the apparent beauty of the solution ends here. While conceptually it looks good, practically it's impossible to calculate risk from bottom to top and distribute it top to down. Not because one doesn't have models to do that but because no model are not correct in all situations and one only comes to know the failure of these models in hindsight. Sure, one can back test each and every model for its validity but in financial world we have seen historical data are of not much use as crisis situation always comes with a new face.
So like in almost walks of life, solution lies in the middle not extremes. ERM precisely does that. While it encompasses all types of risk in all corners of any organizations, it also creates a framework of its optimal distribution.