Differentiate ERM program via responsive risk culture
Lots have been written on risk management malfunction behind the present crisis and the blame mostly has been to poor risk processes, risk infrastructure, models and resources etc. During this unprecedented market turbulence, industry has seen the collapse of some of the mighty names as well as lesser ones. Though process, control, management are key to strong risk functioning, but the GOD of all is something else. I had the opportunity attending & participating on one such session on "ERM Backlash" in capital market industry recently, the outcome of that session could clearly white-line the mother of all reasons behind poor risk function- "risk culture".
Common belief is that risk processes did not respond to downside due to severe lacunae in the rating system, modeling, lack of prediction on risk-interplay and of course governance. Though the fourth one stands out as the prime culprit, pundits are yet to pinpoint the real missing link in the governance chain.
One of the panelists, CRO from an Ivy League investment bank, expressed "Culture" as one of the pot-hole in the fiasco with legitimate examples. From her observation- "During a benign market, it's the front office which dominates governance chain and during tough time, it's the risk function calling the shot". That means when going is great, who gives a damn to risk advices and when business is down, let's listen to them. She also cited a case from her experience that risk function in her organization will receive CMO/CLO (the ammunitions behind the crisis) related deal data 4 to 6 weeks after the deals are done in an up scaling Wall Street and this timely unavailability of transactions data hampers predictability of risk management and very few at CXO level would give a helping ear to risk function's periodic insistance on this issue. This clearly speaks the cultural aspect of risk function and weak governance standards. Many such deliberations were observed in the sessions where focus went to poor regulatory oversight, risk infrastructure, lack of board responsibility, but the fire and cross-fire often embrace the cultural agenda in risk program. You can have the best of the oversight, infrastructure, but the implementation within the organization will be decided by the risk culture in the governance chain.
This is how I foresee risk function 2.0 should be on culture agenda-
- Strong incentive to divulge risk even if it's an error from individual.
- Long term view on risk incentive than short term - Wall Street 2.0 has already understood this and Obama plan has also endorsed that in recent financial regulatory reform.
- Good or bad, business decisions need to adhere to strong risk management processes and risk function feedback. No more sideline stay for risk representatives.
- Timely information sharing between product team and risk team.
- It's better to have risk mitigated medium size return and than magnified short-term margin with high downsize risk.
- Board should promulgate & emphasize strong culture as a weapon in successful risk program roll-out and monitor the process diligently. Board performance should be judged on the success of cultural parameters.
There are reforms already announced across markets, geographies and cultural aspect has got minimal coverage in my view. This is sad, but time for next generation financial institutions to bridge this gap as soon as possible to win in the turn. Successful risk culture would be the weapon of differentiation between effective & vanilla ERM institutions. It needs time and commitment across governance ladder to do so. If you want to survive in Wall Street 2.0, create the environment now!