Just to continue with a theme I have written about before – that is that risk management is here to stay, and with a reason. There was an interesting article in the FT on 25 August this year. Entitled “Private equity focuses on risk managers”, it looks at the acquisition of Iris by FRSGlobal, which in turn is backed by Carlyle and Kennet. “Regulators are increasingly asking banks to demonstrate that the risk management solutions they use are sound,” said Fernando Chueca, an associate director at Carlyle. “Banks are now realising the ‘silo approach’ isn’t working.”
Interestingly, the article talks about the controlling aspects of risk management: “Lax risk controls, for example, allowed a Société Generale trader allegedly to amass unauthorised positions that cost the bank €4.9bn ($7.2bn), in addition to €4m in fines by French banking regulators.” What it does not do is talk about what I might describe as the enabling facility of risk management. For a long time risk managers in Financial Services have been those in credit or other areas who say “no”. Of course they maybe said “no” to infrequently in the foot-to-the-floor approach to building banks over the long bull run. Of course, as any driver of an automatic car will know, you have to take your foot off the accelerator to brake. And that self-same heavy foot is now pushed firmly down to the metal so that the brakes are squealing and the whole (global) economy is screeching to a standstill.
I like to think of risk management as being the balancing act of four attributes that fall into two pairs of tensions. On the one hand we have good old risk management attempting to stop bad things from happening. And yet (as the credit crunch has graphically illustrated) if you stop taking managed risks, you will stop dead in your tracks. These are different attributes (stopping pitfalls, and taking more managed risk) which tend to operate in contrary directions. The other pair of attributes that influence risk behaviours are the performance culture (who has not just occasionally thought that the bonus culture of the big investment banks might just skew risk taking in one direction or another?) and the corporate ethics and behaviours. Imagine each of these attributes individually mapped against the long term profitability of the organisation, and you will see that the more you do of each of them, the better the long term profitability, until, suddenly you are doing too much: taking so much managed risk, that people cannot manage; avoiding so many pitfalls, real and imagined, that they cannot progress; suffering from a performance culture that forces rile breaking and burn-out; or corporate ethics that becomes so debilitating that it is a question of not treading on egg-shells. Now take those and map them on the same diagram, and suddenly we can see what happened to all of those banks: exorbitant risk taking combined with a noxious performance culture and stunted risk avoidance combined with little regard to the real corporate ethics.
The credit crunch has slammed this into reverse (into what I used to describe as UK plc’s risk profile): very little or no risk taking, combined with redundancies; and total pitfall avoidance combined with a new ethical model (perhaps this is stretching a point, but you get the drift).
To me, the challenge is about working out where you are on these four attributes, where you want to be (the sweet spot) and how you get there. It’s not just about an overall group-wide approach; it’s about each of the businesses and teams and how they interact with one another. This is what I call Balanced Risk. And understanding their own business risk profile might just be what would help organisations to begin, ever so cautiously to take their foot off the brake and to start gently applying pressure to the throttle.
Happy to discuss!