New challenges for risk managers

Risk managers in organizations have long understood that, contrary to popular belief, they don’t control risk. Their challenge has always been striking the right balance between the risk an organization is exposed to and achieving its objectives. Risk management therefore cannot be divorced from the overall strategic orientation of an organization and risk management is the responsibility of everyone in the organization who makes key decisions that affect risk exposure.

In the financial services industry, which in the past has prided itself in being self-regulating, true self regulation has been sadly missing as risk control at the operational level was ”contracted out” to the ”experts”: most notably to the quants, with their sophisticated computer models, and the rating agencies. Yet in a world where even the most reputable rating agencies got it so spectacularly wrong , the world cannot afford further contracting out of risk management away from the individual decision maker.

There is a tendency in humans to pass the proverbial hot potato. Interestingly the loudest voices following the aftermaths of the fallout have been the calls for further contracting out of risk management in the form of greater policing and greater regulation. The widely circulated story of Jamie Diamond of JPMorgan whose foresight changed his organizations risk exposure away from the subprime debt as early as 2006 can also be seen in a similar vain. There is no doubt that the issue of greater regulation needs to be looked at and the politians are on the case with a vengeance. However, rules can never cover all the bases nor can the CEO and the senior management team abdicate their pivotal role in setting the strategic goals of their organization and communicating these goals clearly to their troops.

These are indeed exciting times for risk managers in the financial services industry.Many commentators are predicting that this once neglected Cinderella function has now moved centre stage to a function of strategic importance. This move from a compliance function to a function which holds core expertise vital to the survival of the organization presents a great opportunity for the risk management profession to affect real change in the financial services industry. The challenge for the risk management professionals is to resist colluding with the view that risk management can be contracted out away from the individual operator and that the function alone is the holder of risk management within the organization. Such a view absolves the individual from personal responsibility and can even perpetuate the culture of excessive risk taking so prevalent in the last ten years .

Inevitably the problem of risk comes back to understanding how members in an organization make key decisions that affect risk exposure. Crucially risk managers no longer shackled by their colleagues old perceptions of belonging to a function understood as superfluous to business success will now be able to enter into a dialogue in order to jointly develop a greater awareness of where risks are ‘built in’ to the daily routines and operational culture of the organization in question. This will demand a fundamental shift in the role of risk managers-a move away from policing and to a business partnering role.

The essence of the business partnering role is an ability to change the kinds of conversations risk managers hold with their business colleagues. This means being confident to challenge colleagues, bring new thinking to the table, influence effectively and ask the kinds of questions that make people think differently. In order to effectively partner new toolkits of expertise might need to be acquired by the risk management fraternity - namely strong consulting, coaching and facilitation skills as well as an understanding of change management tools and organizational development. Greater awareness of heuristics and communicating that knowledge to colleagues might also be called for.

Anna Withers