Risk Controls Extend to Strategic Planning
October 4, 2010
BOSTON-The practice of actively managing obstacles to bottom-line objectives, known as Enterprise Risk Management (ERM), first emerged a dozen years ago. The fuel: the $4.6 billion collapse of Long Term Capital Management in 1998. A decade later, the credit crisis of 2008 brought risk management back to the forefront.
"The level of interest in ERM has never been greater," said James Lam, president, James Lam & Associates, who gave the opening address at NICSA's inaugural risk seminar here last Monday.
"This last crisis, the credit crisis of 2008-the mother of all crises-has made risk management replace accounting issues, Sarbanes-Oxley and the Public Company Accounting Oversight Board as the top issue for boards, who now fully realize that risk failures have significant and social costs. Forty percent of global wealth was destroyed at the height of the credit crisis, and it impacted everyone," Lam said.
Now, forward-looking companies trying to avoid future crises by understanding how the big picture will affect their bottom lines are taking ERM to another level by using it as a strategic planning tool. This time, they're looking for opportunities, not just vulnerabilities.
"Leading organizations recognize risk management is not just about protecting against the downside [but] that it can be a powerful tool for improving business performance," as well, said Lam, who previously served as chief risk officer at Fidelity Investments.
For example, following the concentration in high-technology and aggressive growth funds in 1999 and the subsequent dot-com crash, asset management firms diversified their product lines with the help of their risk management teams.
Since products were so highly correlated on the downside in 2008, asset managers have since turned to their risk departments to diversify their product lines further, to handle deflation and what is being called "economic scenario diversity." New products include absolute-return funds and "black swan" products to help customers during difficult economic times, Lam said.
Proof of the realization of just how critical risk management is, Lam said, is the increasing buy-in from boards of directors.
When he launched his business eight years ago, Lam noted, one-tenth of his work was with boards. Today, it accounts for two-thirds of his time.
"Risk management is not just about comprehensive analysis of strategic, business, credit, counterparty, market, operational and liquidity risk," Lam said. It's about understanding each of these critical risk areas and presenting the information in a consistent, integrated manner to the board, Lam said.
Seeing the information as a whole empowers upper management to maximize firm value-not just to minimize losses but to enhance business objectives and help a firm maximize potential, he said.
In establishing ERM, first write a thorough governance policy for the key individuals who are responsible for risk management and oversight. Second, understand how these key people reach their decisions, using both quantitative and qualitative factors.
Third, make decisions to optimize value, meaning increase shareholder value for a publicly traded firm. For a private company, that may mean improving brand and customer value, Lam said.
Fourth, assess, in a consistent, ongoing manner, how well enterprise risk is being managed and to provide feedback loops to give ERM a hard, critical eye.
McKinsey found that good ERM practices improve performance, i.e. gross income, return on assets and return on equity, anywhere from high single digits to mid-teens. "That is very substantial," Lam said.
"Nonetheless, the promise of ERM is still unfulfilled. There are seven key gaps that need to be addressed to fully benefit, starting with reporting to the board," Lam continued.
"Develop an ERM policy with explicit risk tolerance levels. Third is integrating risk into business processes and operations, including planning," Lam said.
A fourth key challenge is presenting metrics and indicators that show key exposures in a compelling way to the board and senior management through a well-designed dashboard.
Fifth is providing assurance to the board and senior management that risk is being handled effectively.
Sixth is making risk management part of the fabric of a firm's culture. The seventh gap to fill is empowering a chief risk officer and his reports to bring potential weaknesses to light.
The CRO should not fear reprisal-be it lower compensation, loss of a bonus or even dismissal-for bringing gaps and weaknesses to light.
In fact, risk officers should be given financial or other compensation in cash and/or stock to manage risk closely, Lam said.
Noting how the credit rating agencies failed to see the overall problems with mortgage securities and tranches, Lam advised: "Beware of the black swan. Think outside of the bell curve. Models are calibrated to that, but the real risk is the one-in-10,000 event. See the forest-not the trees. You really have to start from the top and go down to the granular risk details-but in terms of the big picture," Lam said. At American International Group, for example, they had a great credit model but failed to look at liquidity and downgrade risk, Lam said.