Moral DNA to Rule Risk Self-Assessment
November 22, 2004
ORLANDO -- Conducting risk self-assessments has become a paramount concern for mutual funds, as new compliance rules, mounting client demands, product innovations and heavier workloads are all tugging operations personnel in every direction. And there is more work coming down the pipeline.
This changing environment demands that fund companies adopt new risk models so that they can better anticipate problems and deal with them internally before they grow too large to contain. Speaking at an Investment Company Institute operations conference here recently, Charles Fishkin, director of the Office of Risk Assessment at the Securities and Exchange Commission, told attendees that risk assessment is a collaborative process and urged them to get more involved. "We are all risk assessors now. Each one of you has a critical role," he said.
Echoing the sentiment of SEC Chairman William Donaldson, Fishkin talked about the need for "moral DNA" within a firm, in what was his first public appearance since joining the Commission in August. "Firms really have to make sure that their fundamental cultures are focused on doing the right thing for clients," he said. "The only way to be truly compliant in the spirit of Sarbanes-Oxley and some of the governance reforms passed in the past few years is for that culture of compliance to be embedded within the company from the top down."
Fishkin advised fund staffers to evaluate their firm's and their department's strengths and weaknesses, focus on consistencies and establish a common vocabulary. He said that risk assessment and risk management must be integrated into the planning process and that they must identify trends and be prepared for change. He acknowledged that meaningful change doesn't happen overnight, but encouraged fund companies to take small steps and "keep it concrete, keep it real."
Donaldson founded the Office of Risk Assessment earlier this year following the fund-trading scandal, which left the Commission with a huge black eye. With Fishkin's group in place, the SEC hopes to be more proactive in rooting out problems among all types of investment companies before they fester. In its fully realized state, the office will employ 15 staff members who will work closely with the different divisions of the SEC including enforcement, examinations, market regulation and investment management.
Fishkin said his office is seeking new hires with "diverse skill sets" and "open-ended thinking styles" to assume senior policy positions. As for experience, the office is looking for candidates with very deep backgrounds in the capital markets and financial markets, those who have worked with risk management and assessment tools, as well as investigators and auditors.
Fishkin's team will comb over a number of "areas of concern" that include new products and services, governance, valuation issues, conflicts of interest across different lines of business, business continuity and internal controls. Seeing as these issues are all over the map, it stands to reason that he is looking to add people with a breadth of talent and experience
Richard Siegelman, vice president of corporate risk at Fidelity Investments, shared his own thoughts on risk assessment based on his company's program model. The foundation of the Fidelity model is promoting trust and maintaining the firm's reputation for integrity. "The bottom line is that it's all about people," he said, emphasizing the importance of hiring the right people and equipping them with the proper training and education.
Siegelman compared risk management to the way a car operates: "You can drive fast because you know you can stop." In other words, having the necessary controls in place enables firms to be aggressive in pursuing business opportunities. At Fidelity, the risk-assessment process has five key steps: 1. Understand the business environment, 2. Identify top risks, 3. Identify themes and prioritize risks, 4. Agree on action and 5. Integrate with business planning. In order to be successful, Siegelman told his constituents to "keep it simple and consistent, obtain organizational support and leverage relationships, recognize business and risk drivers, take action and develop key risk metrics.
But it's not that simple, he added, noting that there are significant challenges to cope with in managing risk, even conceding that his firm struggles with end-to-end processes. He recommended getting different business units thinking and encouraging conversations between them. "It's critical to have it all together," Siegelman said. "You cannot think about [risk assessment] in a vacuum." He said that risk assessors should be looking for themes and asking themselves, "Which items share a commonality?' The key is to develop the methodology first, then the tools, not the other way around," he said.
James Mikolaichik, vice president and director of risk management at Old Mutual Asset Management, expressed similar views, stressing the importance of having "a consistent language" that puts everyone on the same page. Checklists and benchmarking are helpful tools in managing risk, he noted, but what's more important are conferences and discussions with peers. A fundamental strategy he uses within his own firm is figuring out who is responsible for performing certain functions and, from that, building accountability at an individual level.