Risk management is a lot like anger management. It’s one of those disciplines you don’t really notice until it’s no longer there and things suddenly go awry. To put it simply, risk management is tasked with assessing, mitigating and monitoring the potential for a bad outcome. When it’s working, everything runs smoothly. When it doesn’t… well, just turn on your television to any business channel.
Case in point - MF Global was growing like gang busters, investing like crazy and hiring scores of bankers and analysts while the rest of Wall Street was handing out pink slips like umbrellas on a rainy afternoon. And then it took a huge risk, bet billions of dollars on European government bonds and lost. To make matters worse, MF Global reportedly leveraged some of its bad bets 44 to one, and when the time came to cover them, it couldn’t. Adding insult to injury, there are now reports that CEO Jon Corzine allegedly ignored warnings from his risk manager against taking the actions that brought the company down.
Remember when UBS realized a rogue trader had lost some $2 billion on unauthorized trades? Where were the risk managers on that one? UBS recently replaced the person who was in charge of risk management when the loss occurred.
Today, entire governments are on the verge of collapse partially because risk management was asleep at the switch when it came to sovereign debt. The role of risk manager has become more important that ever.
What are CFOs Thinking?
Apparently, not everyone has gotten the message. While business and global economic confidence among Chief Financial Officers continues to drop to its lowest level in over a year, most CFOs in this country (65 percent) still do not plan on increasing their budgets to improve risk management controls. That’s according to the most recent survey of CFOs by Financial Executives International (FEI) and Baruch College's Zicklin School of Business. In Europe, the opposite is true, but that may be a situation of too little too late.
Biggest Requirement in Risk Management Today
To find out what it takes to be a successful risk manager these days, we reached out to an expert on the subject, Christopher J. Donohue, Ph.D., Managing Director, Research and Educational Programs for Global Association of Risk Professionals (GARP).
"I think the biggest requirement right now in the field of risk management is to find somebody who not only has a broad understanding of the markets and the quantitative skills traditionally associated with risk management, but who also understands the bigger picture and the integration of all the products in the market," explains Donohue. "What the financial crisis showed us is that you may have strong quantitative skills, but if you don’t understand the influence the world beyond the financial markets has on the markets, that lack of perspective is going to catch you off guard."
How does that apply to MF Global?
"From what I’ve heard, MF Global had a poor risk management culture from the start and that was probably its biggest failure to managing risk," said Donohue. "There was a lack of communications and an over-reliance on quantitative models that were used out of context. If you think about the rating agencies role during the financial crisis, they were applying models to securitize products that really weren’t developed for those. They were really for corporate bonds. The application was off. The same thing occurred at MF Global and that led to a misunderstanding of the risks, which in turn led to embarrassment. It shows that risk managers must have the ability to influence an organization and make them realize that they’re taking risks in areas they may not even be aware of."
Important Traits for a Strong Risk Manager
What are the most important traits of a strong risk management department?
Donohue says there are five key elements to any strong risk management department:
- Data, which means you’re going to need people who have very strong computer skills, because at the end of the day, a lot of risk management is about data and pure data processing.
- Market awareness, including knowledge of financial products and general macro economic awareness. This is a relatively new area of importance, but it has become the new thrust for risk management and requires knowledge of markets and the economy.
- Modeling. This requires strong quant skills, and pure financial modeling needs solid engineering skills.
- Analysis. What you want here is intellectual curiosity and independence. Look for someone who asks questions, rocks the boat and functions on general skepticism about what you’re seeing and where it might go.
- Reporting. This final element depends on great communications skills. That doesn’t get emphasized enough in risk management, but it’s something that’s key to the risk management function. You want someone who can take the results of a lot of data and modeling and present it throughout and organization in an understandable and comprehensive manner. If you send out 200 pages of charts, you might as well send out nothing at all. Giving them a single risk number isn’t going to be enough either. Figuring out the right blend of general results and detailed analysis and then being able to explain what it all means to different audiences is a difficult but necessary task for any risk management department to be effective. If you can’t communicate the nature of the risk to those who need to know, misunderstandings occur and the wrong decisions get made. One of the most important lessons I learned from the financial crisis has been that with some of the more complex products, understanding the risks in them can be challenging to present to a board and have them understand and truly grasp where the risks might be and the amount of risks being taken.
Despite the results of the CFO survey, Donohue believes risk managers are getting more attention these days. "We had a meeting that we organized at the Fed for a group of Chief Risk Officers (CROs) and senior risk managers," he noted, adding that "one recurring comment was that the CROs had a bigger seat at the table and were being invited to make critical presentations to the board."
Changing Role of Risk Management
According to Donohue, the role of risk management has changed not only for the risk managers but for the culture of the organizations where there’s greater accountability in terms of risk managers and how much risk they’re taking. "When they hit limits, it actually means something," says Donohue. "Recently they would just change the limit, but since the crisis, people are paying attention to risk."
We asked Donohue, what do hiring managers look for on a resume that would signal the potential for a strong risk management candidate?
"Someone who has the math skills, such as anyone with a math, physics or engineering major, plus decent computer skills and are comfortable working with data bases and different computer languages," stresses Donohue. But that's not all. "People who were former traders, consultants, regulators and bank examiners also make good candidates because they will indicate strong market awareness and have a solid understanding of how things get done, where an organization might take shortcuts and where the real risks might lie," he adds.
"If you’re talking to somebody just out of school, you would look for someone who has participated in a financial or investment club because they would have a general interest in markets," says Donohue. He noted that GARP's Financial Risk Management (FRM) certification program shows that someone has a broad perspective of risk management. "Risk management, as practiced at a lot of financial organizations, gets put into a silo of market risk and liquidity risk, and with the FRM program, you learn all the different sides of risk management," says Donohue. " There are also a number of Masters of Risk Management Programs and Masters of Finance that have an emphasis on risk management."
As for the biggest risk management hiring mistake a company can make, Donohue points out that at one of the big banks, the CRO was also a close buddy of the CEO and they played golf and tennis together and even commuted together. There was too much of a friendly relationship that it made it impossible for the CRO to question some of the moves that the CEO was pushing for. "This scenario is a formula for disaster," says Donohue. "Keep your risk management department independent of everything and everyone else so they can offer objective and clear advice without constraint."