Are You the Risk Manager of Tomorrow?

RMA Journal, The, Feb, 2001 by Charles A. Fishkin

Risk management is one of the fastest-growing areas in today's job market and promises to be one of the most prestigious. The facets of this article reflect the needs and concerns of all involved in the risk management process--from risk manager-in-training to those seeking to hire the risk manager.

The role of the risk managager is in flux. This affects financial institutions of all sizes and risk professionals at all levels. The ramifications extend to the senior mangagement team, the board of directors, and shareholders. There is much at stake.

During the past decade, too many financial institutions have neglected or failed to recognize the value of rigorous risk management practices. They have paid heavily for this gap with large losses, damage to their reputations, fines, and regulatory difficulties. Some have shuttered their doors. Others have merged with stronger entities, in some cases out of necessity.

It is no surprise, then, that many financial institutions are rethinking the risk management function. As institutions proceed with risk management discussions, two major themes should be at the forefront:

1. Risk managers must take a more comprehensive and integrated approach toward risk, as causes and effects are becoming harder to distinguish. The boundaries among the traditional categories of risk are becoming less cleat, and the new risk managers must view their mandate as comprehensive risk--full stop.

2. Risk managers must play an active role in shaping their organizations. They can no longer limit their roles to evaluating, approving, and reporting on risk parameters. Instead, risk managers must play an active role in an organization s strategy, culture, people, compensation, and more. They must constantly be thinking ahead about the next hidden risk and assertive about promoting needed changes.

All participants in a firm's risk management activities--senior risk managers; those who hire, oversee, and interact with them; and those who work for or aspire to become a senior risk manager--should continually focus on these themes.

A growing number of institutions have found the need to create a new position of chief risk officer (CRO), who has broad responsibilities for risk oversight. In addition to this senior role, firms are adding risk mangers at other levels to focus closely on specific businesses or risk issues.

As the role develops and expands, the CRO will likely become one of the most senior members of the firm, wielding as much influence as--perhaps even more than--the general counsel, chief financial officer, chief auditor, or head of a key business line.

Herein lies an enormous opportunity and challenge. CROs have the potential to shape the fundamental direction of their organizations. But to fully realize this role, they must think and act differently from before.

Defining Risk

In its simplest definition, risk is the possibility of negative outcomes. All businesses intentionally seek and want to assume certain risks. These are often thought of as core business risks. If firms manage these risks well, they can earn superior returns for their shareholders.

But the pursuit of core business risks can expose firms to other unanticipated risks. Large losses can result, whether from extreme market movements, customer defaults, weakness in processes, controls, and technology, or a panoply of other factors. Unwanted risk can reside in all parts of an organization and at all levels. It matters less to shareholders whether a loss results from one form of risk or another. A loss is a loss. Risks are frequently interrelated. Some problems fit easily into the traditional categories of credit, market, legal, operational, liquidity, and others. Some problems result from multiple risks.

Defining Risk Management

A possible definition for risk management, then, is the effort to create and oversee the necessary people, technology, processes, and other tools to mitigate unexpected problems. It can, however, mean different things to different people.

* To some, risk management is the use of "traditional" insurance products to manage such problems as business interruption, fraud, health costs, injuries, and property and casualty risk.

* To many, it is the application of derivatives and other transactions to mitigate risks relating to fluctuations in interest rates, currencies, equities, commodities, and other markets.

* To others, it means protecting an institution from market risk, credit risk, and operational risk related to core business activities.

* To others still, it is the process by which risks are self-insured, financed, or transferred.

Risk management means all these things and more--thus, the overall question of the role of the risk manager. Risk management means the management of any potential problem that can affect a business franchise. This can include many issues and problems: strategy, markets, credit deterioration, political instability, people, culture, technology, process, inadequate controls, laws, regulations, external events and many other areas. The risk manager is charged with overseeing and managing this entire "galaxy of risks."