Recognizing Diversity and the Evolution of Risk Management

Bob Phelan

Financial Risk / Asset Management / Advisor

One advantage of a long career in one business function is the ability to provide perspective on how the function has evolved. This year, I have taken the time to explore risk management options in different industries, evaluated the risk needs of corporate boards, and identified pricing of risk assets as part of my investment oversight role.

Risk management has improved over the last 15 years by:

1)    Expanding the role of risk management to cover the full spectrum of potential risks

2)    Collaborating with Compliance, Audit, Finance, Human Resources, and the Board

3)    Embraced diversity of leadership within risk management which is providing more opportunities for Women, Minorities, and Veterans

4)    Improving transparency and reporting of risks to all levels of management and the Board

5)    Providing trusted due diligence on new products, M&A activity, and strategic decisions

6)    Building a diverse risk culture with increased communication venues to discuss shareholder goals, customer engagement, employee satisfaction, competitive threats, and social impacts

When I started as a risk manager with Bankers Trust in the late 1980s, we leveraged data and analytics to identify risk drivers, determine P&L volatility (value-at-risk (VaR)), and estimate return on credit and market risk-adjusted capital (RAROC) as a framework for strategic decisioning. Almost every risk manager was quantitatively trained and a programmer. Risk management functions continue to use the latest technology to support profitable business opportunities. At the start of my career, I utilized a Cray Computer and a 3rd Party database of all collateralized mortgage obligations to monitor valuations of arbitrage positions and provide independent risk assessments which gave the firm a competitive advantage. Recently, my teams used text-mining to take action on customer feedback, implemented realtime data updates for transaction processing, controlled targeting using social media data, and leveraged BigData with machine learning models to improve prediction of risk and customer preferences.

Over the past 15 years, Risk Management has expanded its remit with broader assessments within the three main risk categories: credit, market, and operational risk. All have been influenced by regulatory requirements such as Basel and CCAR capital planning, as well as Dodd Frank resolution planning, Volker rule, and numerous other requirements. However, regulatory capital requirements have been hard to rationalize especially for operational risk. That said, risk leaders have engaged in improving operational risk processes and systems as they were trying to lower the risk capital requirements. We have made progress across operational risk by improving processes for 3rd party risk, anti-money laundering & sanctions, regulatory adherence, compliance, technology risk, reputational risk, fraud, cybersecurity, privacy, litigation risk, and human resource risk. The recent coordination with compliance and audit functions eliminates costly redundancy in assessing operations and systems. Due to the integration of risk management with other control functions, risk management teams now come from a variety of backgrounds and diverse cultures that benefits the entire organization.

There are some concerns that accompanied the evolution of Risk Management:

1)    The recent regulatory environment drove the creation of three lines of defense and created a higher cost structure that does not effectively drive risk-balanced decisions with clear accountability. On the positive side, the three lines of defense enhanced regulatory relationships as regulators relied upon the second line of defense to be the internal regulator that supplies analysis to them. The challenge role of the second line of defense can alter first line decisions but has been inefficient because it may: require extra documentation of challenge resolutions, address issues late in a new initiative execution plan, and lack measures of success.

2)    The current risk management environment primarily relies upon regulatory models as they are drivers of firm capital requirements. The regulatory models may increase systematic risk because the regulatory guidelines create similar models across the industry, and they use similar time periods of data to develop the models.

3)    Almost all risk assessments are based on models, historical data and typical risk scenarios impacting company assets, liabilities, and processes. However, there are numerous scenarios that are atypical but are not considered in current risk scenarios. In today’s world, the list of possible risk events is long and the world is unstable. There are competitive threats (Amazon, Fintech, foreign competition from China and India), disruptive technologies ( self-driving cars, automation/robots displacing workers, expanded mobile and digital capabilities), and government/political risks (trade wars, taxes, tariffs, sanctions, Federal Reserve raising short interest rates and impacting segments, Fed reducing its $4.5 trillion balance sheet and raising long interest rates and impacting segments, cybersecurity and impact on the electric grid, financial system, food systems), military risks (war, nuclear incident, impacting various geographic locations), social risks (decline of small business profitability impacting local communities, outsourcing of jobs to low-cost countries, minimum wage issues, moral and political suasion on financial obligations like debt repayment, changes in debt and bankruptcy forgiveness, tax policy implications especially mortgage and interest deductions, and healthcare cost implications).

Risk leaders have an obligation to preserve their firm value and drive profitable growth for the company, employees, customers, and society. There has been great progress and risk management is well-represented across many industries today. Risk leaders must continue to work with senior management and the board to establish a clear risk appetite framework and develop strategies to manage through whatever the future might bring, good or bad, from the unexpected.



Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s