Return to Table of Contents

Enterprise Risk Management

Hindsight is 20/20

EIU studies reveal recurring problems in risk management implementation

By Michael J. Moody, MBA, ARM


Enterprise risk management (ERM) as a concept has been around for more than a decade. Among its earliest proponents was the financial services sector, in particular the banking sector. Many experts believed that banks had actually found a way to successfully implement ERM shortly after the full effects of 9/11 were observed. And the banks themselves maintained that they had found a way to provide a more holistic approach to risk management.

That is why it is so ironic that it has been the financial services sectors leading in the recent international meltdown. And to make the case even more ironic, it was the failures of risk management that have been identified as primary contributors to that meltdown.

Many people believe that one of the best ways to improve a situation is to view the past, and with regard to the financial services sector, it is possible to review past actions to determine problem areas and find ways to solve them. This approach can frequently provide valuable clues as to how to address the issues in the future.

In the case of risk management a series of excellent reports published by the Economist Intelligence Unit (EIU) in conjunction with SAS® can shed some light on this important issue. The EIU reports, which have been published over the past three years, provide the responses of more than 300 senior international financial services risk professionals in banking and insurance.

Value in hindsight

The first study, “The Bigger Picture,” was completed in September 2008. At that point, the economy was in the early stages of the financial collapse, but the severity of the situation had not yet become evident. However, immediately after the implosion of Bear Stearns, many banks began seri­ous reviews of their risk management programs. Even at this early date, banks realized that they would soon be facing new, more stringent regulatory pressures. As a result, many of the participants indicated a significant concern about what they would be facing with regard to government oversight.

The participants also realized just how critical the risk management shortcomings were and what a significant role they played in the crisis. About 33% stated they strongly agreed that risk manage­ment failures contributed to the difficulties, while 37% agreed.

According to the participants’ responses, there were three primary problem areas to implementing a successful ERM program. These included:

•Corporate culture—“The most difficult challenge was the ability to embed risk management within the corporate culture.”

• Quality of data—“Timeliness and quality of data was a key problem.”

• Qualified staff—“Finding and hiring qualified staff and providing adequate employee training was frequently missing.”

Additionally, the majority of participants indicated that protection against loss and damage to reputation would be the greatest potential benefit from ERM.

The study the following year, “After the Storm,” was completed in June 2009 and included 334 international financial services risk executives. This study was completed about two years after the emergence of the sub-prime mess, and it was now obvious that repercussions continued to be felt from governments, central banks and regulators.

Among the more pessimistic projections was one offered by the International Monetary Fund that stated: The projection “indicates that the public debt for the G20 countries will account for more than 100% of the GDP in 2014.”

Detailed analyses of the effects of the meltdown were continuing to grow from all quarters. It had become apparent by 2009 that “risk management needs to be more robust, authoritative and accountable.”

The participants stated that among the most noted obstacles to building a new risk were environment:

• Lack of risk culture within the organization

• Insufficient quality of data

• Lack of risk expertise—not just from the risk professionals, but also the board of directors, who frequently bring little industry expertise, and frequently have little personal wealth at stake

Many of the participants in the 2009 survey had begun to realize that “risk is not a function within the firm; it is the firm.”

The most recent study, “Rebuilding Trust,” was completed in May 2010 and consisted of 346 worldwide financial services sector risk professionals. This study makes clear the fact that risk management failings were a key contributing factor. However, participants were quick to point out that in many instances “warnings from risk managers went either unheeded or unnoticed.” Participants agreed that risk management was quickly moving to center stage, and most were seeing greater boardroom involvement.

Similar to the prior two surveys, participants in the current survey were quizzed about roadblocks to successful ERM implementation:

• Tone-at-the-top related issues— “There needs to be a renewed zeal to instill a greater awareness of risks,” so that risk management becomes better ingrained into the culture of the organization

• Lack of actionable data

• Lack of adequate risk expertise—Many participants noted significant human capital shortages as banks, insurance companies and regulators all struggled to find suitable expertise.

Many participants noted that meaningful progress in ERM implementation is occurring. But, despite this, there was significant concern expressed about the new regulatory environment that would be forthcoming and how best to handle systemic risks.

Conclusion

The EIU reports document how the financial services sector’s risk professionals have viewed the financial crisis over the past few years. The reports provide significant insight into their thinking, as well as pinpointing specific implementation issues. Not surprisingly, the majority of participants noted the same three problem issues recurring year after year. One of the main issues was a lack of quality data, provided in a timely fashion. The general lack of risk expertise at all levels of the firms was another consistent problem area. However, it was the failure to embed risk within the corporate culture that was most frequently cited.

The participants all noted the increasing interest that risk management has attained. As a result, most recognized that the “risk function has now attained an unprecedented level of authority.” Most also realize what many Hollywood celebrities have learned long ago: “Fame is fleeting.” As a result, regardless of the industry sector they work in, all risk professionals will need to find a resolution for the three major problems to successfully implement an ERM program, and find them soon. Without this, the long-term success of any ERM program will be called into question.

The author
Michael J. Moody, MBA, ARM, is the managing director of Strategic Risk Financing, Inc. (SuRF). SuRF is an independent consulting firm that has been established to advance the practice of enterprise risk management. The primary goal of SuRF is to actively promote the concept of enterprise risk management by providing current, objective information about the concept, the structures being used, and the players involved.

 
 
 

Many participants noted that meaningful progress in ERM implementation is occurring. But, despite this, there was significant concern expressed about the new regulatory environment that would be forthcoming and how best to handle systemic risks.

 
 
 

 

 
 
 

 

 
 
 

 

 
 
 
 
 
 
 

 

 
 
 

 

 
 
 

 

 
 
 
 
 
 
 
 

Return to Table of Contents