As market conditions change, investors tune their strategies
to risk on or risk off. In risk management, however, off is not
an option. Five to seven years ago, the financial risk
management switch was turned off in too many places, and we
know how that turned out.
Risk management has certainly been turned on since the
depths of the 200809 crisis, but is it everything
it needs to be to deal with whatever twist, turn or turmoil
comes next? Recent events do not instill great confidence.
Consider the failures of MF Global and Peregrine
Financial, the risk management failures at J.P. Morgan, the
abuses surrounding Libor or the financial threats from
Europe, U.S. Treasury Secretary Timothy Geithner said in
July. The work is not done. We still have unfinished
Geithner made those remarks at a meeting of the Financial
Stability Oversight Council, the superregulator created by the
Dodd-Frank Wall Street Reform and Consumer Protection Act to
look out for systemic risks. Two weeks later a software glitch
at market maker Knight Capital Group touched off 45 minutes of
stock market chaos. It was the latest of several incidents
pointing to potentially devastating operational and financial
vulnerabilities related to high frequency trading.
There will always be new risks to mitigate and adverse
events to react to. But if the current risk management system
looks too much like a game of Whac-a-Mole, there is, as
Geithner suggested, much hard work to be done.
To be sure, risk management has come a long way. Financial
institutions have raised the stature of risk executives and
given them authority they previously lacked to sound alarms or
veto initiatives deemed dangerous to long-term safety or
profitability. Risk, compliance and audit responsibilities have
been more precisely defined and better orchestrated.
Risk management and related control functions within a
financial institution and regulatory supervision from outside
are seen as two sides of the same coin. Risk managers talk to
regulators, and both have lines of communication to boards of
directors. The Securities and Exchange Commission has adopted
a policy to proactively engage senior management and
boards to discuss critical business, risk and regulatory issues
and support effective regulatory compliance and risk
management, Carlo di Florio, director of the SECs
Office of Compliance Inspections and Examinations (OCIE), said
at an agency compliance forum in Washington in January.