Oct 29

Risk Management Gets a Black Eye…


Or does it?

Let’s listen in on a few earnings announcements for banks that discuss risk management’s role in their recent problems:

Citigroup just announced a 57% drop in earnings and noted on its conference call: “We are examining our risk management organization to enhance particular areas such as convergence risk management and the management of aggregate exposures by asset class.”

Merrill Lynch announced an expected loss for the quarter: According to Chairman and CEO Stan O’Neal: “We can do a better job in managing this risk…”

More earnings announcements are coming, and we should brace ourselves for ‘risk management’ to be a watchword for casting blame.  But, how fair is that?

Don’t these banks’ shareholders want to see increasing earnings?  Don’t these banks’ senior management and board members want to see the same, in order to continue to reap the rewards of options and other incentive compensation programs?  When you’re all about earnings, many other metrics fall by the wayside, especially many that use risk in their calculation.

Of course, all of these commercial and investment banks have spent large sums to develop risk management systems, but what good is the best risk management system when they are not part of the ‘game’ of rising earnings?  We all know that these systems are sensitive to model assumptions and structure.  However, they are also subject to the bias of ‘tell me what I want to hear’.

The problem is developing a fine line between using risk management systems to make good decisions, while maintaining their independence.  The problem is similar to that in the accounting area.  We need solid accounting information to make good decisions, but the accounting function must be periodically audited by both internal and external independent auditors.

Although many large financial institutions have a ‘risk management’ or ‘asset/liability committee’, this group is usually charged with measuring and monitoring risk while relying upon experts.  But, those experts’ models, assumptions, etc, are not subject to the same degree of scrutiny as they would be if overseen by a separate audit function.  In other words, there is typically no board committee primarily charged directly with evaluation of the risk management function WITHOUT participation of senior management; as we see within the duties of the audit committee of the Board when it comes to accounting issues.  And, financial institutions are in the business of risk management, not accounting.

Thus, if senior management chooses to ignore the potential for ‘eight standard deviation results’, (or, more likely, they are relying upon models that assume normality with little skewness or kurtosis and/or inadequate correlation assumptions) they can do so without serious challenge.   It’s earnings, earnings, earnings for management and they’ve got the models to prove their point.

And, why not?  Those ‘eight standard deviation’ models are quite rare and may not even occur on their watch.

The issue here is one of corporate governance and accountability.  As terrific as our risk management professionals and systems are, they are playing in a game that is rigged against them.  Until independent oversight of risk management occurs, ‘tell me what I want to hear’ becomes more and more likely.

I was once told that when someone points a finger at you, there are three others pointing at them.  As these earnings come out and we hear about risk management problems, watch the other fingers.