The ERM Current™

During the recent boom in mortgage-backed securities and credit derivatives, many risk managers were hired to serve as the “canary in a coal mine” for financial institutions.   In the past, coal miners would bring a canary with them to work to ensure that they did not die as a result of carbon monoxide poisoning.  If the canary stopped singing and died, then the coal miners knew to evacuate due to the risk of high levels of carbon monoxide gas in the mine.   The problem with the financial institutions was that the canary (i.e. risk manager) stopped singing in many cases.  The miners (i.e. bankers) chose not to pay attention to the canary at their own peril.  

Just this week, the following was published in US Banker magazine.

“There’s a lot of finger pointing going around about what led to the current financial market breakdown, but perhaps the most ridiculous target of blame is the very idea of financial derivatives, as if these products sprang out of the ground like a particularly potent crop of poison ivy while no one was looking. In reality, a lot of people were looking, and a fair number of risk managers were warning, but too many institutions were either ignoring or mis-measuring the risk.”

Rather than solely rely in the future on sophisticated models, the magazine suggests that many financial institutions are getting back to basics.  Edward Hida, a risk management expert from Deloitte, is quoted by the magazine as saying that it all begins with:

“a strengthening of governance and monitoring. The chief risk officer “should serve as a central point. Risk management should be a robust process across functions.”

He makes a great point, but the rest of the organization must heed the warnings of the chief risk officer in the future or suffer the same fate as the poor souls at the bottom of the mine.

When you think of a swamp, what comes to mind?  Murky, squishy, and difficult to find your way through? Well, the same can be said for today’s Governance, Risk & Compliance (“GRC”) software marketplace.  There are many vendors crowding the market with all sorts of products that address various components of GRC. However, it is extremely difficult for companies to determine what software may be best suited for their processes and environment.  That’s because the software market and the products themselves are evolving continuously.  

Wheelhouse Advisors can help you determine not only your requirements, but also the solutions that are best suited for your company.  It starts with gaining a solid understanding of your GRC process design and overall vision for the desired end state.  With that in hand, Wheelhouse Advisors can then work to help you successfully navigate through the swamp to find a software product that will enable your program to reach its fullest potential.  

Visit www.WheelhouseAdvisors.com to learn more about how we can help your company Navigate Successfully™.

A study was released this week that examines worldwide regulatory compliance efforts and implementations in large organizations.  The results of this study are surprising, if not alarming, given the current state of the worldwide economy.  Sponsored by CA and conducted by GMG Insights, the study found that many organizations in Europe and the Asia/Pacific Region are not fully compliant with many regulations even though they are required to be.  For example, 46% of European companies and 50% of Asia/Pacific companies anonymously reported that they are not fully compliant with the Sarbanes-Oxley Act.  To be sure, these companies do not have very mature risk and control programs.  The researchers conducting the study concluded the following.

“The conclusion we come to, is that in-spite of the rising costs associated with compliance and the severe penalties that can come from non-compliance, organizations are still managing down to a “just enough to get by” strategy. In our opinion this strategy cannot be sustained. Organizations face exponential growth of regulations and systems affected by those regulations must be monitored. Managing compliance with an ad hoc approach subjects organizations to significant risks. Recognition of the organizational risk and the growing costs will ultimately drive the adoption of broader, enterprisewide compliance management solutions.”

These companies and many others may believe they are saving money by addressing compliance in this fashion.  However, most will ultimately find that this short-term, ad hoc approach will not only lead to greater risk of potential non-compliance, but also to greater cost due to fragmented and duplicate activities.  As the mechanic says to his customer in the oil filter commercial, “you can pay me now….. or pay me later”.

Last week, two past chairmen of the US Federal Reserve provided their perspectives on the current financial crisis gripping the world economies.  Alan Greenspan testified before the US House Committee on Oversight and Government Reform that we are experiencing a “once-in-a-century credit tsunami”.  He went on to say that, “In 2005, I raised concerns that the protracted period of underpricing of risk, if history was any guide, would have dire consequences.”

However, in a 2005 speech, Mr. Greenspan lauded the sophistication of risk management related to derivatives that led to us to the current financial market collapse.  He noted the following, 

“The use of a growing array of derivatives and the related application of more-sophisticated approaches to measuring and managing risk are key factors underpinning the greater resilience of our largest financial institutions…”

Another former chairman, Paul Volcker, provided a simpler view at a roundtable session at Columbia University last week.  He stated, 

“We are dealing with unprecedented events, and unprecedented events call for unprecedented measures.  I think we really are going to have to rebuild the system pretty much from the ground up.”

Instead of a “tsunami”, maybe Mr. Greenspan should have used a different metaphor – a financial 9/11, perhaps?  Just as we are now rebuilding the World Trade Center, we will need to rebuild, according to Mr. Volcker, the financial system headquartered only a few blocks away on Wall Street.  Your thoughts?

This weekend, the Wall Street Journal included the opinion of John Schnatter on the current financial crisis.  For those of you who do not recognize his name, Mr. Schnatter is none other than “Papa John” of the famous pizza franchise, Papa John’s.   As Chairman of the Board at Papa John’s International, Inc., Mr. Schnatter points out that the failings of the many corporations that were involved in the carnage started in the boardroom.   With weak oversight, these companies did not possess the strong level of governance required to hold the CEO accountable as the bubble expanded.  Mr. Schnatter explains,

“As our nation works its way through this crisis, and we look for explanations as to how we reached this point and how to avoid another crisis in the future, let us keep in mind that a significant set of checks and balances — ultimately ending with the boards of directors — has failed.”

Checks and balances must be improved, beginning with the board and ending with strong controls throughout the enterprise.  As Papa John himself says, better ingredients lead to better pizza and, in the case of enterprise risk management, better governance.

Do you know how mature your risk and control program may be?  More importantly, do you know how mature you want your program to be?  Wheelhouse Advisors provides services to give companies a better understanding of the current state of their risk and control program as well as how to achieve the desired state. Through a comprehensive diagnostic review, Wheelhouse Advisors can quickly provide Executive Management and Board Members an independent view of their program.  We examine the following five main components to determine the maturity level.  

1. Infrastructure
2. Control Portfolio
3. Governance Model
4. Capabilities
5. Cost Structure

Clients can then use the results of this diagnostic review to develop a road map that will help them achieve the desired maturity in their risk and control program.  If you would like to learn more about how Wheelhouse Advisors can help your company, email us at NavigateSuccessfully@WheelhouseAdvisors.com.

As the financial crisis continues to unfold, one area of risk management that is gaining an increasing amount of attention is operational risk.  Operational risk is typically defined as the risk of loss resulting from inadequate or failed internal processes, people, technology or from external events.  Earlier this year, the massive trading losses at Société Générale resulting from the activities of a rogue trader exemplified the need for stronger operational risk management practices.  Just last week, the Financial Times reported that,

“…..some of the world’s biggest investment banks, including Goldman Sachs, Morgan Stanley and Citigroup, issued a report criticising risk management at their own institutions and urging “serious and sustained investment” in better people and technology.”

Greater investment is needed to get ahead of the operational risk curve before the next rogue trader comes along.  What do you think?  Please share your comments below.

When asked, most corporate executives do not think of risk management or regulation as a competitive advantage.  That is until confidence and trust are no longer commodities, but highly treasured assets.  Looks like the US Government is also realizing the value of risk management and regulation.   Earlier this week the Wall Street Journal noted the following,

“Two years ago this month, Treasury Secretary Henry Paulson was talking about how the regulatory pendulum “may have swung too far” in the wake of corporate scandals earlier this decade.  Mr. Paulson’s fear: That overly burdensome regulation would make U.S. capital markets less innovative and competitive globally. If only.”

Yes, how quickly things change.  If you are interested in learning more about how Wheelhouse Advisors can assist your company in strengthening risk management to become a competitive advantage, visit our website at www.WheelhouseAdvisors.com or email us at NavigateSuccessfully@WheelhouseAdvisors.com.

Yesterday, Federal Reserve Governor Randall S. Kroszner delivered a speech to the 2008 Annual Risk Management Association Conference in Baltimore, Maryland.  In his speech, Governor Kroszner made the case for strengthening risk management practices by integrating risk management with strategic planning.  Governor Kroszner stated,

“In my view, an effective overall corporate strategy combines a set of activities a firm plans to undertake with an adequate assessment of the risks included in those activities. Unfortunately, many firms have forgotten the second part of that definition. In other words, there can be no real strategic management in financial services without risk management, hence my use of the term “strategic risk management.” Risk management needs to be interwoven into all aspects of the firm’s business and should be part of the calculus for all decision-making. Strategic decisions about what activities to undertake should not be made unless senior management understands the risks involved; assessing potential returns without fully assessing the corresponding risks to the organization is incomplete, and potentially hazardous, strategic analysis.”

While many institutions may have thought they were considering risks when setting strategy, most were blinded by the potential profits without a healthy consideration of the risks.  As Governor Kroszner reiterated in his remarks,

“…the ongoing fundamental transformation in financial services offers great potential opportunities for those institutions able to integrate strategy and risk management successfully, and I will argue that survival will hinge upon such an integration….”

Click here to read Governor Kroszner’s full speech.

For those who have been keeping up with The ERM Current™ this month, you might recall the blog from October 9 titled “An Office of One”.   It details the Security and Exchange Commission’s approach to risk management and the impact of cutting the office of risk management back to one person.  Well, in reading some earlier thoughts from former SEC Chairman Harvey Pitt, it seems that the vision for Enterprise Risk Management at the SEC was much broader and simply suffered under the current administration of Chairman Christopher Cox.   As Mr. Pitt explained in a Compliance Week article earlier this year, 

My years in government have taught me that government seems far more adept at examining the past than anticipating the future. When I became chairman of the SEC in 2001, for example, the agency had never—not once in its nearly seven decades—ever conducted a top-down management review of efficiency and processes. While the result of the review I commissioned recommended the creation of a risk-management group within the SEC, this recommendation has taken years to implement, and even then with a paucity of resources that makes the effort almost worse than never having undertaken it.

Mr. Pitt deserves credit for his vision.  If only he had been around longer to have seen it fully implemented, we may have been experiencing different and much less severe consequences today.