Financial risk management is not a new area of corporate finance but it certainly is not the most glamorous or favorable area to be in and is gaining more attention in the current economic crisis. Risk management is a part of many different lines of work, but all have the same purpose; identifying risk is imperative to success so that you can also discover ways to mitigate or avoid the problem and make sounds decisions. “Financial risk is the loss expectation arising from adverse security prices or a business partner’s default.” (Codjia, n.d.) It is a given in all economic activities regardless of the type whether it be charities, schools, government, or business; every organization will have financial risk. Accounting principles require a company to record operating losses at market values in their financial statements. Every business has two major responsibilities as Jeffrey Immelt, Chairman and CEO at General Electric Co. out it, “My job is to figure out how to grow and manage risk and volatility at the same time” (Enterprise, 2007)
Financial risk includes losses due to undesirable changes in commodity and security prices as well as negative variations in currency and interest rates. Companies tend to hire specialists, such as statisticians, to develop quantitative financial risk management tools. (Codjia, n.d) The center of risk identification may be at any level of management, such as the overall company, a specific business unit, functional area, project, or process. Because of this, one must have clear objectives to consistently identify events that might give rise to risks that could prevent reaching a goal, strategy or objective. The key questions to ask in risk management are: “What could stop us from reaching our top goals and objectives?” and “What would materially damage our ability to survive?” (Enterprise, 2007)
There are a few major areas of financial risk management; credit risk management, risk and control assessment, and quantitative market risk control. (Codjia, n.d) Quantitative risk management uses complex formulas and computer algorithms to identify, evaluate and monitor financial risks in corporate transactions. Market risk is “the loss probability stemming from adverse security price instabilities with respect to a company’s investment portfolio.” (Codjia, n.d) A market risk manager usually applies his statistical expertise to create tools specific for their situation. Some of these tools include VaR (value at risk), Monte Carlo simulation and stress testing. These tools are designed to identify risk to limit losses in financial transactions. (Codjia, n.d) Credit risk is the loss expectation originating from a counterpart’s inability to repay a loan on time or fulfill other financial promises when they become due.
In most cases, corporate credit officers will require business partners with a rating of high or medium to provide collateral, or financial guarantees, before engaging in further transactions as a means of mitigating the risk of doing business with them. (Codjia, n.d) It is common for department heads and section managers to regularly review corporate procedures and prepare “risk and control self-assessment,” or RCSA, reports in financial risk systems. An RCSA is a report where lower level managers list controls and related risks and rank them as “high,” “medium” and “low” based on potential losses. (Codjia, n.d) Senior managers tend to focus on the high and medium risks so they can develop corrective measures for those and allow the lower risks to be mitigated by business unit level managers. RCSA reports are often required to be included in reports for the Securities and Exchange Commission and the Public Company Oversight Board (Codjia, n.d)
There are other non-quantitative ways to approach risk as well, such as brainstorming, event inventories and losses, interviews and self-assessment, facilitated workshops, SWOT (strengths, weaknesses, opportunities, and threats) analysis, risk questionnaires or surveys, and scenario analysis. (Enterprise, 2007) These are a great basis to begin the risk process and help identify what tools are required for any specific problem. This also increases the level of understanding among the organization about why something is a risk rather than relying on a statistical equation and a data output. There is a significant benefit to applying the critical thinking of members in the organizational instead of purely computer algorithms. All of these tools are useful at all levels of risk management. Leaders of successful businesses have always had some focus on managing risks, but it typically has been from a reactive and stove-piped standpoint rather than a proactive, integrated, organization-wide perspective. With this stove-piped approach, individual sections would handle their own risk analysis with their own risks, and often no single group or person in the organization had a grasp on the entire risk the company was facing.
This made it easy to hide overarching problems because each unit may be performing well with only moderate risk, but the compounding risk of all sections has not been identified. Some call these stovepipes, “silos” and it has been a challenging and cumbersome task to dismantle them and replace them with an enterprise mindset. Risks were often shoved into convenient but misleading compartments. Banks did not adjust quickly even as market complexity led some of the risks to be interchangeable. As an example, credit-risk departments thought of traded credit products as market risk, because they sat in the trading book, while market-risk teams saw them as credit mechanisms, since the underlying assets were loans. This finger pointing proved particularly costly at UBS, which lost $34 billion on CDOs. Many banks are now combining their market and credit risk groups. (Cinderella, 2010)
In order to address this culture, this approach of enterprise risk management (ERM) has emerged and takes an integrated and all-inclusive view of the risks facing the organization. (Enterprise, 2007) It is a cyclical process of constant evaluation and mitigation. There are several things to take into consideration when using an enterprise approach to continuous risk analysis. One is that each organization needs to identify a common risk “language” so that everyone is using the same standards and definitions and guidelines. Another is that it is important to use a combination of analysis techniques that were discussed earlier to make sure there is a comprehensive list of risks rather then relying on a single method to identify many types of risks.
The process must involve a cross-functional team to gain multiple perspectives on the effects an event might have on different areas of the organization. An important factor for all companies performing risk management is to use processes and techniques that encourage open and frank discussion, without fear of reprisal for identifying potential incidents that would risk a major loss to the company. Companies should embrace risk management as a key source of securing future success by avoiding risky situations. The last aspect that will help success in this enterprise approach is to identify the top critical risks and focus on those rather than the long list of low risks.
The importance of these risk techniques and approaches has changed in recent years due to the economy and the number of high-powered financial corporations that went bankrupt is testament to that. There are, of course, many reasons for the recession and failing businesses, but the situation has highlighted the need for enhanced risk analysis and perhaps looking at risk managers in a new light. Risk managers are those tasked with making sure the firm’s strategies and gambles aren’t too dangerous. They have typically been the thankless behind-the-scenes employees. Lehman Brothers was a prime example of a successful bank that quickly fell because of this sort of lapse in risk management. The assumption across the board was that the quality of banks’ risk organizations had all established a high standard that there was no need to evaluate the systems or look closely at the results. They were all dependent on existing algorithms to identify significant risks and provide a prescribed solution.
But, “The variance turned out to be shocking,” says Jamie Dimon, chief executive of JPMorgan Chase. (Martin, 2010) Not only was risk management not evolving or diversifying, but also from a management perspective it was not receiving attention from senior leaders. It had become commonplace to have a chief risk officer that was suppose to alert the company of risks becoming issues, but according to Leo Grepin of McKinsey, “it was sometimes a case of management telling him, ‘you tick the boxes on risk, and we’ll worry about generating revenue’.” (Cinderella, 2010) Sales-driven cultures were simply the way things were on Wall Street and in New York City. Discouraging transactions was frowned upon, especially at firms trying to push their way up capital-markets league tables. Risk managers who said no put themselves on a collision course with the business head and often the chief executive too. For example, HBOS and Royal Bank of Scotland (RBS) credit committees, which vetted requests for big loans, would be formed unscheduled from a pool of eligible members.
If the committee’s chairman, typically a business-line head, encountered resistance from a risk manager, he could simple adjourn the meeting and reorganize the committee a week or two later with a membership that would approve the loan. (Cinderella, 2010) Another common strategy was to keep quiet about a proposal until a couple of hours before it needed to be approved so that the risk team had no time to put together a convincing objection. Bill Githens, CEO of the Risk Management Association said, “We were in a cycle where it was sales, sales, sales. [but now] Everybody is beefing up their risk management. They’re bringing in new blood to create a culture where everybody owns risk.” (Martin, 2010) Since the beginning of the recession, banks have been trying to convince everyone that they will continue to take risk seriously once the crisis fades.
Government influence and oversight are increasing because there isn’t as much tolerance for the cowboy approach to growth; i.e. the ends justify the means. (Cho, 2010) As of 2008, Standard and Poor’s made risk a standard component of its ratings of all companies so businesses are preparing for the heightened regulations in risk. (Martin, 2010) As a result, some companies are now involving risk officers in talks about new products and strategic moves. At HSBC, for example, risk mangers have had a more prominent role in vetting acquisitions since the bank suffered heavy subprime-mortgage losses. “Everyone should now see that the risk team needs to be just as involved on the returns side as on the risk side,” says Maureen Miskovic, chief risk officer at State Street, an American bank. (Cinderella, 2010) As a result of this new attention on risk, there is an emerging class of more powerful risk officers. They are now seen as being equal with the chief financial officer and get a say in decisions on pay and have the ear of the board; some are actually reporting directly to a board committee as well as the chief executive.
Another by-product of the crises in banks is the growing number of opportunities for risk managers at all levels of experience. Morgan Stanley, for instance, is increasing its number to 450 which is almost twice as many as in 2008. Risk is now the busiest area for financial recruiters, says Tim Holt of Heidrick & Struggles. “The broader you think about risk and the more experience you have on both sides of the balance sheet, the better,” adds Mark Adams, a recruiter who co-leads executive search firm Russell Reynolds’ Boston branch. (Martin, 2010) When boards are looking for a new chief executive, more and more they are looking for someone who has been head of risk as well as chief financial officer. (Cinderella, 2010) One can see the re-focus in sheer numbers.
The Global Association of Risk Professionals (GARP) saw a 70% increase in 2009 when more than 23,000 people registered for the Financial Risk Manager certification exam. (GARP, 2012) This certification is the leading certification for this career field and they have seen great success recently because of the changed focus in companies discussed previously. The FRM certification is the globally recognized professional designation for financial risk managers and differentiates one from his peers giving a competitive advantage among colleagues and clients. In fact, 82% of companies prefer to hire someone with the FRM certification over one without. Certified FRMs are now represented at nearly every major banking institution, government regulator, consulting firm and financial services institution around the world. (GARP, 2012) In a snapshot:
* There are over 26,000 certified FRMs practicing worldwide. * In 2012, FRM had candidates from 136 different countries and territories. * 878 Organizations had 5 or more FRM registrations in 2012 * 30 Organizations had 100 or more FRM registrations in 2012
In the financial services industry in particular, Githens, CEO of the Risk Management Association, has already seen hiring pick up across most risk functions including underwriting, portfolio management, credit risk reviewing, and regulatory affairs. Morgan Stanley plans to expand its risk management department to 450 — nearly double what the company had in 2008, according to the Economist. (Martin, 2010) Companies are looking for individuals who can connect the dots and look at risk from a more complete perspective. As mentioned earlier, the role of risk managers is becoming more and more respected and as such there are many senior level positions now available like Chief Risk Officer, Senior Risk Analyst, Head of Operational Risk, and Director of Investment Risk Management, to name a few.
Even though companies are building up their risk management departments, it doesn’t mean the job has become any easier. Executives don’t always want to listen when it’s time to raise the red flags. “You need to persuade [business leaders] that what you’re doing is actually helpful to them,” says Mark Adams, a recruiter who co-leads executive search firm Russell Reynolds’ Boston branch. (Martin, 2010) There are still an ever-increasing number of opportunities in this much needed career field. Risk management will be key to recovering from the recession and maintaining financial security in the future.
Cho and Dennis. (2010) Obama Administration Vows to Defend Financial Reform. The Washington Post. Retrieved from http://www.washingtonpost.com/wp-dyn/content/article/2010/04/07/AR2010040705021.html?hpid=sec-business (5 January 2013)
Cinderella’s Moment. (2010). In The Economist. Retrieved from http://www.economist.com/node/15474145?story_id=15474145 (4 January 2013)
Codjia, Marquis. (n.d) Financial Risk Management Tools. eHow Money. Retrieved from http://www.ehow.com/list_6717071_financial-risk-management-tools.html (4 January 2013)
Codjia, Marquis. (n.d) Financial Risk Management Strategies. eHow Money. Retrieved from http://www.ehow.com/list_6705024_financial-risk-management-strategies.html (2 January 2013)
Enterprise Risk Management: Tools and Techniques for Effective Implementation. (2007) Institute of Management Accountants. Retrieved from http://poole.ncsu.edu/erm/documents/IMAToolsTechniquesMay07.pdf (3 January 2013)
Global Association of Risk Professionals (GARP). (2012) Financial Risk Management(FRM) Program. Retrieved from http://www.garp.org/frm/frm-program/about-the-frm-program.aspx (3 January 2013)
Martin, Michael. (2010) Risk Management: Lots of Lucrative Jobs for Finance Geeks. CBS News. Retrieved from http://www.cbsnews.com/8301-505125_162-51412172/risk-management-lots-of-lucrative-jobs-for-finance-geeks/ (2 January 2013)