The C-suite is already crowded, and many of the current incumbents don't want any more competition.
For more than a decade, the financial services industry has led in the appointment of chief risk officers. In that realm, these chief risk officers (CROs) have typically been "quants" with a heavy if not exclusive emphasis on financial risk management and little understanding of or attention to true enterprisewide risk management. Ultimately for them, it's a capital play that attempts to optimize the use and allocation of capital among sources of risk. For ratings agencies, capital sufficiency is their ultimate concern.
As a result of this capital orientation, quantification takes on a life of its own. Economic capital modeling is often central for some, becoming synonymous with ERM. While economic capital is important to useful risk modeling, it's often supplanting other aspects of effective risk management.
The energy industry was quick to follow the trend of appointing chief risk officers, and of course the focus quickly became the commodity risk management exposures of these firms. Quantification again became the priority. A residual effect was to see many of these positions reporting directly to chief financial officers or other senior functionaries, limiting the important element of independence. CROs are often caught in the squeeze defined as management's need for control of information that should more unobstructively flow directly to the board without censure or screening.
In well-run companies, this won't matter much, but, so many presumably well-run companies have turned out to be quite the opposite. Witness AIG, Enron, Worldcom and Lehman Brothers. People's behavioral quirks are the reason we need auditors, and some behaviors are the reason CROs should ideally have real independence from management.
But the key issue for CROs and all those who aspire to this high-risk role is whether they can truly act in the manner necessary to ferret out the bad stuff that can kill companies. On the one hand, CROs end up being expected to protect management from these bad things that can so significantly impact their bonuses. Contrast that with the oft signaled preference by senior management to know that nothing is broken. In other words, is the CRO really supposed to keep the rose-colored glasses on even when the ship has a hole in its hull?
If not, the CRO is faced with another career-limiting dilemma, that of being the constant purveyor of bad news. When something's gone wrong, too many seniors look first for a scapegoat to hang for the problem. This can quickly become a no-win situation for anyone brave enough to take on the roles of the chief risk officer. As one CRO who I know opined, "If I last two to three years in the job, it will be a lot."
What a shame to have to operate on that assumption. It can only lead to some form of less-than-helpful behavior characterized by short-sightedness and defensive posturing. The carnage visited on CROs over the last two years of the financial crisis is ample evidence that the role could be a no-win proposition for all those who lack true independence and are in it for the short haul.
Think carefully before you assume or rely on such a role without appropriate design and execution plans to address these critical points.
CHRIS MANDEL is principal of Excellence in Risk Management LLC and is a long-term senior risk manager and former president of RIMS.
October 1, 2010
Copyright 2010© LRP Publications