Sponsor's article > Is risk management dangerous?
Risk management has experienced a remarkable surge in significance in the past 15 years. Driven by the huge losses experienced from the mid-1980s to the mid-1990s, resources and staff devoted to risk management have increased sharply, as has the level of technical skills among its practitioners. Chief risk officer has become a common title in the financial sector, and an increasing share of those with that title now report to the chief executive officer or the management committee rather than to the chief financial officer or chief operating officer.
Risk management always exists in tension with line managers’ desire to run their own units unmolested, which engenders the predictable volume of grumpy complaints. In addition, the field’s increased public visibility has inevitably engendered what my Aussie friends call ‘cutting down the tall poppy’. While criticism of this type can be safely dismissed, a more recent and more thoughtful critique is worthy of serious attention and debate.
The risk management of everything
In 2004, Michael Power wrote an essay entitled The risk management of everything1, in which he raised some important issues related to the ‘dark side’ of what he calls “the risk management explosion”.2 Ideally, risk management should embody “significant values and ideals, not least of accountability and responsibility”.3a But too often, he argues, the rise of risk management has been characterised by the growth of “strategies that displace valuable – but vulnerable – professional judgement in favour of defendable process”.3b This retreat into process flows largely from pressure for what Power calls secondary risk management. Experts are increasingly being held accountable with the wisdom of hindsight for any adverse event within their domain of responsibility. The result of this is a growing preoccupation by risk managers with their personal reputation risk, which impinges on their effectiveness in controlling the risks for which they are both trained and knowledgeable. This tends to foster a dangerous flight from judgement, and a culture of defensiveness that ultimately hampers preparation for a future we cannot know.4
In my experience, this defensiveness extends to institutions as a whole. It is often the source of serious misallocation of risk management resources. One of the most egregious examples of this was the Y2K problem. Having been hyped in the press and elsewhere, no corporation could afford the reputation risk associated with any visible failure in this regard. Most people close to the systems in question were quite cynical about the resources being devoted to testing and certification. Generally, it was felt that modest effort would reduce any remaining issues to minor items that could safely be fixed if and as they arose. Nevertheless, the money and time devoted to remediation and testing was the best after-the-fact defence if something did go wrong. “Look, we spent £30 million. No-one can say we didn’t take the problem seriously.” In the event, of course, even areas that did not take the problem seriously had no major problems, indicating a serious waste of time and effort in most of the industrial world.
Dispelling the myth of controllability
Sadly, much of the retreat from judgement is driven by forces well beyond the control of risk managers. The legal system increasingly seeks to find ‘the culprit’ behind any mishap. Much of popular journalism follows the same knee-jerk pattern. Most recently we saw this in the coverage of the tsunami disaster in the Indian Ocean. The first instinct of the press was to ask “Why wasn’t this prevented? Why weren’t people warned? Who’s to blame here?” All this in the context of the first event of this magnitude in this part of the world in over 120 years! In such an environment, it is hardly surprising that risk managers seek to control their own personal risk.
Nevertheless, Power makes some valuable suggestions for limiting secondary risk management.5a One is to foster an internal culture that is more learning orientated and less blame-centred. Beyond that, he calls for efforts to create “a new political and managerial discourse of uncertainty”. Such a discourse should recognise that risk management does not and cannot eliminate all risk, and it should actively counter media assumptions to that effect. Rather, risk management is intended to make the institutional selection of appropriate risks as conscious and well informed as possible. An obviously related role is to assure that this profile of selected risks is respected on the ground, where risks are actually incurred. Such a discourse would generate legitimacy for the inherent possibility of failure. It would also recognise that expert judgement is an essential ingredient of risk management and would foster a “proportionality of response to decisions which turn out in retrospect to have been wrong though honestly and reasonably made”.5b
Allowing risk management to become synonymous with a rule-based process is to lose our way in a fundamental sense. I commend Michael Power’s essay to all who have a role in shaping the risk management framework and culture of their institutions.
1 Power, Michael, The risk management of everything – rethinking the politics of uncertainty, Demos, 2004. The author is the PD Leake professor of accounting and a director of the ESRC centre for the analysis of risk and regulation at the London School of Economics. The full paper is available at www.demos.co.uk/catalogue/riskmanagementofeverythingcatalogue/
2 Ibid, page 9
3a&b Ibid, page 11
4 Ibid, page 14
5a&b Ibid, page 62.Risk
Only users who have a paid subscription or are part of a corporate subscription are able to print or copy content.
To access these options, along with all other subscription benefits, please contact info@risk.net or view our subscription options here: http://subscriptions.risk.net/subscribe
You are currently unable to print this content. Please contact info@risk.net to find out more.
You are currently unable to copy this content. Please contact info@risk.net to find out more.
Copyright Infopro Digital Limited. All rights reserved.
You may share this content using our article tools. Printing this content is for the sole use of the Authorised User (named subscriber), as outlined in our terms and conditions - https://www.infopro-insight.com/terms-conditions/insight-subscriptions/
If you would like to purchase additional rights please email info@risk.net
Copyright Infopro Digital Limited. All rights reserved.
You may share this content using our article tools. Copying this content is for the sole use of the Authorised User (named subscriber), as outlined in our terms and conditions - https://www.infopro-insight.com/terms-conditions/insight-subscriptions/
If you would like to purchase additional rights please email info@risk.net
More on Risk management
Risk managers mull Basel-style climate standards
Risk Live: Splintered approach to stress-testing across jurisdictions “very, very worrying”, says risk expert
Risk managers warn of emerging geopolitical crisis in Asia
Risk Live: Rising political tension between China and Taiwan has bank risk management teams on high alert
FCA may offer its market data to surveillance tech start-ups
Risk Live: Regulator concerned rapid AI adoption will favour incumbent vendors; aims to launch sandbox
After SVB downfall, EBA stress test seeks out unrealised losses
European regulator asks for data on the fair value and sensitivity of bonds and their hedges
Risk modellers navigate fearful new world of depositor behaviour
Silicon Valley Bank suffered fastest bank run in history, but how should others respond?
Eurex scrambles to avert Treasury collateral ban on US default
Current policy prevents CCP from selectively excluding eligible collateral
Quant Finance Master’s Guide 2023
Risk.net’s guide to the world’s leading quant master’s programmes, with the top 25 schools ranked
UBS found no advantage in quantum computing – ex data chief
Swiss bank tested various use cases in the trading business before giving up on the technology
