
Sponsor's article > Is risk management dangerous?
Risk management has experienced a remarkable surge in significance in the past 15 years. Driven by the huge losses experienced from the mid-1980s to the mid-1990s, resources and staff devoted to risk management have increased sharply, as has the level of technical skills among its practitioners. Chief risk officer has become a common title in the financial sector, and an increasing share of those with that title now report to the chief executive officer or the management committee rather than to the chief financial officer or chief operating officer.
Risk management always exists in tension with line managers’ desire to run their own units unmolested, which engenders the predictable volume of grumpy complaints. In addition, the field’s increased public visibility has inevitably engendered what my Aussie friends call ‘cutting down the tall poppy’. While criticism of this type can be safely dismissed, a more recent and more thoughtful critique is worthy of serious attention and debate.
The risk management of everything
In 2004, Michael Power wrote an essay entitled The risk management of everything1, in which he raised some important issues related to the ‘dark side’ of what he calls “the risk management explosion”.2 Ideally, risk management should embody “significant values and ideals, not least of accountability and responsibility”.3a But too often, he argues, the rise of risk management has been characterised by the growth of “strategies that displace valuable – but vulnerable – professional judgement in favour of defendable process”.3b This retreat into process flows largely from pressure for what Power calls secondary risk management. Experts are increasingly being held accountable with the wisdom of hindsight for any adverse event within their domain of responsibility. The result of this is a growing preoccupation by risk managers with their personal reputation risk, which impinges on their effectiveness in controlling the risks for which they are both trained and knowledgeable. This tends to foster a dangerous flight from judgement, and a culture of defensiveness that ultimately hampers preparation for a future we cannot know.4
In my experience, this defensiveness extends to institutions as a whole. It is often the source of serious misallocation of risk management resources. One of the most egregious examples of this was the Y2K problem. Having been hyped in the press and elsewhere, no corporation could afford the reputation risk associated with any visible failure in this regard. Most people close to the systems in question were quite cynical about the resources being devoted to testing and certification. Generally, it was felt that modest effort would reduce any remaining issues to minor items that could safely be fixed if and as they arose. Nevertheless, the money and time devoted to remediation and testing was the best after-the-fact defence if something did go wrong. “Look, we spent £30 million. No-one can say we didn’t take the problem seriously.” In the event, of course, even areas that did not take the problem seriously had no major problems, indicating a serious waste of time and effort in most of the industrial world.
Dispelling the myth of controllability
Sadly, much of the retreat from judgement is driven by forces well beyond the control of risk managers. The legal system increasingly seeks to find ‘the culprit’ behind any mishap. Much of popular journalism follows the same knee-jerk pattern. Most recently we saw this in the coverage of the tsunami disaster in the Indian Ocean. The first instinct of the press was to ask “Why wasn’t this prevented? Why weren’t people warned? Who’s to blame here?” All this in the context of the first event of this magnitude in this part of the world in over 120 years! In such an environment, it is hardly surprising that risk managers seek to control their own personal risk.
Nevertheless, Power makes some valuable suggestions for limiting secondary risk management.5a One is to foster an internal culture that is more learning orientated and less blame-centred. Beyond that, he calls for efforts to create “a new political and managerial discourse of uncertainty”. Such a discourse should recognise that risk management does not and cannot eliminate all risk, and it should actively counter media assumptions to that effect. Rather, risk management is intended to make the institutional selection of appropriate risks as conscious and well informed as possible. An obviously related role is to assure that this profile of selected risks is respected on the ground, where risks are actually incurred. Such a discourse would generate legitimacy for the inherent possibility of failure. It would also recognise that expert judgement is an essential ingredient of risk management and would foster a “proportionality of response to decisions which turn out in retrospect to have been wrong though honestly and reasonably made”.5b
Allowing risk management to become synonymous with a rule-based process is to lose our way in a fundamental sense. I commend Michael Power’s essay to all who have a role in shaping the risk management framework and culture of their institutions.
1 Power, Michael, The risk management of everything – rethinking the politics of uncertainty, Demos, 2004. The author is the PD Leake professor of accounting and a director of the ESRC centre for the analysis of risk and regulation at the London School of Economics. The full paper is available at www.demos.co.uk/catalogue/riskmanagementofeverythingcatalogue/
2 Ibid, page 9
3a&b Ibid, page 11
4 Ibid, page 14
5a&b Ibid, page 62.Risk
Only users who have a paid subscription or are part of a corporate subscription are able to print or copy content.
To access these options, along with all other subscription benefits, please contact info@risk.net or view our subscription options here: http://subscriptions.risk.net/subscribe
You are currently unable to print this content. Please contact info@risk.net to find out more.
You are currently unable to copy this content. Please contact info@risk.net to find out more.
Copyright Infopro Digital Limited. All rights reserved.
You may share this content using our article tools. Printing this content is for the sole use of the Authorised User (named subscriber), as outlined in our terms and conditions - https://www.infopro-insight.com/terms-conditions/insight-subscriptions/
If you would like to purchase additional rights please email info@risk.net
Copyright Infopro Digital Limited. All rights reserved.
You may share this content using our article tools. Copying this content is for the sole use of the Authorised User (named subscriber), as outlined in our terms and conditions - https://www.infopro-insight.com/terms-conditions/insight-subscriptions/
If you would like to purchase additional rights please email info@risk.net
More on Risk management
Top 10 operational risks: The umpire strikes back
Tougher regulatory enforcement, new consumer rules and rise of ESG are ringing alarm bells
Ion wasn’t deemed a ‘critical’ vendor by most clients
Software firm escaped heavy scrutiny ahead of cyber attack, says US Treasury official
Op risk data: Stanford fraud haunts banks for billions
Also: Helaba’s crank capital relief; TSE stock price sanction; 1MDB mauls Mudabala. Data by ORX News
Hacked off: banks demand answers after Ion cyber attack
Clients left in the dark about ransomware attack that disrupted futures trading last month
Digital exposure makes fraud management a vital responsibility for financial institutions
Fraud management and detection continue to be an increasing area of concern for financial institutions worldwide
UBS takeover of Credit Suisse to trigger higher G-Sib surcharge
At 14.2%, UBS’s CET1 capital ratio is more than sufficient to absorb the deal
Nasdaq exec criticises VAR models in erratic energy markets
FIA Boca 2023: Model being adopted by rivals is “bad choice” for unpredictable assets, says exchange tech official
Ice exec rejects cloud for critical infrastructure
FIA Boca 2023: SVP Bland “can’t imagine” outsourcing critical infrastructure; DRW’s Wilson warns of concentration risk