Financial institutions did not empower their risk management functions enough to curb the activities of risk takers which played a major role in the near collapse of the international financial system in 2008, according to a report from the Economist Intelligence Unit (EIU) co-sponsored by insurer, ACE European Group (ACE).

The risk management function within organisations appeared to lack the authority needed to take decisive and necessary action. The report, based on in-depth interviews with leading participants from the financial services sector and independent risk experts, explores the lessons learnt and recommends some practical steps financial institutions should now take to facilitate recovery and the rebuilding of trust.

Andrew Kendrick, CEO and Chairman of ACE European Group said: “The role and scope of the risk management function has matured significantly however, following the financial crisis, many people were asking if more should have been done in terms of empowering risk managers to rein in the excesses of risk-takers.”

Kendrick continued: “Events have highlighted just how important the role of the risk manager is and we believe the steps highlighted in the report are important to help redress the balance between risk taking in the drive for profit within an organisation and risk management.”

While the function’s shortcomings may have contributed to the financial turmoil, there are some very specific lessons that can be learnt that place the risk management function in a strong position to help avoid similar problems in the future. A series of 10 measures are put forward in the report covering the role, position and levels of expertise needed in the risk management function through to the structures and systems used.

The central conclusion of the report is that, while many institutions are already reappraising their internal risk management procedures, there is often a far more fundamental question to be addressed relating to the actual culture of the organisation.  The question is whether the individual concerns of risk managers have until now all too often been marginalised. Only by adopting the steps suggested, the report says, can institutions start to overcome the challenges they face in providing an effective risk management capability for the 21^st century. 

Managing risk in perilous times: Practical steps to accelerate recovery  is available free to download here: http://www.aceeuropeangroup.com/AceEuropeRoot/Media+Centre/Research/EIU+Survey/  

Risk management must start at the top

While risk management has absorbed a rising proportion of investment in recent years and occupied an increasingly senior position in the corporate hierarchy, it says that it has ultimately still lacked the authority to stand up against a potential opportunity for profit.  As a ‘support function,’ the warnings of risk managers were too easily sidelined by those running profit centres.  Going forward, risk management must be an independent function with sufficient authority to challenge risk-takers effectively.

Incentive systems must reward long-term stability

The mismatch between the short-term incentive structure and long-term risk exposure that caused the crisis has already been identified by many as a key area for reform.  The bonus culture and remuneration models for senior banking executives must be overhauled to ensure that some rewards are withheld to match the maturity of the underlying business.

Institutions must review senior level risk expertise

New financial instruments and trading strategies make the task of risk managers even more difficult.  Institutions must ensure that they have sufficient risk expertise at a senior level and that risk staff offer experience in a diverse range of risks.  There must be access to the appropriate tools, information and communication channels to enable the effective communication of concerns and issues. Risk managers must monitor developments in the ‘real world’ and update their risk management assumptions and systems on a continual basis.

Human judgement should not be undervalued

The limitations and over-reliance on quantitative techniques and computer modelling must be recognised. These quantitative methods must be backed up with the inputs of human judgement and dialogue.  In addition, regular stress testing should be integrated with the firm’s overall risk management processes.

Risk management must be consolidated across all operations

The financial crisis has demonstrated that there is difficulty in identifying and aggregating risks at a firm-wide level.  The new culture must focus on risk as a concern for everyone in the business facilitated by clear and frequent communication across organisational and operational boundaries.

The report also recommends that, while a central risk function is essential to set a strategy and provide an oversight of the firm’s risk position across its various business units and geographies, institutions must combined this with an approach which enables risk is embedded in the regional office or business unit so that each profit centre has ownership of its own risks.

Risk management systems should be adaptive

The events of the past year have demonstrated the dangers of the failure to update or question assumptions about risk.  Those developing systems need to continuously feedback real world observations into their design on a regular basis.

Striking a balance between the centralisation and decentralisation of risk

Alongside a central risk function within a business to set risk appetite, implement and monitor controls and provide oversight of the company’s overall risk position, risk management must be embedded in regional or individual profit centres.

Avoid over reliance on data from external providers

Financial institutions must recognise the limitations of external ratings and risk information and supplement ratings with their own analysis, which should be continuously updated.

About the research

The research for this report is based on a series of in-depth interviews with senior risk professionals and independent experts, combined with a process of desk research that comprised a review of current literature on risk management. Interviews and research were conducted by the Economist Intelligence Unit.

Contact Information
Media contact: Katie Weeks on +44 (0)207 173 7585 or katie.weeks@acegroup.com