Return to Table of Contents

Enterprise Risk Management

We're not there yet

ERM may be able to prevent future crises, but what was in place was inadequate

By Michael J. Moody, MBA, ARM

This article is being written as Congress debates a $770 billion governmental bailout of the financial service sector. But it is not the same old financial service sector. Gone are many of the long-standing Wall Street investment firms—many purchased for pennies on the dollar in one of the most disturbing fire sales seen. The same is true of several major international banking institutions that were slugging it out with their competitors just days before the financial collapse.

Much of the problem, of course, can be traced back to the downturn in the housing market. Housing values have been in free fall across many parts of the country for many months. Once this happened, one after another, Wall Street’s most famous residents began to fold. Bear Stearns was one of the first casualties; it was followed shortly thereafter by Lehman Brothers. Other old Wall Street powerhouses like Merrill Lynch agreed to be purchased by Bank of America. Then major banks like Washington Mutual and Wachovia also soon began looking for merger partners. Insurance companies were not exempt either. Some carriers such as AIG also had their issues to deal with. All of this activity followed on the heels of Fannie Mae and Freddie Mac failures.

Without question, all of these organizations had massive failures with their risk management programs. And for many, it was an unpleasant surprise since it was the financial service sector that was supposed to be leading the charge for enterprise risk management (ERM). So what went wrong?

A recent study by Economist Intelligence Unit may shed some light on this matter. This study, The Bigger Picture—Enterprise Risk Management in Financial Service Organisations, is based on surveys of 316 senior financial executives from around the world in July 2008. It was taken shortly after the failure of Bear Stearns and provides some critical insight into how bad the business health of the financial services sector was.

Problem areas noted

Even in its earliest stages, following the Bear Stearns failure, it became apparent that more problems were ahead for the financial service sector. And while many financial service firms were quickly moving forward with ERM agendas, many implementations were still in the early stages. About 71% of participants indicated that they had ERM strategies in place; however, they had not yet fully implemented them. Survey participants were already painfully aware of the failure of risk management, and 59% said these failures had “forced them to scrutinize the risk management practices in their organizations in greater detail.” Many believed that the slow rate of implementation was due in large part to the fact that ERM is a lengthy process that typically requires a major shift in corporate culture. The study points out “that in some ways ERM is a journey rather than a destination.”

When questioned about the losses that were coming to light in the financial service sector, the majority of participants agreed they were largely a result of failures to properly address risk management issues. In that regard, several shortcomings were noted by survey participants:

• Risk management function was kept too separate from the business units

• Lack of a firm-wide view of risk management

• Too much reliance on modeling

• Weak liquidity risk controls

Following the Bear Stearns failure, survey participants were feeling the effects of increased attention on risk management. Around 60% indicated a new scrutiny with regard to their ERM programs. They also believed that a sharper regulatory focus would be forthcoming. Many noted that both Basel II and Solvency II regulatory requirements that were beginning to take effect in the EU “were shifting the regulatory focus from traditional geographic indicators to a more holistic, risk-based capital view.”

Despite implementation difficulties, most participants found significant benefits from their ERM programs. Many of the participants noted that one of the most important potential benefits from ERM “was protection against loss and damage of reputation.” Most realize that any blow to their institution’s reputation could have swift and, most of the time, very grave consequences to their company. Other benefits mentioned by the survey participants included more efficient allocation of capital and containing potential losses. They also said that “by aggregating risk at the same time as maintaining levels of granularity within each of the business units, businesses can better manage their exposure to these risks.”

Challenges remain

One challenge that appeared to be universal for most of the participants is the timeliness and quality of information. It was noted by 44% of the participants as being one of their three main challenges. And they point out “as risk becomes more complex the need for a sophisticated data infrastructure becomes even more pressing.” But it’s not enough to develop an infrastructure, it must be able to provide consistent, reliable and timely data.

Another challenge recognized by the participants involved an over-reliance on models which can “lead to a lack of applied common sense.” There still remains a significant portion of risk management that requires human judgment. While models can be used effectively for measurement and monitoring, they should just serve as indicators. Stress testing was mentioned as one of the models that may need to receive more rigorous scrutiny in the future.

The third and possibly most difficult challenge deals with embedding an ERM culture “such that risk management becomes part of the fabric of the institution.” But most participants realize this does not come easy, since in many cases shifting culture happens over several years. They also acknowledge that change of this magnitude takes a complete support of the board and executive levels.

Conclusion

Even at this early date (the survey took place in July), it was apparent that the financial crisis had already “exposed some significant weaknesses within the financial service sector.” The report points out that many firms overestimated the market’s ability to absorb risk and lacked the necessary matrix to help them understand the full impact on their businesses. Most participants realized “that regulatory scrutiny would increase the pressure on companies to implement ERM strategies.” And, in somewhat of a very real concern, they note that “financial service firms will also need to assess their liquidity needs at the enterprise level to be better prepared for instances where market liquidity could erode quickly and unexpectedly.”

At this point, the long-term effects of the $770 billion bailout have not been assessed. However, what is known is that it clearly has “exposed some significant weaknesses within the financial service firms.” It would appear that the events of the past few months will either result in the redoubling of an implementation of the ERM effort at most financial institutions, or require some other major change in their long-term approach to risk management.

The author
Michael J. Moody, MBA, ARM, is the managing director of Strategic Risk Financing, Inc. (SuRF). SuRF is an independent consulting firm that has been established to advance the practice of enterprise risk management. The primary goal of SuRF is to actively promote the concept of enterprise risk management by providing current, objective information about the concept, the structures being used, and the players involved.

  
 
 

When questioned about the losses that were coming to light in the financial service sector, the majority of participants agreed they were largely a result of failures to properly address risk management issues.
 
 
 

 
 
 
 

 
 
 
 

 
 
 
 
 
 
 
 

 
 
 
 

 
 
 
 

 
 
 
 
 
 
 
 
 

Return to Table of Contents