Ed's Rules of Thumb for Financial Risk Management Leadership: These Rules of Thumb, First Published in the June-July 2006 Issue of the RMA Journal, Were Derived from the Author's Discussions at Professional Meetings. He Has Expanded and Updated Them Based on Recent Experience and Further Conversations

Article excerpt


1. Practitioners call it risk management, but it's really leadership in risk awareness and leadership in collegial change management. It is not just about data and models anymore.

a. Consensus building is important for success in any business endeavor. Communicate with everyone who might be a constituent and include them in the enterprise risk management process.

b. Have the appropriate transaction desk review everything in any analyses for current market practice, which also helps build consensus.

c. Be certain to include those who might suffer a negative impact from a change in risk management practices. Risk managers need to turn opponents into proponents.

2. Get the best people money and other budgeted resources can buy. What they don't know, they will learn quickly.

a. It's more cost effective to pay up front and avoid a problem than to take management time and company resources to repair the damage after the fact.

b. Admittedly, this can be a tough sell when management has a short-term view or does not appreciate the risk.

3. First define the risk. Then define the risk management methodology.

a. Create and document a common risk language and encourage everyone to call the same risk phenomenon by the same terminology. In a crisis, there is no time to explain what is happening.

b. Disagreements on risk management issues usually can be distilled down to a disagreement on what the actual risk is.

c. Once there is agreement on risk definitions, then measuring, limit setting, and amelioration usually are relatively easy.

4. Take seriously line managers' expressions of operational concerns or questions. They own the business and the resultant risk. If they have a question, it is usually worth answering.

a. In my previous positions, some of the most serious risk concerns came to light because of line managers' questions that they could not explore on their own, either because of resource constraints or internal politics.

b. Of course, the old adage applies: If it's not broken, don't fix it.

5. Develop early-warning indicators and systems for generating the indicators, even if they are not completely reliable.

a. Indicators prioritize attention. Far better to give something priority unnecessarily than to miss something when it is too late.

b. Include line management rules of thumb as indicators, so risk management knows what the line is thinking without having to ask.

6. Risk management's job includes thinking about extremely rare events, "black swans" (1) that could destroy the company.

a. Focus on the issue that no one else invests time to consider in today's very competitive, fast-paced, highly random, and short-horizon environment.

b. Consider two probability distributions, not only the probable in normal markets that most risk managers examine, but also the highly unlikely event that potentially is so rare as to not be visible.

c. Also focus on the very low probability tail event that could destroy the company. Expect the unexpected, because no one else will.

d. Focus on what no one knows or understands but should, not on what everyone does understand.

e. An analysis that includes the loss given the event sometimes justifies tail-risk reconsideration when a one-step analysis of a low probability event without the loss given the event might suggest otherwise.

f. Of course, if one can imagine positive black swans, work to make them more probable.

7. Plan ahead. Risk management should have contingency plans for almost everything, although the plans are probably not indicative of what will really happen.

a. The planning process will allow everyone to share ideas. In reacting to a crisis, particularly one that's unexpected, a plan will help impose structure and direction. …