Risk Management Must Be Part of a Firm's DNA: CROs at a New York Chapter Meeting Cited a Strong Risk Culture and Support from Top Management as Keys to Effective Risk Management
McLaughlin, Kevin, The RMA Journal
Risk management must be embedded in an organizations culture and have the explicit support of executive leadership to succeed, said panelists at the RMA New York Chapter's annual Chief Risk Officers Roundtable. The event was moderated by Carl Adams, chapter president and principal at Capital Framework Advisors.
"Risk management needs to be part of a firm's DNA," said Brian G. Rogan, chief risk officer for BNY Mellon. "Cycles are a lot shorter now and you face risk every day. The firms that think they can turn on and turn off risk management are usually the ones that have a problem."
A Seat at the Table for Risk Management
Stuart Lewis, deputy chief risk officer at Deutsche Bank AG, said senior management and the board at his firm give "a lot of scrutiny to our risk positions." He said German banking regulations require that a CRO sit on the bank's board.
"It forces risk onto the board meeting agenda," Lewis said of the requirement. "You have an independent chief risk officer who is explaining to the board his perspective on risk, so the information flow that the management board has is quite phenomenal. All that information gets passed on to regulators, so there is an impetus at the senior management level to ensure that it is appropriate."
Craig W Broderick, chief risk officer at Goldman Sachs, said his firm's leadership team seeks out advice and information from its risk managers.
"We meet regularly with the audit committee of the board, and we go through the risks we're taking across the business and the risk trends. We tell them how we measure it and manage it. But more important than the structure are the actions taken by our senior management. Our CEO, our president, our CFO, and other senior people regularly pick up the phone and lob questions at me as CRO or at other risk staff. They're probing, they're inquiring, and they're clearly interested in the risk management of the firm. That really sets the tone for the organization."
David Coleman, chief risk officer for the Royal Bank of Scotland (RBS), said risk managers need to cultivate influence among senior management.
"Do you have influence? A senior risk person has to be more than technically qualified to be effective. I encourage people to get out from behind their desks and understand their marketplace, to think strategically and be engaged in strategy development," Coleman said.
"The way to ensure that we remain relevant is to stay on top of what is important to the business and understand the commercial, but disciplined, approach to risk in the marketplace," he added. "We need to deepen our knowledge and be proactive."
Incorporating Risk Management into the Business Strategy
To enhance their credibility, risk managers need to understand and support the firm's business strategy, the panelists said.
"Risk managers need to have a clear understanding of what the strategy is in order to be effective," said Broderick of Goldman Sachs. "We strive to be commercial in the decisions we make, we try to help our business colleagues get as much good business as they can, but our fundamental mission is control. Our unquestioned responsibility is to put the final stops on excessive risk.
"We spend a lot of time and energy building systems, processes, and procedures that allow us to manage our risk capacity very carefully--credit risk, market risk, operational risk, and so forth. Our systems give us ways to determine how much risk we allow in our businesses, and we price that so businesses are charged appropriately for the capacity they use."
Lewis of Deutsche Bank said his firm is reintroducing risk and balance-sheet discipline in the aftermath of the financial crisis. "We've been working, as have many other firms, to right-size our balance sheet and deleverage. …