Applying Collective Intelligence in Risk Management

I was reading a risk management blog today and was very impressed with the technical article covering various aspects of solvency and valuation of insurance industry. As I was reading it, my mind analyzed the information with respect to various laws, sections, cases etc. After finishing reading it, I took a breath and thought- “I actually felt like referring to various books to understand the article, will a regular business operation employee actually understand it?” This resulted in a depressing thought- “I do the same, to show my knowledge; I mention sections and case laws of various acts which leave business people stumped.” Well, in my defense I will say, it gives a heightened sense of satisfaction and success.

Somewhere I feel risk managers ( referred to as RM) are having their cake and eating it to. The primary responsibility of managing risks is of business operation team. The RM’s role is of a support function, a facilitator to the business. The business managers are not being provided with the necessary information, knowledge and tools to proactively manage their risks. Let me explain why I am making this statement.

In their role as auditors, they are focused on what went wrong in the past rather than equip the business managers to how to deal with the future. It is a feedback rather than feed-forward system working. The other aspect is that they in their role as advisors issue guidelines and policies without the complete involvement of the business people.

Scenario 1: Let me take a scenario here of implementation of information assurance policies. The RM will discuss the overall requirement with the business managers, prepare the policy, take feedback regarding it and then issue the final policy. Then they will tell business users to implement it. Since in quite a few areas implementation may not be possible, exceptions will be granted to the business users. In nutshell, around 75% of the policy only will be implemented.

In both these roles the involvement of business operations team is minimal at the commencement of the project. They are expected to implement the recommendations.

Considering the above mentioned short comings in the above mentioned approach, I wished to explore the concept of collective intelligence and its applicability to risk management functions.

As a first step, let us understand the nature of information and intelligence which risk managers require to conduct their jobs:

1) Organizational Intelligence- Information regarding processes, structure, culture and technology. These they normally get from the business managers through interviews and review of standard operating procedures.

2) Commercial Intelligence- Information regarding the external environment- customers, suppliers and competitors. This information they obtain from interviews with business managers, customers and suppliers. Other sources are various media and research reports published.

3) Technical Intelligence – Information regarding the various laws, acts, methodologies and tools applicable for risk management. RMs have the knowledge on how to conduct the risk management while using this information appropriately.

As can be seen business managers have more information and knowledge on two of the three intelligence capabilities required for conducting risk management. In a more collaborative approach the risk managers should be able to impart their skill specialization to the business managers effectively.

The Paradox of a Predictable Failure in Risk Management

The current crisis the world fell into two years ago had certainly the widest range of qualifying attributes: financial, economic, social, industrial, and maybe lethal as it dramatically affected and eventually destroyed lives beyond the point of no return. Described by contemporary economists as the worst ever crisis experienced by America for a hundred years, it was however another repetition of what seems to be a cyclical phenomenon: the 1929 crisis, the energy crisis in 1973, that of 1997, and more recently the internet bubble. And despite the lessons learnt from the past, with the technology evolving exponentially and the refined risk management, societies, corporations, institutions, and governments failed yet again by not having the right controls at the right time, substantially creating spiraling consequences that took investors and the wider public by surprise. The causes of the 2008 crisis raised numerous questions, some of them leading to the foundations of today’s capitalism and one of the common sins of humans: greed. Nevertheless, one could have hoped that, with the dynamic of industrial countries and the norms of audit and compliance such as those of Basel II and III, in which operational risk and credit risk are separated, the international financial system would be protected against the collapse of the bank sector. But this was without counting on the intrinsic failures of these very norms, standards and risk management tools.

As a matter of fact, the crisis finds its roots in a simplified scheme: the lack of accountability, mortgages and default on large amounts of money against little income, and finally the liquidity for which the same institutions failed to have sufficient capitalization to cover immediate large needs when the whole system started to present default cracks. The problem of sufficient capitalization became a recent issue with the rise in the prices of commodities, whereas speculators can highly leverage their buying power without offering a real financial counterpart in exchange. And that’s certainly why French President Sarkozy recently called for more regulations on commodity markets. However, progresses in that sense are yet to be commonly agreed or applied by governments and leaders of industrial countries.

Overall, today it is the review or maybe the prosecution of an entire system that is taking place. Questions and concerns from governments, investors, officials, and ultimately the public have found few relevant answers so far. The lack of accountability and transparency from the protagonists directly or indirectly involved in the crisis has raised anger and consternation worldwide. The cynicism displayed by bankers and financial institutions who announced remarkable profits for the last quarter of 2010 may be perceived as a new alarm bell ringing for another major financial crisis yet to come.

This paper presents some of the key issues the financial crisis brought into light in terms of risk management and lack of control from corporations, banks, auditors, credit agencies, and governments. It does not aim to provide a solution but rather gives the reader a fair understanding of what could have been avoided or improved and what may come again should the global financial modus operandi not be drastically changed.

Risk Management Certification: Becoming A Risk Manager

A risk management certification is a great example of a rewarding and useful business accreditation that is achievable by any individual with sufficient academic training and work experience. These certificates are conferred by a variety of different oversight associations that monitor the risk management industry, and work with professionals and academics to move the industry forward.

Earning a certificate in this area can lead to a variety of different and rewarding careers. Each of these diverse paths represents a unique and exciting opportunity to realize an increased feeling of prestige and sphere of responsibility within the workplace, as well as earn a greater level of income. One example of a career in this area includes becoming a business management consultant that specializes in risk identification, analysis, and mitigation. However, the majority of individuals who obtain a risk certificate become internal risk analysts or risk managers within a specific organization

When an individual completes a certificate in risk, they are exposed to a broad, skill-based management training curriculum. This certification training prepares the individual to become a competent, resourceful, and contributing member of an organizations management team. A certified risk manager is trained how to identify the unique business risks the organization is exposed to, how to analyze both the risks themselves and the factors that drive their occurrence, how to quantify both the probability that these risks occur as well as their impact should they occur, how to prioritize the risks and devote appropriate resources to their mitigation, and how to monitor the organizations operation to predict when risks may occur.

A successful manager of risk must not only understand the ins and outs of risk identification and risk assessment, but must also possess an understanding of resource management and also be an effective communicator. This manager must be able to prioritize the risks the company is exposed to, and focus resources both efficiently and effectively on the mitigation of the most threatening risks.

Some other roles and responsibilities of a typical risk manager include;

Within some organizations a manager of risk is charged with overseeing the company’s compliance with government regulation, legal code, or industry specification.

This manager can either me a member of a risk oversight team, or be charged with overseeing the team itself. This team is responsible for conducting the day-to-day processes of risk management, and working with representatives of senior management to guide risk-mitigated decision making.

Adapting, developing, implementing, monitoring an organizational risk identification and monitoring policy that outlines and codifies the organizations approach to operational hazards.
Many organizations, especially larger company’s with expansive operations, have a top-level risk oversight position, such as a Chief Risk Officer. This C-suite level position is responsible for the overall effective and efficient governance of the organizations business risks, and reports to the company’s executive committee or its Board of Directors. Any individual that is interested in reaching this exciting, rewarding, and prestigious executive position would be very well served to earn a risk management certification.

Risk Management Certification: Developing and Implementing A Risk Analysis Template

Individuals who are hoping to begin or enhance a career in business are often looking for opportunities to learn new and tangible skills. The number of business-training options available to individuals is almost endless, and it is often difficult to judge both their credibility and value. A risk management certification is a professional accreditation that provides legitimate and tangible business management skills that can aid any ambitious individual in their career progression. The training involved in earning a certificate in this area builds on the individuals previous training and work experience, and sufficiently prepares the individual to become a high-functioning and contributing member of any senior management team. During the certification process the pupil is introduced to the many different aspects of being a certified risk professional, including the development and use of risk analysis templates and organizational risk policies. Other areas of study include risk identification, analysis, assessment, prioritization, mitigation, and management. A certificate that focuses on these areas that be attained from any of the six primary industry associations that oversee the risk management profession. To earn a certificate in this area the student typically undertakes a certain level of training which in some cases includes class time as well as at-home reading materials. Most people use their certificate to pursue careers as risk managers, either as a consultant with a major international consulting firm, or as an internal risk professional within an organization.

An individual with a certificate in risk management typically begins their career as a risk analyst, a component of a larger risk analysis and oversight team. Over time these individuals have the opportunity to transition to the role of a risk manager or risk officer. One of the primary tools that a certified risk professional is taught how to develop or use is a risk analysis template. This is a document or series of documents that standardizes the risk assessment techniques that the organization plans to use to identify and evaluate the risks their operation is exposed to. These templates are usually designed with the help of a certified risk management professional and adequate examples are available for limited expense. In some cases an organization will develop their own series of templates that are unique to the idiosyncratic operation of the company, while other organizations may use a publicly distributed risk analysis template. That being said, those firms that take the latter approach will often take a standard framework and morph it to apply to their unique organization.

A risk analysis template is traditionally designed in a checklist format that aids the user in asking the correct questions when identifying and analyzing the operational risks the organization is exposed to. They suggest regular areas of risk exposure while also providing insight for organizations to look in areas unique to them. These frameworks are considerably helpful in evaluating the impact and probability of risk events, and aids the organization in prioritizing risks for mitigation and avoidance initiatives. It is always important to use a template that best matches the industry in which the organization operates; for instance, frameworks that apply to a multinational financial services company will be different from ones that apply to a manufacturer of chairs catering to local businesses.

 

Risk Management Policies In Financial Services: Hedge Funds

Many financial services make use of a well-structured risk management policy to manage their day-to-day exposure to risk, including exclusive investment entities such as hedge funds. For many years hedge funds were considered the high-stakes bad boys of the investing world; an image that the industry despised and rejected in the public eye, yet celebrated behind the closed doors of their high-rise offices and their swanky exclusive nightclubs. Over the past 36 months the hedge fund community has stepped up their efforts to shed the negativity and weariness that is often associated with them. Of course in some ways this “risky market gambler” perception was always unfounded, especially considering hedge funds use complex strategies and investment vehicles to hedge away systemic and market risk.

Due to their size and unique capital structure, hedge funds were previously allowed to operate outside the stringent oversight of investment regulators, but this has changed over the past decade. While hedge funds continue to abstain from using the comprehensive risk management ‘best-practices’ of other financial services such as banks and large fund managers, they have certainly increased their use of risk management policies. These processes have evolved to monitor not only how their range of investments mitigate inherent market risk for their investors, but also how they conduct their business in general.

The organizational risk philosophy at any particular hedge fund typically reflects the interest-level and commitment of that fund’s top traders and officials. The greater these managers believe in not chasing greater return at the expense of risk compliance, the stronger the fund’s risk policy is embedded throughout the entire fund’s other personnel. Many hedge funds now employ a Chief Risk Officer and have doubled their expenditures on risk management processes and risk compliance. They are increasingly seeking individuals who have obtained at least one risk management certification, focusing on credit and financial risk. These changes are the result of not only clearer minds within the hedge fund management community, but also from changing investor expectations. While hedge fund have always used complex quantitative risk management models to quell investor fears, most managers will tell you that in the past few investors know, or cared to know, how they worked. While this sentiment has not dramatically changed during these past few months, there are changing expectations from investors, especially large institutional money managers, in regards to transparency, risk analysis processes, and how business is conducted. Fund managers typically benefit from long investment time-horizons and leeway from their investors, but even traditionally ‘sticky’ investors are demonstrating a willingness to pull assets out of hedge funds if managers do not comply with the changing risk expectations.

As a consequence of the 2008 financial upheaval the fund community has witnesses the creation of a series of private oversight groups, such as the ‘Hedge Fund Standards Board’. These self-regulatory bodies are creating industry benchmarks and best-practices in risk management, and from which the community can develop their own risk policies.

Hedge funds of all sizes have developed and incorporated risk management policies into their operational and trading strategies. These processes include limits on acceptable losses per trader, controls and limits on the types of investments made, and formal communication and internal policing procedures. These funds offer limited transparency on how they conduct business to anyone outside their inner circle of investors, and thus individual firms are expected to internally police themselves. An predominant precursor of risk in this business is the overuse of leverage, and risk management in this area has become a hot-button issue within the fund community. Many fund managers use borrowed money (funds borrowed against the assets provided by their investors) to maximize the return on their positions, and achieve the above-market gains the industry is famous for. However, this practice leaves the firm and its investors assets exposed to unforeseen market risks. The majority of funds now have risk assessment policies in place that monitor their liabilities-to-assets ratios and prevent individual traders from exceeding leverage limits.