WWe've seen headlines lambasting risk control groups for failures, but this siloed view of the risk management function is partially indicative of why recent credit events have rippled through financial services organizations and shaken their cores. Risk is a necessary byproduct of revenue generation, and central to its effective management is the risk trinity: the relationship between the board that sets risk appetites; senior managers who execute; and risk controllers who design, implement and measure.
The recent Senior Supervisor Group report, "Observations on Risk Management Practices During the Recent Market Turbulence," highlights the need for consistent, independent and rigorous valuation practices; effective management of funding liquidity, capital and the balance sheet; and informative and responsive risk measurement and management practices. While the findings are not prescriptive, they provide insight into what regulators consider imperative. And to be effective, these areas require balance and transparency within the risk trinity. This has wide implications. Besides corporate cultural changes, operating adjustments will be made that impact technology, processes, and both internal and external communications.
Greater transparency and balance require robust information management and an emphasis on data quality to fully understand one's options and manage decision outcomes. Analytical issues will be in focus, too. Models will be independently reviewed and validated; limitations to metrics such as Value-at-Risk (VaR), which does not take into account extreme events, will be challenged; reliance on single risk metrics questioned; and liquidity management and risk-based financial planning will become common terms.
Whether the support to accomplish all of these imperatives will be built internally or sourced externally remains to be seen. What is certain is that the necessary talent will be in high demand.