By Alex Nash - Search Consultant for Financial Crime and Risk
Over the last two decades, multiple long-standing companies suffered spectacular losses attributed to inadequate risk management. We take a close look at the historical costs of neglecting to implement a comprehensive risk strategy, and find out what steps businesses should take going forward.
The cost of inadequate Risk Management
In February 1995, Barings Bank famously lost $1.5 billion (because one trader, Nick Leeson, made unauthorized and fraudulent speculative trades in the absence of appropriate internal risk controls. It is hard to fathom that one individual could bring down such an iconic institution. In Leeson’s own words, “Not enough focus goes in those risk management areas, those compliance areas, those settlement areas, that can ultimately save (financial markets) money”.
In January 2006, Peter Cummings became chief executive of HBOS’s corporate division. In the following two years, his division amassed property assets and dangerous risks in almost equal quantities. HBOS failed because it had terrible corporate governance, a neutered risk control function. The enforcement disclosure confirmed what the HBOS whistle-blower Paul Moore had found. The bank’s risk control function was deficient. “Risk management was regarded as a constraint on the business rather than integral to it,” the report famously said.
Although different companies are represented in these examples, there is a common thread between them: the losses could have been avoided, or at least significantly reduced had a proper risk management culture and corresponding practices been present.
However, more organisations are beginning to realise how effective risk management profits their business in the long term. A recent study by Zurich Insurance found that Small and medium-sized enterprises (SMEs) are becoming more risk aware, with 53 percent reportedly spending more time on their business strategy and risk management than they did before the financial crisis. Indeed, 35 percent are doing more long-term financial planning, while 33 per cent are looking at their business continuity plans on a much more regular basis.
Steps to managing Risk
I believe that the following steps are something a business should incorporate to manage financial risk within their business.
1. Increased transparency and understanding of tolerance/appetite for risk
In addition to considering the broad parameters involved in executing a business strategy, organisations should aim to measure the level of uncertainty they are willing to assume given the corresponding reward associated with risk. A company should also clearly state the amount of risk they are willing to keep in executing its business strategy.
2. Optimised risk monitoring
This would include uncovering, recognising and describing risks which may impact a company. Once the risks are identified, you can determine the likelihood and consequence of each risk, and its potential to affect project goals and objectives. You evaluate the risk by determining the magnitude of risk, via the combination of likelihood and consequence, after which decisions can be made about whether the risk is tolerable or whether it is serious enough to warrant action.
3. Better reporting and analysis
There is no exact science for measuring risk. But with analytics, you can build measurement parameters that can help you establish and examine likely risk scenarios. From there, it’s easier to comprehend the potential impact of a risk. Analytics can assist in establishing a baseline of data for measuring risk across the organisation. Having a dedicated risk management team is a huge asset that can provide a good foundation for managing risk. However, by embedding analytics into the risk management delivery approach, they can monitor performance through risk sensitivity analysis, model key risk events scenarios, and become more Risk Intelligent in developing intervention and mitigation strategies.
4. Enhanced risk culture and accountability at all levels
Companies need to emphasize to managers at all levels of the organization the importance of role-modelling behaviour. This includes ensuring that those responsible are helping employees identify and take responsibility for the risks that cross their desks.
The importance of a commercially-driven risk management strategy
They say we learn from history, and I have certainly witnessed the changing landscape of risk management first hand. More and more clients and businesses have asked me to locate, identify and provide ‘commercially driven’ Risk Professionals. But what does this commercial mind set actually mean or entail?
An esteemed Risk Professional recently said told me, “Risk professionals are enablers of business, we are not there to prohibit business growth.” This sentiment could not be more accurate, and here’s why.
Generally speaking, risk management frameworks are a much of a muchness nowadays. Risk is certainly an interesting concept, and how businesses mitigate risk is fascinating.
The real question to ask is how does a bank, lender or business grow?
By taking risks!
Building a portfolio of lending, assets or whatever may be your USP means a business must take calculated and educated risks, which is precisely where the ‘commercially savvy’ become absolute gold dust to a business.
Those individuals can take a product, asset or portfolio for a CEO/business; understand the risks internally and externally, mitigate those risks and yet still devise a strategy, model or process of how they can lend money successfully to the consumer.
No wonder more and more businesses are constantly requesting for the ‘commercially savvy’ as either interim or permanent members of staff; to embed the right risk strategy, process and culture but also grow their business.
Ultimately, a company should seek to be more risk conscious in order to make decisions and set goals which utilise that understanding. Effective and commercially driven risk management helps make risk part of the everyday agenda, and that is when you really begin to see the real benefits. Risk management then becomes less bureaucratic, less resource intensive and more focused on implementing strategies that help a company reach its long-term goals.
About the author
Alex Nash is a dynamic and professional recruitment specialist at Search Consultancy. In his role, he is responsible for providing recruitment solutions to the Risk, Financial Crime and Compliance market. His strengths lie in being a trusted advisor for small to medium size (SME) businesses. Should you need to appoint a risk and compliance professional, create a risk management team, or if you're simply qualified and looking for your next role, feel free to contact him on [email protected]