Risk Professional - December 2009

to good, effective communications. It’s an ongoing challenge, and finding the right balance is essential.

Question: How are you currently working with your Executive Committee / Board to help establish and implement a corporate risk culture? Are you seeing a blurring of the line between the boundaries of General Management and Risk? Who owns risk?

Lionel Lopez: My role is to manage and control the independent risk function of the Personal Bank and ensure that the risk appetite framework is embedded and not breached. I see myself as a partner to the business, providing input to the business strategy and also contributing to the business growth while ensuring risks are understood and under control. I think everybody in the business owns risk; we are in a business which is all about risk. Business should be aware about their inherent risks and ensure they have the operating controls in place to mitigate those risks. The risk function is here to set up the risk appetite, providing risk management skills and tools to appropriately manage risk, and also ensure the control frameworks are working.

And third, to have a strong vision of risk culture to maintain a strategic direction.

Lionel Lopez: There are three key strengths a risk leader should have. First is creativity and innovation; second is an orientation towards data, facts, and process, with the ability to make decisions based on those; and third is strength in people management.

Raj Singh: The most important factor is integrity – being an influential partner to the business, but also being influential enough to say no. Another key element is that we have to be pre-emptive in the risk function. To examine the ashes and explain how the fire happened is not terribly helpful, it’s looking at the sparks and trying to think about how do we prevent that from becoming ember.

“To examine the ashes and explain how the fire happened is not terribly helpful, it’s looking at the sparks and trying to think about how do we prevent that from becoming ember.”

Raj Singh

James Stewart: You really need to understand the business. You can’t stay in a world where things are too theoretical – at the end of the day, you have to be a banker, and understand what goes through the minds of people out there on the front line trying to win business and have it executed in a speedy, prompt, service-oriented way.

Raj Singh: One element we are seeing which is gaining importance is the overall control framework beyond just risk, from risk to operational risk, to the overall audit functions, to the overall underwriting review functions, and making sure that it is all linked. Risk is ultimately owned by the risk taker and the business, there is no question there. We have to provide the transparency, give the warning signs, look at the risk tolerance and other elements, but the ownership has to be with the business.

Stephen Anderson: One of the things I am working on at the moment is looking at the history of HSBC where risk decisions were made which had an influence on the future success and the future shape of the organization, and using those as examples to teach the new generation the importance of our risk culture. The business of banking

is risk and without risk, there is no banking and there is no banking without risk. I think there are certain places within risk which are clearly owned by the risk function, but risk as a commodity is owned by everybody.

Question: As more regulation continues on the horizon, what suggestions do you have for central bankers and policy makers?

Hervé Geny: I think one of the things that led to the crisis is that when new products came on the market, regulators looked at them in isolation rather than trying to put them into the context of everything that exists already. It’s important that they go from an incremental view to redesigning the system as a whole, and I think they are doing this right now.

Raj Singh: We need to make sure we respect the different business models between banking and insurance. Insurance definitely has been affected by the crisis but the funding models and liquidity scenarios are different. Also, we need to be careful of unintended consequences: whether it’s insurance, reinsurance, or banking, ultimately additional capital charges will have to come out of the total financial system and the real economy.

Stephen Anderson: I don’t necessarily believe that numerous layers of additional regulation is the answer. I think that some of the things that led to a complete collapse in the emphasis on portfolio, quality, and mortgage lending underwriting standards and concentration issues all go back to common sense, basic risk management principles that we somehow lost sight of.

Question: What makes a good
CRO?

Stephen Anderson: Number one is a commercial understanding. I don’t think it’s possible to be a good Chief Risk Officer, unless you understand what makes your business tick and how your business makes money...and I think also the Chief Risk Officer has to be somebody who has a pretty consistent view of what the risk appetite of the company is and what portfolio of risks the company should have and what the risk tolerance of the company is.

Hervé Geny: First, openness and transparency. Second, to be adaptable and act almost as a translator, listening to the business and translating what you are looking for into measures and controls, and also the reverse, to explain new controls and methodologies to the business very clearly.

Conclusion

While the fundamentals of risk remain constant, recent financial events have placed a new premium on qualitative insight. As risk professionals become more involved in strategy, they must combine a strong vision for risk with a real understanding of their institutions’ business models and processes. Ultimately, this blend of quantitative acuity and human insight is essential for creating and maintaining an effective culture of risk management.

As an executive search firm with a
dedicated and established practice within
the Risk and Finance functions across
the global banking and financial services
sector, SEBA International is continually
engaged with the issues shaping the risk
management field today. Robert Iommazzo
is a Managing Partner of SEBA International
and leads the Risk & Finance practice.
Robert can be reached at
riommazzo@sebasearch.com.