This document works nicely as an aide-memoire for anyone working in a financial services risk function as to what one should be wary of in the day-job. Professor Roberts ties in some of the most recent work in this space (leaning heavily on the Cass Business School/AIRMIC Roads to Ruin research and its conclusions in particular), and comes to the inevitable conclusion that lessons are well publicised, but never learned.
My main concern as a risk specialist is that certain recurring themes in the failure of financial services firms appear to remain outside of the Risk function's control or indeed influence, notably;
- Hubris of Senior/Chief executives - Almost every example of failure in insurance and banking referenced in Prof. Roberts paper includes a flukey, unchallenged CEO who got bolder as circumstance rather than skill kept their businesses growing. I had flagged a couple of articles in a post last year touching on what makes an executive tick, and since then I have seen psychopathy and leadership (as opposed to cherubic faces!) examined further in a popular mainstream book. The legitimate concern here of course is that CROs are seemingly no nearer to being guaranteed seats at the top table, let alone a veto to keep the most dominant executives in check, regardless of their loud voices, when necessary.
- Poor quality governance from Non-Executive Director level - Risk functions simply must have the NEDs performing at their optimum in order to provide acceptable services to their employers. While the "old school tie" approach to recruiting NEDs may take a generation to phase out entirely (to be replaced by an army of Fembots, so Viviane Reding would have us think), Risk functions are left with tottering old fee-sweepers as their key route to early intervention. The more visceral approaches to documenting risk appetite/tolerance/preference now being supported by corporate governance codes and vocational/professional bodies may make it easier to raise concerns with NEDs in future (probably as it will be colour coded and in Excel...), but until they are actually prepared to risk their comfortable semi-retirement with some probing questions in the C-suite itself, should Risk functions ever think they can overcome such a void?
- Failure of regulation - Should Risk functions be banking on the (inevitable?) failure of the nascent regulatory environment, and reserve for subsequent claims/compensation if one or a number of products are "too" successful, thus providing the necessary quantum of dissatisfied customers for the regulator to act? I would have laughed this suggestion out of the room until a year ago, since when the FSA have made retrospective calls on interest rate swaps, PPI, and TLPs, all of which would have been presented as "compliant" products in the Boardroom.