Tuesday, 2 June 2015

PWC's Risks in Review - White Paper, Black Sabbath...

A quick dive into the wider world of ERM, courtesy of one of our Big 4 friends, ambiguously titled Risks in Review.  PwC's document (short sign-up required) is US-centric and multi-industry, so for the Solvency II crowd you might need to sift for the goodies (a good illustration of which side of the Atlantic it leans towards is that CFO.com reported on its highlights), but for anyone in the ERM space, there should be something for you here.

A bizarre stat is laid out at the beginning in that 73% of the 1,200+ senior executive[s] and Board members respondents to the survey agreed that "risks to their companies are increasing". Whether this be in reference to the number of risks faced, increases in the likelihood/severity of one's existing risk universe, or their perceptions on emerging risks, it certainly suggests that exogenous and endogenous concerns have not abated in the minds of corporate leaders. However, given the risk immaturity within firms that the rest of the document serves to highlight, the lack of definition is rather unhelpful.

Appetite - For Risk or Bats?
As the survey covers multiple industries, it has the more generic risk classifications in mind (i.e all major quantitative risk balled up into "Financial Risk"), which will no doubt gnaw at anyone on the financial services side, but at the same time, it's not all about you!

The pat on the back for those surveyed is the sobriquet of "true risk management leaders", handed out to 12% of respondents. It frankly doesn't feel like a valid aspiration for an entity, more that being a "risk management leader" would be an implicit part of the make up of any firm which successfully delivers on its strategic objectives.

That aside, the Leaders (of which financial services companies "...represent a sizeable portion" of!) are congratulated for;
  • Aligning RM Programs with their businesses.
  • Communicating Risk Appetite and Risk Tolerance through the business - nothing on hard risk limits in the paper though
  • Being "able to take greater business risks" - I don't necessarily make the link between being "good" at risk management equating to taking greater risks, unless that is part of the business strategy one has aligned the RM Program with.
  • Take aggregated views of risk over multiple areas
  • Using techniques such as emerging risk identification/forecasting, scenario planning and stress testing
Laggards on the other hand
  • Have no formal Risk Appetite Framework (only 38% of respondents do)
  • Don't integrate Risk Management Strategy with business strategy (only 31% do)
They also hook the leadership qualities of risk management to some quantitative "value of good risk management" work on p5 (a topic which Towers Watson recently tiptoed around due to a lack of quant), namely that their profit margins and margin growth will outstrip peers. The growth of profit margins might be a bum steer, as the macroeconomic environment is perhaps less kind to industries other than financial services, who of course would have seen margins peak comparably faster over recent years due to the size of the trough in 2006/08!

As ever, the lexicon used in papers such as this takes a dip in the lake of dubiosity, for example:
  • That companies should "...treat risk management strategically" - as opposed to what, "operationally"? This kind of expression suggests that risk is not already considered in strategy, which feels unfair and unrealistic, even on the immature firms surveyed. That there isn't a functional ERM Framework to enhance that work does not mean it isn't done at all.
  • Risk Appetite Framework should have "buy-in" from senior management and the Board. Why "buy-in"? They should be deeply involved in the construction of an RAF, and their successes or failures as management should be inextricably linked to operating in line with it, not asked to nod in approval at the next Board/EXCO
  • "Having a clearly defined risk appetite framework allows companies to quickly assess strategic decisions in the context of risk" - that of course was not a given...
  • They also follow the tactic used in the Towers Watson paper in referring to risk management "programs" as opposed to "systems" or "frameworks- again, I'm not trying to labour the sematics of it, but a Programme for me has an end, and the work of a risk management function simply does not. This is perhaps just a psychological angle being worked here to drill into prospective clients that Programs can be boosted with a burst of external advice, but I find it increasingly disagreeable, particularly given the risk management leadership traits highlighted in this document, which most certainly do not lend themselves to the workings of a transient Programme.
Other stand out points would include
  • Alignment of RM Programmes against each business function (p9) - horrible result for Sales & Marketing, even for Leaders, and suggests it is an area for us all to redouble our efforts
  • Similar to Towers, talk of firms "drowning in data" - cannot fathom this for the life of me, but perhaps that's because I can use pivot tables and SQL server!
  • GE Capital's approach to administering Risk Appetite (p16) - very clean, and in a manner which the CRO Forum would appreciate.
  • Finally, a really nice section on p19 which shows the discrepancies between executives and risk professionals regarding their own firms' prospects. The Fannie Mae CRO suggests that Risk Management staff are "paraniods by profession" which given his employer's recent history, doesn't mean people aren't out for you!

No comments:

Post a Comment