|
Thursday, 7th November 2024 |
Reputational risk is now the biggest threat to an organisation’s value |
Back |
Risk management in general has climbed higher up the corporate agenda, a new survey of more than 130 senior executives in financial services institutions reveals, and an awareness of unquantifiable risks in particular has grown markedly, with reputational risk now regarded as the greatest threat to an organisation’s market value. Alan Merriman reports on the main findings of the survey. |
Growing risk management departments and sophisticated technology have helped financial service firms to combat many of the more quantifiable dangers. But what about those areas that are both harder to measure and more sudden and severe in their impact? | Alan Merriman is a partner and banking assurance & advisory services leader, with PricewaterhouseCoopers. |
A recent survey of more than 130 senior executives in financial services institutions, carried out by the Economist Intelligence Unit on behalf of PricewaterhouseCoopers, indicates that risk management in general has climbed higher up the corporate agenda, and that an awareness of unquantifiable risks in particular has grown markedly, with reputational risk now regarded as the greatest threat to an organisation’s market value.
However, there is a big difference between talking about steps to integrate risk management and actually taking them. In only 33 per cent of European financial service companies participating in the above survey do all major decisions require interaction with, or some form of approval from, the group risk management committee. Too often a company’s head of risk is not at the same table as the chief executive officer or other executive directors when important decisions are being made. In fact, in more than half the companies surveyed, the executive with specific responsibility for risk management does not sit on the main board. (See Table 1) | Table 1: Level of attention devoted to risk-related issues at main board and board-level committees in European financial services companies |
A company needs to create and embed an appreciation of risk that goes beyond the risk management department and permeates the whole organisation. Many financial service companies are starting to recognise this and have begun to challenge, re-examine and renew their risk management structures and processes in an effort to create, build and embed a risk management culture across the enterprise, from top to bottom.
In conducting such a strategic assessment of risk management, the boards of financial service companies should be asking:
• Do we pay equal attention to quantifiable and unquantifiable risks? Institutions, and their individual officers and directors, should become increasingly attuned to the dangers posed by less quantifiable risks, particularly with regard to their market value.
• How do we identify, report and quantify all possible risks? Despite a growing awareness of unquantifiable risks, there remains a danger that some institutions will take no action if they cannot find the numbers with which to measure a risk or set of risks. The board and risk management group need to determine how best to monitor and report both quantifiable and other risks. In particular they need to create appropriate reports that capture and highlight those risk management activities aimed at addressing unquantifiable risks.
• Is risk management engineered into all aspects of the firm’s operations? Everything from performance to pricing, recruitment policies to pay structures and individual performance criteria should be set up in such a way that they include an appropriate risk management dimension. By introducing this inclusive approach over time risk management becomes so embedded in the culture of the company that it is second nature to everyone.
• Is everybody on staff responsible for risk management? In the past, financial institutions have tended to look outside their own walls when assessing risks. But issues of governance, culture and integrity are arguably more critical in protecting firms from unseen dangers and should be made the explicit responsibility of all members of staff and built into related performance criteria.
• Do our risk managers have teeth? Everybody involved in monitoring risk of all kinds should have a genuine influence over decision-making. Independent risk assessments of a new product or transaction should be made before the board, the CEO and senior management have approved it in principle. Is it realistic to go back to the drawing board afterwards?
• Do we avoid products and businesses that we, as an institution, do not understand? If you don’t understand the business, you cannot understand the risks facing it.
• Do our risk management processes accept that uncertainty exists? Some of the greatest risks to the organisation’s market value are ‘unknown’ sources of risk. Workshops, scenario planning and cross-industry reviews are among the techniques that leading institutions are using to assess the potential impact of, and response to, these future sources of danger.
• Do we monitor our risk managers? As we’ve seen above the amount of attention being paid to risk at board-level still leaves much to be desired. In less than 30 per cent of European financial service companies are risks and risk management discussed in detail at all main board meetings.
Risk management and related matters should be a standing agenda item for the monthly meeting of the main board. This section of the meeting should involve a review of the risk management report, together with a commentary on on-going activities from the risk management officer. The timing should allow for board members to question the risk management officer in sufficient depth as they see fit. On an ad-hoc basis the board should set aside an extended period of time for consideration of risk management and should seek to involve key members of the risk management team, supplemented by independent observers, such as the company auditors or external business assurance advisors. | Table 2: Methods used in European financial services companies to demonstrate the value of risk management systems and structures |
• Have we communicated the company’s risk culture adequately? The enterprise’s appetite for risk should be clearly and consistently communicated and widely understood across the organisation. The institution’s senior leadership should set a tone at the top that creates a behavioural and ethical benchmark for the entire organisation. Given the inherent vagaries of human behaviour, however, process controls also need to be put in place to reinforce cultural norms and compensate for any lapses.
• Do our risk management processes deliver value? Loss avoidance remains the staple means of demonstrating the value of risk management, but you should also look to risk management to contribute to improved shareholder value. For example, you might expect a strong risk management culture to contribute to lower volatility of earnings or perhaps favourable comments from market analysts.
In an environment where new and potentially lethal risks can suddenly emerge, leading institutions must consciously and continually look at the bigger picture. They seek to anticipate and avoid the submerged risks that can abruptly sink an enterprise. They continually challenge and develop their crisis management processes and the underlying standards of behaviour across the company that are likely to soften the impact of such risks when they do come to pass. Such institutions accept that uncertainty cannot be tamed, only mitigated.
Many financial service companies’ greatest risks are ‘unknown’ the unexpected sources of danger that materialise suddenly and at a stroke, cause an institution to reorder its priorities for risk management. To prepare companies must make a conscious effort to tease out the shape of these unseen risks by moving from a passive approach to an active one, anticipating requirements of regulatory bodies and trying to identify through internal and independent risk assessments the areas which are not presently covered. |
Alan Merriman is a partner and banking assurance & advisory services leader, with PricewaterhouseCoopers.
|
Article appeared in the October 2004 issue.
|
|
|