Changing the
Organizational DNA
– The Spread of Risk
Culture
Sekhar Thodla
Independent Professional Member – Board
Governance Committees, National Bank of
Fujairah
Strategic Advisor – Finesse Global
November 2014
The views expressed in the following material are the
author’s and do not necessarily represent the views of
the Global Association of Risk Professionals (GARP),
its Membership or its Management.
2
A few Quotes on Risk Management to set us off………..
Better to have a simple model backed by excellent
people than the other way around. Paul Carrett
"Nothing will ever be attempted, if all possible objections
must be first overcome." -- Samuel Johnson
"It’s impossible that the improbable will never happen." Emil
Gumbel (Il est impossible que l’improbable n’arrive jamais, in
Statistics of Extremes, 1958.)
3 | © 2014 Global Association of Risk Professionals. All rights reserved.
And a couple of funny but far reaching thoughts……
DILBERT by Scott Adams
4 | © 2014 Global Association of Risk Professionals. All rights reserved.
Risk Defined
The ISO 31000 (2009) / ISO Guide 73:2002 definition of risk is the 'effect of uncertainty on
objectives'. In this definition, uncertainties include events (which may or may not happen) and
uncertainties caused by ambiguity or a lack of information. It also includes both negative and
positive impacts on objectives. Many definitions of risk exist in common usage, however this
definition was developed by an international committee representing over 30 countries and is
based on the input of several thousand subject matter experts
5 | © 2014 Global Association of Risk Professionals. All rights reserved.
Risk Management …. A Natural Process
6 | © 2014 Global Association of Risk Professionals. All rights reserved.
Milestones in the history of Risk Management
1730 First futures contracts on the price of rice in Japan
1864 First futures contracts on agricultural products at the Chicago Board of Trade
1900 Louis Bachelier’s thesis “Théorie de la Spéculation”; Brownian motion
1932 First issue of the Journal of Risk and Insurance
1946 First issue of the Journal of Finance
1952 Publication of Markowitz’s article “Portfolio Selection”
1961-1966 Treynor, Sharpe, Lintner and Mossin develop the CAPM
1963 Arrow introduces optimal insurance, moral hazard, and adverse selection
1972 Futures contracts on currencies at the Chicago Mercantile Exchange
1973 Option valuation formulas by Black and Scholes and Merton
1974 Merton’s default risk model
1977 Interest rate models by Vasicek and Cox, Ingersoll and Ross (1985)
1980-1990 Exotic options, swaptions and stock derivatives
7 | © 2014 Global Association of Risk Professionals. All rights reserved.
Milestones in the history of Risk Management - Continued
1979-1982 First OTC contracts in the form of swaps: currency and interest rate swaps.
1985 Creation of the Swap Dealers Association, which established the OTC exchange standards
1987 First risk management department in a bank (Merrill Lynch)
1988 Basel I
1997-1998 Asian and Russian crisis and LTCM collapse
2001 Enron bankruptcy
2002 New governance rules by Sarbanes-Oxley and NYSE
2004 Basel II
2007 Beginning of the financial crisis
2009 Solvency II (not yet implemented in April 2013)
2010 Basel III
Risk management: History, definition and critique
6 September 2013
Georges Dionne
8 | © 2014 Global Association of Risk Professionals. All rights reserved.
The Impact of Cultures on Risk Management
The Adventurous Types
The Impulsive and Emotional Types
The Calculative Types
The Conservative Types
………. And a whole lot of combinations in between……….
9 | © 2014 Global Association of Risk Professionals. All rights reserved.
The Lewis Model – The Coming together of Cultures
10 | © 2014 Global Association of Risk Professionals. All rights reserved.
Age of Globalization and Risk Management
“The challenge is to not only deal with management
of risks confronting every decision and action of the
organization but to manage it in multi-ethnic, multicultural and multi-language environments”
11 | © 2014 Global Association of Risk Professionals. All rights reserved.
Lessons from the past - Case Studies Revisited
Throw-Back to Barings!! Classic Cultural Clash!!!
• Misplaced Trust – Acceptance (“Greed Blinds You”)
• Cultural mismatch – Conservative bank getting “Adventurous”
• Gamblers’ syndrome – I can make it up in my next bet!!
• Structural anomalies – Conflicting responsibilities
•
Small but dangerous signals overlooked
• And of course, …. Very little understanding of risk-reward
relationship
• Paid the price many times over
12 | © 2014 Global Association of Risk Professionals. All rights reserved.
Lessons from the past - Case Studies Revisited (Continued)
ENRON – Going up in smoke!!
• Loophole fully leveraged
• 3% SPE rule
• Fraudulent accounting and dubious business practices
• Complex web of deals and structures to confuse/cheat
• Conniving management – you can rarely stop this bomb from
exploding
• Blinded – Auditors, Bankers and so on……….
• And seriously look at the connected entities names:
• JEDI, CHEW CO, Big River, Little River??
13 | © 2014 Global Association of Risk Professionals. All rights reserved.
And the Risk Management Function?
Incidentally, did anyone find a reference to
risk management function in any of these
cases?
14 | © 2014 Global Association of Risk Professionals. All rights reserved.
Classical Risk Management Structure
Board of Directors
Board Committees
Risk Management Function
The Management Committees
The Risk Function sits right at the center of the classical “Three
Tiers of Defense” Model
15 | © 2014 Global Association of Risk Professionals. All rights reserved.
Increasing Expectations from the Risk Management Function
• Legislative actions across the globe
• Recommendations on best practices in corporate governance
• Regulatory requirements
• Spreading awareness through corporate awards and recognitions
•
Stakeholders understanding and expectation management
• Understanding and revamping the risk culture
• Common understanding of the objectives but diversity in methods
to achieve the same – Need for harmonization
16 | © 2014 Global Association of Risk Professionals. All rights reserved.
Do you really see everything?
The Match Stick Trick!!
17 | © 2014 Global Association of Risk Professionals. All rights reserved.
Hurried views – Being hustled into taking decisions
- Confronted with a situation for the first time
- All factors have not sunk in
- Mind searches known bits of data
- Urge to be the first to crack it
- Views/ Decisions: Unknowingly hustled
- Mind assimilates, categorizes and decides
- Jump to the first option that fits known logic
18 | © 2014 Global Association of Risk Professionals. All rights reserved.
Tackling the Risk Culture
Survey Involving Participants?!
19 | © 2014 Global Association of Risk Professionals. All rights reserved.
Setting the tone
Tone at the Top
• How high is the top?
• Actions, and not merely words, need to convey the message
• Generating the ground-swell
• Keeping up the momentum
• Training, training and training
20 | © 2014 Global Association of Risk Professionals. All rights reserved.
Creating the ground-swell and keeping up the momentum
Identify the
• The Thinkers
•
•
•
Knowledgeable
Understand the risk scenario
Come out with plans and processes
• The Drivers
•
•
•
Dynamic
Experts in taking the changes through
The models to follow
• The Catalysts
•
•
Passive, but…..
Enablers
21 | © 2014 Global Association of Risk Professionals. All rights reserved.
The impact of proper induction
Induction is not restricted to
• On the job training
• An HR run show
• Something that is delegated to “people who can be spared”
Induction is (among other things)
• Imbibing the culture
• Setting the tone on what the organization stands for
• Making employees understand the culture of the organization
• Be it in risk management
• Be it in behavioral standards
• Be it in acceptable quality of output and so on
22 | © 2014 Global Association of Risk Professionals. All rights reserved.
We dealing with what and how but do we say “why”?
An extremely important aspect of changing the organizational DNA
Employees are trained on “what” to do
•
•
•
•
Job descriptions
Roles and responsibilities
Objectives
Targets and the like
Employees are trained on “how” to do
•
•
•
•
Process run-throughs
Standard operating procedures
Step-by-step task accomplishment
System usage and the like
Do we ever seriously pay enough attention to training on the “Why”?
23 | © 2014 Global Association of Risk Professionals. All rights reserved.
The “Why” way to risk culture development
Broad steps:
• Identify all critical processes
• Document the step-by-step process
• Identify all the control points in the process
• Against each control point, document the reason why the specific
control/ check is required
• If possible, reference reasons to case studies
(Nothing sticks better than a story!)
• Progressively build this discipline across all processes within
the organization
Once the understanding of why a certain control is being exercised,
risk awareness develops at the lowest level.
24 | © 2014 Global Association of Risk Professionals. All rights reserved.
Concluding thoughts
Top-down and bottom-up approaches do not work in isolation
On the contrary, they complement each other
The top-down approach has the advantage of “authority” behind it
• Easy to get the message that the tone is set at the top
• Desired impact is easy to achieve
The bottom-up approach gets the necessary buy-in from the lower
levels early on
Through the combined efforts of the Thinkers, Drivers and the
Catalysts, the desired organizational change is easy to achieve
Both approaches are essential to achieve the desired objective
25 | © 2014 Global Association of Risk Professionals. All rights reserved.
THANK YOU
Questions & Answers
26 | © 2014 Global Association of Risk Professionals. All rights reserved.
C r e a t i n g a c u l t u r e
r i s k a w a r e n e s s ®
o f
Global Association of
Risk Professionals
111 Town Square Place
14th Floor
Jersey City, New Jersey 07310
U.S.A.
+ 1 201.719.7210
2nd Floor
Bengal Wing
9A Devonshire Square
London, EC2M 4YN
U.K.
+ 44 (0) 20 7397 9630
www.garp.org
About GARP | The Global Association of Risk Professionals (GARP) is a not-for-profit global membership organization dedicated to preparing professionals and organizations to make
better informed risk decisions. Membership represents over 150,000 risk management practitioners and researchers from banks, investment management firms, government agencies,
academic institutions, and corporations from more than 195 countries and territories. GARP administers the Financial Risk Manager (FRM®) and the Energy Risk Professional (ERP®)
Exams; certifications recognized by risk professionals worldwide. GARP also helps advance the role of risk management via comprehensive professional education and training for
professionals of all levels. www.garp.org.
27 | © 2014 Global Association of Risk Professionals. All rights reserved.