Risk management should span the company

Risk management should span the company

Experience shows risk management can be pushed down from top levels to involve front-line staff. Because risk and uncertainty are often too complex for centralized systems to manage, it should be.

The Risk Management Association (RMA) defines Enterprise Risk Management (ERM) in terms of 12 distinct risks organized into eight categories. Any one of these risks – compliance, say – can be broken down further. Deloitte’s 2014 Compliance Trends Survey addresses an additional nine risks, each of which can be deconstructed.

Risk and uncertainty are multi-dimensional. Their multi-dimensional structure comprises their most troubling and fascinating characteristics. Their complexity defies textbook efforts to depict them graphically. And we have yet to take the broader meaning of uncertainty into account.

Research sometimes attempts to illustrate this complexity as layers of risk, or using concentric circles. Other tired, two-dimensional diagrammatic representations include risk flow charts or decision trees. Here is how a recent CEB report on risk management illustrates the “risk landscape”:

The practice of risk management can take on the appearance of working in a hall of mirrors. It can be difficult to tell where reflections end and the true image begins.

Risk management tools are limited compared to the number of risks they are called upon to handle. Ashby’s Law of Requisite Variety means risk controls cannot possibly match the varieties of risk they face, so organizations should benefit from choosing a flatter risk management structure over a hierarchical one.

Research shows that groups of functionally diverse employees, such as those involved in a flatter risk management structure, are better at problem solving and decision-making than groups of experts. As one paper puts it, “a random group of intelligent problem solvers will outperform a group of the best problem solvers.” It concludes, “firms with organizational forms that take advantage of the power of functional diversity should perform well.”

The CEB concurs: “If companies can raise management and frontline awareness of key risks such that management can identify issues independently, they can reap benefits such as cost savings and more effective risk mitigation.”

Up the devolution (of risk management)!

A flatter corporate risk management structure can outperform hierarchical risk management systems. It makes possible the management of macro risks at the macro level, of micro risks at the micro level, and can manage the aggregation of micro risks and macro risks. Crucially, it presupposes a fundamental change in risk culture.

The general idea is for organizational structures to devolve the risk management function from one centralized at the top (siloed among C-level officers, the Board, the Audit Committee, and risk experts) to lower echelons, managers, and staff. The intent is to give practical risk management responsibilities to levels ordinarily not involved, but who, by virtue of their proximity to the sources of risk, are often well-informed and well-positioned to contribute to risk management.

Staff beyond designated risk experts have access to valuable information and data useful for shaping policy and decision-making. According to the CEB, “Mid-level managers are an important source of risk information; they receive real-time, candid feedback from employees about potential issues and have the greatest ability to stifle or amplify those issues by how they react and what information they choose to pass on.”

How can this be done?

Maurya Murphy of Moody’s Analytics poses one approach to this problem. Interestingly, the method she advocates is one long practiced by agricultural credit institutions in the US.

In an article about financial institutions entitled, “Enhancing Credit Decisions with Risk Data,” Ms. Murphy argues for extending risk intelligence throughout the organization by pushing “risk strategy decisions taken at head offices” into “locations where loan applications and borrowers are routinely assessed.”

This positions “risk as the gatekeeper at every step of the (loan) origination process” and “helps improve the transparency, accuracy and timeliness of credit decisions.” If it is possible to ensure “the right people make the right decisions at the right time,” competitive advantages and better pricing mechanisms result.

Yes, but does it work?

Twenty years of experience in agricultural finance suggests this is effective.

The US Farm Credit System is the largest agricultural lender in the country. Certain agricultural lending co-operatives in California have robust Enterprise Risk Management systems with loan officers and loan origination positioned at the core. For them, risk management begins in the local branch when the customer applies for a loan. It is risk management on the micro level.

Practices vary, but in some California farm credit institutions, local loan officers approve loan applications subject to a risk analysis they perform on site that captures the risk characteristics of the borrower, the credit portfolio of the individual branch, and the co-operative’s overall credit portfolio.

Although agriculture is among the riskiest business endeavours, credit market data show agricultural loans are less risky and less costly. This is evident in St. Louis Federal Reserve Bank data (below) comparing delinquency rates and charge-offs for agricultural loans to all lending. The data are drawn from commercial banks, so it is worth noting that rates and charge-offs for farm credit lending co-ops are lower still.

FRED Charge off Rates Long

Micro and Macro Risk Management

At the micro level, local information on the borrower is shared with and compared to macro information at the central office. At the macro level, the central risk management function incorporates local information and adjusts the main credit portfolio and corporate risk policy and analysis. Regular information feedback between the macro and micro levels is accomplished through data exchanges, information systems, and risk models.

Using this feedback, loan officers can make real-time adjustments to the local lending portfolio and branch lending decisions. The micro level uses macro information to assess the creditworthiness of existing borrowers and new applicants by comparing an individual borrower’s credit and financial metrics to the characteristics of the aggregate portfolio.

The results benefit both the farm credit institutions and their customers. Individual borrowers are evaluated in terms of the local credit risk spectrum and with the “average” borrower in the macro credit portfolio. Local and central officers better understand how their lending decisions impact risk and return characteristics of the micro and macro credit portfolios.

Categories: Finance, International

About Author

Steven Slezak

Steven is on the faculty at Cal Poly in San Luis Obispo, California, where he teaches finance and strategy. He taught financial management and financial mathematics at the Johns Hopkins University MBA program. He holds a degree in Foreign Service from Georgetown University and an MBA in Finance from JHU.