Action and Inaction
Running a successful business requires doing something almost constantly.
But successful risk management may require doing very little for long stretches of time.
“Just because they say “ACTION” doesn’t mean you have to do anything” Al Pacino
Good risk management means picking your times and picking your actions.
But there is much for the new risk manager to do between the day when they are first given their charge (the call of ACTION) and the day when they must take their first ACTION.
Many new risk managers get completely caught up in the process of creating a risk management system and the idea of ACTION gets moved into some sort of bureaucratic haze. The risk management systems that are described in many textbooks and articles make it seem like ACTIONs will simply happen on their own if the system is all in place.
But any risk manager who has worked through the financial crisis or through any other major loss making crisis will tell you that the ACTIONs that take care of themselves through the system are only the easiest part of the ACTION that is really needed, that really adds value to the organization. The really difficult ACTIONs are the ones that are not so clearly indicated, or the ACTIONs that come after a long period of inaction.
Those actions include things like stopping the growth of a profitable risk, stopping writing a particular risk or even shrinking risk positions.
“Every great mistake has a halfway moment, a split second when it can be recalled and perhaps remedied.”
There is a time as well when it is too late for the ACTION. That is because it is usually in the late stages of a boom that the firm takes on the risks that end up making the largest losses.
And when the problem starts to become evident, it is usually much too expensive to lay off the risk positions. The best you can hope for is to stop growing the positions.
So there are times, during a boom, when the most important but most difficult ACTION for a risk manager to take is to stop the growth of an overheated risk.
But there are many other times when the risk manager can concentrate on inaction. Just letting the risk control system do its work.