Conflicts about Risk
The headline reads:
This story reveals several things about the nature of risk and the CRO job.
First, the nature of risk. Risk is always about the future. There will always be disagreements about the level of risk. True disagreements. People believing completely different things. And it is the future we are talking about. No one KNOWS for certain about the future. And also, risk is potential for loss. In many cases, even after the fact, no one can know how much risk that there was. A severe adverse event that had a likelihood of 10% might not happen in the coming year. Another equally severe event with a 0.1% likelihood migh happen. Exposure to the 10% event was certainly riskier than an equal sized exposure to the 0.1% event. Even if the less risky exposure produced a loss while the more risky exposure did not.
So the fact that the MF Global position produced a large, firm ending loss does not prove that the CRO was right.
In fact, what other stories reveal is that the board thought that the positions were more risky than Corzine. And that is pretty typical of what you will see at financial services firms. The top executives generally have the opinion that the environment is somewhat less risky than the board sees it while the non-executive employees generally see much, much more risk that either the executives or the board.
This tends to create exactly the dynamic that played out at MF Global where the CEO ignored the CRO warnings and the board very slightly restricted the CEO.
About the CRO
Many people forget that the Chief Risk Officer is usually not independent of the CEO. If there is a company where the CEO does not think that they are totally responsible for risk, then the CRO will not have enough power or influence with the board to remedy that problem. And if a CEO is aware that they are responsible for company results, good or bad, then clearly the job of the CRO, for better or for worse, is to execute the risk strategy of the CEO. NOT to critique that policy to the board.
RISKVIEWS tends to think of the risk appetite as the expression of the objective of the risk management system. The CRO should not be setting their own objective. So at MF Global, if the risk appetite was expressed as some sort of broad statement about corporate security, then the conflict became what is described above – a disagreement about the calibration of the risk model.
But the story says that the board approved some of the positions and disapproved a proposal to increase those positions even more that was made by the CEO. That makes it sound like there was a risk appetite and that the board, even if they did not say it in advance, knew when it was exceeded.
So the CROs job is not to stand in judgment of both the CEO and the Board. The CROs job is to work within the risk appetite of the board.