Chief Scapegoat in Waiting
The position of Chief Risk Officer is perilous.
Just watch Demi Moore get fired in Margin Call. She said that she had sounded the alarm about the risky trades that were the main topic of the film a year ago. But her warnings were obviously not heeded and when things turned out poorly as she had warned, she was fired as the scapegoat.
Just read the stories about the two Chief Risk Officers at MF Global. Both of them sounded alarms about the trades that eventually bankrupted the firm. Roseman left over the issue. Stockman is testifying to Congress about exactly when he determined that the trades were too risky.
A House committee is expected to disclose on Thursday that MF Global, under Jon S. Corzine, stripped critical powers from its top executive in charge of controlling risk, according to a person briefed on the matter. NYTimes
Riskview suggests that they have it all wrong. Corzine is the one who is responsible for the risk management of MF Global. No one is suggesting that Corzine was ill served by his CRO. Instead, the discussion suggests that the board should have listened to the CRO and not the CEO. Easy to say in hindsight. But in fact, the CRO is an agent of the CEO. If the board sets up the CRO as their agent within the firm who can trump the CRO, then the board is overstepping its role. If the board does not like what the COE is doing, the board has the responsibility to replace the CEO.
If the board wants to know more about the risk of the firm than the CEO wants to tell, then the board should not be going around the CEO to people who work for the CEO.
Congress should be talking to the board members who repeatedly approved Corzine’s decisions. The CRO is now being used as a scapegoat by the board and by congress.
The position of CRO at a firm that does fail is even more perilous than usual for that position. When the firm fails or comes close to failure, the CRO can become the scapegoat for failure to act. And the fact that the CRO did not have the authority, does not change that process at all.
That is because there is a myth that the CRO is in charge of preventing bad things from happening. That is not the case.
The CRO job is to make sure that management has the tools and the people and the information to prevent bad things from happening. Only if the CRO is set up as someone with MORE authority in the organization than the CEO should the CRO be held responsible when bad things that they did warn about do happen.