Dances with Risk: A Poetic Ode to Financial Risk Management

The year is 2012. Bruno Iksil is sitting in his corner office on Canary Wharf overlooking the Royal Naval College in Greenwich. It has been a while since he has had a good night’s sleep. The last days passed in a complete haze as he was trying to find a way to break it to his boss. The portfolio he was responsible for imploded spectacularly, and the Bank he represents, JP Morgan, is looking down over a $ 6 Billion loss. While Bruno is no stranger to institutional risk-taking or bold investing moves, a significant loss is bound to make ripples. A fraction of such a loss could destabilize many a global institution, even more, some solid sovereign wealth funds. And rippling it did… So much so that this scandal forever serves as a cautionary tale for the financial industry about the risks of complex trading strategies and the importance of robust Financial Risk Management. And Bruno is eternally known as the “London Whale” who cost his bank an amount equivalent to Barbados' GDP.

I want to say that this has been an isolated incident, but unfortunately, such fiascos have been an everyday staple in the Financial Services industry since its inception. Hundreds of billions of dollars were wiped out in the last 30 years due to failures in Financial Risk Management by the likes of Barings Bank, Allied Irish Bank, Bank of America, Societe Generale, UBS, Royal Bank of Scotland, Lehman Brothers, Fannie Mae & Freddie Mac, Silicon Valley Bank, Credit Suisse. And the list goes on and on…

Although the examples pertain directly to the Financial Services industry, Financial Risk Management is essential to all industries and companies regardless of size, location, maturity, services, focus, mission, vision, market share, and potential clientele. In today's complex and rapidly evolving business environment, companies must be diligent in their Risk Management practices to avoid catastrophic outcomes. Those could range from a hit on profitability or reputation, leading in some extreme cases to a direct threat to their survival.

In layperson terms, the Financial Risk Management process consists of four highly vital and equally important steps:

First comes the identification part. What are our triggers? What are the internal and external factors that our company is exposed to? What could go wrong? Are we aware of all the possible weaknesses and threats we are exposed to? And while this step could seem preliminary or self-evident, many failures in Enterprise Risk Management stem from a failure of imagination, negligence, or even denial, to delimit all our risk factors.

Equally essential but arguably more complex comes the assessment part. And contrary to popular belief, this activity is partially art and science. Some risks are basic and easy to spot and analyze. Others require a more philosophical or qualitative approach. Some require educated “guesstimations.” The rest may necessitate statistical models, regression analysis, Monte Carlo simulations, and Six-Sigma forecasts, and even then, in the most crucial of times, when push comes to shove, unforeseen correlations will form and stress test even the most robust of models and will end up exacerbating the potential losses by multiples. Why bother, then? One might ask. And the answer to this is an existential one. While no one can predict the future nor predict the spurious circumstantial interconnectedness with utmost accuracy, it is considerably better to be prepared with a 99% confidence interval to sustain the most “anticipated” losses (exemptus the “Black Swan” events) than not.

Third, and in response to assessing the risks, comes the function of Control. No risk is to be left untreated. Depending on the institution’s risk appetite, and the relative representation of each risk on the risk priorities plot (also known as a heat map), appropriate action is to be taken to mitigate, transfer, accept, or eliminate those risks. The remedial actions can be preventive (pre-fact) or corrective (post-fact). The main objective is to empower our goalkeeper, so to speak, with enough ammunition to face all the perceived “strikes” in order of priority.

Finally comes the monitoring part. This is what ties the whole process together. This is where we explore our assumptions in the previous three steps and ensure that the company stays within its stated framework. In blunt terms, this is where we make sure that reality fits the mold. And in case of discrepancy, investigate the reason behind it and recalibrate the whole process accordingly.

Effective risk management requires a comprehensive and systematic approach. It is demanding. It is uncomfortable. It involves much self-reflection and, most of the time, leads to disputes and cultural shakeouts. It is costly and resource intensive. It may sometimes even restrict maneuverability. But you can bet whatever you hold dear that it is essential. And the stakes are as high as your life. And what is more precious than that?

Who could predict where we would be today if any of the global empires that once ruled the world had implemented an effective Enterprise Risk Management exercise before their collapse?