= Subscriber content; or subscribe now to access all American Banker content.

What Makes a Good Risk Manager?

Here on BankThink, risk is certainly a popular topic of discussion, as an adequate means of assessment is necessary if we are to avoid repeating past (and perhaps current) mistakes.

But a majority of our posts focus on new and existing tools, systems, agencies or legislation pertaining to risk management. Rarely do we talk about the personnel hired to implement them.

This is one of the reasons why a recent LinkedIn discussion thread piqued our interest.  On a message board dedicated to the International Organization for Standardization 31000 Risk Management Standard, one group member asked:  "What are the characteristics of a good risk manager? If you were to employ a manager of risk in your company, what attributes would you expect them to have?"

While responses were varied (and, at times, hotly contested), respondents generally agreed risk managers needed to possess strong analytical skills, natural leadership abilities, a basic knowledge of applicable software and a head for numbers.

Another overarching theme was the need for experience. While some said qualified personnel should have around four to six years of managerial experience under their belt, another commenter emphasized quality versus quantity by suggesting the ideal new hire come "with a track record of implementing Risk Management in an organization from conception."

"Start with the policy," this commenter added. "I personally don't really care if you use a crystal ball, if you can show that it works."

Ultimately, the question yielded a list of buzzwords so long (among them, "innovative thinker," "visionary" and "team player, but self-starter") it was hard to think any mortal could fill the role.

As one commenter wrote, "A lot of comments about the risk manager's attributes are so perfect that could you find such a person in the real world? This is a question."

What qualities do you think make for a strong risk manager? Let us know in the comments section below.

Jeanine Skowronski is the deputy editor of BankThink.


(13) Comments



Comments (13)
Some common sense... Robo-risk doesn't do anyone any good!
Posted by openuris | Monday, July 30 2012 at 4:45PM ET
Risk management is about the network and culture you can create in and "around" the activities and actions of an organization. No one person has the red cape, as you indicate in the note above. However, in today's world of risk and risk management, the most effective leaders know how to "crowd source" intelligence from around an organization. He or she knows that the Devil is in the Details and that the best ballast for lifting those details out of the trench and onto the proper dashboards means impacting the culture of an organization, from the Board and CEO down to the line staff in a bank branch. "Everyone a risk manager" is the culture to create. This doesn't require everyone to know stochastic calculus. After all, the math usually fails just when you wish it didn't. This is one of the empirical realities of the proverbial Black Swan. Today's risk manager must have the skill to create such a platform in an organization, and this requires proper empowerment from above. Sadly, most organizations give lip service to risk management, and risk management is more of a compliance exercise in regulatory appeasement than a meaningful CORE PRINCIPLE of business mission and activity. Until Boards take a more active role in strategic direction on ERM, and until the CEO realizes that ERM isn't compliance but a core value of the enterprise, risk management will continue to be an exercise in windmills and jousting. For those serious enough to put forth the effort, the skills needed orient around:

* Data
* Technology
* Best (sound) practice(s)
* Governance
* Organizational design
* Presentation and speaking skills
* Sales and marketing
* ...and for the CRO, yes, mathematics, finance, markets, and economics

(among other things)
Posted by Stentor | Tuesday, July 31 2012 at 12:48AM ET
competent, candid, courageous, cultural, consistent
Posted by D Lewis | Tuesday, July 31 2012 at 10:54AM ET
A risk manager must intimately understand the internal controls and the risks that the controls mitigate, but be able to evaluate the cost of implementing those controls versus the risk of not implementing the controls. We get so caught up in "buzz words" and "the talk" that we forget to dig down and find out if the person truly understands the basis of risk versus reward of the particular function being evaluated. If risk were eliminated, then there would be no banks period. The above description sounds like it is describing an analyst.....rather than a risk manger. yes there are a lot of similarities in skills, but a huge difference in application of knowledge and decision making.
Posted by vkpace | Tuesday, July 31 2012 at 12:25PM ET
It's really a lot simplier. The real risk managers are the CEO and the top management team. There the ones that have to understand and value to risks. All the risk managers, analysis and reports in the world can't replace this group from their responsibility to understand and value the risks that could threaten the bank.
Posted by Rhsmith999 | Tuesday, July 31 2012 at 12:31PM ET
Add Your Comments:
Not Registered?
You must be registered to post a comment. Click here to register.
Already registered? Log in here
Please note you must now log in with your email address and password.