As if risk managers did not have enough burden dealing with the rogue trading and control lapses at the likes of Barings, Sumitomo and Orange County, now comes the notion that enhancing shareholder value also should be part of the discipline's function. But this really is not an outrageous idea; if you limit risk management to preventing cataclysmic loss or providing quantitative analysis of risk, you find yourself with a risk management structure that doesn't perform either function adequately.
Risk management is slowly changing most financial and non-financial management processes in institutions. The principles which measure economic activity and performance of an organization and its staff are evolving to incorporate risk-reward concepts. So far, most change is apparent only in internal management information. Yet the Securities Exchange Commission's recent disclosure requirement covering an entity's interest rate, currency, equity and commodity risk is a strong first step on behalf of external audiences, and concepts such as value-at-risk are becoming more widely accepted measures of economic activity.
All this demonstrates the need for a more comprehensive and consistent approach to risk management. Such risk management can increase shareholder value, as well as prevent significant unexpected losses more effectively.
Financial institutions seeking to enhance shareholder value must establish an integrated best practices risk management infrastructure. But they also must let the rest of the world know what they're doing by providing analysts, rating agencies, regulators, and the like with a clear understanding of the company's risk management practices.
Many financial institutions have made substantial investments over the last five years in risk management methods and systems. CEOs should now be able to point to tangible returns from such investments vis-a-vis improved credit ratings, higher price/earnings ratios or changes in strategic direction. And analysts and investors should be able to identify those entities that exhibit excellent risk management practices and therefore offer the promise of above-average returns.
One way to achieve and demonstrate the type of comprehensive, enterprisewide risk management described above is through a comprehensive risk management infrastructure that Coopers & Lybrand developed, Generally Accepted Risk Principles (GARP). GARP is a set of 89 risk management principles that expands upon the work of such bodies as the Group of 30, the Derivatives Policy Group, the Basle Committee and the International Organization of Securities Commissions. GARP guides senior bank management and boards of directors in the areas of:
Establishing risk management strategy and culture at the board level, including allocation of capital to business units and recognition of market, credit, liquidity, operations, legal and systems risks.
Creating an effective risk management function to implement the risk management strategy and evaluate risk.
Developing appropriate measurement, reporting and control processes tailored to the institution's particular risks.
Implementing strong operational processes to record the company's transactions.
Achieving robust systems, without which none of the previous goals can be achieved.
Once a GARP framework is in place, the next step is to take a proactive stance in communicating with analysts, rating agencies and regulators. Over time, strategic decisions resulting from risk-based performance measurement should improve return on investments to shareholders. However, certain benefits should be achieved even more quickly with the help of GARP, such as a consistent, understandable set of principles against which a company's practices could be evaluated, and a voluntary, self-regulatory framework across product lines and legal jurisdictions. Meanwhile, communications with outside constituents can be complemented by independent verification and assurance regarding an entity's risk management practices.
Developing a Statement of Risk Management Practices for the company's annual report, for example, would help organizations communicate the quality of their practices. It would describe the company's risk management practices in the five sections of GARP. After verification, an independent accounting firm could attest to the company's adherence to GARP. A comprehensive, enterprisewide risk management program will enhance shareholder value over time. Such benefits can be realized much sooner by communicating the company's strict reliance upon the utilization of an accepted set of best practices, and providing independent assurance regarding their effectiveness.
James J. Vinci is a partner with New York City-based Coopers & Lybrand LLP.
