Before financial institutions had chief risk officers, they had people like Dan Borge.
As a partner at the old Bankers Trust, Borge designed one of the earliest models for managing enterprise risk. He spent much of each day on the trading floor, where he would examine specific transactions and gather color from the folks on the desks to help develop a picture of the firm's big exposures.
Risk management has grown up a lot since those days, says Borge, who worked at Bankers Trust from 1978 to 1999 and is now a director at the consulting firm LECG Corp. in New York. The math is more sophisticated, the computing more powerful, the models more elegant. But as those improvements helped risk management evolve into a profession in its own right, something was lost that has to be recaptured if its practitioners — as anticipated — are going to help prevent future crises.
"Unfortunately it became so specialized and arcane that it became isolated from the businesses it was supposed to be helping," Borge said at a recent event in New York to launch "QFinance: The Ultimate Resource," a new reference guide to which he was a contributor. "A lot of risk management today is wasted on the risk managers, because the business people are not involved in it."
At a time when banks can ill afford to see risk management efforts go to waste, companies must do a better job of articulating their philosophy on risk and integrating the teams that put the philosophy into practice, Borge and his fellow panelists agreed.
"Right now, we just seem to think that if we just get the checklist right, everything will be OK," said Bill Sharon, a "QFinance" contributor and independent consultant who conducts workshops on risk management issues.
Borge and Sharon, among the 300 industry veterans, educators and policymakers whose essays are featured in "QFinance," participated in a recent panel on the state of risk management. Bloomsbury Information Ltd., the publisher of the new 2,200-page reference guide for finance professionals, and LECG were the hosts.
Sharon argues companies should overhaul the way they think about risk and position themselves to handle it.
There are some signs that banks are doing more to bring risk concerns, and risk experts, into the fold.
W. Kendall Chalk, the interim president and chief executive of the Risk Management Association, said in an interview that his group's members are fielding more frequent requests to share their opinions with their corporate boards, and not just on the obvious questions like market and credit risk. Some risk managers report that they are now being asked to weigh in on topics such as pay structure, in regards to compensation for executives as well as line-level staff.
"That would suggest that chief risk officers are getting involved in more issues that are broad-based across their organizations, as opposed to being in their own silo," said Chalk, a retired chief credit officer of BB&T Corp.
The RMA is working on a template that chief risk officers can use to make presentations to their boards on the issue of enterprise risk management, Chalk said.
The handling of enterprise risk, which Chalk describes as "the methodical management of all material risk," is a concept that Rob Sloan has been hearing a lot more of in his recruiting work at Egon Zehnder International Inc., where he heads up the executive search firm's U.S. financial services practice.
"When talking to chief risk officers or executive leadership, two years ago I think risk was more tightly defined as market risk and credit risk, and then there was the legal department, the audit department and compliance. Now they talk about enterprise risk. It's sort of a catchall, but it includes legal risk, compliance risk and regulatory risk, plus all of the business risks," Sloan said.
Between the broadening definition of risk and the intense scrutiny risk management has come under, "our risk practice has been on fire for two years now," Sloan said. "Every organization has been seeking to upgrade their risk talent."
Among the recent moves, Huntington Bancshares Inc. of Columbus, Ohio, in July hired Kevin Blakely as chief risk officer, luring him away from the top job at the RMA and gaining an executive with years of experience managing risk at rival KeyCorp. Iberiabank Corp., a $4.1 billion-asset company in Lafayette, La., hired longtime Wachovia Corp. executive James Gburek as its chief risk officer.
Another Wachovia alumnus, Phillip Campbell, who had been chief counsel for the company's small-business capital division, joined Citizens Bank of Northern California this year as general counsel and chief risk officer. Bank of America Corp. looked to an insider, longtime executive Gregory Curl, this summer to replace Amy Brinkley as chief risk officer.
Risk management still is a relatively new profession in the formal sense. A search of the American Banker archive shows that the title of "chief risk officer" did not even appear in the paper until 1996. But some observers say the function quickly got off track, as companies diverted attention away from pure risk management and more toward audit and compliance concerns raised by regulatory imperatives such as the Sarbanes-Oxley Act of 2002.
"A lot of what passes for risk management today, and not only at banks, is really a compliance function — it's a response to somebody else saying you've got to do this or that," said Sharon, the independent consultant. "But managing risk is not about making a list of everything that can go wrong."
What it should be about, he said, is measuring and reconciling the difference between "what people say they want to achieve, and whether their organization really has the capability to achieve it."
If ever there were a time for banks to adopt a new and potentially broader view of risk management, this arguably would be it.
Sloan, the recruiter, said he has seen enough change in the industry to convince him that progress is being made. But Borge and some of his fellow critics remain frustrated, saying not enough banks have laid the groundwork for proper risk management.
"They're still preoccupied with the math and the models," Borge said. "The real missing piece in all this is a culture. You cannot have the apparatus of risk management work effectively unless you have a culture" in which the approach is debated openly and shared across the firm.