Browse By Category
Flaws in Risk Management2018-10-11
Kindly note the following as enunciated in the ‘simple rules of risk’. Risk officers are not active / visible in the risk management process and are easily intimidated by business managers; experienced risk personnel do not form the bulk of the risk function. This indicates the presence of a large number of junior risk personnel (perhaps risk administrators rather than risk managers) who do not possess the requisite knowledge and depth to work with, question or challenge business managers. One of the reasons for this inexperience is that many of the risk managers do not understand the businesses they are qualifying. Someone that joins risk and control function straight from NYSC and progresses in his / her career without ‘touching’ any other department, especially the core functions and the business areas may not have sufficient exposure and experience to enable him face the business managers. They will surely intimidate him. The above was the scenario with the regulators many years ago, where for example; some of the regulators in the financial industry were deployed from the Ministry of Finance and other government parastatals. These were the ‘guys’ that would be deployed to banks and other financial institutions to meet well exposed, experienced and highly trained personnel who had gone through all the ‘metamorphosis’ of practical banking. Thus the knowledge gaps had always reflected in the eventual regulatory outcome. However nowadays, things have significantly changed. The regulators are well exposed since many of them are experienced professional bankers, accountants, Enterprise Risk Managers etc that have also had some practical banking experience in their career. Even those who have no practical experience have gone through a lot of trainings (local and international) to bridge the gap and they also write examinations to be promoted on the job and to update them regularly on best practices. Therefore, there is no short cut in risk management; risk managers in all sectors (oil and gas, insurance, Pharmaceuticals, Aviation, Transportation, Manufacturing, Telecoms etc) must be exposed to the rudiments of the job and be well grounded professionally to be able to stand the business managers or operators in the face. This was what happened when Professor Dora Akunyili headed NAFDAC. No operator could intimidate her because of her background! Institutions must be willing to spend resources on hiring more experienced, and qualified, risk professionals. No matter the amount spent on these, it cannot be compared with losses incurred by institutions due to lack of experienced risk professionals. Backlogs of essential legal documentation are permitted to increase. This may indicate lack of knowledge regarding the critical effect of legal documentation on risk exposures, presence of an understaffed/inexperienced legal department and/or absence of an automated mechanism for tracking past-due documentation. It may also indicate lack of knowledge or respect by the business units for the legal process. All these expose organizations to serious legal risks. By the time such risks crystallize, things would have gotten out of order. Staff of recovery department gets frustrated at some point in the recovery process when asked by the court to bring a particular essential document (that can assist the bank in getting its money from a very recalcitrant customer) only to find out that the document, which was earlier waived officially for the customer to fast –track disbursement, was not eventually followed up nor retrieved from the customer. Many cases have been lost by the bank due to this negligence. The risk limit structure does not control the risk it is intended to constrain. This may reflect problems in identification and quantification of risks by risk personnel. It may also indicate that risk personnel are not sufficiently knowledgeable about the risks they are meant to be limiting and monitoring. It could also suggest lax control or that the limit needs review probably because it is no more realistic. Communication between risk officers and business managers is strained and counterproductive. This might indicate lack of professional respect between the two groups. It might also indicate that risk officers are not visible and responsive, or that business managers violate or ignore risk processes frequently and they get away with these infractions while the senior management that is supposed to deal with them looks the other side. This is more frequent where a staff is regarded as high performer and at a point he or she may be ‘untouchable’ because the system has always protected him from sanctions by the Risk Management Group or the Internal Control Department. Such staff, more often than not, brings more problem to the institution eventually. Let us all learn from Nick Leeson, the guy, whose unauthorised trading pulled down the oldest investment bank in Britain at that time, Barings Bank. Risk policies are not applied consistently. This may indicate the presence of “favouritism” for some businesses over others, flagrant disrespect of rules or policies or the existence of ambiguous policies that are left open to wide interpretation and application. It may also be a deliberate ‘Tone at the Top’ where rules are applied only for the ‘boys’, not the ‘men’. For an institution that intends to be sustainable in the short, medium and long term, this is the way NOT TO GO in managing its risks.