Introduction
In the modern dynamic organizational or rather operational environment, many organizations have faced situations that hinder them from achieving strategic plans, goals and objectives. Thus, embracing the concepts of risk management can greatly enhance the organization’s capacity to mitigate such unhealthy conditions (risks).
For the purposes of discussions of the paper, risk management refers to “a process of thinking systematically about all possible risks, problems or disasters before they happen and setting up procedures that will avoid the risk, or minimize their impact, or cope with their impact” (Andreas 2010, p.123).
In this context, risk management embraces fundamentally setting up various processes in which people can identify risks and then set up strategies to control them or deal with them. Risk management additionally requires that organizations conduct realistic evaluations of actual levels of anticipated risks. Consequently, it is essential for organizations to deploy appropriate principles while setting up mechanisms of addressing the expected risks.
In this endeavor, nations set various principles necessary to guide in setting risk management procedures. For instance, Standard Australia presents the risk management standards for guiding global organizations in the establishment of risk management procedures. These standards are documented under ISO 31000:2009.
This paper examines the role ISO31000:2009 play, if any, as the new global standard for risk management in creating an environment of resilience in the global economy. Additionally, the paper seeks to scrutinize the interconnectivity between operational risk, credit risk and systemic risk and the role of Governance and non-regulatory compliance in risk models.
Given that brand organizations like Lehman Brothers, Bear Stearns, Meryl Lynch, who are no more, or AIG, Fannie Mae, Freddie Mac who were effectively nationalized, all had technically excellent risk management systems. The paper also seeks to examine corporate mistakes that lead to their failure amid existing strong technical risk management systems.
The interconnectivity between operational risk, credit risk and systemic risk
Operational risks entangle all forms of risks that organizations encounter in their attempt to operate in particular fields. “Operational risk is the risk that is not inherent in financial, systematic or market-wide risk and embraces all the risks that remain after determining financing and systematic risk, and includes risks resulting from breakdowns in internal procedures, people and systems” (Andreas 2010, p.124).
Credit risk entails perceived risks by investors accruing from failure of borrowers to make payments as agreed. More robustly, credit risks are “the risks of loss of principal or loss of a financial reward stemming from a borrower’s failure to repay a loan or otherwise meet a contractual obligation” (Cornett & Saunders 2006, p.36).
On the worst scale, a financial organization may collapse in totality. Consequently, such organization always puts up mechanisms to mitigate such a wide-scale collapse. Such mechanisms constitute ways of preventing systematic risks from occurring. Indeed, according to Dale and Andreas (2008), systematic risks encompass “financial system instability, potentially catastrophic, caused or exacerbated by idiosyncratic events or conditions in financial intermediaries” (p.24).
Arguably, a financial organization is constituted of sub-elements that make groups of elements, which in turn are combined to constitute the whole organization. The failure of the sub-elements consequently may be key contributors of the failure of the whole organization. In this context, the human resource of a financial organization and even the creditors are part of the element that makes up the whole organization.
In case of the creditors’ failure to meet their payments as agreed upon (credit risk), or the human resource making some mistakes that are essentially detrimental to the financial organization’s success (operational risks), it is arguable that the probability of the failure of the whole organization increases. As a repercussion, there exists a correlation between credit risks, operational risks and systematic risk with the credit risks and operational risks heralding systematic risks.
The connectivity between credit risks, operational and systematic risks is perhaps clear through consideration of the circumstances that lead to the failures of a number of American financial organizations. Some of these organizations include Lehman Brothers, Bear Sterns, Merrill Lynch, and Goldman and Sachs among others. As from 2004 to 2007, these institutions significantly raised their financial advantages resulting to increased financial shock vulnerability.
With regard to Labaton (2008), the “institutions reported over $4.1 trillion in debt for fiscal year 2007, about 30% of USA nominal GDP for 2007” (p.23). Prior to the failure of these institutions, they had been incredibly leveraged, making them endeavor indulge more in risky investments.
This had the overall effect of making them reduce their resilience enormously in the event of losses. In the words of Michael (2009), “much of this leverage was achieved using complex financial instruments such as off-balance sheet securitization and derivatives, which made it difficult for creditors and regulators to monitor and try to reduce financial institution risk levels” (p.253).
In this context, arguably, the banks reduced their levels of credit and operational risks, which subsequently resulted to making them plunge into a crisis as a whole institution.
Essentially, their reduced surveillance of credit risk, followed by reduced surveillance of operational risks, truncated into a reduction in surveillance of eminent systematic risks amid technical availability of risks management systems. Indeed, while “Lehman Brothers ended up being liquidated, Merrill Lynch and Bear Stearns ended up being sold while Morgan Stanley and Sachs were commercialized” (Cornett & Saunders 2006, p.36).
The role of Governance and non-regulatory compliance in risk models
Risks models indebt themselves, to not only come up with models of mitigating risks, but also quantifying risks which organizations are likely to get subjected to. In the financial industry, and from the perspective of credit risks, modeling risks infers qualification of likely losses emanating from the debtor’s bankruptcy.
In the context of operational risks, it means quantification of losses ensuing from failing organizational process and its support subsystems. When quantification of risks extends to the entire financial institution, then the model is predominantly systematic risks focused. In these models, governance and non-regulators compliance plays pivotal roles in enhancing success of organizations.
In the development of risks models, governance in particular, has a noble role to play. It describes the approaches deployed by an organization’s executive arm to direct, monitor and controls the organization. To do this, executives make use of “a combination of risks models information and hierarchical control structures” (Darrell & Singleton 2003, p.78).
In the formulation of risks models, governance provides the avenues through which critical information that gets into the hands of the executive team is made accurate, complete and timely. This permits crucial decision-making and hence providing amicable grounds on which control strategies are developed, instructions and directions formulated, and then executed effectively and systematically.
Without this information, models for risks identification, their analysis and responding to them in an attempt to realize business objectives become almost unachievable. In fact, “Responding to perceived risks demands an organization to be cognizant of the gravity of perceived risks, coupled with cognition of mechanisms that may control them, accept, avoid or make their transfer to another party” (Brigo, Pallavicini & Torresetti 2010, p.45).
In all these processes, the decisions and directions of organizations’ governance are essential. As Bluhm, Overbeck and Wagner (2002) reckon, “Whereas organizations routinely handle a wide range of risks (e.g. technological risks, commercial/financial risks, information security risks etc.), external legal and regulatory compliance risks are the key issues in Governance and compliance” (p.87). Compliance entails conforming to established requirements.
In the derivation of risks models, non-regulatory compliance is critical since the analysis of costs of non-conformance and costs of conformances provides the basis for making decisions on the embracement of the proposed risks model.
According to Brigo, Pallavicini and Torresetti (2010) akin to development of risk models is the need to “assess the state of compliance, assess the risks and potential costs of non-compliance against the projected expenses to achieve compliance, and hence prioritize, fund and initiate any corrective actions deemed necessary” (p.56). Arguably then, non-regulatory compliance aids in setting decisions for risk-taking and risk avoidance while deriving risk models.
Governance in the GFC
The global financial crisis was indeed a total systematic failure amid the existence of risks management systems. Apparently, the best governance awards went to organizations that ended up failing later. So what went wrong? Governance failed to achieve its roles. Financial systems constitute numerous institutions structured in the form of layers. These institutions include audit, board and even risk committees among others.
Investment Horizons (2010) argue that these institutions need to have appropriate governance, which indeed failed miserably (Para. 9). Arguably then, governance in the public sector, multilateral bodies, self-regulatory bodies, private sector, regulators and even global bodies failed. The failure of governance of these bodies was attributed to the fact that, instead of helping in curtailing risks, they indeed enhanced them.
From the point of view of a multilateral organization and government, a major response to this failure “…has been a chorus of calls for systemic regulation, particularly around issues of solvency” (Lukomnik & Watson 2006, p.12). The question that remains is whether this is a sufficient remedy. Although regulation is necessary for incorporation as part of governance mechanism of control, its proposal is also incomplete.
Any regulator scrutinizing any system needs to consider, in the first place, whether the organization needs constraining for being inherently untrustworthy or because it is unable to police itself. However, systems are dynamic. Hence, regulatory responses also need to be dynamic. Lack of this dynamism pushes the governance of financial institutions into making the wrong monetary policies (Krugman 2009, p.45).
For instance, consider the 2-by-20 incentive method. In such a situation, when people operate funds, they get 2 percent as fee and 20 percent as profits. In case of loses, however, they get absolutely nothing, but they do not lose anything. Consequently, the more they take risks, the more they do not lose anything. This was the prevailing situation during global financial crisis. Essentially, poor governance leads to failure of markets.
Personal Opinion
In my opinion, the circumstances that lead to global financial crisis were multifold. They did not rely on failure of governance. Such circumstances include intellectual failure, market failure, and wrong regulations. From the perspectives of intellectual failure, arguably, people missed noting that externalities exist in the financial sector.
In some other disciplines, for instance in engineering, there exists systems, which do not operate without systems’ stability checks such as voltage stabilizers and circuit breakers, something that did not exist in case of financial markets in GFC era. Money moved from one institution to the other without appropriate mechanisms of risks mitigation. From the regulations point of view, despite high regulations in the banks, the effects of GFC was experienced more by banks.
Hence, the regulations adopted were wrong. They were often attributed to wrong monetary policies made by central bankers and economists. These policies predominantly focused on price stability- something that leads to the adoption of weak monetary policies and hence regulating banks in the wrong way.
Role that ISO31000:2009 can play as the new global standard for risk management in creating an environment of resilience in the global economy
In the proceeding discussion, it has been argued that incorporation of regulation, as part of governance within an organization, is incomplete. This argument, however, does not imply that it is unnecessary to constrain regulations. In fact, the argument is pegged on one question.
Combining policing with regulation with the aim of making participants in financial institutions management improve their ethos and risk management system architecture has the repercussions of enhancing the institution’s inherent trustworthiness. What can happen if this were the case? A more probable result is perhaps an organization, which is not only a self-correcting system but also one that is safer in terms of preparedness to face anticipated risks.
ISO31000:2009 can indeed play this role through the provision of codified standards that would show when an organization departs from safer side; hence utilize the provisions of the codes to get back on track. Drawing from Standard Australia (2009), this role is well evidenced by the fact, “Organizations with existing risk management processes can use ISO31000:2009 to review, align and improve their existing practices” (p.V).
People held accountable for the achievement of organizational objectives, as well as those charged with the responsibility of risk management policies also design the standard for use.
Those who evaluate the effectiveness of risks management strategies and those who develop standards, procedures, codes, and guides that either wholly or partially set out the risks vital for management within an organization also play this crucial role. In this context, ISO31000:2009 has a critical role to play in aiding in the definition of risks, ways of evaluating them, monitoring and controlling them.
Conclusion
In the dynamic operational environment, organizations face an immense number of situations that are unhealthy for them to achieve its strategic plans, goals and objectives. In the paper, such situations have been defined as risks. From the financial industry perspective, risks have been categorized into three main types: operational risks, credit risks and systematic risks. In this end, the paper endeavored to look into the relationship among them.
The paper has also addressed the role of Governance and non-regulatory compliance in risk models in a bid to unravel the mystery behind governance in GFC from both scholarly and personal opinion perspective. It has summed by looking at the role that ISO31000:2009 can play as the new global standard for risk management in creating an environment of resilience in the global economy.
References
Andreas, A 2010, ‘The credit crisis and operational risk- implications for practitioners and regulators’, Journal of Operational Risk, vol. 5 no. 2, pp. 123-135.
Bluhm, C, Overbeck, L, & Wagner, C 2002, An Introduction to Credit Risk Modeling, Chapman & Hall/CRC, New Jersey, NJ.
Brigo, D, Pallavicini, A, & Torresetti, R 2010, Credit Models and the Crisis: A Journey into CDOs, Copulas, Correlations and dynamic Models, Wiley and Sons, New York.
Cornett, M & Saunders, A 2006, Financial Institutions Management: A Risk Management Approach, 5th Edition, McGraw Hill, New York, NY.
Dale, G & Andreas, A 2008, ‘New Directions in Financial Sector and Sovereign Risk Management’, Journal of Investment Management, vol. 8 no.1, pp.23-38.
Darrell, D & Singleton, K 2003, Credit Risk: Pricing, Measurement, and Management, Princeton University Press, Princeton.
Investment Horizons 2010, Do Managers Do What They Say? (2010), Report by IRRC Institute and Mercer. Web.
Krugman, P 2009, The Return of Depression Economics and the Crisis of 2008, W.W. Norton Company Limited, New York, NY.
Labaton, S 2008, ‘Agency‘s rule: Let the banks pile up new debt, and risk’, The New York Times, pp. 23-24.
Lukomnik, D & Watson, P 2006, The New Capitalists: How Citizen Investors Are Reshaping the Corporate Agenda, Harvard Business School Press, Boston, MA.
Michael, S 2009, ‘Secret Liens and Financial Crisis of 2008’, American Bankruptcy Law Journal, vol. 8 no. 3, pp. 253-267.
Standard Australia 2009, ISO31000:2009: Risk Management- Principles and Guidelines, Word Press, New Zealand.