10/18/2009 11:46 PM
Our post on October 15, 2009 on glass boxes versus black boxes has prompted a lot of feedback. Three loyal readers provide feedback today on the danger of black boxes in risk management, why they’ve persisted as long as they have, and how risk management fits in.
Our first reader to comment on the issue of black boxes, glass boxes and the role of the risk manager is someone we’ll call BTDT for “been there, done that.” BTDT’s thoughtful comments go as follows:
“It is not that people should feel sorry for risk managers, but I think we need some reflection on the profession of risk managers, on what we should expect from the role and what actions we should take to make the role less skewed against us (I have a friend that constantly tells me to explain him why somebody smart would ever take a CRO role).
“I see risk managers in two broad classes:
“1. the ‘risk control’ set. Typically these have names like Dr. Doom and Gloom, Dr. No, and so on. They are usually introverted, looking at the business from the outside, picking at problems. They are not liked by the business people, barely accepted by senior management, usually a constant source of tension in the company (i.e. you dread inviting them to a meeting, or seeing their emails). There are advantages: they have a very successful batting average, they usually point out the right issues, they are sometimes short of solutions, but other people can come up with solutions when confronted (i.e. when the CEO or a senior executive sides, even if without great conviction, with Mr. No) with the issues. Because of the large batting average and because of legal implications in discounting their opinion, these risk managers are present in most institutions, they do not flourish, but at the end of the day they get by and they are not denied a promotion (although they won't be in the first or second wave of their peers in getting a promotion).
“2. the "value added" set. These guys are business friendly, usually have been traders or business people in the recent past or in a past career, usually well received in a company, have a lot of credibility at the Senior Managing Director and Executive Vice President level, although not they are liked by traders, salespeople or Managing Director level management. They are great at outlining solutions to reduce risk without forgiving profits, if they are outspoken about a problem they usually are listened to, they are not confrontational as much as group 1 above. Batting average: lower than group 1 above, because to some extent this group goes native, it drinks the kool-aid, maybe not a lot of it, but they drink from the fountain. They tend to side with business much more than group 1 above, and eventually something goes wrong (it is the law of large numbers) and then the Board or CEO all worry what the risk manager did wrong (the business is off the hook, it is the fault of the risk manager if the loss was not prevented), now all the sudden they would have liked the risk manager to be the Dr. No person. Internal reputation may take a hit or, depending on the issues, a fatal career hit.
“Assuming broad agreement on the two classes of people, which one is more successful for a company, and which one is a good model for the future of risk management?
“The regulators are looking for group 1, and the Board should be (but they are not, I submit) looking for group 1. This may take the risk profession down the path of independent auditors, a very respectable profession. The downside: not well paid, relatively low on the totem pole in the company, not much opportunity to switch careers, and limited lifetime compensation
“Companies are looking for group 2: see J.P Morgan or Goldman Sachs models. The Chief Risk Officers are not risk professionals (in the sense that there are not coming up from the risk organization); many of the newly named CROs come from long standing business experience. They are credible within the company, and they could, and probably would, one day run one of the major businesses in a company, perhaps even be the promoted to CEO. These CROs would probably have a lot of type 1 risk managers among their staff. One would need the right balance between the type 1 managers that would avoid the large, embarrassing losses (these people are hugely risk adverse) and the type 2 people that would help make good decisions but that open the door to losses, as they like to take some risk.
Going from BTDT’s comments back to the CDOs versus grocery risk issue, Charles Prince was essentially acting as his own “Type 2” chief risk officer who was willing to facilitate the CDO business without any visibility as to what was in the CDO “black box.” If there were type 1 risk officers within Citi, their names are known only to insiders.
The next comment came from a loyal reader we call the Wizard. Commenting on the use of black boxes in finance, the Wizard notes:
“A CFA charter holder, who, by professional ethical standards, is unable to make investment recommendations without a reasonable basis, would be best not to rely on a black-box to make those recommendations.”
As we noted in an earlier blog, the CFA Institute describes its mission like this:
"CFA Institute is the global, not-for-profit association of investment professionals that awards the CFA and CIPM designations. We promote the highest ethical standards and offer a range of educational opportunities online and around the world." It goes on to say "We have more than 90,000 voting members and 136 societies worldwide. All agree to abide by our Code of Ethics and Standards of Professional Conduct."
The Wizard has honed in on this statement from the Code of Ethics and Standards of Professional Conduct:
"INVESTMENT ANALYSIS, RECOMMENDATIONS, AND ACTION
A. Diligence and Reasonable Basis. Members and Candidates must:
- Exercise diligence, independence, and thoroughness in analyzing investments, making investment recommendations, and taking investment actions.
- Have a reasonable and adequate basis, supported by appropriate research and investigation, for any investment analysis, recommendation, or action."
An earlier e-mail from the Wizard noted, "Interesting that word 'must.' For this reason, I have never recommended hedge funds for my employer's use since I don't understand them." The Wizard’s comments on black boxes continue:
“Black boxes tend to be very quantitative. There are many investment professionals and some risk managers who are not very quantitative. Many of them prefer to take the position "just show me the answer (coming from the black box) and I can tell if it makes sense. I know the market." Basically, don't bore me with the details. Once again, the obvious answer is to "Ask an Actuary". We love quant stuff and understanding what models do and don't do and can ask if the models assumptions apply to the current situation.”
“Some management likes things to be simple. Simplify. Simplify. It does not matter if a particular business is complex, simplify. Simplification of understanding has its risks and as you state, some CEOs and their companies, have paid the price.”
As we noted in the October 15, 2009 blog, at least one senior Citigroup executive thought that former CEO Charles Prince didn’t know the difference between a CDO and a grocery list. Wall Street loves the buy side investor who thinks “simple is better even when simple is wrong.” Much to Charles Prince’s surprise, his “sell side” firm became a “buy side” firm when his own line officers stuffed the bank with CDO tranches they couldn’t sell for a gain.
Our last reader we call NG2 for “no guts, no glory.” He commented on the issue of whether the chief financial officer should resign when it becomes apparent that the Wizard’s “keep it simple” CEO is going to drive the firm over the CDO cliff, all the while thinking that the CDO is no more harmful than a grocery list:
“With respect to the last set of comments on the blog on resigning: this is the route I took when the opportunity presented itself. My conclusion at this stage is that it makes very little difference if eventually the company has significant problems - if you resign you are a bit better off. What people remember is that you were with a company that got in trouble, not that you resigned after a short tenure. And you can't go out and [publicly] blast why you resigned - when companies have material losses, independent from your seniority in the company, there are always legal proceedings. I haven't had one conversation where people patted me in the back for leaving, or appreciated that I left. All conversations are the other way around: ‘explain why you were not responsible for what happened (which takes you back to the issues around legal aspects, you can't disclose what is not in the public domain).’”
What NG2 is saying is that resigning is necessary but not sufficient to protect your reputation and future earning power as a respected risk manager—one has to resign early enough so that there is no one thinking you were still on the bridge of the Titanic when it hit that iceberg. If one waits too long, the reputational damage can stem from the logical conclusion that you must have not been that uncomfortable with what was doing on or you wouldn’t have stayed. People tend to assume that you weren’t thinking “I can’t quit because I need the money.”
Few people have the courage and opportunity to vote with their feet early on when it becomes apparent that the Titanic has been steered toward the ice fields. What we have learned in the current crisis is that the reputational damage from being a CEO or CRO at a failed firm is very, very hard to shake off. The good thing about that outcome is that it gives risk managers a bigger incentive to act as BTDT’s “Type 1” risk manager and to live up to the ethical standards that the CFA Institute requires. Let’s hope that lesson is remembered for a long time.
Many thanks to BTDT, the Wizard and NG2 for their thoughtful comments.
Donald R. van Deventer
Honolulu, October 19, 2009