Topic: Risk Management and Governance in a Global EnvironmentAssignment must be worded and look exactly like the Annotated Bibliography template provided. The five aricles are provided also.
71
RISK MANAGEMENT LESSONS FROM THE FINANCIAL
CRISIS: A TEXTUAL ANALYSIS OF THE FINANCIAL CRISIS
INQUIRY COMMISSION’S REPORT
Corey J. Fox
Texas State University • San Marcos, TX
ABSTRACT
There have been several retrospective analyses o f the financial crisis. An area
that continues to receive attention is the failure o f risk management in financial firms
at the heart o f the crisis. After the crisis, the United States Government convened
the Financial Crisis Inquiry Commission to explore causes o f the crisis. Their
conclusions have gone largely unexplored, especially in academic research. In this
study, I first examine the comm ission’s report on the crisis identifying several re
appearing themes. An exploratory follow-up analysis looking at financial and non-
financial firms suggests non-financial firms have areas to improve upon compared to
their financial counterparts.
Keywords: Financial crisis; Risk management; Risk management failure; Financial
Crisis Inquiry Commission; FCIC
“ Those who cannot remember the p a st are condemned to repeat it. ”
- George Santayana (Philosopher)
INTRODUCTION
The financial crisis o f 2008 and 2009 was the worst financial disaster to hit
the United States in over seven decades. Organizations o f all types were impacted as
the events in the financial industry rippled throughout the economy. The crisis left
the economy in shambles, dissolved trillions o f dollars in wealth, and left millions
o f people without jobs and homes (Financial Crisis Inquiry Commission [FCIC],
2011). There have been many opinions about what the root causes o f the crisis were
(Jickling, 2009). While some recent research has suggested that excessive investment
in financial products (both ordinary and exotic) were a considerable culprit (e.g.,
Tuckman, 2016; Vo, 2015) there has been much less work focused on the impact
that risk management failures at the managerial level had on failing financial firms
(e.g., Hubbard, 2009).
In 2009, the U.S. Government commissioned a committee to look into the Journal o f Business Strategies
causes o f the financial crisis. This committee, known as the Financial Crisis Inquiry
Commission (FCIC), gathered and analyzed a myriad o f data before putting out a
complete report based upon their extensive analysis, outlining what it believed to be
the main causes o f the crisis. While this report was made public, there has been little
exploration or discussion o f the findings in academic circles (per mention in academic
research papers) especially as it relates to risk management within organizations.
This is unfortunate since the report is built upon a vast amount o f information and
has implications for management practices related to the management o f risk.
As suggested by the quote above from George Santayana, it is thought that
finding a cause(s) can help businesses learn, and hopefully avoid, making the same
(or similar) mistakes in the future. The purpose o f this paper is to look, qualitatively,
at the comm ission’s in-depth report, analyze the passages around risk management
and discuss the implications o f the findings. Additionally, this paper explores
whether financial and non-financial firms have learned from the failures identified in
the commission’s report.
The purpose behind expanding the study beyond just the large financial
firms associated with the crisis, was to assess the degree o f learning (if any) at other
large, visible firms. The organizational learning literature (Huber, 1991; Madsen and
Desai, 2010) has suggested that firms can make adaptations to its business operations
and strategy as a result o f reflections on their own experiences (experiential learning)
or the experiences o f others (vicarious learning). Financial institutions that were at
the center o f the crisis (such as the large financial firms and large regional banks)
should be most likely to have made adaptations post crisis. However, we might also
expect that other large, visible firms would make adaptations due in part to what they
learned from the failings o f these financial firms. However, the changes may be less
pronounced since those firms were further away from the actual learning event.
In doing so, this paper makes three important contributions to the extant
literature in risk management and organization studies. First, this paper adds to
what is currently known about risk management failure, and more specifically risk
management failure during the financial crisis. While much has been made about
the failure o f complex quantitative risk management systems, less is known about
managerial-level failures. Second, this paper synthesizes and condenses a broad
array o f disparate statements in the FCIC report on risk management during the crisis
into a small set o f important risk management issues. These issues are described and
discussed in detail so that managers and organizations (in all industries) can learn
from the mistakes o f these failed institutions. Last, there are prescriptive remedies
given to help companies avoid risk management failures in the future.
73
RESEARCH BACKGROUND
The Commission
Following the financial crisis, the US government convened a commission
known as the Financial Crisis Inquiry Commission (FCIC)', to examine the
causes o f the crisis. The FCIC was commissioned by the Fraud Enforcement and
Recovery Act of 2009 and tasked with conducting a thorough investigation into the
causes of the financial and crisis.2 The commission worked together for over 18
months gathering data from a multitude of sources and conducting interviews with
people involved at various stages and levels o f the crisis. Over that time frame, the
commission scoured over millions of pages o f documents, including the work of
journalists, academics and other published sources. The commission interviewed
more than 700 material ‘witnesses’ and conducted numerous public hearings across
the country in an attempt to learn about what happened. Despite the widely held
belief amongst industry regulators that financial firms were prudent risk managers
with sophisticated financial models who had strong ‘market’ incentives to undertake
sound risk management practices, the risk management systems at these large firms
failed.
Risk management, like strategic management, is a process directed by
the top managers of a firm during strategy formulation (Chapman, 2011). Risk
management is generally described as an iterative, holistic process whereby firms
identify, analyze, strategize, treat and communicate risks (Chapman, 2011; Frame,
2003; Shenkir, Barton and Walker, 2010; Shortreed, 2010). During the financial
crisis, for many financial firms, there was a breakdown in the process. As a result,
the following research questions were explored in this paper:
1) What were the contributing factors that led to fin a n c ia l firm s ’ risk
management failures during the crisis?
2) Post crisis, have firm s (both fin a n c ia l a nd non-financial) learned fro m
these failures?
METHODOLOGY
To explore the research objectives identified, I conducted two studies. In
Study 1, I pursued a textual approach research methodology. The textual approach Journal o f Business Strategies
examines texts to gain insights about events. This research approach has been used
before to make sense o f events surrounding situations o f crisis (e.g. Gephart, 1993).
The purpose o f Study 1 was to examine where the breakdown in risk management
occurred at the large financial institutions who were at the heart o f the crisis. In
Study 2, I pursued an exploratory analysis where four separate types o f firms were
identified - large financial institutions, large regional banks, large non-financial
companies with a dedicated financial services business segment, and large non-
financial companies without a dedicated financial services business. For each group
identified, three representative firms were chosen and a textual analysis o f these
firms’ proxy statements from before and after the crisis was undertaken. The purpose
o f Study 2 was to examine whether financial and non-financial firms had learned
from the failures identified in Study 1.
Study 1
First, I downloaded the entire FCIC report from the FCIC website (cited in
the reference section). To find passages that were about risk management, I searched
the text document for the phrase ‘risk m anage’ which would catch any reference
to risk m anagement or risk manager. I also searched for two other variants o f risk
management by searching for ‘managing risk’ and ‘manage risk.’ In total, there were
roughly 103 instances in the body o f the main report o f 410 pages. A graduate assistant
and I parsed these instances and pulled out the surrounding sentences to create a
list o f passages. O f the 103 passages initially identified, 34 o f the passages (33%)
were identified as containing no substantive or relevant information to address the
research question. Appendix A has several examples o f these passages, all o f which
were excluded from consideration. An additional 30 passages (29%) discussed other
influences o f risk management failures beyond the scope o f this study. For instance,
information about regulators or the institutional environment were outside the
boundary o f the firm and thus subsequently excluded. The remaining 39 passages
(38%) were related to risk management inside the financial firms so were used for
the analysis.
The assistant and I looked for themes in each o f the passages. After initial
analysis and conversations, five sources o f failure emerged. The first category
was classified as Risk Management Process Failures. This category included any
mention o f problems related to risk assessment, risk evaluation and analysis, risk
treatment, or risk communication. This category also included any m ention o f
problems with the firms existing risk management protocols. The second category
75
was classified as Support System Failures (Compensation). This category consisted
o f passages showing failures in the firm ’s compensation system which may have had
an impact on risk behavior. The third category was classified as Resource Allocation
Failures. This category included any passage that described the human or financial
resources allocated to support the risk management function. The fourth category
was called
Top Management Failures. This category focused on failures created by
top management overconfidence and hubris. The fifth and final category was called
Objective Tradeoff Failures. This category consisted o f passages focusing on the
tradeoffs made between risk and financial objectives.
To validate the categories and the correct assignment o f passages to
categories, six undergraduate students, majoring in Finance with a concentration in
Insurance and Risk Management at a large Midwestern university, volunteered to
participate in exchange for extra credit. The students were randomly given between
12 and 14 passages where each passage was evaluated by two students. In addition
to the passage, students were given the category titles and a description o f each
category. In addition to the five categories mentioned above, an Other category
was also included i f the student thought the passage did not belong in any o f the
categories. Each student was instructed to place the passage into the category which
they felt best described the passage. While it is certainly possible that some o f the
categories could indeed be related with one another (for instance, compensation
systems might impact whether a firm focuses on performance metrics or risk
management outcomes), the purpose was to validate the themes surrounding risk
management according to the FCIC report (i.e., what appeared most often). Across
the six volunteers, agreement was obtained ju st over 73% o f the time. There were four
passages in which both students failed to classify the passage according to one o f the
pre-specified categories. These passages were omitted from consideration, leaving
35 total passages. Any remaining passages where at least one student classified the
passage according to the pre-specified categories and another did not, were resolved
through discussion.
R e s u l t s
After the analysis was complete the passages were explored in relation to
the five general themes which had emerged. Below is a discussion o f each general
theme, each o f which is supported with reference to several representative passages
which provided information to identify the theme. Several o f the themes are similar
in nature and could be interpreted as being from relatively similar sources, however Journal o f Business Strategies
an effort was made to try and segment the themes to be as fine-grained as possible.
All of the supporting passages discussed can be found in Appendix A under the
appropriate heading.3
Risk management process failures. The most often mentioned failure
found in the report points to a general failure of the risk management process in
financial firms. The risk management process, according to literature in finance and
strategic management, is generally conceived o f as a holistic approach spanning
the entire organization (e.g., Clarke and Vanna, 1999; Fraser and Simkins, 2010;
Miller, 1998; Miller and Waller, 2003) and has been referred to by various names
like Enterprise (ERM), Integrated (IRM) or Strategic (SRM) risk management. This
process generally includes risk identification, assessment, evaluation, treatment,
review and communication (Chapman, 2011). Passages within the report suggest
that there were breakdowns in each of these areas in addition to using a holistic
approach.
During the financial crisis, firms were still subscribing to the antiquated
‘silo’ approach to risk management. The first general problem was that risks were
being managed independent of one another without much information sharing across
business lines. There is evidence of this shown in Passage 1 where Citigroup’s
risk management function was operating independently along each of its separate
business lines. Employees just steps away from each other, working with similar
risk assets, or risk products which were related, did not know what each other were
doing. Information that was gained from each business line with respect to the risk
assets was being kept away from other sources that could potentially benefit from
such information.
A second area of concern was with the risk identification, assessment,
evaluation and treatment process. For instance, as suggested in Passage 2 & 3, risk
managers were not able to properly identify soft risks. Soft risks are those which
require judgment and are not purely financial in nature. In too many instances,
instead of using judgment, managers were using mathematical models as predictors
for risks. Furthermore, the models being used to determine which risks should be
managed were based on assumptions that were markedly wrong. There was little
evidence of scenario planning in assessing the probabilities and worst case scenarios
for home price declines. Lastly, as evidenced by additional passages, managers were
comfortable using financial hedges as effective treatment strategies since it had the
added benefit of reducing the amount of financial slack the firm had to hold.
A third problem related to risk management processes was risk
communication. Risk communication involves communication and consultation
77
between management and the individuals/departments responsible for implementing
and carrying out the risk management strategy to make it more effective over time
(Chapman, 2011). Prior research has found that having communication links between
the governing parties o f the organization and those in charge o f risk management
can increase efficiency and firm performance (Grace, Leverty, Phillips and Shimpi,
2015). During the crisis it was evident that in some firms, communication between
the management team and the risk management department/team was less than
ideal. In Passage 4 for instance, the executive committee at Lehman Brothers failed
to include the com pany’s C hief Risk Officer in decisions that directly impacted the
risk o f the firm.
Finally, in some cases, the entire risk management process was inadequate
and lacking. In one passage, a consultant hired to examine Bear Steam ’s risk
management process was highly critical suggesting that key elements in the process,
such as risk identification and assessment, were infrequent. He continued that the
risk management function did not have the resources it needed (as discussed in more
detail below) and was o f a low priority to the firm.
Support system failu res (Compensation). One o f the most common systems
for supporting goals and strategic decisions in organizations is the compensation
system. In the management literature, executive compensation is a tool often used to
align management interests with the interests o f the firm’s owners. Scholars in the risk
management arena have similarly concluded that one way to focus m anagement’s
attention on risk management is to align their compensation with risk management
objectives and outcomes (Lam, 2014). Firms must reward risk management behavior
through incentive structures which align good risk management practices with pay.
Indeed, Grace and colleagues (2015) found evidence that firm performance was
enhanced when compensation was aligned with risk management.
There are numerous instances in the report which suggest that several o f
the failed financial firms were not incentivizing good risk management, and instead
were incentivizing more risky, short-term oriented behavior. Passages 5 through
7 highlight this notion. For instance, the head o f the Federal Deposit Insurance
Corporation (FDIC) remarked that incentives favored short-term risk-taking and
profits over long-term risk considerations, sustainability and solvency. Lam (2014)
has suggested that incentivized performance can be problematic for risk management
when incentives are one dimensional — they focus on a single, bottom-line figure.
At the time o f the crisis, financial firms, in particular, tied aggressive pay
packages filled with stock options to the price o f the firm’s stock. In many situations,
the options granted to executives came with accelerated payouts. In 2006, one year Journal o f Business Strategies
before the onset o f the com pany’s demise, Merrill Lynch CEO Stanley O ’Neal made
$91 million. When he walked away from the company as it began its decline he left
with a total consolation package o f $161 million (Farrell and Hansen, 2009). Richard
Fuld, CEO o f Lehman Brothers, was awarded $34 million before he departed. These
kinds o f pay structures, littered with stock options, created incentives to increase the
amount o f risk executives took to improve returns. This included greater leverage
levels and, in some cases (e.g. Frannie and Freddie), fraudulent financial filings.
Indeed, academic research has argued that executives at Bear Steams and Lehman
Brothers in particular, had incentives to take on large amounts o f risk as they had
already pulled out hundreds o f millions o f dollars in options and bonuses prior to the
collapse (Bebchuk, Cohen and Spamann, 2010).
Resource allocation failures. One o f the pre-requisites for successful risk
management is the allocation o f necessary resources to adequately perfonn the job.
Depending upon the size o f the organization and the scope o f the risk management
system (and goals for the system), the two most critical resources are human and
financial capital. Firms need to have staff ready to engage with the risk management
process, and depending upon the risk management strategies developed, the risk
management staff needs the appropriate amount o f capital to execute the strategy.
During the financial crisis, the FCIC report alludes to both elements lacking.
In terms o f inadequate personnel, the auditors o f several o f the failed firms
were critical o f the firms ’ appointed risk managers. This included managers hired
to lead the risk management departments. For instance in Passage 8, the auditors
o f AIG raised concerns about the skill sets o f the top management team (CEO,
CFO and CRO) and managers appointed to the ERM department concerning their
capacity to do the jo b o f managing risk. Also, in Passage 9, the SEC criticized
Bear Steams because their risk management functions lacked expertise in the risky
products they were supposed to manage the risk, and the risk management function
was understaffed.
In addition to personnel, financial resources were also inadequate. Firms
withheld, and sometimes cut, the resources for the risk management departments
to do their jobs. For example, Passage 10 exhibits a willingness by management
to tell the board o f directors at Fannie Mae that risk management had all necessary
resources to act on risk management initiatives. However, the CRO disagreed as his
department saw double digit budget cuts which led to a reduction in head count in
the year leading up to the crisis.
Top management failures. Many o f the failures in risk management
during the crisis can be traced back to failures at the top o f the firm and with each
79
firms’ corporate governance. In the management literature, the upper echelon’s
perspective (Hambrick and Mason, 1984) suggests that firms are a reflection o f its
top management team as well as those in charge o f setting the strategic direction
o f the firm. In the case o f the financial crisis, top management teams were seen
as a major reason why some firms had failed. Indeed, in testimony to the FCIC,
J.P. Morgan CEO Jamie Dimon, one o f the firms that survived the crisis, suggested
that top management teams were to blame for the problems at the failed financial
institutions and nobody else.
Another cause o f risk management failure during the financial crisis was
managerial hubris concerning risk management competencies. Hubris refers to an
extreme level o f pride or overconfidence in o n e ’s se lf and abilities. Hubris has been
associated with a number o f corporate maladies including overpaying for acquisitions
(Hayward and Hambrick, 1997) and corporate social irresponsibility (Tang, Qian,
Chen and Shen, 2014). Related to hubris, the overconfidence bias is the tendency
for a person to have greater subjective confidence in their judgm ent or abilities than
is objectively warranted. In many o f the failed financial firms, the top management
teams were very confident about the effectiveness and adequacies o f their risk
management systems. Numerous CEOs had made mention o f their risk management
competencies even though none had necessarily been tested in remotely turbulent
market environments. For instance, in Passages 4,11 & 12 the CEOs o f Lehman
Brothers, AIG and Merrill Lynch touted their risk management programs, going so
far as to suggest that their risk management programs were strong and a fundamental
component o f their business model.
Two potential reasons are apparent from the report which may have resulted
in executive hubris. First, the resilience o f the big financial institutions to avoid big
losses in prior debacles, like the dot com bubble, led managers and firms to believe
they had robust and successful risk management systems in place. Second, hubris
may have resulted from misplaced overconfidence in the complex mathematical
models used for assessing risk. Financial institutions were lulled into a false sense o f
security as these models would show that financial firms had little to be concerned
about, and which up to that point, had kept the firms safe. In some instances, the
complex models had even given the firm s’ auditors reason to believe that risk had
been reduced or eliminated. As an example, in Passage 13, A IG ’s auditors were
convinced that the firm ’s economic risks were essentially zero. Thus, the models
appeared to have been a contributing factor to executive hubris. Auditors and CEOs
were not alone in their false sense o f security. Regulators and industry experts like
Fed Chairman Greenspan at the time, also believed the sophisticated modeling Journal o f Business Strategies
techniques would protect financial firms from disaster.
One might also consider that while cognitive bias appeared present, the
other themes addressed herein are also the domain o f top managers. Thus, while top
management failures are highlighted as a function o f managerial cognition, the other
elements o f failure are also reflections o f decisions made by members o f the top
management team at the financial firms.
Objective tradeoff failures. The final contributing factor from the analysis
suggests that some Anns were faced with a difficult tradeoff between, what were
framed as, mutually exclusive choices. The firms could either do the right thing
from a risk management perspective or pursue strategies that advanced the goals
and aspirations o f the firm — but not both. For instance, in Passage 14, there is clear
indication that management at some firms, including Fannie Mae, were pursuing
strategies that increased their firm ’s level o f risk while in pursuit o f corporate
objectives but which ran counter to good risk management practices. Additionally,
some objectives and aspirations encompassed by corporate initiatives like growth,
played a role in some decisions by risk management departments to loosen the reign
on risk appetite. As mentioned in Passage 15, Citigroup allowed risk management
departments to approve higher risk limits i f a business line was growing.
Study 1 conclusions. To sum up, the analysis o f the FCIC report seems
to support five areas o f risk management failure during the financial crisis. First,
there were failures in the risk management process and the use o f holistic risk
management models. Second, systems (more specifically, compensation systems)
that should support the risk management process and promote risk management
thinking, were not constructed properly. Third, the necessary human and financial
resources to properly support effective risk management functions were not provided.
Fourth, top management hubris created a false sense o f confidence in the existing
risk management systems. Finally, firms were faced with a false choice between
managing risk properly and achieving the bottom line objectives o f the company. All
o f these issues, combined, led to an environment where risk management was likely
to be less than adequate to deal with the challenges presented by the financial crisis.
Study 2
In study two, I wanted to explore some o f the conclusions o f study one in
more detail and probe whether firms, both in and outside o f the financial industry, had
addressed the shortcomings which led to the failure o f risk management. As such,
study two was an exploratory study - a first step, in assessing pre and post crisis firm
81
behavior. Firms were segmented into four categories, each more removed from the
center o f the crisis. I started by identifying a representative set o f three firms for each
o f the following four categories. The categories and representative firms were: large
financial firms (J.P. Morgan Chase (JPM), Bank o f America (BAC), Wells Fargo
(WFC)), large regional banks (SunTrust Banks (STI), BB&T Corp (BBT), Fifth
Third Bancorp (FITB)), large non-financial firms which had a dedicated financial
services business segment (General Electric (GE), Ford Motor Company (F), Deere
& Co (DE)), and large non-financial firms which did not have a dedicated financial
services business segment (Nike (NKE), Proctor & Gamble (PG), The Coca-Cola
Company (KO)).
For each firm, proxy statements filed before the crisis (2005-2007) and
after the crisis (2010-2012) were pulled from the SEC website. Each o f the proxy
statements was examined using a basic text analysis. I calculated averages for both
sets o f data so that I could get a more accurate picture o f each firm ’s situation before
and after the crisis. In study two, I looked at four things related to study one. First,
related to the use o f a holistic risk management program, I looked at how often
the terms ‘risk m anage,’ or some variant o f ‘manage risk’, were used in the proxy
statement. Second, I looked for evidence that the appropriate human resources
were allocated to risk management by searching for someone with a title who was
designated as someone in charge o f managing risk (e.g., C hief Risk Officer (CRO),
risk executive, or risk manager). Third, related to the focus o f compensation design,
I looked for how prevalent risk and risk management were in a com pany’s discussion
o f executive compensation. Last, I explored the prevalence o f ‘grow th’ and ‘return’
in the proxy statements compared to the use o f the word ‘risk ’ as this may relate to
the trade-off between risk and the firm ’s bottom line. In this last part o f the analysis, I
made sure to only count the word ‘risk’ when it was not in reference to anything risk
management-related. The use o f word counts, as proxies for the level o f importance
o f a theme or idea, has been described in prior qualitative methods research (e.g.,
Carley, 1993; Duriau, Reger, & Pfarrer, 2007) and used in strategic management
research (e.g., Angriawan & Abebe, 2011).
R e s u l t s
In regards to the use o f a holistic risk management process, I searched for
the phrase “risk management” and other variants (e.g., manage risk) to proxy for
the importance o f a formal risk management process. The number o f instances were
counted for each company and the results are displayed in Figure 1. The following Journal o f Business Strategies
observations can be made when looking at the data. First, risk management was
rarely discussed in the proxy documents before the crisis across all types o f firms,
whereas after the crisis, risk management appeared much more frequently. Second,
financial institutions and regional banks - those closest to the crisis, used the phrase
more than non-financial companies (as much as two to four times more). After the
crisis, financial institutions used the term more than any other type o f firm while
non-financial firms without dedicated financial services business segments used
the term the least (on average). This result is consistent with the findings o f the
FCIC that described pre-crisis behavior related to risk management. While after-
crisis behavior regarding risk management seems to have improved, the relatively
infrequent mention o f risk management in non-financial firms is troubling.
With regards to human resource allocation, I searched the proxy statement
for evidence that the firms had a dedicated executive or manager who was responsible
for risk oversight. It was important that risk oversight was governed by someone
within the firm as opposed to a committee on the Board o f Directors. Search terms
such as ‘chief risk,’ ‘risk executive,’ and ‘risk m anager’ were used to capture
titles which designate a position dedicated to risk oversight. Prior work in the risk
management literature have used similar search tenns as proxies for evidence o f
risk management programs and risk management implementation. For instance,
Liebenberg & Floyt (2003) uses the presence/absence o f a C hief Risk Officer (CRO)
as a proxy to identify a Ann’s adoption o f enterprise risk management. Similarly, Hoyt
& Liebenberg (2011) use the CRO as a proxy for risk management implementation.
Along these lines, Beasley and colleagues (2005) identifies the CRO and other high
level risk managers as champions o f risk management, thus suggesting that these
human resources are necessary resources for successful risk management.
The following observation was made from this qualitative search.4 Before the
crisis, two o f the financial institutions and two o f the regional banks had a ch ief risk
officer (although one o f the regional banks only mentions the CRO in 2005 but not
2006 or 2007), while none o f the non-financial companies had one before the crisis.
After the crisis, all o f the financial institutions and regional banks had appointed an
individual as the head o f risk oversight, while only one non-financial company had
done so. However, the non-financial company that appointed a CRO had a finance-
oriented business segment. This result is in-line with the FCIC report in that before
the crisis, most financial firms had not allocated the appropriate human resources to
risk management. Here too it seems troubling that non-financial companies have not
followed in the footsteps o f their financial counterparts and appointed an individual
with a risk designation.
83
The third aspect o f study one examined was the integration o f risk
management outcomes and processes in compensation design. To explore this, each
company’s compensation discussion section in the proxy statement was examined.
O f particular interest was how each company talked about the integration o f risk
processes in setting compensation policies - not simply how much o f a compensation
package was ‘at risk’ but how the compensation package took into account risk
assessment, management and outcomes. The following observation was made
from this qualitative search.5 Before the crisis, most all o f the financial institutions
and regional banks specifically identified how risk was taken into account when
designing compensation while none o f the non-financial companies described in
much detail how risk management was considered in setting compensation. After the
crisis, all o f the financial institutions and regional banks discuss in detail how risk
was considered in setting compensation. For non-financial firms, h a lf o f them discuss
some aspect o f how risk was considered in setting compensation, however only one
does so thoroughly. This result too is in-line with the FCIC report in that firms did a
poor jo b pre-crisis in linking risk management outcomes with compensation design.
The final issue examined from study one was the focus on strategies aimed
to improve the bottom line and which overshadowed sound risk management. To
explore this relationship, I searched for the words ‘grow th’ and ‘return’ in the firm ’s
proxy statements. After getting a count o f these words, a ratio o f how often the word
‘risk’ appeared in relation to these two words was calculated. The ratios are graphed
in Figure 2. As can be seen in the graphs, risk is talked about more than return after
the crisis compared to before. A ratio o f less than one means that the firm talked
about return more than risk. An interesting take-away appears when looking at the
magnitude o f the ratios. For financial institutions and regional banks, four o f the six
firms mention risk over two times more than return after the crisis, with one o f those
firms mentioning risk over four times as much, and one firm mentioning it almost
three times as much. While for non-financial firms, the use o f risk compared to
return increases post crisis; four o f the six firms use risk and return about the same
number o f times while two talk about risk less than return. These results, particularly
for financial firms, appear to be in line with the FCIC report. Almost all o f the firms
focus more on return and growth prior to the crisis than risk.
(2)
G ENERAL D IS C U S S IO N
The purpose o f this study has been twofold. First, I wanted to identity the
contributing factors or risk management failure leading up to, and during, the Journal o f Business Strategies
financial crisis. Drawing upon the FCIC report, five ‘them es’ emerged from the
passages which mention risk management. Second, I wanted to explore, in a very
general sense, the extent to which failures identified at the large financial companies
at the center o f the crisis, had been remedied immediately after the crisis by all types
o f firms, not ju st financial firms.
The analyses uncover several areas for firms to consider as they look to
improve their risk management. These suggestions are aimed largely at non-
financial institutions. The reason being that following the crisis, regulatory bodies
in the U.S. issued a number o f regulations and specific guidance for risk-reporting
aimed at financial institutions and regional banks. For instance, in response to risk
management failures the government passed legislation like the Dodd-Frank Wall
Street Reform and Consumer Protection Act (2010) aimed at reducing future risks to
the financial industry. This legislation was largely aimed at the risk management at
financial institutions, giving oversight authority to the Federal Reserve.
In addition to Dodd-Frank regulations, the SEC approved the Proxy
Disclosure Enhancement (2009) guidelines designed to enhance disclosures about
risk in the firm ’s proxy filings. In the new guidelines, firms are required to make
some reference to compensation design and risk, as well as the role the Board
o f Directors plays in risk oversight. While helpful, the SEC rules do not require
behavioral changes, only the disclosure o f additional infonnation. However, given
the present analysis, it is apparent that financial firms and regional banks have done a
much better job post-crisis in addressing how risk management and risk, in general,
figure into the management o f the firm. These firms appear to be adhering to the new
standards.
While it is clear that financial institutions and regional banks have
addressed the shortcomings o f risk management found during the financial crisis
(likely in response to increased reporting and regulatory requirements), non-
financial companies appear to have several areas which need improvement. While
financial firms seemed to have at least made some aesthetic changes based upon
their experiences (I would hesitate to call it learning without more detailed internal
information about the processes o f the firm), it does not appear that non-financial
companies have learned vicariously from the experiences o f the financial companies.
There are multiple opportunities for non-financial firms to improve upon their risk
management processes, which are addressed below.
85
C o m p e n s a t i o n S y s t e m s
Compensation systems are one area that non-financial firms could improve
in their pursuit o f improved risk management. As suggested by Lam (2014),
incentivized performance becomes problematic when the incentives are focused on
one dimension of firm performance - in many instances, stock price. Furthermore,
incentives became especially problematic for financial firms when those contracts
came with accelerated payout options. These two characteristics, a singular focus
on stock price performance and accelerated payout options, made it difficult for
managers to focus on the long-tenn outcomes o f risk when making decisions. Recent
research has suggested (e.g. Rochette, 2009) and empirically found (e.g. Grace
et ah, 2015) that one way to improve risk management is to tie incentives to risk
management objectives in addition to other outcomes.
For firms seeking to improve the alignment o f their compensation with
risk management, first managers need to identify key performance indicators (KPI)
that will either A) be impacted by the risk management process, or B) be reflective
of success for key risk management activities. Each KPI is developed by first
establishing the performance objective, then identifying the appropriate performance
measure for the objective, and finally, developing the KPI.
Once KPIs have been established, compensation needs to be explicitly linked
to each KPI. As an example, one o f the key risk factors identified by John Deere in its
2010 financial report, which may materially impact the firm’s financial performance,
is stated as “John D eere’s business results depend largely on its ability to develop,
manufacture and market products that meet customer demand. ” As a result, one of
Deere’s performance objectives might be: to have all customers rate their satisfaction
with the quality of Deere products as the best in the industry - this would seem to
substantially reduce the risk that customers are dissatisfied with Deere products. The
performance measure could be: the percentage o f customers that rate Deere products
as highest quality in the industry. The KPI could then be: 90% of customers ranking
Deere as having the highest quality products in the industry each quarter/half-year/
etc. If Deere is hitting this KPI, they in theory, would reduce one of the key risks that
could materially impact their business. The CEO’s compensation would then be tied
to this KPI. (To be clear, this is just an illustrative example using a company that is
highly visible. I am not suggesting that Deere is not using KPIs tied to risk factors
when it comes to designing executive compensation.)
As Lam (2014) has suggested, compensation must not be aligned with simple
measures of return, but with long-term risk-adjusted return hurdles with appropriate Journal o f Business Strategies
vesting periods. Additionally, plans should continue to reward management for
stability, continuity, and comparative performance to incentivize a long-term view
when making decisions involving risk. Also, organizations may consider claw
back policies for compensation when management knowingly engages in harmful
behavior or exceeds the risk appetite o f the firm. Eliminating golden parachutes
and sizeable compensation packages upon termination for poor perfonnance, as a
result o f exceeding pre-specified risk thresholds, may also encourage executives
to act in a responsible way as they consider risk. Lastly, management also needs
to be mindful that their compensation plans, while incorporating the above, still
encourage innovation and capital investment to increase long-term value. This can
be done using risk-adjusted hurdle rates to detennine which projects or strategies are
in-line with the firm’s stated level o f risk tolerance.
Human Resource Allocation
In terms o f resource inadequacies, there are several areas for improvement.
First, managers need to staff the risk management function with human capital
which has the appropriate certifications and qualifications given the business o f the
firm, and second, provide adequate funding for the risk management function to
execute on its risk management strategy. Risk managers should be chosen based
upon their track record, their experience, their knowledge o f the industry and their
knowledge o f the business. As risk management has become more important as
a result o f recent crises, universities are offering more risk management degrees
and professional organizations are offering special certificates for risk management
certifications. For example (at the time o f the writing o f this paper), New York
University offered a Masters Degree in Risk Management in their Global Degree
Department in the business school; John Hopkins University offered a Masters
Degree in ERM; and many other universities (e.g., University o f Connecticut) have
financial risk management programs. Other universities, such as Stanford University,
offer an online program for a Risk Management Certificate through their Center
for Professional Development. Non-university entities like the National Alliance
for Insurance Education and Research also offered a class-based/seminar-based
Certified Risk Management (CRM) program.
In addition to education-based training, many professional organizations
offer certification tests for risk managers in specific functional fields. For example,
the Project Management Institute offers a Risk Management Professional (RMP)
certification test; the American Hospital Association offers a Certified Professional
87
Healthcare Risk Manager (HRM) designation; and the Risk and Insurance
Management Society offers a Certified Risk Management Professional (CRMP)
credential test.
Thus, in theory, these programs should make finding risk management
professionals easier and more cost efficient. Just as you would not have a C hief
Financial Officer without financial or accounting expertise, firms should not have
a C hief Risk Officer without substantive risk management expertise. Ideally,
firms would select risk managers that are educated in the risk management field,
has experience managing risk in the specific functional area, has the appropriate
designation (for instance, a risk manager which is certified as a Healthcare Risk
Manager is probably not the appropriate manager to work as a risk management
professional in a bank), and is credentialed.
F i n a n c i a l R e s o u r c e A l l o c a t i o n
In addition to human capital, firms need to be more diligent about allocating
financial resources to their risk management functions. By having better risk
management systems as mentioned above, identifying the scope o f the risk
management program should be easier for management. With a better understanding
o f the scope o f the risks which need to be treated, managers can make more accurate
budgets. Instead o f taking shots in the dark, managers can develop reasonable and
accurate figures for risk management expenses. In addition to allocating resources
to the risk management function, firms should also build up financial slack buffers
that insulate the firm from risk events. There is considerable evidence that having
cash on hand is not inefficient, but can drive firm value. Kim and Bettis (2014) show
that large cash holdings, beyond what is needed for transactional purposes, have a
positive impact on firm value. Similarly, Deb, David and O ’Brien (2017) found that
cash creates shareholder value when it is used for adapting to uncertainty, such as
by firms operating in competitive, research-intensive or growth-oriented industries.
Thus, the adequate level o f financial resources for risk management is dependent on
the firm, its existing resource position, and industry conditions. While the state o f
financial resource allocation was not examined specifically in this study, future work
should explore this domain.
R is k vs. R e t u r n
Additionally, managers need to align their risk management performance
with their corporate objectives and goals. Managers may want to consider using Journal o f Business Strategies
objectives that are not purely based on financial performance, such as growth and
returns. For instance, S&P has begun to rank firms on their risk management activities.
Depending upon the industry, firms may want to consider pursuing a particular level
o f risk management ranking as a stated year-end objective. If firms want to continue
incorporating financial metrics they could incorporate risk by utilizing risk-adjusted
performance outcomes. Firms may also want to consider developing performance
indicators which address the key risks they disclose in their annual reports (please
see the example above in the Compensation Systems section for an example). A
focus on reducing the key risk indicators could be considered in addition to purely
performance-based measures.
It is important to keep in mind that the suggestions mentioned here are not
exhaustive and are but a few o f the many things management can do to improve
risk management. It is important to remember that risk management should be an
integral part o f a firm’s strategy. Risk management should be incorporated into the
strategy-making process so that it is not subjugate to business objectives, but instead
helps the firm accomplish its long-term goals and objectives.
L im itatio ns a n d F u tu re R esearch
As with all research there are limitations associated with this study. First,
the most obvious is that this study relies on a comm ission’s report which is based
on first-hand accounts o f the events leading to the crisis. Thus, there is no ability to
control for any biases or omissions o f the commission. However, the creation o f the
commission was done in a way which sought to limit this concern from the outset.
The commission was constructed as a bi-partisan effort and was given unprecedented
access to information sources that any researcher studying the crisis will not be able
to collect on their own. Furthermore, while the research presented here is based
on the report o f a single commission, it bears noting that the commission’s work
is the amalgamation o f over 700 first-hand accounts, millions o f pages o f text and
research, and countless hours o f public scrutiny. Nevertheless, this limitation should
be taken into account when interpreting the findings o f this study.
Second, the methodology incorporated in Study 2 o f the current research may
also be considered a limitation. The author purposefully selected a limited sample
o f highly visible and recognizable firms to perform the exploratory analysis. Given
the exploratory nature o f the study, it was not the intent to collect a large number
o f firms and employ econometric analysis. Highly visible firms are typically more
heavily scrutinized by the public than are low visibility firms. The firms that I have
89
chosen, I have reasoned, would be the most susceptible to pressure to improve their
risk management activities following a crisis such as the financial crisis. Investors,
and the public alike, want to know what these large firms are doing to ensure the
safety of investments and the economy in response to what was seen in the financial
industry. Thus, if these firms had not changed their approach to risk management, it
is highly likely that other firms facing less scrutiny would have done so.
Finally, findings o f Study 1 are based solely upon the experiences of financial
companies during the crisis. The conclusions of Study 2 are based upon an analysis
of non-financial companies. As a result, this may represent a threat to the external
validity of the results. The purpose o f applying lessons from financial companies to
non-financial companies was to highlight the clear shortcomings in risk management
at firms’ where risk management is a critical factor in achieving success, and using
this as a platform for all firms to build and learn from in the future. This is similar
to the ‘strategic benchmarking’ concept (Drew, 1997), where firms find examples of
other firms who have capabilities or competencies in a particular area (such as risk
management), and benchmark their own activities in this area versus the activities
of the selected firms that have built those capabilities. In this instance, the financial
firms should have capabilities and competencies in risk management. Non-financial
firms, then, should be able to learn from the strategies and activities (or lack thereof)
of these financial firms. Ultimately however, in choosing the method and a limited
sample, the generalizability of the conclusions reached in this study should be
considered when interpreting the results. Attempts were made to ensure rigor and
validity in both studies, however, stricter protocols for qualitative research could be
argued for.
With respect to future research, there are several avenues to pursue. From
a theoretical perspective, there is still much we do not know about what contributes
to risk management success or failure. Just by looking at the shortcomings of risk
management during the financial crisis there seems to be several management-related
research themes. First, it might be instructive to understand what characteristics of
executives are associated with better or worse risk management. An upper echelons
perspective would be informative in this area, exploring biases, personalities and
other demographic characteristics that may be associated with risk management.
Additionally, research on corporate governance is a natural fit with the risk
management literature. Exploring the impact of board composition, executive
compensation and other governance characteristics on risk management systems
might be infonnative.
From a methodological perspective, future research might focus on more Journal o f Business Strategies
qualitative studies. One o f the avenues mentioned briefly in the present paper is the
role o f risk communication in the risk management process. Perhaps exploring how
executives and risk managers are interacting and communicating can give us more
insight in to why the risk management process can be so difficult for firms. Finally,
future quantitative research could focus on themes touched upon in this study related
to resource allocation, executive compensation and risk management performance.
However, before research on these areas can commence, better measures o f risk
management outcomes are necessary — this too could be an area for theoretical
development.
Finally, I would be remiss to not mention that the items identified in this
paper were occurring against a backdrop that included a very weak institutional
environment. The institutional environment (e.g., Scott and Davis, 2007) as
described in the management literature, provides a backdrop for firm behavior. The
institutional environment embodies both infonnal and formal pressures exerted on
firms by outside influences. The FCIC report consistently mentioned the general
weakness o f the institutional environment before the crisis. This was apparent in two
areas -- weak regulating bodies not promoting best practices in risk management, and
an overreliance on institutionalized practices such as letting firms police themselves.
Whilst a more detailed discussion is beyond the scope o f the current paper, they need
to be mentioned.
CONCLUSION
To conclude, the goal o f this paper was to highlight the shortcomings o f
financial firms’ risk management activities during the financial crisis in the hopes
o f uncovering areas for improvement for all firms regardless o f industry.The
assumption is that risk management failures occur because organizations do not
have (sophisticated) risk management systems in place. This research suggests that
is not entirely true. In the case o f many o f the financial firms that failed, most had
“ sophisticated” risk management systems. To make matters worse, many thought
their systems were strong. The failures o f these institutions help us understand that
while a system might be in place, the system needs to be constructed such that the
fundamental elements like resources, incentives, corporate objectives and managers,
m ust be aligned. While this may seem like a relatively basic idea, it has escaped
many companies.
The FCIC’s report on the financial crisis provides a wealth o f insight and
information. Yet the implications for risk management as a result o f the comm ission’s
91
work has not yet been fully understood. It is easy to look back in hindsight and
point out all of the missteps which occurred. The foresight required to steer clear
of all possible sources o f risk during the crisis was probably outside the grasp of
any human being. Be that as it may, I have identified a number o f failures that were
within the grasp of managers and boards o f directors. Successful risk management
was not impossible. Perhaps after exploring the reasons for failure in more detail,
managers can be more cognizant of these issues in the future.
ENDNOTES
1. The commission was an independent group of individuals, consisting of 10
private citizens that had experience across a number of different fields related to
different aspects o f the crisis (e.g. banking, housing, finance, etc.). The members
of the commission were elected by both parties in Congress to ensure bi-partisan
conclusions (a majority opinion was reached although there were some members
who provided a minority opinion).
2. This article is based upon, to a large extent, information which is contained in the
FCIC’s report. Thus, statistics, quotes, and paraphrased comments not cited directly
in the document are sourced from the FCIC’s report which is cited in the references
section above.
3. The list o f passages presented in Appendix A is not exhaustive, i.e. is not the
complete list o f passages used for the analysis. A complete list of passages can be
obtained from the author.
4. The specific data points are not presented quantitatively in the paper but are
available upon request from the author.
5. See note 4.
REFERENCES
Angriawan, A. & Abebe, M. (2011). Chief Executive Background Characteristics
and Environmental Scanning Emphasis: An Empirical Investigation. Journal o f
Business Strategies, 28(1), 1-22.
Beasley, M., Clune, R. & Flennanson, D. (2005). Enterprise Risk Management: An
Empirical Analysis o f Factors Associated with the Extent of Implementation.
Journal o f Accounting and Public Policy, 24, 521-531.
Bebchuk, L., Cohen, A., & Spamann, H. (2010). The Wages of Failure: Executive
Compensation at Bear Steams and Lehman 2000-2008. Yale Journal o f
Regulation, 27, 257-265. Journal o f Business Strategies
Carley, K. (1993). Coding Choices for Textual Analysis: A Comparison o f Content
Analysis and Map Analysis. In P. Marsden (Editor), Sociological Methodology
(pp. 75-126). Oxford: Blackwell.
Chapman, R. (2011). Simple Tools and Techniques f o r Enterprise Risk Management.
New York: West Sussex, UK: John Wiley and Sons, Ltd.
Clarke, C. & Varma, S. (1999). Strategic Risk Management: The New Competitive
Edge. Long Range Planning, 32(4), 414-424.
Deb, P., David, P., & O ’Brien, J. (2017). When is Cash Good or Bad for Firm
Performance? Strategic M anagement Journal, 38(2), 436-454.
Drew, S. (1997). From Knowledge to Action: The Impact o f Benchmarking on
Organizational Performance. Long Range Planning, 30(3), 427-441.
Duriau, V., Reger, R., & Pfarrer, M. (2007). A Content Analysis o f the Content
Analysis Literature in Organization Studies. Organizational Research Methods,
10(1), 5-34.
Farrell, G., &Hansen, B. (2008, April 9). Stock May Fall but Execs’ Pay D oesn’t.
USA Today. Retrieved from http://usatoday30.usatoday.com/money/companies/
management/2008-04-09-ceo-pay_N.htm
Financial Crisis Inquiry Commission. (2011). The Financial Crisis Inquiry Report:
Final Report o f the National Commission on the Causes o f the Financial and
Economic Crisis in the United States.Washington, D.C.: U.S. Government
Printing Office. (Available from https://fcic.law.stanford.edu)
Frame, J. (2003). Managing R isk in Organizations. San Francisco: Jossey-Bass.
Fraser, J. & Simkins, B. (2010). Enterprise Risk Management: An Introduction
and Overview. In J. Fraser & B. Simkins (Eds), Enterprise Risk Management:
Today’s Leading Research and Best Practices f o r Tomorrow s Executives (pp.
3-17). Hoboken, NJ: John Wiley and Sons.
Gephart, R. (1993). The Textual Approach: Risk and Blame in Disaster Sensemaking.
Academy o f Management Journal, 36(6), 1465-1514.
Grace, M., Leverty, J., Phillips, R., & Shimpi, P. (2015). The Value o f Investing in
Enterprise Risk Management. The Journal o f R isk and Insurance, 82(2), 289-
316.
Hambrick, D. & Mason, P. (1984). Upper echelons: The Organization as a Reflection
o f its Top Managers. Academy o f Management Review, 9(2), 193-206.
Hayward, M. & Hambrick, D. (1997). Explaining the Premiums Paid for Large
Acquisitions: Evidence o f CEO Hubris. Administrative Science Quarterly,
42(1), 103-127.
93
Hoyt, R. & Liebenberg, A. (2011). The value o f Enterprise Risk Management. The
Journal o f Risk a nd Insurance, 78(4), 795-822.
Hubbard, D. (2009). The Failure o f Risk Management: Why it's Broken a nd How to
Fix it. Hoboken, NJ: John Wiley and Sons.
Huber, G. (1991). Organizational Learning: The Contributing Processes and the
Literatures. Organization Science, 2(1), 88-115.
Jickling, M. (2009). Causes o f the Financial Crisis (R40173). Washington, DC:
Congressional Research Service. Retrieved from: http://digitalcommons.ilr.
comell.edu/key_workplace/600
Kim, C. & Bettis, R. (2014). Cash is Surprisingly Valuable as a Strategic Asset.
Strategic Management Jo u rn a l 35(13), 2053-2063.
Lam, J. (2014). Enterprise Risk Management: From Incentives to Controls. John
Wiley and Sons.
Liebenberg, A. & Hoyt, R. (2003). The Determinants ofEnterprise Risk Management:
Evidence from the Appointment o f C hief Risk Officers. R isk Management and
Insurance Review, 6(1), 37-52.
Madsen, P. & Desai, V. (2010). Failing to Learn? The Effects o f Failure and Success
on Organizational Learning in the Global Orbital Launch Vehicle Industry.
Academy o f Management Journal, 53(3), 451-476.
Miller, K. (1998). Economic Exposure and Integrated Risk Management. Strategic
Management Journal, 19, 497-514.
Miller, K. & Waller, H. (2003). Scenarios, Real Options and Integrated Risk
Management. Long Range Planning, 36, 93-107.
Rochette, M. (2009). From Risk Management to ERM. Journal o f R isk Management
in Financial Institutions, 2(4), 394-408.
Scott, R. & Davis, G. (2007). Organizations and Organizing: Rational, Natural and
Open System Perspectives. Upper Saddle River, NJ: Pearson Prentice Hall.
Shenkir, W., Barton, T., & Walker, P. (2010). Enterprise Risk Management. In J.
Fraser & B. Simkins (Eds), Enterprise Risk Management: Today’s Leading
Research and Best Practices f o r Tomorrow s Executives (pg. 441 -463).Hoboken,
NJ: John Wiley and Sons.
Shortreed, J. (2010). ERM Frameworks. In J. Fraser and B. Simkins (Editors),
Enterprise Risk Management: Today s Leading Research an d Best Practices f o r
Tomorrow’s Executives (pg. 97-123). Hoboken, NJ: John Wiley and Sons.
Tang, Y., Qian, C., Chen, G. & Shen, R. (2014). How CEO Hubris Affects Corporate
Social (Ir)Responsibility. Strategic Management Journal, 36(9), 1338-1357. Journal o f Business Strategies
Tuckman, B. (2016). Derivatives: Understanding Their Usefulness and Their Role in
the Financial Crisis. Journal o f Applied Corporate Finance, 28(1), 62-71.
Vo, L. (2015). Lessons From the 2008 Global Financial Crisis: Imprudent Risk
Management and Miscalculated Regulation. Journal o f Management Sciences,
2(1), 205-222.
BIOGRAPHICAL SKETCH OF AUTHOR
Corey J. Fox is an Assistant Professor o f Management in the McCoy College
o f Business at Texas State University. He received his PhD in Business Administration
from Oklahoma State University. His current research focuses on issues related to
risk and risk management in organizations, corporate resource allocation decisions,
and corporate citizenship. His work has been published in such outlets as the Journal
o f Managerial Issues and Strategic Organization.
95
Appendix A
Example Passages
N o S u b sta n tiv e In fo rm a tio n
Doing so required research into broad and som etim es arcane subjects, such as m ortgage lending and
securitization, derivatives, corporate governance, and risk m anagement. To bring these subjects out o f the realm
o f the abstract, we conducted case study investigations o f specific financial firms— and in m any cases specific
facets o f these institutions— that played pivotal roles. (FCIC: XII)
JP M organ reported that large pension funds and some sm aller A sian central banks were reducing their exposures
to Lehman, as well as to Merrill Lynch. A nd Citigroup requested a $3 to $5 billion “com fort deposit” to cover its
exposure to Lehman, settling later for $2 billion. In an internal mem o, Thomas Fontana, the head o f risk
m anagem ent in C itigroup’s global financial institutions group, wrote that “loss o f confidence [in Lehman] is
huge at the m om ent.” (FCIC: 3281
G eithner would ask E. G erald Corrigan, the Goldman Sachs executive and form er N ew York Fed president who
had co-chaired the Counterparty Risk M anagem ent Policy Group report, to form an industry group to advise on
inform ation needed from a troubled investm ent bank. fFCIC: 3291
R isk M a n a g e m e n t P rocess F ailu res
Passage 1:
(Murray) Barnes (the Citigroup ris k officer assigned to the CDO business) told the FCIC that C itigroup’s risk
m anagem ent tended to be managed along business lines, noting that he w as only two offices aw ay from his
colleague w ho covered the securitization business and yet didn’t understand the nuances o f w hat was happening
to the underlying loans. (FCIC: 262)
P assage 2:
Financial institutions and credit rating agencies em braced m athem atical m odels as reliable predictors o f risks,
replacing judgm ent in too many instances. Too often, risk m anagem ent becam e risk justification. (FCIC- XIX)
Passage 3:
C itigroup’s risk m anagem ent function was simply not very concerned about housing m arket risks. According to
0Charles) Prince, {David) Bushnell (the C h ie f R isk Officer) and others told him, in effect, ‘Gosh, housing prices
would have to go down 30% nationwide for us to hav e....problem s,’ and that has never happened since the
D epression.’ Housing prices would be down much less than 30% when Citigroup began having problems because
o f write-downs and the liquidity puts it had written. (FCIC: 262)
Passage 4:
Although the firm had proclaim ed that “R isk M anagem ent is at the very core o f L ehm an’s business m odel,” the
E xecutive Com m ittee simply left its risk officer, M adelyn Antoncic, out o f the loop when it made this investm ent
(FCIC: 177)
S u p p o r t S ystem (C o m p en sa tio n ) F ailu res
Passage 5:
She (F D IC Chairperson Sheila B lair) concluded, “ The crisis has shown that m ost financial institution
com pensation system s were not properly linked to risk m anagement. Form ula- driven com pensation allows high
short-term profits to be translated into generous bonus paym ents, w ithout regard to any longer-term risks ”
(FCIC: 64)
P assage 6:
T he Com m ission concludes that some large investm ent banks, bank holding com panies, and insurance
com panies, including M errill Lynch, Citigroup, and AIG, experienced m assive losses related to the subprime
m ortgage m arket because o f significant failures o f corporate governance, including risk m anagement. Executive
and em ployee com pensation systems at these institutions disproportionally rew arded short-term risk taking
(FCIC: 279)
Passage 7:
L eh m an ’s failure resulted in part from significant problem s in its corporate governance, including risk
m anagement, exacerbated b y com pensation to its executives and traders that was based predom inantly on short
term profits. (FCIC: 343)
♦Portions in parentheses and italics have been added for context while bold font has been added to highlight the term
‘risk m anagem ent’ Journal o f Business Strategies
R eso u rce A llo c a tio n F ailu res
P a s s a g e 8:
I n th e m e e tin g w ith ( R o b e rt) W illu m s ta d (th e c h a ir m a n o f A I G ' s b o a r d o f d irec to rs) , th e a u d ito rs w e r e b ro a d ly
c r itic a l o f (M a rtin ) S u lliv a n (C E O o f A I G ) ; (S te v e n ) B e n s in g e r (C F O o f A I G ) , w h o m th e y d e e m e d u n a b le to
c o m p e n sa te f o r S u ll iv a n ’s w e a k n e s se s; a n d (R o b e rt) L e w is ( C h i e f R i s k O ffic e r a t A I G ) , w h o m ig h t n o t h a v e “th e
sk ill se ts ” to ru n a n e n te rp ris e -w id e r is k m a n a g e m e n t d e p a r tm e n t. (F C IC : 2 7 3 )
P a s s a g e 9:
T h e S E C ’s in s p e c to r g e n e r a l la te r c r itic iz e d t h e r e g u la to rs , w r iti n g t h a t t h e y d id n o t p u s h B e a r to r e d u c e le v e ra g e
o r “m a k e a n y e ffo r ts to lim it B e a r S te a m s ’ m o r t g a g e sec u ritie s c o n c e n tr a tio n ,” d e sp ite “ a w a r e [ n e s s] th a t r isk
m a n a g e m e n t o f m o r t g a g e s a t B e a r S te a m s h a d n u m e ro u s s h o rtc o m in g s , in c lu d in g la c k o f e x p e r tis e b y r is k
m a n a g e r s in m o rtg a g e b a c k e d s e c u ritie s ” a n d “ p e r s is te n t u n d e rs ta f fin g ; a p ro x im ity o f r i s k m a n a g e r s to tra d e rs
s u g g e s tin g a l a c k o f in d e p e n d e n c e ; tu r n o v e r o f k e y p e r s o n n e l d u r in g tim e s o f cris is; a n d t h e in a b ility o r
u n w illin g n e s s to u p d a te m o d e ls t o r e fle c t c h a n g i n g c ir c u m s ta n c e s .” (F C IC : 2 8 3 )
P a s s a g e 10:
M a n a g e m e n t t o l d t h e b o a r d t h a t F a n n i e ’s r is k m a n a g e m e n t f u n c tio n h a d a ll th e n e c e s s a r y m e a n s a n d b u d g e t to
a c t o n th e p la n . C h i e f R is k O f f i c e r D a lla v e c c h ia d id n o t a g re e, e sp e c ia lly in lig h t o f a p la n n e d 16% c u t in h is
b u d g e t. I n a J u l y 16, 2 0 0 7 , e m a il t o C E O M u d d , D a lla v e c c h ia w ro te th a t h e w a s v e r y u p s e t t h a t h e h a d to h e a r at
th e b o a r d m e e tin g t h a t F a n n ie h a d th e “ w ill a n d t h e m o n e y t o c h a n g e o u r c u ltu re a n d s u p p o rt ta k in g m o r e c re d it
r is k ,” g iv e n t h e p r o p o s e d b u d g e t c u t f o r h is d e p a r tm e n t in 2 0 0 8 a fte r a 2 5 % re d u c tio n in h e a d c o u n t i n 2 0 0 7 .
(F C IC : 182)
T op M a n a g e m e n t F ailu res
P a s s a g e 11:
O n D e c e m b e r 5 th ...S u lliv a n b o a ste d o n a n o th e r c o n fe re n c e c all a b o u t A I G ’s r is k m a n a g e m e n t s y ste m s a n d t h e
c o m p a n y ’s o v e rs ig h t o f th e s u b p rim e e x p o su r e: “ T h e r i s k w e h a v e t a k e n in t h e U .S . r e s id e n tia l h o u s in g s e c to r is
s u p p o rte d b y s o u n d a n a l y s is a n d a r is k m a n a g e m e n t s t r u c t u r e . . . .w e b e lie v e th e p ro b a b ility th a t it w ill su sta in
a n e c o n o m ic lo ss is c lo se to z e r o ...W e a re c o n f id e n t in o u r m a rk s a n d re a s o n a b le n e s s o f o u r v a lu a tio n m e th o d s."
(F C I C : 2 7 2 )
P a s sa g e 12:
M e r r i l l ’s th e n - C F O J e f fre y E d w a rd s in d ic a te d th a t th e c o m p a n y ’s r e s u lts w o u ld n o t b e h u r t b y th e d is lo c a tio n in
th e s u b p rim e m a rk e t, b e c a u s e “re v e n u e s f r o m s u b p rim e m o r t g a g e - r e la te d a c t iv itie s c o m p ris e [d ] le s s th a n 1% o f
o u r n e t re v e n u e s ” o v e r th e p a s t fiv e q u a rte rs , a n d b e c a u s e M e r r i l l ’s “r is k m a n a g e m e n t c a p a b ilit ie s are b e tte r
t h a n e v er, a n d c r u c ia l to o u r su cc e ss in n a v ig a tin g t u r b u l e n t m a r k e ts .” (F C IC : 2 5 8 )
P a s s a g e 13:
T h e c o m p a n y ’s a u d ito rs , P r ic e w a te r h o u s e C o o p e r s (P w C ), w h o w e r e a p p a r e n t ly a lso n o t a w a r e o f t h e c o lla te r a l
re q u ir e m e n ts , c o n c l u d e d th a t “ th e r is k o f d e f a u lt o n [ A I G ’s] p o r tf o lio h a s b e e n e ffe c tiv e ly re m o v e d a n d a s a
r e s u lt fr o m a r isk m a n a g e m e n t p e r s p e c tiv e , th e re a re n o s u b sta n tiv e e c o n o m ic ris k s in th e p o r tf o lio a n d a s a
r e s u l t t h e f a ir v a lu e o f th e lia b ility s tre a m o n th e s e p o s itio n s f r o m a r isk m a n a g e m e n t p e r s p e c tiv e c o u ld
r e a s o n a b ly b e c o n s id e r e d to b e z e r o .” (F C IC : 2 6 7 )
O b je c tiv e T r a d e o ff F ailures
P a s s a g e 14:
“ P la n s to m e e t m a r k e t sh a r e ta r g e ts re s u lte d i n s tr a te g ie s to in c re a s e p u r c h a s e s o f h ig h e r r is k p ro d u c ts , c r e a tin g a
c o n flic t b e tw e e n p r u d e n t c r e d it r i s k m a n a g e m e n t a n d c o rp o ra te b u s in e s s o b je c tiv e s ,” th e F e d e r a l Ffousing
F in a n c e A g e n c y (th e s u c c e s s o r to th e O ffice o f F e d e ra l H o u s i n g E n t e r p r is e O v e rsig h t) w o u ld w r ite in S e p te m b e r
2 0 0 8 o n t h e e v e o f th e g o v e rn m e n t ta k e o v e r o f F a n n ie M ae . (F C IC : 179)
P a s s a g e 15:
( M u rra y ) B a r n e s ’s (C itig r o u p r is k o ffic e r a s s ig n e d to th e C D O b u s in es s ) d e c i s io n to in c re a s e th e C D O r is k lim its
w a s a n n ro v e d b v h is s u p er io r, E lle n D u k e . B a m e s a n d D u k e re p o r te d to D a v id B u sh n e ll, th e c h i e f ris k o ffice r.
B u s h n e ll— w h o m (C h u c k ) P r in c e (o n e -tim e C E O a t C itig ro u p ) c a l le d “th e b e s t r i s k m a n a g e r o n W a l l S tr e e t”—
t o l d th e F C IC t h a t h e d id n o t r e m e m b e r s p e c ific a lly a p p r o v in g th e in c re a se b u t th a t, i n g e n er al, th e r is k
m a n a g e m e n t fu n c tio n d id a p p ro v e h ig h e r r i s k lim its w h e n a b u s in e s s lin e w a s g ro w in g . H e d e s c r ib e d a “ firm -
w id e in itia tiv e ” to in c re a se C i tig r o u p ’s s tr u c tu r e d p r o d u c ts b u s in e s s . (F C IC : 2 6 1 )
Volume 35, N u m ber 1
97
Figure 1
Risk Management Counts
Risk Management Counts Before vs. After Crisis
■ Before Crisis
After Crisis
Figure 2
Risk/Return Ratios
JPMBACWFC STI BBTFITB GE F DE NKE PG KO
Companies (by ticker symbol)■ Before Crisis
After Crisis Copyright
ofJournal ofBusiness Strategies isthe property ofGibson D.Lewis Center for
Business
&Economic Development anditscontent maynotbecopied oremailed tomultiple
sites
orposted toalistserv without thecopyright holder'sexpresswrittenpermission.
However,
usersmayprint, download, oremail articles forindividual use.