Sunday, May 13, 2012

Red Alert: Operational Risk Quotient...


Operational Risk is in the U.S. news again this past week.  Several prominent CEOs and the Board of Directors are under fire in the United States for failures to comply with documented best practices and governance processes.  The failure to execute these processes for the effective management of Operational Risk has now become a "Red Alert" for organizations in the financial services and banking industry.   The ranks of those tasked with vetting and validating candidates for high profile positions in public companies are also under increased scrutiny.  We should look at these one at a time.  JPMorgan first:

FAIR GAME
At JPMorgan, the Ghost of Dinner Parties Past
By 
Published: May 12, 2012 
WHAT goes around comes around. Sometimes it happens sooner than you’d think.  That round wheel turned on JPMorgan Chase last week, which disclosed that it had suffered a $2 billion trading loss in credit derivatives. That such a hit had befallen the mightiest of banks was perhaps more stunning than the size of the loss. 
So where does the karma come in? The loss, and the embarrassment it held for Jamie Dimon, the bank’s imperious chief executive, came just one month after a private dinner party in Dallas at which he assailed two respected public figures who have pushed for policies that would make banks like JPMorgan smaller and less risky. 
One was Paul Volcker, the former Federal Reserve chairman, whose remedy for risky trading by too-big-to-fail banks is known as the Volcker Rule.


The story is not about losing $2B. USD in trading derivatives.  And as Gretchen Morgenson has stated, we are witnessing a paradox.  The same rules JPMorgan is opposing in regard to proprietary trading could very well be the same rules that could provide a "Red Alert" that a threat is on the horizon.  The cost to the institution is far beyond the loss of the trade in terms of reputation and overall market value.  The credit ratings agencies and the SEC are now moving into place for their respective response to this incident.

Now let us take a look at Yahoo and a CEO who is embroiled in an error on his curriculum vitae:

Exclusive: Yahoo’s Thompson Out; Levinsohn In; Board Settlement With Loeb Nears Completion  Published on May 13, 2012  
by Kara Swisher 
Yahoo’s embattled CEO Scott Thompson (pictured here) is set to step down from his job at the Silicon Valley Internet giant, in what will be dramatic end to a controversy over a fake computer science degree that he had on his bio, according to multiple sources close to the situation. 
The company will apparently say he is leaving for “personal reasons.”  But the evolving crisis — which is just over a week old — centered on his botched resume and how he handled the thorny issue is clearly the key reason for the abrupt leaving.

This Operational Risk loss is a failure of a process that may have been outsourced to an executive recruiting firm or to the Board Director responsible for the vetting and validation of each candidates information.  What is even more compelling to think about are all of the other CEOs that are now losing sleep over night because of the same issue at their own organization.  So where did someone go wrong in this case?  Was it a missed step in the process for hiring or a simple lack of integrity by the CEO himself, Scott Thompson?

This brings us to the convergence of our discussion on Operational Risk Management for both of these incidents.  There are aspects of transparency, governance and finding the truth.  And the truth is, we are all human.  Whether we are trading derivatives to hedge risk or we are vetting the information on a resume, the human factors and behavior associated with the actual risk management tasks themselves are the focus here.  Humans will make mistakes and that is precisely why we need the controls in place, to mitigate the potential for human error, omission and stupidity.

You see, it is the rules that matter in either case that have been ignored, disregarded or as a result of a lack of awareness.  The rule-sets are vital to the effectiveness of risk management whether they are best practices, international standards of conduct or the code of law within a particular jurisdiction.  These rule-sets have been discussed on this blog in the past, back in April of 2008:  Rule-Set Reset and others such as this one in May of 2004 on NYSE Rule 446:

Operational risk focuses on firms' abilities to maintain communications with customers and to retrieve key activity records through their "mission critical systems." Financial risk relates to firms' abilities to continue to generate revenue and to retain or obtain adequate financing and sufficient capital. In this regard, an eroding financial condition could be exacerbated or caused by deterioration in the value of a firm's investments due to the lack of liquidity in the broader market, which would also hinder the ability of the firm's counter-parties to fulfill their obligations. A firm would be expected to periodically assess changes in these exposures, and in the event of a significant business disruption, the firm would consult its plan and take appropriate action contemplated by its plan. Members' and member organizations' procedures should be written and implemented to reflect the interrelationship among these risks.

What rule-sets govern your organization?  Have you created a comprehensive governance map to help you guide yourself as a CEO and the remainder of your company through the maze of ethical, regulatory, legal and even sustainable rules that are before you?  Leadership in any organization whether it is in Silicon Valley, on Wall Street or the US Navy requires a prudent and clear path, to understanding the rules and the map to navigate both securely and safely.  Even with these rules and the map, you can predict that human behavior will intervene and deliver that next surprising blow to your institution.  Now it is just a matter of how often and the magnitude of the event.

Ask yourself:  What is our "Operational Risk Management" Quotient?