Working with risk management
Can in-house lawyers effectively manage enterprise risk? GC investigates.
‘Risk comes from not knowing what you’re doing.’
So said Warren Buffett. But when it comes to deciding who knows best about enterprise risk, how should a company decide? For some sectors, notably financial services, there might not be much of a choice. Regulators deem it essential that banks and other such organisations have an enterprise risk function separate from other business units, following risk-related scandals like the Barings Bank collapse of the 1990s, when banks began to form risk management departments. But a standalone function was not always a given. The early days of risk management saw the discipline often fall to the legal department, because it was seen as simply a matter of ensuring regulatory compliance, observes Michael Fahey. He is now general counsel at tech company Upside, but also has a background in financial services legal recruitment from his time at RSR Partners. He says that the global financial crisis caused regulators and businesses to see enterprise risk as a broad discipline, extending well beyond legal, and so the independent (and still-maturing) risk function came into its own. Nowadays, banks will have a chief risk officer whose appointment is subject to the approval of the regulator, reporting typically to the CEO or even the board.
