Working with risk management
‘Risk comes from not knowing what you’re doing.’
So said Warren Buffett. But when it comes to deciding who knows best about enterprise risk, how should a company decide? For some sectors, notably financial services, there might not be much of a choice. Regulators deem it essential that banks and other such organisations have an enterprise risk function separate from other business units, following risk-related scandals like the Barings Bank collapse of the 1990s, when banks began to form risk management departments. But a standalone function was not always a given. The early days of risk management saw the discipline often fall to the legal department, because it was seen as simply a matter of ensuring regulatory compliance, observes Michael Fahey. He is now general counsel at tech company Upside, but also has a background in financial services legal recruitment from his time at RSR Partners. He says that the global financial crisis caused regulators and businesses to see enterprise risk as a broad discipline, extending well beyond legal, and so the independent (and still-maturing) risk function came into its own. Nowadays, banks will have a chief risk officer whose appointment is subject to the approval of the regulator, reporting typically to the CEO or even the board.
