The Risky Business of Being A Bank Chief Risk Officer

My column at American Banker this past Friday, “The Riskiest Careers in Financial Services, Finally Rewarded,” included a couple of obvious examples of high risk, high reward for this hot new job title. The largest four US banks have examples of big winners. MF Global and UBS provide recent downside arguments.

It’s difficult for me to imagine a new generation of systemically important financial services company CEOs without strong risk management experience. Independent board members with risk management experience will also be in demand. The current generation of CROs is gaining the experience to lead as CEOs and board members in today’s challenging market and regulatory environment.

Stewart Goldman, a senior client partner at executive search firm Korn/Ferry International, tells me there’s a ”scarcity” of candidates with the ”ideal skill set” to be chief risk officers, so institutions are considering people with a broader range of backgrounds to fill the post.

A Chief Risk Officer who does a good job mitigating risk while optimizing opportunities can now have significant stature and sway. But, conversely, that new prominence gives shareholders, regulators, and the media an easy target for ridicule after a corporate stumble or failure.

I’ve written quite a bit about some additional cases of Chief Risk Officers getting the heave-ho when something goes wrong. These additional examples – all outside of the US – didn’t make it to the American Banker column. It was a case of space as well as an “American” banker focus. But, I wonder out loud if there’s something different going on in Europe – something that forces accountability – or if the executives given the shove-off in Europe were just easy scapegoats.

Société Générale had its own “rogue trader” scandal in January 2008. Société Générale  lost $7 billion in spite of service from dual auditors under French law, Ernst and Young and Deloitte, and myriad policies, procedures, organizations and systems they, theoretically, had in place to manage risk.

However, words alone do not insure sufficient risk management. In 2009 Benoît Ottenwaelter replaced Group Chief Risk Officer Didier Hauguel. Hauguel had served as Group CRO and a member of the Executive Committee and Group Management Committee of Société Générale since 2000.

Paul Moore, HBOS’ former head of regulatory risk and a former KPMG partner told the Treasury Committee of the UK’s Parliament that Sir James Crosby, HBOS former chief executive, fired him after he warned the HBOS board in 2004 about its potentially dangerous “sales culture”. KPMG, external auditors for HBOS, ended up front and center in the 2004 controversy because the audit firm “independently” investigated Moore’s firing at the request of the Board after Moore blew the whistle. KPMG got the job in spite of its long and very lucrative relationship with HBOS management including significant fees for work done for the bank’s bid for Abbey National that same year.

The role of chief risk officer at Anglo Irish Bank, a tough job, has not been filled on a permanent basis since May of 2009. AIB was nationalized by the Irish Government in January 2009. In December AIB lost its second acting chief risk officer in less than a year when Stephen Bell, a PricewaterhouseCoopers Director, announced he was leaving to become Chief Risk Officer at Ulster Bank. AIB had hired PwC to help run the bank. Bell took over from Mary Phibbs, an associate at restructuring firm Alvarez and Marsal, who had been on the job since the previous October.

One interesting additional US example can be found at Countrywide, now ignominiously owned by Bank of America. I wrote about it in January of 2008.

At the end of 2004, Sherry Whitley, then the Executive Vice President of the Enterprise Risk Assessment Group for Countrywide, wrote this article for the Institute of Internal Auditors FSA Times Publication.

Countrywide’s strategic-planning process includes a companywide focus on managing risks.

In the wake of headline-grabbing corporate financial scandals, management and boards of directors of public companies are under intense pressure to increase their involvement in the strategic and operational activities of the companies they oversee. Executives at Countrywide Financial Corporation, a diversified financial services provider, reviewed various ways to provide a more focused, comprehensive approach to help their leadership teams identify and better manage business risk across the organization.Approaching risk with the goal of increasing shareholder value, in mid-2002 Countrywide incorporated comprehensive enterprise risk-management techniques into its leadership strategy, focusing board participation on a more global, disciplined decision-making process than has historically been used in the past.

In 2007, the Institute of Internal Auditors and their Research Foundation, lauded Countrywide’s Risk management initiative.

Countrywide Financial Corporation, the subject of our first case study, has the most comprehensive ERM program we have seen. Readers who want to know how a state-of-the art ERM program operates will see it illustrated through Countrywide’s example.

A writer for Internal Auditor magazine, an IIA publication, wrote in April of 2007 about this model initiative.

The largest independent originator and servicer of mortgage loans in the United States, Countrywide has the most comprehensive ERM program of the organizations in the study. Under the leadership of Senior Managing Director Walter Smiechewicz, Countrywide is currently building Sarbanes-Oxley functionality into an internally developed enterprise risk assessment software application…Countrywide’s Enterprise Risk Assessment division has 45 professionals with risk assessment responsibilities. They are supplemented by 112 internal auditors within the Enterprise Risk Assessment division and the risk management specialists in another division who manage credit and market risk for Countrywide…Enterprise risk assessment at Countrywide has both a bottom-up and top-down governance structure. It has led to a major restructuring of committees from the board level down through operating units. This restructuring has improved the flow of risk information throughout the organization…Countrywide’s program is truly “best practice…”

Things didn’t get any better when Bank of America tried to close the deal on Countrywide. In March of 2008, I reported that Bank of America was staring down a very dark tunnel on Countrywide exposure:

Just who is doing the due diligence for Bank of America on the acquisition?

Countrywide’s Mortgage Woes Deepen
Countrywide Financial Corp.’s mortgage portfolio continues to deteriorate rapidly as defaults increase and home prices fall, a securities filing shows…But if losses on the loans exceed certain levels, Countrywide isn’t reimbursed immediately and may never be reimbursed unless income from the loans outstanding is sufficient to meet obligations to investors in the securities.

Countrywide said the likelihood of such a situation was “deemed remote” until late 2007. It blamed a “sudden deterioration” in the housing market. As a result, it recorded a $704 million loss to cover the estimated costs of its obligations on the lines of credit…A Countrywide computer model used to gauge risks on these securities didn’t take into account the possible effects of exceeding the loss levels that cut off reimbursements, according to a Dec. 28, 2006 internal report reviewed by The Wall Street Journal.

I can’t find any mention of Sherry Whitley, former Executive Vice President of the Enterprise Risk Assessment Group for Countrywide, working at Bank of America or anywhere. Walter Smiechewicz, who implemented Countrywide’s ERM program, moved to Audit Analytics in 2008 and is now Chief Risk Officer at First Niagara Bank in California.