or underperformance. The company’s risk manager has all the concerns of the index company’s risk manager, plus the risk that the portfolio manager’s stock-picking skill isn’t properly represented in the portfolio. This scenario can happen, for example, if the manager makes unintentionally concentrated bets, changes strategy from what the prospectus promises, engages in chasing (doubling bets to offset past losses rather than allocating funds in sober calculation about the future) or window dressing (making trades just before reporting dates so the portfolio looks good in the report) or manages with an eye toward gaining more assets rather than delivering the best possible performance to existing investors. But the risk manager’s job ends with making sure that the fund delivers the manager’s best efforts to beat the S&P 500 within the terms of regulation and the prospectus. Fund investors choose to be exposed to S&P 500 stocks and to the fund manager; the wisdom of this choice isn’t the risk manager’s concern.
With other financial businesses such as dealers, banks and insurance companies, the risk situation is even more complicated. Despite the complexity, you must keep separate the risk that is the company’s product from the risks that the company incurs in buying and selling its product.
Check out Chapter 15 for a discussion of the range of risk.
The modern practice of financial risk management was developed in the late 1980s and early 1990s. It sprang up on prop trading desks, places where traders make financial bets for the benefit of the firm as opposed to executing trades on behalf of customers or for the convenience of customers. At that time, no one outside the prop trading desks knew or cared about these developments.
The 1990s saw the spread of modern financial risk management to all trading businesses of large financial institutions, creating what became known as a middle office between front-office risk takers and back-office support personnel.
✔ Disasters occur when risk managers aren’t sufficiently independent of risk takers.
This idea led to walling off of the middle office so that these risk managers report only to other middle-office risk managers up to the level of the chief risk officer (CRO). The CRO reports directly to the CEO and board. No one in the firm can bypass the chain of command to direct the actions of any middle-office risk manager without going through the CRO.
✔ Every stakeholder needs voluminous reports about every aspect of risk.
This requirement has led to the creation of gigantic back-office risk management organisations that dwarfed the size of middle-office and front-office risk management.
Crunching data in the back office
Most of the available risk jobs are in back-office risk management, compiling reports, building IT (information technology) systems, scrubbing data, checking limits, auditing results and similar functions. Generally, back-office risk people learn their financial risk management on the job. They’re hired for programming or auditing or legal skills or for their general business information skills.
Although back-office jobs lack the pay and glamour of front-office positions, they tend to offer better quality of life, more stable careers and advancement based on doing the job well rather than politics or luck. Back-office risk reporting, for example, tends to be more interesting than other back-office jobs because it stitches together information from all parts of the organisation – everything affects risk. Moreover, risk is about reality rather than abstractions. In my experience, back-office risk offers more opportunity to move to middle- or front-office than other back-office jobs, but in most organisations that opportunity is limited even in the risk department.
Front-office risk management works directly with traders and portfolio managers. This is the best-developed part of risk management. The front office is the place with the highest pay and most day-to-day excitement. It used to be the place that all risk managers got their start – you moved from trader or portfolio manager to front-office risk manager to middle-office risk manager. That’s still the best career path, but is rare these days. Most front-office risk managers start in other front-office roles, and never leave the front office.
Making the most of the middle office
Middle-office risk management is where the overall risk policies and methodologies are set, where front-office risk decisions are aggregated and where back-office risk reports are analysed and interpreted for other departments. The middle office is smaller than either front-office or back-office risk groups. It is, however, my main focus in this book. The reason is that all stakeholders, and in particular all risk managers, have to understand risk from the perspective of the middle office.
Communicating Risk
I’m often asked what the most important job of a risk manager is. The answer is simple but unexpected to most people: The risk manager’s most crucial task is to communicate a single vision of risk to all stakeholders: equity holders, creditors, customers, executives, regulators, employees, trading counterparties – everyone. It’s nice if that single vision happens to be accurate, but unfortunately you can only do your best in that respect. What you can promise is that the vision is the same for everyone.
Suppose that an entrepreneur lays out a proposed project. A lot of people take a look, and most have no interest. But some people are optimistic enough to lend money for the venture. Others are even more optimistic and are willing to put money in for a share of any profits after the lenders are paid. Some people want to work in the project for salary, or for equity options. Some people want to sign up to be suppliers to the project, or customers of it. The government probably gets into the act with various regulatory and tax interests. These people disagree by necessity; otherwise they would all be vying for the same role.
How do you keep the process honest? That is, how do you prevent the entrepreneur from telling creditors that the project will be run for maximum safety of repayment, telling the equity buyers that the project will be run for maximum upside, and the government that it will be run for social benefit? How do you prevent the owner from promising the same money to employees, suppliers and customers?
If you knew exactly how the project would turn out, an accountant could audit the projected books to make sure that each dollar went to exactly one place. However, given that many future scenarios are possible, that solution isn’t practical. Instead of an accountant, you need a risk manager to lay out the range of possible futures in a form that balances simplicity (so stakeholders can understand it) with detail (so it captures the important contingencies and decisions). Each stakeholder makes an informed decision to participate based on a consistent promise of how the project will be run.
Of course, the actual outcome of the project will differ from all the risk manager’s projections, perhaps in crucial ways. Some stakeholders may prosper while others suffer. After the fact, it’s impossible to say whether the outcomes were fair or not. However, as long as everyone had the same risk information going in and as long as the project was run consistent with the promises made, then the responsibility for any gain or loss rests with the stakeholders’ choices, and is fair in that sense. (I talk about communication in Chapter 18.)
This isn’t to say that communication is the only duty of a financial risk manager. You can do things to make