GARP in Flux
It has been an awkward twelve months for the Global Association of Risk Professionals. When I last reported on GARP in April 2001, it counted over 15,000 members in 80 countries and had started transforming itself from a virtual organization with only a website (no offices and no employees) to one with paid staff in offices in both London and New York, a brand-new publication, GARP Risk Review, and paid memberships. Its explosive three year growth into the world’s largest risk management organization certainly warranted changes.
The changes caused nothing but trouble. Rumors and emails started last summer, leading to disagreements with its founders, resignations of first one CEO and then a second, and the wholesale flight of many regional directors. The principal issue was whether GARP should be a profit-making or nonprofit organization. Apparently it has a separate division in London that organized its profitable conferences in 2000, 2001, and 2002. Making the transition from the virtual organization, originally created by its founders, Lev Borodovsky in New York and Marc Lore in London, to the new form proved to be more difficult than anticipated. Lack of communication with members accentuated the problems and most of us were left wondering what had become of GARP.
The apparent vacuum created competition. A new “replacement” organization was announced on the Internet in January of this year. PRMIA, the Professional Risk Managers’ International Association, appears to be a clone of GARP, offering “free” memberships and corporate sponsorships. It has named a “Blue Ribbon” panel, headed by Robert Mark, of Black Diamond, a consultancy, plus seven other luminaries to oversee the creation of bylaws and a permanent Board of Directors. It reports chapters in 25 cities. The Chair of its interim Board is David Koenig, of US Bancorp Piper Jaffrey, in Minneapolis and he has been joined by Nawal Roy, of Deutsche Bank, New York, and Darren Langer, Perpetual Investments, Sydney. Its website (www.prmia.org) will provide further information as this group develops. I have some misgivings: PRMIA starts out without membership funding, depending on “others” to pay the bills. That was GARP’s flaw.
To investigate this turmoil, I attended the Third Annual GARP Conference at the Roosevelt Hotel in New York City, in mid-February. David Shimko, of Risk Capital Management Partners, announced at the opening session that a “letter of intent” has been signed with GARP’s founders to permit the creation of a new structure under a new management team. An interim Board will start the transition process. Its members include Robert Jarrow, of Cornell University, Charles Smithson, executive director of the International Association of Credit Risk Managers and also with Rutter Associates, Peter Tufano, of Harvard Business School, Donald van Deventer, of Kamakura Corporation, Bill Martin, of Invesco, in London, the 2001 Risk Manager of the Year, and Glenn Labhart, of Dynegy, the 2002 Risk Manager of the Year. Others will be asked to join this board. GARP plans to develop a new code of conduct, professional standards and practices and become a member-owned and directed organization. It will continue its “FRM” (Financial Risk Manager) exams and certification. Its objectives are to “maintain the highest standards of professionalism” and to “represent and serve the industry well.” More on GARP’s plan for change can be found at its website - www.garp.com.
GARP starts with a strong base. According to Rebecca Pieri, its acting COO in London, it has over 5,000 paid members and 17,000 “associate” (non-paying) members throughout the world. Despite the dissension, GARP grew in 2001!
I will be watching both GARP and PRMIA closely as they makes their transitions in the coming months. Do we really need two competing groups? Couldn’t they come together again? These are the key questions.
If either or both are to succeed, two conditions are critical. First, these organizations must be transparent and nonprofit, run by and on behalf of their members, with limited support from vendors. Long-term credibility demands no less. Second, both must make a real effort to reach out to other risk management organizations, something lacking in the past few years. PRMIA has a representative from the Risk Management Association (formerly Robert Morris Associates) on its panel. That’s a start. But the growing risk management discipline needs a new and continuing two-way dialogue among other groups such as the Institute of Internal Auditors, the Society of Risk Analysis, the Risk & Insurance Management Society (and its global counterparts), the Institute of Risk Management (London), contingency planning organizations, governments, and the academic institutions teaching various forms of risk management. For the past eight years, I’ve advocated this dialogue, perhaps too stridently and with little success. Interaction is necessary but I see few results. That’s a waste!
Whatever the organizational turmoil, its 2002 GARP Conference was another outstanding event. Last year’s session drew over 500 representatives of financial institutions to downtown New York. This year the count was over 350 from 40 countries (260 paid registrants, 64 speakers and more than 40 exhibitors). In two days, the conference had five plenary sessions, including an inaugural address by William Rutledge, of the Federal Reserve Bank of New York, and 50 workshops, arranged in four major tracks: market risk, credit risk, operational risk, and energy risk/asset-liability management. Documentation was provided for almost all the presentations at the start, allowing registrants to derive some value from the workshops that they had to miss. Best of all, these sessions were presented in large measure by practitioners. Of 63 speakers, 42 (66%) came from banks and financial institutions. Only 17 were vendors and 4 were academics. That stands in stark contrast to most other risk management conferences that I have attended over the past thirty years. But missing in the audience were representatives of other risk management sub-disciplines. Attendees came almost entirely from financial institutions.
GARP 2002 had two dominant themes. The developing Basel Accords for bank capital allocations were explicitly mentioned in more than half of the plenary presentations and workshops. They are on everyone’s mind. Even though the final accords are not scheduled for implementation until late 2004 or early 2005, their effect on the risk management of financial institutions is extraordinary. I suspect that, in time, Basel will filter through to non-financial organizations as well, forcing changes in capital allocation for credit, market and operational risks, in risk assessment techniques, in regulatory methods and techniques of supervision, and in increased transparency of not only financial statements but also organizational risks and responses. Basel will be as important to the growth of risk management as the new governance requirements coming from Canada, Germany, Australasia, Europe and the US. For more information see www.bis.org.
The second theme was implicit. “Enron” was not mentioned in the title of any presentation but it received mention in almost all the workshops and speeches that I attended. Its fallout affects everyone. It is causing serious re-assessments of auditing, financing, and reporting. Public confidence is seriously shaken and this will lead to major changes in how organizations do business.
I also noted a disturbing trend toward treating the word “risk” in only a negative sense, as something to be avoided. I heard “risk and reward” and “risk and opportunity” too many times. Is it that the insurance and safety practitioners are beginning to convince the financial quants that risk does not involve reward and benefits? I hope not.
In my earlier reviews of GARP Conferences (see RMR April 2001 and March 2000), I complained about the relative unintelligibility of much of the quantitative materials on market and credit risk management, at least to my mathematically-challenged mind. I deliberately avoided most of the market and credit units this year (attending only one), but I still found a disappointing plethora of abstruse terms (the disease is catching!) such as jump processes, granularity, semi-parametric approaches, advanced Heston frameworks, conditional Value-at-Risk, and multivariate stress scenarios. And how about using Greeks within small intervals, a copula based on correlated Gaussians, geometric Brownian motion, asymptotic convergence, feasible discretization, and GARCH volatility. I’m sure that these terms are perfectly understandable to the cognoscenti but they elude me and, I suspect, the general public! It illustrates again my point that communication is the weakest link in the risk management process.
William Rutledge, of the New York Federal Reserve Bank sounded the right opening note: “Sound risk management must be an integral part of all management.” This idea echoed in many other papers. I report on six, under the headings of challenging ideas, strategic risk management and operational risk management.
First, challenging ideas. Hedging against unexpected weather conditions, be they catastrophic (hurricanes; tornadoes; extreme drought) or simply out of the ordinary, is hardly new. More than 37 years ago, I dabbled with the idea of snow insurance for ski areas (with little success!). Lynda Clemmons, of Element Re, an XL Capital subsidiary, provided a clear and succinct description of current financing tools for weather risks, ranging from derivatives to insurance. The demand comes primarily from the more developed world and is being met by financial partners such as banks, insurance companies, fund managers and derivatives markets. Buyers who cannot use derivatives (see SFAS 133) can now find insurers willing to offer their underwriting capacity. Ms. Clemmons also referred us to the new website of the Weather Risk Management Association - www.wrma.org. Here’s another group to bring into global discussions.
Creating a market for trading greenhouse gas emissions from industry is another idea that is not new. Last year Richard Sandor, the Chairman of the Chicago Climate Exchange, described the idea behind such a market. This year he reported on the start-up of his exchange with financial and intellectual support from energy companies, industry, service providers, forest product companies, a group of interested parties such as the nature Conservancy and Ducks Unlimited, and two municipalities, Chicago and Mexico City. The Exchange (CCX) is a “voluntary pilot greenhouse gas trading program targeting emission sources and offset projects in the Upper Midwest, with limited offset projects in Brazil.” CCX plans to start small and, if successful, clone itself elsewhere. Its target is to achieve an overall reduction in emissions from 1999 levels, as a market-driven “expression of self-responsibility.” This is an idea worth watching and I look forward to Richard Sandor’s update in 2003.
Strategic risk management, echoing William Rutledge’s comment, was the focus of two other speakers. Michael Ong, the EVP and Chief Risk Officer for Credit Agricole Indosuez, during a the first day panel, argued that “uncertainty is an incentive for wealth.” We are often startled by what appears to be “unprecedented” (the 100 year flood; Nick Leeson at Barings; the Enron melt-down), but in reality most new events are “unprecedented” simply because of the world’s dramatic growth and change. Ong offered one refreshing comment: “the financial industry is loaded with hot air.” But isn’t that true of most industries? The next morning, Paul Hogan, FleetBoston Financial’s Vice Chair and Chief Risk Officer, continued these themes with an overview on the history of risk management (a “new paradigm”), its cultural environment, and “how to get there from here.” His four requirements for a holistic approach to the discipline are fast becoming conventional wisdom: (1) Understanding risk within the context of business goals, (2) Establishing a risk strategy, (3) Creating management and line buy-in, and (4) Setting up a holistic risk organization. His description of the current cultural environment was thoughtful: our latent bias toward taking, not avoiding, risk; increasing capital flows; changes that spell both opportunity or decline; the lack of sympathy of stakeholders for mistakes; and, finally, the US propensity toward litigation to redress grievances. To Hogan, these conditions mean big upside and even bigger downside potentials! He anticipates that the risk management discipline will evolve from its initial role of control, through process (its current interpretation) to focus on strategy. He interspersed his remarks with brief and challenging quotes from Keynes, von Clausewitz and The Economist, almost like a Zen master dropping koans, those inexplicable contradictions that are supposed to create eventual enlightenment. The FleetBoston risk management function employs some 800 people around the world, with an annual budget of $100 million. Internal Audit remains separate and apart from RM, preserving its independence, according to Hogan.
Finally, operational risk received increased attention this year, accounting for twelve of the 50 sessions. Leading off again was Doug Hoffman, of Operational Risk Advisors and author of Managing Operational Risk (John Wiley & Sons, Inc., New York, 2002 - to be reviewed in RMR next month). He suggested that “Waiting for Basel,” as for Godot, might well be a primer for “inaction, procrastination, confusion and skepticism,” a regression toward compliance management. Hoffman described the fork in the road facing risk managers. One path leads to a regulatory risk measurement and compliance function. The other, which he encourages, leads to an initiative that will bring new value to the organization through the identification of upside opportunities, the anticipation of new operational risks, and a concomitant reduction of downside potentials. Like Paul Hogan, Hoffman suggested six “building blocks” (and twenty related strategies) for a new framework:
His conclusion: “True enterprise-wide operational risk management is a new discipline with the goal of enhancing management performance through the early identification of quality and control opportunities and avoidance of business disruption and losses.” Damien Stansfield, the Operational Risk Director, Business Banking, at London’s Barclays Bank, described how an operational risk framework was implemented in his bank. His goal is to “embed” risk management habits in the business, leading to safeguarding shareholder value, protecting brand and reputation, helping the business achieve objectives, and driving best practices. While the original idea was put forth in the early 1990s, Barclays executive management demanded a fresh design at the turn of the century, resulting in design completion in only two months. How did Barclays do this? It was generated internally. As Stansfield remarked, “do not underestimate your own organizational capabilities.” That, to me, is a refreshing thought in this day and age when we are encouraged almost automatically to turn to external advisors for help! The Barclays program remains a work-in-progress awaiting the addition of such tools as key risk indicators, control diaries, groupwide loss databases and groupwide action monitoring.
The operational risk management program at JP MorganChase concludes this report. Joe Sabatini, its Managing Director, Head of Operational Risk, diagnosed some reasons for the fresh focus on this form of risk. The challenge to do everything “better, faster, cheaper” is a result of competitive pressures, shareholder expectations, a new complexity in operations, and changes in regulatory focus. Financial institutions that first focused on their credit and market risks have only recently discovered the magnitude of their operational risks, requiring new quantitative and qualitative measurements and responses. Sabatini listed the possible benefits and failures when building a capital framework that is relevant to the business units. A successful framework is risk-based, forward-looking, owned by the businesses, related to incentives, assigns accountability and is integrated with governance. A failing framework is overly complex, assigns blame, creates residual capital, is inconsistent with other risks, is owned by a staff function, and focuses only on regulatory requirements.
Sabatini’s conclusions summarize the entire two day GARP 2002 Conference:
I said it last year and I repeat it: the GARP annual conferences deliver excellent value for invested time.
Copyright H. Felix Kloman and Seawrack Press, Inc.
to RMR Table of Contents
RiskINFO Home Page
Additional Topics This Month and Archives