Richard Steinberg 270004HRBG firstname.lastname@example.org | | Tags:  global cro mf risk | 0 Comments | 1,016 Visits
A recent Congressional hearing on MF Global has shed more light on how well the company did, or didn’t, handle its risk management responsibilities. A couple of weeks ago the House Financial Service Committee’s oversight panel heard testimony from the firm’s chief risk officers. As CRO, Michael Roseman in 2010 raised concerns about the firm’s European Sovereign debt positions, reportedly clashing with top executives but in any event seeing to it that the board of directors was informed of what was going on. (For more on this, you can look back to my December 15 posting.) Then in early 2011 MF Global hired a new chief risk officer, Michael Stockman, who like CEO Jon Corzine was a former Goldman guy. One Congressman reportedly said it appeared “Stockman was hired to tell Mr. Corzine what he wanted to hear,” and another called him a “yes man.” Whether that’s fair or not is debatable, though one wonders why the change of CROs was made in the first place. In defense, Stockman said that for the first several months of his tenure he believed the firm’s “risk profile associated with the company’s European sovereign debt position was acceptable in light of then-prevailing market conditions,” but “as credit markets deteriorated in the summer of 2011, I came to the view that it would be prudent for the company to mitigate the increased risks.” Whether his initial assessment was justified and whether he pushed hard and timely enough with management and the board certainly is questionable.
Fascinating here is what was said by the Congressmen doing the questioning, reportedly saying to Stockman that it was up to the chief risk officer to “rein in their bosses risk taking.” If that indeed was said, then it shows a sad lack of understanding of what a chief risk officer’s role truly is. In highly summarized form, if the role is structured well, the CRO is responsible for establishing a process within the organization where managers timely identify, analyze, and manage risk, with communications systems in place to ensure appropriate upstream reporting. The reporting element is critical, not only within the organizational infrastructure but also going to the very top. The CRO needs to be sure top management and ultimately the board of directors are fully apprised of significant risks. And if management refuses to inform the board, then the CRO has to do it him/herself. CRO Roseman seems to have made sure the board was apprised.
A CRO’s job is not easy, especially when a company takes on what can only be deemed unusually high risk positions. The CRO needs to be sure the risks are identified, analyzed and reported, which seems to be the case here. The board was apprised of the risks when Roseman was CRO, and we’re told the directors considered the risks and acquiesced. A board of course should probe deeply enough to truly understand the risks and surrounding circumstances. If those actions occurred, and the CRO was convinced the board had sufficient understanding and insight, then he has done his job – which does not, as the Congressmen asserted, include the CRO himself reining in the risks.
No doubt more insights will emerge and the picture of what happened will become clearer. Investigators might even find out what happened to the more than $1 billion (one estimate is as high as $1.6 billion) of “missing” customer money, and whether internal controls were faulty or overridden as the firm was about to go under. In any event, it’s important that the different roles of a CEO, CRO and board be fully understood. The CRO does not and cannot be responsible for the ultimate actions of a CEO and board of directors. The CRO’s role includes seeing that top management and the board understand the risks and make well-informed judgments. And yes, those judgments may ultimately prove to be bad, or even fatal as was the case with MF Global.