Letters published

Last Updated on Thursday, 06 May 2010 16:32 Thursday, 11 September 2008 14:54

Letters written by Philip Martin and published in the Oprisk and Compliance magazine

  • Operational Risk Management 
  • OpRisk & Compliance Magazine

Operational Risk Management

Recent comments attributed to Robert Rubin, a Director and Chairman of the Executive Committee of Citigroup, reveal much as to how Boards of Directors have looked at Risk Management.   

The media have reported Rubin as holding Citi’s risk management executives as being responsible for the difficulties in which the company now finds itself.  He is reported as saying “the board can’t run the risk book of a company.  The board as a whole is not going to have a granular knowledge [of operations]”. 

It is generally accepted that it is the responsibility of the board of directors of any company to set the risk appetite for the business and to establish the strategies that will be adopted for managing risk across the business.  The board then, quite rightly, provides senior management with the mandate to implement such strategies.  The risk management function is there to assist in the implementation and to monitor and report back to management what is going on. 


The important issue here is that it is for management to act on the information being supplied to them by the risk function.  It is not for risk management to make decisions for management.


For a director of a business such as Citibank to display such ignorance of the way in which risk management works is breathtaking and to attempt to lay the blame at the risk management function is nothing short of scandalous.  I note also that Rubin is reported to have said “the board as a whole…..”, implying that at least some section of the board would have the granular knowledge of operations. 

The three most senior executives of Citigroup serve on its board.  If these individuals had no knowledge of the company’s risk book, it might make one wonder what on earth they are doing in return for their not insubstantial remuneration.  The rest of Citi’s board might, quite rightly, be disappointed in the event such knowledge, if it did exist, was not shared with them. 

This is a shining example to all of the importance for strong governance around the risk management function.  The board must understand clearly that the ultimate responsibility for risk management lies with them and they must be held to account when it fails.  Pillar 2 of Basel II states that “Bank management is responsible forunderstanding the nature and level of risk being taken by the bank and how this risk relates to adequate capital levels”.  This rather flies in the face of Mr Rubin’s reported comments.

Perhaps if greater attention had been paid we would not be in the mess we now are.


OpRisk & Compliance Magazine

The January 2009 edition of OpRisk & Compliance marks the 10th Anniversary of the publication.  On behalf of The Institute of Operational Risk, I would like to offer you our heartfelt congratulations on this achievement. 

It takes great passion, drive and commitment to get a new venture off the ground and to help it grow – not to mention leadership.  I think it is fair to say that OpRisk & Compliance is the leading publication in its field and is a source of market intelligence, education and general reference for operational risk management professionals around the world.  It is a credit to you and your staff, in particular Victoria and David, that you are able to keep the content and look of the magazine fresh and relevant.

All of us at the institute look forward to working with you and your colleagues in the continued promotion of the discipline of operational risk management and we wish you well in this, your anniversary year.


Comments (0)Add Comment
feedSubscribe to this comment's feed

Write comment

busy
< Prev