One of the greatest contributions of risk managers—arguably the single greatest—is just carrying a torch around and providing transparency.
—Chief Risk Officer, interviewed on November 17, 2006
Opinion has a significance proportioned to the sources that sustain it.
—Benjamin Cardozo (1870–1938)
Despite the widespread adoption of enterprise risk management (ERM) in the financial services industry, banks suffered hundreds of billions of dollars of losses during 2007–2008, stemming from risks that few executives had understood (Treasury Committee 2007a, 2007b). Under the shock of the first subprime-related loss disclosures, industry observers raised the question: “Where were the risk managers?” (Bookstaber 2007). In February 2008, a joint study by the Senior Supervisors Group—representatives of eight banking supervisory bodies—noted that, while “some firms recognized the emerging additional risks and took deliberate actions to limit or mitigate them … other firms did not fully recognize the risks in time to mitigate them adequately” (Senior Supervisors Group 2008, 2). The group emphasized significant differences in firms’ approaches to risk management, particularly in the design and scope of risk assessment and reporting practices.
Further, regulators and industry observers continue to call for the appointment of ...