Governance, Risk Management, and Compliance: It Can't Happen to Us—Avoiding Corporate Disaster While Driving Success by Richard M. Steinberg

Did CEOs See It Coming?

So we come back to management and, ultimately, the CEO. As noted, we look first to management to effectively manage risk to the organization, and in the near meltdown the CEOs have paid a high price. In the end, in a number of the world's largest and most prestigious financial institutions—including Citigroup and Merrill Lynch, to name just two— the boards of directors, regulators, and investors ultimately, after the fact, held the CEOs accountable for the major fiascos. Losing tens of billions of dollars and consequently requiring huge capital injections at fire-sale prices certainly qualifies as a major fiasco. At Bear Stearns, not only is the CEO gone, but the once-prestigious firm collapsed into the hands of JP Morgan and no longer exists.

But the reality is that in many such cases, the CEO never saw it coming, for a number of reasons. Let me say first that large company CEOs are among the smartest, most capable people on the planet. But from years of experience working with CEOs of some of the largest companies, I believe perhaps the most relevant underlying cause is that these business leaders truly didn't know the nature or extent of risk their companies were taking on. Worse, they didn't know what they didn't know.

How is that possible? Aren't these companies supposed to have some of the most sophisticated risk-management systems anywhere? We know they deal with ongoing market risk, counterparty risk, liquidity risk, credit risk, operational risk, ...