of other people’s risks. Done properly, the good risk – the innovation, the opportunity, the creation – is maximised for everyone’s benefit, and the bad risk – the ruin, the disaster, the catastrophe – is diversified into broadly shared affordable losses. This diversification is not always done properly, unfortunately, but it sometimes is. And whether the finance is done well or badly, it deals with risk, and risk must be managed.
In managing financial risk, you need to distinguish between the risk of the financial product – the stuff that’s bought, repackaged and sold – from the risk of running a financial business.
The distinction between types of risk is easiest to see with the manager of an S&P 500 index fund. The manager doesn’t make judgements about securities, he just promises to take investors’ money and use it to buy the 500 stocks that make up the index. (Investing in an index is slightly more complicated than this, but that doesn’t matter for this example.)
One risk, of course, is whether the S&P 500 basket of stocks goes up or down. However, this risk isn’t to the index fund manager. He sells this risk to his investors. His investors want it. This is like the billion pounds of bills the printing company printed for the government.
The index fund management company has a risk manager. The risk manager doesn’t spend time thinking about how risky the S&P 500 stocks are. That’s not his job. He is, however, concerned with the liquidity of the S&P 500 stocks because the index fund needs to trade in order to honour new subscriptions and redemptions. He worries a lot about valuation because errors may result in underpayments or overpayments. He pays attention to counterparty risks, such as what happens if a dealer fails to honour a trade, a custodian goes suddenly bankrupt or a stock-lending counterparty is unable to return borrowed shares. A host of other risks are present as well. The point is that the risk manager’s concern is that the management company does what it promises – deliver the risk of the S&P 500 to its investors – not whether the risk of the S&P 500 is a good or bad risk.
Investing with a mutual fund company that picks and chooses among stocks in an attempt to beat the S&P 500 is a bit more complicated. Now the company is selling a more complicated risk, a combination of S&P 500 risk plus the risk of the portfolio manager’s outperformance or underperformance. The company’s risk manager has all the concerns of the index company’s risk manager, plus the risk that the portfolio manager’s stock-picking skill isn’t properly represented in the portfolio. This scenario can happen, for example, if the manager makes unintentionally concentrated bets, changes strategy from what the prospectus promises, engages in chasing (doubling bets to offset past losses rather than allocating funds in sober calculation about the future) or window dressing (making trades just before reporting dates so the portfolio looks good in the report) or manages with an eye toward gaining more assets rather than delivering the best possible performance to existing investors. But the risk manager’s job ends with making sure that the fund delivers the manager’s best efforts to beat the S&P 500 within the terms of regulation and the prospectus. Fund investors choose to be exposed to S&P 500 stocks and to the fund manager; the wisdom of this choice isn’t the risk manager’s concern.
With other financial businesses such as dealers, banks and insurance companies, the risk situation is even more complicated. Despite the complexity, you must keep separate the risk that is the company’s product from the risks that the company incurs in buying and selling its product.
Check out Chapter 15 for a discussion of the range of risk.
The modern practice of financial risk management was developed in the late 1980s and early 1990s. It sprang up on prop trading desks, places where traders make financial bets for the benefit of the firm as opposed to executing trades on behalf of customers or for the convenience of customers. At that time, no one outside the prop trading desks knew or cared about these developments.
The 1990s saw the spread of modern financial risk management to all trading businesses of large financial institutions, creating what became known as a middle office between front-office risk takers and back-office support personnel.
✔ Disasters occur when risk managers aren’t sufficiently independent of risk takers.
This idea led to walling off of the middle office so that these risk managers report only to other middle-office risk managers up to the level of the chief risk officer (CRO). The CRO reports directly to the CEO and board. No one in the firm can bypass the chain of command to direct the actions of any middle-office risk manager without going through the CRO.
✔ Every stakeholder needs voluminous reports about every aspect of risk.
This requirement has led to the creation of gigantic back-office risk management organisations that dwarfed the size of middle-office and front-office risk management.
Crunching data in the back office
Most of the available risk jobs are in back-office risk management, compiling reports, building IT (information technology) systems, scrubbing data, checking limits, auditing results and similar functions. Generally, back-office risk people learn their financial risk management on the job. They’re hired for programming or auditing or legal skills or for their general business information skills.
Although back-office jobs lack the pay and glamour of front-office positions, they tend to offer better quality of life, more stable careers and advancement based on doing the job well rather than politics or luck. Back-office risk reporting, for example, tends to be more interesting than other back-office jobs because it stitches together information from all parts of the organisation – everything affects risk. Moreover, risk is about reality rather than abstractions. In my experience, back-office risk offers more opportunity to move to middle- or front-office than other back-office jobs, but in most organisations that opportunity is limited even in the risk department.
Front-office risk management works directly with traders and portfolio managers. This is the best-developed part of risk management. The front office is the place with the highest pay and most day-to-day excitement. It used to be the place that all risk managers got their start – you moved from trader or portfolio manager to front-office risk manager to middle-office risk manager. That’s still the best career path, but is rare these days. Most front-office risk managers start in other front-office roles, and never leave the front office.
Making the most of the middle office
Middle-office risk management is where the overall risk policies and methodologies are set, where front-office risk decisions are aggregated and where back-office risk reports are analysed and interpreted for other departments. The middle office is smaller than either front-office or back-office risk groups. It is, however, my main focus in this book. The reason is that all stakeholders, and in particular all risk managers, have to understand risk from the perspective of the middle office.
