20 years ago, risk was controlled by small departments in the banks.
As authorities felt they were held hostage by the systemic importance of banks, they introduced requirements to banks to become more solvent. In order to get the behavior of banks under control, many types of reports were also required. From this point in time, the working description of risk departments shifted.
Two new missions were introduced: to prove they had no risks and to assure that they were compliant. This shift has given authorities a feeling of control, however, leaves one important issue unattended: Who is now controlling the risk?
In banks, different type of risks are constantly building and the bubble often pops at an early stage. Regulation has forced banks to work with the capital as a steering mechanism, which is a reactive way of working with the risks.
In other words, you make sure that there is enough money to pay out if the bubble grows larger than you thought. But what about the guys with the needles assuring the bubbles do not grow out of proportion?
The task of “timely popping bubbles” requires an agile risk control function with clear mandates in order to be able to proactively decrease risks. Instead of focusing on the capital to cover losses, a more forward-leaning risk control can be a part of the business.
Some examples where this can be pushed much further than today are e.g. support development of new products with a risk angle, through clearer mandate in M&As and stronger mandates in working with temporary portfolio limitations.
In many countries, this is important right now! With the volume focus from tougher competition, increasing loan to salary ratio in households and stretched market prices and macro data, risks are building.
I say: Reclaim Risk Control!