Risk thinking (described in a recent post) is a pillar of every trading operation that wants to stay afloat. Traders make informed wagers on market movements, buying and selling shares according to expectations of future value. They accept that their predictions will not always be right. They attempt to hedge against being incorrect, to reduce the chances of one bad decision (or even a few bad decisions) completely wiping them out.
Larger investment operations have further formalized this notion into a risk department. This is a team that defines boundary conditions for traders' investments, keeps an eye on potential technical issues, and otherwise steers the bank away from trouble. Their balancing act involves avoiding problems in a way that still lets the bank turn a profit.
(Note that investment operations typically discern between financial risk (matters related to money and credit) and operational risk (the people, technology, and other functions involved). For brevity, I'll put them under the same umbrella here.)
If the trader's job is to imagine the happy outcomes -- making money -- then the risk department's role is to consider those other, less-happy outcomes, then accommodate them before they happen.
In many ways, then, the risk department is the Imagining What Could Go Wrong department.
That last bit is important, because it helps to define what the risk department is not:
It's not the PR department. A public relations team is typically reactive in the wake of a problem. Sure, "send the CEO on an apology tour on the evening news" may be an effective mitigation strategy ... but that's something you prepare ahead of time and in relation to a specific event, not something you cook up in the heat of the moment right after something has gone wrong.
It's not the legal department. The lawyers' job is to prevent problems through the contractual agreements they create. Most contracts aim to completely eliminate the issuer's risk up-front by accounting for Every. Possible. Outcome. Left unchecked, the legal department quickly becomes the Don't Do Anything department.
(To give them their due, good lawyers perform risk mitigation when reviewing others' contracts, as they have to imagine how vague language could leave the door open for trouble. But that's not the same as the Every Possible Outcome camp.)
It's not the "say no to everything department." Anyone can say no to everything. Doing that may protect their job in the short run -- it's hard to get fired for sticking to the status quo -- but in the long run this will hurt. Saying no to everything is a form of the Not Handling/Not Accepting approach that I described in an earlier post: it pushes the risk down the line, so it grows over time, and eventually there is an incident.
It's not the "I Told You So department." Once a problem hits, there's no time to point fingers. Your best bet is to focus on cleaning it up, and then figuring out how to prevent this and similar incidents from happening in the future.
Having a good risk department means you don't have to rely as much on the legal team (to try to completely prevent a mess from happening) or PR (to clean up a mess after the fact). You'll spot potential problems well in advance, such that you can prepare for the impact or avoid them altogether.
Given that, where is the risk department in your company? To whom do you turn to identify potential issues in your operations, business interactions, and finances? If you don't have such a role, then this would be a good time to create it. The sooner you do, the sooner you'll be able identify and handle preventable business disruptions.
(This content is an excerpt of a future project on risk.)
What is Risk?
An introduction to risk.
Handling Risk and the Three Ms
Learning how to handle risk, from the fields that do it well.