Adam Litke is the Head of Enterprise Risk Services for Bloomberg. He is responsible for developing Bloomberg’s strategy around risk models and software.  Prior to this Adam was the head of Market Risk for the Securities and Investment Group of Wells Fargo and head of Market Risk for Wachovia where he managed market risk activities including quantitative risk management, counterparty risk modeling and direct management of market risk. Before that Adam worked for Barclays Bank, PLC as the head of Market Risk in the Americas and head of Market Risk for Global Financing.  Adam also served as the Global Head of Market Risk for Swiss Re Financial Products, and spent several years in various management roles with BNP Paribas.

Adam is a trustee of the Georgia State University Risk Management Foundation and is a former advisory board member for the GSU masters program in mathematical risk management.  He is also a past chairman of the Market Risk Program Committee for the New York Chapter of PRMIA.

Christopher Skroupa: Are firms today embracing risk management as a source of shareholder value? Or has this been overwhelmed by the effort of responding to regulatory change?

Adam Litke: I think this very much depends on whether we are talking about buy side firms or sell side firms.  The buy side of a firm has been steadily improving their risk functions because they believe it adds value for their customers.  While there has been some regulatory pressure, especially in Europe with AIFMD and UCITS, the requirements are such that they can be used to enhance internal processes as well.  The sell side is different.  Everyone I speak to who is in risk at a large bank is inundated with regulatory work.  Endless hours are being spent on figuring out how to comply with real time risk monitoring requirements that are not written into any regulation but that regulators now insist upon as proper governance.  This is especially bad in the US where Volcker compliance is front and center.  BCBS 239 (Basel Committee on Banking Supervision’s “Principles for Effective Risk Data Aggregation and Risk Reporting”) has also become a major issue as it is forcing firms to re-think the connections between models used in their risk systems and models used on the trading desk.  None of this is necessarily bad, but the sheer amount of IT work has, at least temporarily, taken the lion’s share of resources.

Skroupa: How can firms use data governance improvements to enhance their risk management practice? Why should practices like Bcbs239 compliance be more than a “box-ticking” exercise, an exercise that ensures all requirements for an activity or process are performed?

Litke: One of the largest and longest standing problems of risk management is obtaining timely, complete and consistent data about positions when they are scattered over multiple businesses and systems.  In the past, many firms have been reticent to take on the task of cleaning up their data because of the high project cost and the significant chance of product failure.  I know of many projects from the mid 2000’s that were all budgeted in the $250 million dollar range.  I had personally estimated a project failure rate of 70% but when I discussed this with people from consulting firms who had been brought in to help firms fix projects, most people I spoke to felt that failures were more like 85%.  A major reason for this was that these were data and IT projects and didn’t involve properly understanding the business processes around this data.

Now firms face a choice.  They can put a massive reconciliation process in place to ensure that they know what is missing and what their data provenance is or they can take a step back and change their work flow.  If they do the former, they will be able to prove that their data is consistent but they will not have improved usability.  If they do the latter and actually create a proper service architecture for their data, then they will be able to use the data to answer real business questions.

Skroupa: With overwhelming amounts of data being produced by risk functions, how can boards cut through the clutter and make sense of findings?

Litke: Boards need two kinds of information and two sources.  From the information side they need key risk indicators and a story.  From a source perspective they need information from the business and information from the risk department.  Because of the sheer volume of data, they will never be able to dig in to everything. The story tells them what is important to look at.  The statistics let them check consistency, and the same is true of information sources.  If the risk department doesn’t tell the same story as the business then there is a problem.  I was involved with one firm that epitomized this problem. At every board meeting the CEO would present numbers and a story to the board about how well the company was doing and how profitable they were going to be at the next quarter.  Each quarter there was some new problem that hurt revenue. When the board spoke to the CFO (this firm was too small to have a CRO) they found out that he had been complaining about the problems but that word was not reaching the board.  In addition, since the CEO controlled the information that was presented, when he wanted to hide problems he simply changed the key risk indicators.  Two simple things would have prevented this problem:  forcing a consistent format for reports and speaking to the CFO in private.

If you solve the governance problem, then you can concentrate on the story.  The data is important as backup but boards are not day-to-day managers.  They need the ability to drill down when they ask questions, but in general they can’t focus on anything but the big picture.  They just need to make sure that the picture is in focus.

Skroupa: What are some ways ethics can be effectively integrated into corporate risk management, and what are some of the obstacles?

Litke: The easiest way to integrate ethics into a company is to ensure there is regular enforcement for small breaches.  Very few employees start out intending to act unethically but when they do so and face no consequences, the problem grows.  Most companies do a decent job of providing training in ethics but they don’t do anything about follow up.  At most, it is a single “check the box” item on an annual review. You can’t risk manage something unless you observe and measure it. Management needs systems to track behavior (even if it is based on qualitative judgment) and there need to be real penalties for acting in a bad manner.  For example, it is the rare sales person who is penalized for making too much money on a deal.

People need to ask why things happened and not just what happened. This is difficult.  Nobody likes post mortems and they certainly don’t like them when there isn’t a loss.  However, most lapses don’t necessarily result in a loss, so they will never be caught unless you track ordinary times. Take the banks currently paying large fines for activities ranging from FX market rigging to tax avoidance in Switzerland.  In all of these cases people had to look the other way or actively encourage this activity for it to go on for so long and at such a large scale.  It is not simply a matter of educating management.  You have to force people to explain how their business works and how they are making money. Ethics isn’t going to show up in a P&L (Profit and Loss Statement) until it is too late, but hints that something is wrong will show up, either in the story or in inconsistencies between the story and the data that supposedly backs it up.

Serhat Cicekoglu, Director of Loyola University Chicago, Quinlan School of Business, Center for Risk Management adds: “The volume and variety of data, and velocity with which it travels, is becoming increasingly challenging to process and comprehend unless the right business workflows are defined and analytics are developed. These can then present insights of what’s occurring in the field at the execution and the governance level. Without support of this type of infrastructure, it’s easy to manipulate perception of reality, as was seen in the recent financial crisis, while also being difficult to determine whether there’s an ethical issue at the same time. As explained by Mr. Litke, executive boards don’t have time or knowledge about the details of the day-to-day execution. But they must trust the information and insight that they are receiving. The first step towards attaining that trust is to understand how the company makes decisions. Boards should spend time developing an understanding of these rules before they can objectively judge a company’s performance and leaders.”

On March 20th, 2015, Loyola University Chicago will host, “New Legal and Regulatory Terrain for ERM: Outlook for Companies and Risk Managers.” Continue the discussion with Adam Litke, Serhat Cicekoglu, Director of Quinlan’s Center for Risk Management and a select group of risk managers, risk consultants, academics and legal experts. To inquire about attending, contact