Looking for a broad perspective of recent world financial events as they relate to risk management? We asked Joe Restoule, president of the Risk and Insurance Management Society Inc. (RIMS), Marie-Gemma Dequae, president of the Federation of European Risk Management Associations (FERMA), John Hurrell, chief executive of the Association of Insurance and Risk Managers (AIRMIC), and Paul Hopkin, technical director of AIRMIC, what lessons their members could learn from the crisis. Here’s what they had to say.

ONE: What does the financial crisis mean for risk management?
Marie-Gemma Dequae: It’s interesting that the financial institutions that have collapsed or are still in trouble have been focused on risk management through Basel II and Sarbanes-Oxley, and the whole focus on global risk management and operational risk management. Despite that, risk management has not been applied in all parts of banking activity to the depth it should be, and certainly the reporting and communication within institutions and to shareholders has been sub-optimal.

Joe Restoule: Traditionally risk management has reported to the executive leadership, but now there’s a lot of discussion in the U.S. that it should really report directly to the board. Executive leadership is incentivized for revenue growth, bottom line growth, increased margins and cost reduction—but where are the incentives for risk assessment and risk mitigation? One thought is to have the person who is responsible for the risk management portfolio report directly to the board, particularly the audit, finance and risk committees.

John Hurrell: In the current climate, some organizations are going to redouble their efforts to make sure that they have a sound risk management policy. Others will see risk management as just one area where they can cut costs. We need to give our members as much ammunition as possible to enable them to argue with their board the importance of maintaining focus on risk management at this time.

ONE: Was the crisis a failure of risk management in certain organizations?
Paul Hopkin: I would argue very strongly against the thought that risk management failed. I think it was a failure of the risk/reward analysis within the most senior levels of management. The pursuit of reward at any risk ran through it all, and that diminishes the value of a risk management input. It was a failure of organizations at the most senior level to engage with risk management. If they had, they might have concluded that the rewards they were pursuing had too much associated risk.

JH: One of two things may have gone wrong. Either the models were not built accurately, or the conclusions were ignored at a strategic level. A number of financial institutions have said their risk models did tell them what could happen, and therefore they reduced their exposure to those risks, and have now come through very strongly. So it probably wasn’t a failure of risk modeling. The message must have been ignored, for whatever reason.

JR: It may be naive of me, but I do not think it was intentional. If you look at how people were incentivized—their compensation—it’s based on the reward side, not the risk [prevention] side. One of the things that we are starting to see in North America now is that regulators want to see the compensation schemes of senior executives, especially the exit packages.

MD: If you go back to the origin of the problem, one of the issues is that Basel II requires firms to hold more capital for longer-term credit risks. The banks looked for ways to shorten these terms, and that changed long-term exposures into short-term credit swaps with associated higher risk. It didn’t protect the banks, which is the goal of the regulation.

ONE: Would a more consistent global framework help better manage these risks?