In 1995, the commercial mortgage fund that I was managing past $1billion in funds under management (on its way to nearly $3 billion by 2003) to become the largest and best performing fund of its type in Australia. Shortly after this 1995 milestone was reached, the research and ratings agency Standard and Poor’s (S&P) asked me during their annual review of the fund to succinctly define my role.
It was a question they had never asked me before and it momentarily stopped me in my tracks before I blurted out “managing risk”. The more I thought about it then, and subsequently over the ensuing years while I continued to manage the fund, the more I knew it was true. Importantly, I still know it to be true today – 27 years on.
Obviously growing the fund’s investor base, lending prudently, managing and developing staff, marketing, developing policies, procedures, and guidelines and providing a good return and professional service to my clients and, of course, making a profit for my shareholders were all important. That said, none of these aims could have been achieved in the absence of a robust risk management framework to mitigate loss and disruption to my business as well as reputation risk.
Sadly, it never ceases to amaze me how many individuals and corporations pay insufficient attention to risk management. Indeed, some individuals and corporations recklessly rely on good luck to manage their risk for them – the, “it won’t happen to me” attitude – while others still, appear truly ignorant of the need to take risk management seriously and are oblivious to the dangers that lurk around every corner.
Many businesses see risk management in all its forms as a hindrance rather than a help. Some even play Russian roulette, taking a reactive rather than a proactive approach to risk. Like a homeowner who does not have home and contents insurance because they believe they live in a safe area, they naively believe that they will be spared from risks such as floods, fires, and burglaries.
For me, RISK is a holistic term which covers all types of insurance contingencies, business continuity, disaster recovery, and risk management frameworks, including policies and procedures; technical, operational, and training. Overarching all this is compliance monitoring and review which should be seen by business as an enhancement and not a detriment to growing a sound profitable business.
For business, the process of identifying, assessing, and managing risks is known as Risk Management. Following the GFC, banking regulators worldwide put the spotlight on risk management and this was a welcome development. In my view, other regulators in other sectors of the economy need to do likewise.
In my experience, organisations which are effective at managing risk have developed risk based organisational cultures where staff and managers instinctively look for risks. Importantly, the same broad principles apply to households which should also put in place strategies to mitigate risk.
It is impossible to go through life or run a business without taking risks. Indeed, it is unhealthy to even try as you will risk stagnation. Companies which can see beyond risks to the opportunities they present are much more likely to prosper, provided their appetite for risk is at a manageable level and they have systems and processes to measure and deal with unacceptable risk. Importantly, managing risk is seen by consumers as an enhancement to doing business with an organisation.
Since the jet age began in the early 1970s, Qantas has been considered the safest airline in the world. Indeed, Qantas has not lost one life. Many people fly with Qantas for that single reason – safety – notwithstanding that Qantas may be seen in the eyes of those same consumers to be less appealing than other airlines in say the quality of food or seat comfort.
On 4 November 2010 Qantas Flight 32 was a regularly scheduled passenger flight from London to Sydney via Singapore. The aircraft operating the route, an Airbus A380, suffered an uncontained failure in one of its four Rolls-Royce Trent 900 engines. The failure occurred over the Riau Islands, Indonesia, four minutes after take-off from Singapore Changi Airport. After maintaining a holding pattern for almost two hours to assess the situation, the aircraft made a successful emergency landing at Changi. No injuries occurred to the passengers, crew, or people on the ground, despite debris from the aircraft falling on to houses below.
On inspection, a turbine disc in the aircraft’s number-two engine was found to have disintegrated, causing extensive damage to the nacelle, wing, fuel system, landing gear, flight controls, and engine controls, and a fire in a fuel tank that self-extinguished. The subsequent investigation concluded that the failure had been caused by the breaking of a stub oil pipe, which had been manufactured improperly.
Many experts in the airline industry considered the safe return of QF32 to Changi airport a miracle. Qantas for its part said then, it was the superior skills of its flight crew that brought the giant jet safely back to the ground. Indeed, Qantas went on to say that safety was its number one priority and that it spent more time training as well as upgrading their pilots’ continuing skills in state-of-the-art simulators more than any other airline.
Not surprisingly in the months that followed, Qantas shares increased in value as did its bookings. Why? Simply stated, Qantas demonstrated that they could manage the risk of safely returning a damaged aircraft to the ground. That’s Risk Management!
The 2018 Haynes Royal Commission shone a disturbing light on unacceptable behaviours in the financial services sector particularly Australia’s “big four” banks. The majority of bad behaviour was brought about by poor bank culture around risk management processes to protect borrowers and investors alike.
Collectively, the financial services sector has paid out over half-a-billion dollars in compensation to their clients resulting from the finding of the Royal Commission.
In more recent years a Risk Appetite Statement (RAS) is considered fundamental to good governance by a corporation, company or business.
The RAS sets out the company’s risk appetite to manage the company in alignment with its vision and strategic objectives.
The company RAS provides an enforceable set of risk statements that are set by the Board, regarding the amount of risk that the company is willing to accept and which management is required to operate within at all times (unless a specific exemption has been formally granted). These statements are supported by RAS metrics to quantitatively measure whether the position of risk for a given activity is within or exceeds risk tolerance settings.
The company RAS supports strategic and core business activities and stakeholder, partner and client relationships ensuring that:
• Only permitted activities are engaged in, and the scale of these activities do not lead to adverse client outcomes, brand impacts or financial losses that exceed the company’s approved risk appetite.
• Risk appetite is measured through limits and tolerances and reported on to management and governance committees and,
• Risk appetite is cascaded through the company to inform, guide, and encourage the business to both take risk and manage risk in an informed manner.
For me, the two most important “recipes” in almost any successful business or commercial venture, among many, are:
A. Motivated and competent staff; and
B. A culture which respects risk management in all its forms.
For those who are still wondering what is needed to cover off major risks, it is the following:
1. An overall Risk Management Policy and Framework;
2. A Disaster Recovery Policy;
3. A Business Continuity Plan;
4. Policies, procedures, guidelines, charters, manuals, and check lists relevant to your business; and
5. PI Insurance, D&O Insurance, Property Insurance, and Business Insurances generally.
Importantly Boards must provide leadership to ensure an effective risk aware culture is constantly in place. Moreover, they must have the director competencies and capabilities to be able to fearlessly challenge management if and when necessary.
My full-time funds management career ended in 2010 with an unblemished record – I never lost one cent of investor money entrusted to my care primarily due to my compliance with (A) and (B) above.
So, the message is clear: It is very risky business to avoid embracing Risk Management.
This opinion piece is provided by John (JT) Thomas, a 46-year veteran of the financial services industry and since 1987 a specialist in commercial mortgage funds. Considered by many to be the father of the modern commercial mortgage fund sector, JT helped establish and then managed – for 17 years – what became the largest and most successful commercial mortgage fund in Australia – The Howard Mortgage Trust – with assets exceeding $3 billion. Under JT’s stewardship, investors never lost one cent of their investments and indeed, investors always received competitive monthly returns. JT was also Chair of the $40 billion mortgage trust industry sector working group.
JT has been proudly involved with Princeton for eight years and sits on both the Princeton Credit Committee and the Princeton Compliance Committee as well as being an advisor to the Princeton Board.