As the global financial disaster continues unabated, research is beginning to percolate findings about some of the causes of the storm, as well as the precautionary measures that might avert future crises of this nature. In a recent survey of over 500 key financial executives conducted by
MPI Europe (April 2009), several important views prevailed. One of the survey's strongest findings was the perceived need to develop a “risk management culture” in today’s financial institutions, including bolstering the relative power of risk management functions vis-à-vis its trading counterparts. Now, as good as that sounds, I am skeptical as to whether our financial services industry has it within itself to embed a new risk-aware culture without demonstrable intermediate measures to lead the way (after all, our world is inspired by capitalism). The good news is that several other findings were more specific and actionable. Over 75 percent of the respondents saw a shortage of sufficiently and appropriately trained personnel as having a “high impact” on creating the crisis. Additionally, a significant majority of respondents wanted to see an improvement in their “risk management applications,” to include a shift from predominantly quantitative measures toward qualitative methodologies (e.g., internal controls). Both of these latter measures are fully actionable through increased investment in risk management technologies and training. Moreover, implementing stronger spreadsheet control regimes, coupled with stricter guidelines for spreadsheet checking and auditing, are another immediate requirement. Finally, I would argue that by funding and initiating improved risk management technologies and training, executives will be taking the first vital steps toward creating the risk management culture that they seek. The recognized need for effective risk management is gaining traction in today’s financial services industry. The real question remains whether the industry’s leaders will have the courage to recognize the deficiencies of their existing risk management structures, and respond by investing in the technologies and training that can address these shortcomings.