There is an old adage in management that states: “If we were starting out today, we wouldn’t start from here.” Risk management in banks (and many other firms) is currently spread around different parts of the organisation, often silo-operated through political pressure and using systems which do not integrate properly, if at all. No one in their right mind would build a risk management system along these lines – and in reality, no one set out to do so.
Risk management has become a victim of the regulation that was designed to create a safer and more stable financial system. Huge new initiatives, such as Basel II, MiFID, Sarbanes-Oxley, IFRS, Solvency 2, etc, have been created in independent spheres, leaving the banks and other financial firms the task of implementing them piece-meal according to an externally dictated timetable. The penalties for not complying are dire and firms, quite naturally, as they are subject to numerous competing pressures on their resources, have tended to wait until the implementation deadline approaches and then scramble to comply.
