JP Morgan’s Loss: Bigger than “Risk Management”
The recent disclosure of a multi-billion dollar trading loss at JPMorgan Chase reminds us again of the challenge and complexity of risk management, the subject of our June 2012 HBR article, “Managing Risks: A New Framework.” Many people, including quite a few U.S. legislators and regulators, believe that risks can be managed by establishing and following rules, standards and guidelines. But for certain categories of risk, this is a false and dangerous assumption.
Our article classifies risks based on their degree of controllability and their connection to the strategy. We identify and describe three categories of risk: preventable risks, strategy risks, and external (non-preventable) risks. Each requires customized risk management processes.
A rules and compliance-based approach may work well for managing preventable risks, but is inadequate for strategy and external risks as companies that failed during the financial crisis illustrated all too well. The compliance-oriented risk manager of a failed U.K. bank observed that his organization had “a cultural indisposition to challenge” and that the task of “being a risk and compliance manager…felt a bit like being a man in a rowing boat trying to slow down an oil tanker.”
Source: Managing Risks: A New Framework