“Many firms have made progress in developing their risk appetite frameworks and have
begun multiyear projects to improve the supporting IT infrastructure,” said David M.
Wallace, Global Financial Services Marketing Manager at SAS. “As a provider of risk
solutions, we have seen much more interest over the past three years in firms looking to
have additional technology to support a firmwide view of risk exposures. Learn more at: www.nafcu.org/sas
A Bridge Too Far? Risk Appetite, Governance and Corporate Strategy (Whitepaper)
1. A Bridge Too Far?
Risk Appetite, Governance and Corporate Strategy
CONCLUSIONS PAPER
Insights from a Global Association of Risk Professionals (GARP) webcast
sponsored by SAS
Featuring:
Deepa Govindarajan, Lecturer,
IMCA Centre, Henley Business School, University of Reading
Lon O’Sullivan, Executive Director, Firm Market Risk,
Morgan Stanley
David M. Wallace, Global Financial Services Marketing Manager,
SAS
Peter Went, Senior Researcher,
Global Association of Risk Professionals (GARP) Research Center
3. A Bridge Too Far? Risk Appetite, Governance and Corporate Strategy
Introduction
“ firms that recorded relatively larger unexpected losses tended to champion
…
the expansion of risk without commensurate focus on controls across the
organization or at the business-line level.”
“ senior management’s drive to generate earnings was not accompanied by
…
clear guidance on the tolerance for expanding exposures to risk.”
“ balance sheet limits may have been freely exceeded rather than serving as a
…
constraint to business lines.”
“ irms rarely compile for their boards and senior management relevant measures
F
of risk … a view of how risk levels compare with limits, the level of capital that the
firm would need to maintain after sustaining a loss of the magnitude of the risk
measure, and the actions that management could take to restore capital after
sustaining a loss.”
Those words came from the report, Risk Management Lessons from the Global Banking
Crisis of 2008, submitted by the international Senior Supervisors Group. In hindsight,
the authors could have dropped the year from that title. They did drop it the next year,
when their report focused on risk management frameworks and the IT infrastructures
that support those frameworks. The report card for financial services firms wasn’t much “ n integrated, firmwide risk
A
better in that report:
management system – one that
“ no single firm was observed to have developed a fully comprehensive
… can provide immediate analysis
framework containing all the better practice elements described in this report.” and speedy results… is going
“ aggregation of risk data remains a challenge for institutions, despite its
…
to be key to success in the
criticality to strategic planning and decision making.” volatile financial environment
that we are clearly are going to
“…considerably more work is needed to strengthen those practices that were
revealed to be especially weak at the height of the crisis.”1
have for the next several years.”
David Wallace
“Many firms have made progress in developing their risk appetite frameworks and have Global Financial Services Marketing
begun multiyear projects to improve the supporting IT infrastructure,” said David M. Manager, SAS
Wallace, Global Financial Services Marketing Manager at SAS. “As a provider of risk
solutions, we have seen much more interest over the past three years in firms looking to
have additional technology to support a firmwide view of risk exposures.
“Consolidation of risk data on spreadsheets doesn’t provide the required ability for
stress testing and scenario analysis. An integrated, firmwide risk management system –
one that can provide immediate analysis and speedy results, one that can allow senior
management and boards of directors to make decisions in near-real time – is going to
be key to success in the volatile financial environment that we are clearly are going to
have for the next several years.”
1
Source: Senior Supervisors Group, Observations on Developments in Risk Appetite Frameworks and IT
Infrastructure, December 29, 2010.
1
4. SAS Conclusions Paper
Icebergs and Unsinkable Ships
“The recent financial meltdown has come as something of a shock to those who had
been led to believe the modern financial industry had seen the end of boom-and-
bust cycles, through the optimization of resource allocation and very sophisticated
risk diversification managed by very intelligent people sitting in financial analyst firms,”
said Deepa Govindarajan, a lecturer at the Henley Business School at the University of
Reading.
“As a consequence of the crisis, firms, regulators and governments are paying much
more attention to recovery and resolution plans, stress testing, and other tools to
prevent future crises. Still, the correct scrutiny of corporate risk appetite has been given
considerably less attention than other prominently debated mechanisms, such as
macroprudential oversight and resolution tools. This might be because some influential
commentators and regulators are still intrinsically wedded to the belief that the need for
a regulatory presence or intervention is solely for cases where the market failed to make “ e may build very well-
W
its own corrections. In their view, the regulators’ place in the financial world is to ensure
capitalized firms and have
that failing firms are wound down in an orderly manner, and that any systemic bubbles
are addressed as they come up. excellent macroprudential
oversight, but it’s really
“This sounds perfectly reasonable and proportionate, but it is based on an immature
important that strategic
philosophy that views the world solely through the lens of utopian mathematical
economic models, such as those that assume that other things remain constant. choices are evaluated in
conjunction with the risks
“Here’s a simple analogy. Even if we build a very robust passenger ship – the Titanic,
those choices pose. …
for example – it is advisable not to crash it into icebergs every day. It is really important
that the ship is well-run and on a sensible course in the first place. We need to ensure We must adopt a more
that the crew is not incentivized to take disproportionate risks that could cause a tragic realistic approach to the
catastrophe, even if the Coast Guard has sophisticated weather reports, or even if there
management of risk, beyond
are enough lifeboats to get people ashore.
simply attempting to prevent
“Similarly, we may build very well-capitalized firms and have excellent macroprudential stakeholder detriment or
oversight, but it’s really important that strategic choices are evaluated in conjunction with
addressing it after the fact.”
the risks those choices pose. More attention deserves to be paid to proactively holding
boards accountable, and by this, I mean by institutional investors [and] regulators who Deepa Govindarajan
are more really informed parties within the discussion about the firm itself. We must Lecturer, IMCA Centre, Henley Business
adopt a more realistic approach to the management of risk, beyond simply attempting School, University of Reading
to prevent stakeholder detriment or addressing it after the fact.
“As the first port of call, a formal risk appetite statement allows the board to provide
strong boundaries within which management executes business strategy. It allows
interested parties to properly evaluate those strategic choices. In situations where
boards are unwilling or unable to disclose this information more widely, we would require
regulators to step in to address those deficiencies, because there are some discussions
that can only be held in a closed room.”
2
5. A Bridge Too Far? Risk Appetite, Governance and Corporate Strategy
Risk Appetite: What It Is and What It Isn’t
“Experts argue that because risk appetite has been poorly understood, both by boards “ isk appetite is complex.
R
and by senior management, in turn, it was inappropriately implemented by those who
were mandated to assume risks on a daily basis,” said Peter Went, Senior Researcher
It reflects risk culture. It reflects
at the Global Association of Risk Professionals (GARP) Research Center. “That is widely how well active risk taking is
believed to have contributed to the extent of this crisis.” understood and incorporated
In a perfect world, risk appetite is:
into the institutional, cultural,
strategic and governance fabric
• Defined as the level and duration of quantifiable and active risk exposure (including
the potential for adverse outcomes) that organizations are willing and/or able to of the firm. If it is not incorporated
assume to achieve strategic objectives. well, this delicate structure
• Embedded in the governance framework in support of stakeholders’ tactical and breaks at its weakest link.”
strategic priorities, decisions and objectives.
Peter Went
• Reflected in hard and soft risk metrics – such as threshold income levels and
Senior Researcher, GARP Research Center
benchmark risk-adjusted return levels – that support business decision making and
reporting, both internal and external.
• Understood to be a continuously evolving and consistently articulated connection
between strategic objectives and realities, target setting and follow-up, and risk
management priorities.
“Risk appetite is both a process – developing the framework – and a policy statement
that reflects the risk appetite,” said Went. “A formal risk appetite statement, effectively
stated, allows the board to provide strong boundaries within which management
executes business strategy. A consistently promoted, policed and polished risk appetite
is an essential component of any robust risk architecture.”
Risk Appetite, Risk Tolerance, Risk Profile and Risk Ceiling
What do we mean by risk appetite? People often talk about risk ceiling, appetite,
“ isk appetite is a continuously
R
tolerance and profile in the same breath, when they actually mean different things. Figure 1
presents Govindarajan’s approach to differentiating these terms. evolving and consistently
articulated connection
Risk ceiling. The black line at the top of the chart represents the risk ceiling, the
between strategic objectives
threshold beyond which firms would no longer be able or allowed to operate. This
threshold could be breached by financial weakness, loss of reputation or other and realities, target setting
temporary shock from which the firm might not recover without extreme measures, such and follow-up, and risk
as government intervention.
management priorities.”
Risk appetite. The red line depicts risk appetite, the aggregated account of the Peter Went,
board’s willingness to allow management to take certain risks in the pursuit of strategic Senior Researcher, GARP Research Center
objectives. While the risk ceiling is relatively stable (assuming there’s no major financial
crisis), the risk appetite does change to reflect internal and external conditions.
3
6. SAS Conclusions Paper
Risk profile. The green line describes the risk profile, the true risk position of the firm
at any given point. “The diagram shows that it takes a little bit of time for the actual risk
profile of the firm to adjust to changes in risk appetite, assuming it’s a well-run firm, and
people actually do what the board wants them to do,” said Govindarajan.
Risk tolerances. The two blue lines reflect the risk tolerances, the boundaries within
which executive management is willing to allow the true, day-to-day risk profile of the
firm to fluctuate. “The upper line reflects the level to which the risk profile can rise before
the executive team expects board intervention,” said Govindarajan. “The lower bound of
risk tolerance reflects the minimum level of risk the executive team would expect to take
“ ome argue that risk appetite
S
Terminology
to achieve strategic objectives. We cannot achieve returns without risk. The risk-bearing
capacity is basically that zone below the risk ceiling in which the firm seeks to achieve a is simply a chicken-and-egg
trade-off between risk and return.” problem. The risk culture
6 reflects the risk appetite, and
Ri sk Ce i l i ng the risk appetite shapes the
5
risk culture. Acknowledging this
Ri sk Appe ti te interrelationship is essential,
4
since these two jointly define
3 Ri sk Profi l e the level, complexity and
aggressiveness that firms can
2
Ri sk
take risks and expose their
Tol e rance -
Uppe r
stakeholders to these risks.”
1
Ri sk
Tol e rance -
Peter Went
Lowe r
Senior Researcher, GARP Research Center
0
Jan- Feb- Mar- Apr- May- Jun- Jul- Aug- Sep- Oct-
09 09 09 09 09 09 09 09 09 09
Ti me Hori z on
Figure 1. The relative relationships among risk ceiling, risk appetite, risk profile and risk
tolerances.
It is important to distinguish between risk appetite and risk tolerance, because they
are not the same thing, said Govindarajan. “In the real world, there is invariably a time
lag between the communication of a board decision, the change in risk appetite, and
the reality of when management can translate that into credible actions. … Setting
the ongoing tolerance to the variability of the profile allows executive management to
react to factors such as movements in the market, the competence of staff in achieving
targets, cultural issues, measurement errors and model risks.
“Even where risk appetite is understood and deployed effectively, events such as limit
breaches can and do occur, and we all know that in our day-to-day world. An upper
bound of risk tolerance therefore provides a legitimate and formal means for executive
management to ensure that the time lag in the transmission of risk appetite to each of
the various business areas does not result in breaches of the board’s risk appetite on a
day-to-day basis.
4
7. A Bridge Too Far? Risk Appetite, Governance and Corporate Strategy
“The headroom between the risk profile and the upper bound of risk tolerance allows “ eflect on your own risk
R
management to deploy resources and take necessary mitigating actions before risk
appetite statement, if you
appetite as a whole is infringed. It also gives executives the freedom and the legitimacy
to engage in risk taking and to act without constantly referring back to the board have one, and see whether
room or requiring regulatory nannying. The lower bound is also important, because it it reflects a difference
underlines the extent to which executive teams believe that it makes credible business
between risk appetite and
sense to make further investments that would result in the reduction of risk. There is no
point reducing risk if it the investment is not generating return.” risk tolerance, whether you
make a clear distinction
“Reflect on your own risk appetite statement, if you have one, and see whether there
between risk tolerances and
it reflects a difference between risk appetite and risk tolerance, whether you make a
clear distinction between risk tolerances and risk profiles, and whether your resource risk profiles, and whether your
deployment and your investments reflect your risk appetite in appropriate policies, resource deployment and your
processes, systems and transparent limits.” investments reflect your risk
appetite in appropriate policies,
Seven Recommendations for Stronger Risk Management processes, systems and
transparent limits.”
Our panelists discussed seven practices that bring greater clarity to risk appetite while
also embedding it into the overall risk management framework. Deepa Govindarajan
Lecturer, IMCA Centre, Henley Business
School, University of Reading
1. Address the Full Risk Ecosystem
In setting risk appetite, firms will attempt to quantify and analyze five common types of
risk, said Lon O’Sullivan, Executive Director of Firm Market Risk at Morgan Stanley:
• Market risk focuses on changes in portfolio value related to changes in market
prices, correlations and volatilities, using tools such as Value at Risk (VaR) analysis,
stress testing and reverse stress testing to articulate this risk and quantify it to
senior management.
• Credit risk relates primarily to lending and counterparty risk, pricing that risk and
setting appropriate limits. “This is a critical piece for most banks, as a big chunk of
the exposures that any financial institution will face has to do with counterparties Benefits of a Sound Risk
and lending activities,” said O’Sullivan. Appetite Statement
• Operational risk relates to processes and people, uncovering operational risk • Establish and communicate a
issues and determining how to mitigate them, often revealed through such tools high-level strategy.
as risk and control self-assessment (RCSA). • Ensure good governance and
• Liquidity risk concerns the ability to fund and trade the products on the balance board accountability.
sheet, to manage the sources and maturities of the funding, and to make sure
• Evaluate performance and temper
there is a sufficient liquidity pool.
irrational exuberance.
• Capital risk, or the risk of a company losing the amount of an investment, has
become one of the most important aspects of the firm in the last few years, and • Mitigate capital and other financial
one of the key metrics used to measure risk appetite and risk tolerance. risks.
• Manage risk in holistic context.
5
8. SAS Conclusions Paper
1. Create a Meaningful Risk Appetite Statement
“Risk appetite is a corollary for business strategies, so boards that cannot articulate or
“ isks are not additive in nature.
R
oversee risk appetite are inherently saying they cannot oversee the associated business
strategy,” said Govindarajan. “Currently, executives have found it difficult to engage the If we were to take any traditional
risk appetite statement, because the statement has come to resemble a series of very firm and simply sum up the
empty platitudes. The banality of such statements ensures that they cannot be turned
lowest limits there, no firm
into practical policies, and this clearly defeats the motives of soundness, consistency
and transparency. would be in business. There are
diversifications and correlations
“Some boards have delegated the creation of risk appetite statements to the executive
to consider to understand how
team or to the risk management function. This may be due to the mistaken belief that
risk appetite can be aggregated from the underlying limits currently used within the risk the risks actually evolve in the
management framework, which, unfortunately, means that the cart is placed before market and can interact or
the horse. In such cases, interactions of risks – and the articulation and balancing of
trigger each other.”
stakeholder objectives – have inadvertently been glossed over.
Lon O’Sullivan
“It is important that risk appetite is articulated by the board. The executives must then Executive Director, Firm Market Risk,
translate that risk appetite into sensible processes, policies, limits and procedures.” Morgan Stanley
3. Manage the End-to-End Risk Life Cycle
Financial firms must have a mechanism that manages all the stages of the risk life cycle
and aligns with the risk appetite statement. It must also have formal processes to:
• Identify the key risks in their area, on all five dimensions described earlier.
• Assess the potential impact of these risks, using standardized risk measurement
methodologies and reporting.
• Implement a control structure around these risks – such as stated limits, ongoing
monitoring and early warning of potential breaches – to certify that risk appetite is
being appropriately managed.
• Report on all of the firm’s risk exposures, material concentrations and key risk
indicators (KRIs).
• Manage those risks to optimize the risk and capital profile, advise senior
management on risk-based decisions, and help the corporate board and senior
management set appropriate risk appetite levels.
“Reporting needs to occur at a variety of levels – at a very granular level and a very high
level – to be able to aggregate a comprehensive set of risk reports that capture the full
populations of positions and counterparties in one’s portfolio,” said O’Sullivan.
4. Establish an Environment of Collaborative Decision Making
Higher-risk products may carry higher margins; more conservative products deliver
lower returns. Therefore, should the risk management function define the product
mix that traders should sell? Whose responsibility is it to strike that balance between
marketing/sales revenues and risk management controls?
6
9. A Bridge Too Far? Risk Appetite, Governance and Corporate Strategy
This is a provocative question for which the answer is evolving, said Went. “We have “f you look at the lessons from
I
seen a change in practice in that the control function is getting more and more power
in some decisions. Even though it should not be the risk managers’ role to decide what
the financial crisis, it seems
trades to put on, their voices have to be heard. Their understanding of other risk aspects that many risk decisions were
that perhaps the business side is not fully aware of must be incorporated in these made in silos. There wasn’t
decisions. It should be an integrated and mutually supportive discussion between the
a very good feedback loop
business and the control side.
between the bottom-up risk
“I cannot masquerade as a trader, and traders cannot masquerade as risk managers. It decisions and what the board
is more important for these two professional groups to jointly arrive to a solution that is
and senior management
not only beneficial for the trader but also beneficial for the long-term success, survivability
and sustainability of the institution.” understood was going on
from the perspective of the
5. Strike a Balance Between Bottom-Up and Top-Down Approaches risk appetite and the level of
O’Sullivan described and compared two very different models for managing risk: bottom- exposures that were trending
up and top-down. up in many cases during the
“Bottom-up risk management considers risk at the transaction or risk factor level and
height of the crisis.”
is very detailed. For each product or position that comes on, an evaluation is done.
David Wallace
Limits or other controls are set at the individual trading desk or at the business level. Global Financial Services Marketing
Risk reporting is typically done at the product or business level as well. Market, credit, Manager, SAS
operational and liquidity risks tend to be managed independently at this level. Risk and
business heads attempt to put the story together in order to construct the big picture.
“The advantage to this bottom-up approach is that you get much more detailed
information about product or business-facing risks in your portfolio. You are able to
independently evaluate market, credit and operational risk in isolation – and spend a lot of
time thinking about how each will impact the desk level or an individual transaction. You
get a very detailed understanding of each transaction, which makes it easier to manage
at a very granular level. Typically, you are working with heads of desks or individual
traders to define the risk appetite and tolerance, and to negotiate amongst these parties.
The challenge here is that it is very difficult to see the forest when you’re focused on “ he advantage to this
T
specific trees.” bottom-up approach is that
you get much more detailed
“If you look at the lessons from the financial crisis, it seems that many risk decisions were
made in silos. There wasn’t a very good feedback loop between the bottom-up risk information about product or
decisions and what the board and senior management understood was going on from business-facing risks in your
the perspective of the risk appetite and the level of exposures that were trending up in portfolio. … The challenge here
many cases during the height of the crisis,” said Wallace.
is that it is very difficult to see
In contrast, a top-down risk management approach takes a more enterprise-level view the forest when you’re focused
of risk, looking across combined market, credit, operational, liquidity and capital risks. on specific trees.”
Stress testing and reverse stress testing is implemented across all products, businesses
and risk types. There may be a dedicated team that works with business and risk heads Peter Went
to manage the big picture. Risk appetite decisions are made at the firm level. Senior Researcher, GARP Research Center
7
10. SAS Conclusions Paper
“The key advantage of this approach is that you can focus not only on individual
transactions but also the correlations amongst the various assets, products, positions
and counterparties,” said O’Sullivan. “We can consider risks across businesses and
across products.
“Putting together a cohesive picture of risk across all dimensions is challenging, and “ ffective risk management
E
something that needs to be invested in by firms to consider all risks, not just individual
is often about delivering the
risks. Sometimes the sum of the parts is more than the whole, and sometimes it’s less,
but putting this kind of structure in place will allow firms to gain competitive advantage.” message in a simple and clear
manner, while still translating
6. Report on Risk in a Way that Supports Sound Decisions the key message or challenge
“Risk reporting sometimes gets trivialized as just something that one does,” said that will require a risk decision
O’Sullivan. “However, it is one of the most critical components of the risk framework. to be made. Many risk
Poor risk reporting, missing exposures, not having consistency in the way that you’re
managers are notoriously poor
thinking about risks – it all equals bad decision making in firms.
at this critical management
“Good risk reporting should cover all material product areas and all of the skill.”
aforementioned risks. It should use standardized measures, so risks can be clearly
communicated,” said O’Sullivan. “If we have, say, interest rate risk being calculated Lon O’Sullivan
Executive Director, Firm Market Risk,
one way for one position and a different way for another position, how would the firm
Morgan Stanley
put those risks together and determine its aggregate risk exposure on interest rates?
Without standardized measurements, it is very difficult for a board or senior executives
to act on a risk decision.”
Risk reporting should reflect ongoing monitoring of key controls, such as position
limits or VaR limits, so the control process is transparent and senior management can
evaluate how the portfolio stands relative to risk appetite.
Equally important, risk reporting should address its audience, be readily understood by
them, and be comprehensive enough to support decisive action.
“The second element of delivering the message is effective management through risk
advisory,” said O’Sullivan. “In my view, risk advisory is the most important element in risk
management. Measuring and reporting is fundamental, but influencing risk decisions is
the most important aspect of being a risk manager.
“In order to exert that influence, you have to be able to explain a case to board
members who are not likely to be intimate with the jargon and complexities of
risk professionals. Therefore, the most effective risk managers are those who can
make themselves understood to an audience that might not have a technical or
risk background. When I construct presentations, I often think: If I had to give this
presentation to my grandmother, would she understand it? And if my answer is no, then
I start over.”
8
11. A Bridge Too Far? Risk Appetite, Governance and Corporate Strategy
7. Establish Ownership at Multiple Levels of the Company
O’Sullivan summarized three levels of governance that would typically occur in a financial “ ood risk management is not
G
institution: only about having the right
• At the top of the list is the Board Risk Committee, a subcommittee of the board answer. It’s about being able to
of directors that is chartered to handle specific risk issues. Typically composed of
communicate the answer and
non-management directors, this subcommittee sets risk appetite, enforces the risk
governance structure and monitors the risk profile against the agreed-upon risk influence the correct decision
appetite. to be made.”
• Executive Risk Committees are management committees typically composed of the
Lon O’Sullivan
most senior officers (C-level executives and their direct reports). These committees Executive Director, Firm Market Risk,
tend to meet once or twice a month and are accountable for day-to-day risk Morgan Stanley
management for the firm.
• Divisional Risk Committees are charged with looking at each division independently
and coming up with a risk strategy and a risk tolerance. These committees are
typically made up of desk heads and other key executives who meet weekly and
focus on business-specific issues.
“Effective governance means that information flows seamlessly up and down this
hierarchy of risk committees,” said O’Sullivan. “Risk decisions made by the Board Risk
Committee should be pushed down to the Executive Risk Committee and ultimately
down to the Divisional Risk Committees. A feedback and interaction loop flowing up the
chain is equally important.”
“ here should be no such thing
T
Govindarajan agreed: “There should be ownership at board level, ownership at executive
as a separate, standalone
level, and ownership within the firm. The board must oversee how the scene is set
and balance strategic objectives. Executives must manage the risk profile and the risk risk appetite framework. Risk
management framework. And through a good risk culture, the organization must own appetite guides your risk
the risk appetite statement.”
management framework and
the way you manage risk within
Closing Thoughts the firm.”
“Boards that view risk functions simply as a way to keep out of trouble – and who do not Deepa Govindarajan
play an active role in setting risk appetite and risk limits – are really not doing a service Lecturer, IMCA Centre, Henley Business
to their shareholders,” said O’Sullivan. “Risk is also about addressing strategic business School, University of Reading
risk and future business opportunities, in addition to managing what’s currently on the
books.” Effective governance structures promote better management of future risks, as
well as better understanding of past risks.
“To do this well – to establish a meaningful risk appetite statement and framework –
requires consistent and unwavering support and monitoring by the board and faithful
enforcement by senior management,” said Went. “That is why risk appetite is not a
static statement, but rather a proactive and dynamic framework that distills changing
conditions, possibilities and constraints.”
9
12. SAS Conclusions Paper
About the Presenters
Deepa Govindarajan
Lecturer and Visiting Fellow, ICMA Centre
Henley Business School, University of Reading
Deepa Govindarajan, Lecturer and Visiting Fellow at the ICMA Centre at the University
of Reading’s Henly Business School, teaches compliance, risk management and
regulation within the master’s program. Her research interests cover corporate risk
appetite, senior management arrangements and governance within financial institutions,
qualitative decision making, operational risk, the sociopolitical context of banking and
financial regulation, and the comparative study of international banking regulations.
Govindarajan periodically serves as an independent expert advisor to regulators, banks,
asset managers and insurers. She facilitates board discussions related to the definition
and dissemination of risk appetite, and the risk implications of strategic choices. As a
specialist in governance and risk oversight, Govindarajan also evaluates financial firms’
governance arrangements, risk management frameworks and risk culture.
In addition to roles at Citigroup, the UK Financial Services Authority (FSA), and Lloyds
Banking Group, Govindarajan has also held positions in consulting and academia.
Lon O’Sullivan, FRM
Executive Director, Firm Market Risk Division
Morgan Stanley
As Executive Director in Morgan Stanley’s Firm Market Risk Division, Lon O’Sullivan leads
the Global Portfolio Analysis group and is responsible for briefing senior management
on key market risk exposures. He spent three years at Morgan Stanley’s London office,
where he was responsible for creating the regional analysis and reporting team.
Prior to Morgan Stanley, O’Sullivan worked as a market risk manager for foreign
exchange and commodity risk, and as an equity derivatives product controller at
Deutsche Bank.
O’Sullivan earned a bachelor’s degree in economics from Binghamton University,
State University of New York (SUNY), and a master’s in finance from the London
Business School. He has been a certified Financial Risk Manager (FRM®) with the
Global Association of Risk Professionals (GARP) since 2005. O’Sullivan served on the
committee for GARP’s professional chapter in London before his relocation back to
New York and is currently a co-director for the New York chapter of GARP.
10
13. A Bridge Too Far? Risk Appetite, Governance and Corporate Strategy
David M. Wallace
Global Financial Services Marketing Manager
SAS
As Global Financial Services Marketing Manager for SAS, David M. Wallace is
responsible for defining industry strategy for the banking and capital markets segments
of the global financial services industry. He has more than 30 years of experience in
applying information technology to solve customer needs, including a focus on the
financial services industry for nearly 20 years.
Before joining SAS, Wallace was Manager, Corporate Investment Banking,
Americas FSI Marketing for Hewlett-Packard. He also held a number of senior sales
and marketing positions over a 23-year career at HP. During a 10-year assignment
managing the relationship with a top-five US financial services firm, Wallace was
responsible for client projects in consumer banking, commercial banking, trust
administration, retirement services, corporate and investment banking, shared services,
and retail brokerage, among others.
Wallace holds a bachelor’s degree in economics from the University of North Carolina at
Wilmington and an MBA from East Carolina University.
Peter Went
Senior Researcher
GARP Research Center
Peter Went is a Senior Researcher for GARP’s Research Center, where he conducts
research in financial risk management. Went has co-authored five books on risk
management and numerous articles on foreign exchange, global equity market and
commodity risk, as well as on the effects of emerging financial regulation on financial
and capital markets.
Previously, Went worked for a boutique investment firm and taught finance and risk
management at University of Nebraska and the University of Connecticut.
Went has a degree in economics from the Stockholm School of Economics and a
doctorate in finance from the University of Nebraska. He is a Chartered Financial Analyst
(CFA) and a board member of Woodlands Financial Services Corporation.
11