“Many firms have made progress in developing their risk appetite frameworks and have begun multiyear projects to improve the supporting IT infrastructure,” said David M. Wallace, Global Financial Services Marketing Manager at SAS. “As a provider of risk solutions, we have seen much more interest over the past three years in firms looking to have additional technology to support a firmwide view of risk exposures. Learn more at: www.nafcu.org/sas
14
CONCLUSIONS PAPER Featuring: Deepa Govindarajan, Lecturer, IMCA Centre, Henley Business School, University of Reading Lon O’Sullivan, Executive Director, Firm Market Risk, Morgan Stanley David M. Wallace, Global Financial Services Marketing Manager, SAS Peter Went, Senior Researcher, Global Association of Risk Professionals (GARP) Research Center Insights from a Global Association of Risk Professionals (GARP) webcast sponsored by SAS A Bridge Too Far? Risk Appetite, Governance and Corporate Strategy
Transcript
CONCLUSIONS PAPER
Featuring:
Deepa Govindarajan, Lecturer, IMCA Centre, Henley Business School, University of Reading
Lon O’Sullivan, Executive Director, Firm Market Risk, Morgan Stanley
David M. Wallace, Global Financial Services Marketing Manager, SAS
Peter Went, Senior Researcher, Global Association of Risk Professionals (GARP) Research Center
Insights from a Global Association of Risk Professionals (GARP) webcast sponsored by SAS
A Bridge Too Far? Risk Appetite, Governance and Corporate Strategy
A Bridge Too Far? Risk Appetite, Governance and Corporate Strategy
Introduction“ … firms that recorded relatively larger unexpected losses tended to champion the expansion of risk without commensurate focus on controls across the organization or at the business-line level.”
“ … senior management’s drive to generate earnings was not accompanied by clear guidance on the tolerance for expanding exposures to risk.”
“ … balance sheet limits may have been freely exceeded rather than serving as a constraint to business lines.”
“ Firms rarely compile for their boards and senior management relevant measures of risk … a view of how risk levels compare with limits, the level of capital that the firm would need to maintain after sustaining a loss of the magnitude of the risk measure, and the actions that management could take to restore capital after sustaining a loss.”
Those words came from the report, Risk Management Lessons from the Global Banking Crisis of 2008, submitted by the international Senior Supervisors Group. In hindsight, the authors could have dropped the year from that title. They did drop it the next year, when their report focused on risk management frameworks and the IT infrastructures that support those frameworks. The report card for financial services firms wasn’t much better in that report:
“ … no single firm was observed to have developed a fully comprehensive framework containing all the better practice elements described in this report.”
“ …aggregation of risk data remains a challenge for institutions, despite its criticality to strategic planning and decision making.”
“…considerably more work is needed to strengthen those practices that were revealed to be especially weak at the height of the crisis.”1
“Many firms have made progress in developing their risk appetite frameworks and have begun multiyear projects to improve the supporting IT infrastructure,” said David M. Wallace, Global Financial Services Marketing Manager at SAS. “As a provider of risk solutions, we have seen much more interest over the past three years in firms looking to have additional technology to support a firmwide view of risk exposures.
“Consolidation of risk data on spreadsheets doesn’t provide the required ability for stress testing and scenario analysis. An integrated, firmwide risk management system – one that can provide immediate analysis and speedy results, one that can allow senior management and boards of directors to make decisions in near-real time – is going to be key to success in the volatile financial environment that we are clearly are going to have for the next several years.”
1 Source: Senior Supervisors Group, Observations on Developments in Risk Appetite Frameworks and IT Infrastructure, December 29, 2010.
“ An integrated, firmwide risk
management system – one that
can provide immediate analysis
and speedy results… is going
to be key to success in the
volatile financial environment
that we are clearly are going to
have for the next several years.”
David Wallace Global Financial Services Marketing Manager, SAS
2
SAS Conclusions Paper
Icebergs and Unsinkable Ships“The recent financial meltdown has come as something of a shock to those who had been led to believe the modern financial industry had seen the end of boom-and-bust cycles, through the optimization of resource allocation and very sophisticated risk diversification managed by very intelligent people sitting in financial analyst firms,” said Deepa Govindarajan, a lecturer at the Henley Business School at the University of Reading.
“As a consequence of the crisis, firms, regulators and governments are paying much more attention to recovery and resolution plans, stress testing, and other tools to prevent future crises. Still, the correct scrutiny of corporate risk appetite has been given considerably less attention than other prominently debated mechanisms, such as macroprudential oversight and resolution tools. This might be because some influential commentators and regulators are still intrinsically wedded to the belief that the need for a regulatory presence or intervention is solely for cases where the market failed to make its own corrections. In their view, the regulators’ place in the financial world is to ensure that failing firms are wound down in an orderly manner, and that any systemic bubbles are addressed as they come up.
“This sounds perfectly reasonable and proportionate, but it is based on an immature philosophy that views the world solely through the lens of utopian mathematical economic models, such as those that assume that other things remain constant.
“Here’s a simple analogy. Even if we build a very robust passenger ship – the Titanic, for example – it is advisable not to crash it into icebergs every day. It is really important that the ship is well-run and on a sensible course in the first place. We need to ensure that the crew is not incentivized to take disproportionate risks that could cause a tragic catastrophe, even if the Coast Guard has sophisticated weather reports, or even if there are enough lifeboats to get people ashore.
“Similarly, we may build very well-capitalized firms and have excellent macroprudential oversight, but it’s really important that strategic choices are evaluated in conjunction with the risks those choices pose. More attention deserves to be paid to proactively holding boards accountable, and by this, I mean by institutional investors [and] regulators who are more really informed parties within the discussion about the firm itself. We must adopt a more realistic approach to the management of risk, beyond simply attempting to prevent stakeholder detriment or addressing it after the fact.
“As the first port of call, a formal risk appetite statement allows the board to provide strong boundaries within which management executes business strategy. It allows interested parties to properly evaluate those strategic choices. In situations where boards are unwilling or unable to disclose this information more widely, we would require regulators to step in to address those deficiencies, because there are some discussions that can only be held in a closed room.”
“ We may build very well-
capitalized firms and have
excellent macroprudential
oversight, but it’s really
important that strategic
choices are evaluated in
conjunction with the risks
those choices pose. …
We must adopt a more
realistic approach to the
management of risk, beyond
simply attempting to prevent
stakeholder detriment or
addressing it after the fact.”
Deepa GovindarajanLecturer, IMCA Centre, Henley Business School, University of Reading
3
A Bridge Too Far? Risk Appetite, Governance and Corporate Strategy
Risk Appetite: What It Is and What It Isn’t“Experts argue that because risk appetite has been poorly understood, both by boards and by senior management, in turn, it was inappropriately implemented by those who were mandated to assume risks on a daily basis,” said Peter Went, Senior Researcher at the Global Association of Risk Professionals (GARP) Research Center. “That is widely believed to have contributed to the extent of this crisis.”
In a perfect world, risk appetite is:
• Definedasthelevelanddurationofquantifiableandactiveriskexposure(includingthe potential for adverse outcomes) that organizations are willing and/or able to assume to achieve strategic objectives.
• Embeddedinthegovernanceframeworkinsupportofstakeholders’tacticalandstrategic priorities, decisions and objectives.
• Reflectedinhardandsoftriskmetrics–suchasthresholdincomelevelsandbenchmark risk-adjusted return levels – that support business decision making and reporting, both internal and external.
• Understoodtobeacontinuouslyevolvingandconsistentlyarticulatedconnectionbetween strategic objectives and realities, target setting and follow-up, and risk management priorities.
“Risk appetite is both a process – developing the framework – and a policy statement that reflects the risk appetite,” said Went. “A formal risk appetite statement, effectively stated, allows the board to provide strong boundaries within which management executes business strategy. A consistently promoted, policed and polished risk appetite is an essential component of any robust risk architecture.”
Risk Appetite, Risk Tolerance, Risk Profile and Risk CeilingWhat do we mean by risk appetite? People often talk about risk ceiling, appetite, tolerance and profile in the same breath, when they actually mean different things. Figure 1 presents Govindarajan’s approach to differentiating these terms.
Risk ceiling. The black line at the top of the chart represents the risk ceiling, the threshold beyond which firms would no longer be able or allowed to operate. This threshold could be breached by financial weakness, loss of reputation or other temporary shock from which the firm might not recover without extreme measures, such as government intervention.
Risk appetite. The red line depicts risk appetite, the aggregated account of the board’s willingness to allow management to take certain risks in the pursuit of strategic objectives. While the risk ceiling is relatively stable (assuming there’s no major financial crisis), the risk appetite does change to reflect internal and external conditions.
“ Risk appetite is complex.
It reflects risk culture. It reflects
how well active risk taking is
understood and incorporated
into the institutional, cultural,
strategic and governance fabric
of the firm. If it is not incorporated
well, this delicate structure
breaks at its weakest link.”
Peter WentSenior Researcher, GARP Research Center
“ Risk appetite is a continuously
evolving and consistently
articulated connection
between strategic objectives
and realities, target setting
and follow-up, and risk
management priorities.”
Peter Went, Senior Researcher, GARP Research Center
4
SAS Conclusions Paper
Risk profile. The green line describes the risk profile, the true risk position of the firm at any given point. “The diagram shows that it takes a little bit of time for the actual risk profile of the firm to adjust to changes in risk appetite, assuming it’s a well-run firm, and people actually do what the board wants them to do,” said Govindarajan.
Risk tolerances. The two blue lines reflect the risk tolerances, the boundaries within which executive management is willing to allow the true, day-to-day risk profile of the firm to fluctuate. “The upper line reflects the level to which the risk profile can rise before the executive team expects board intervention,” said Govindarajan. “The lower bound of risk tolerance reflects the minimum level of risk the executive team would expect to take to achieve strategic objectives. We cannot achieve returns without risk. The risk-bearing capacity is basically that zone below the risk ceiling in which the firm seeks to achieve a trade-off between risk and return.”
Terminology
0
1
2
3
4
5
6
Jan-09
Feb-09
Mar-09
Apr-09
May-09
Jun-09
Jul-09
Aug-09
Sep-09
Oct-09
Time Horizon
Risk Ceiling
Risk Appetite
Risk Profile
RiskTolerance -Upper
RiskTolerance -Lower
Figure 1. The relative relationships among risk ceiling, risk appetite, risk profile and risk tolerances.
It is important to distinguish between risk appetite and risk tolerance, because they are not the same thing, said Govindarajan. “In the real world, there is invariably a time lag between the communication of a board decision, the change in risk appetite, and the reality of when management can translate that into credible actions. … Setting the ongoing tolerance to the variability of the profile allows executive management to react to factors such as movements in the market, the competence of staff in achieving targets, cultural issues, measurement errors and model risks.
“Even where risk appetite is understood and deployed effectively, events such as limit breaches can and do occur, and we all know that in our day-to-day world. An upper bound of risk tolerance therefore provides a legitimate and formal means for executive management to ensure that the time lag in the transmission of risk appetite to each of the various business areas does not result in breaches of the board’s risk appetite on a day-to-day basis.
“ Some argue that risk appetite
is simply a chicken-and-egg
problem. The risk culture
reflects the risk appetite, and
the risk appetite shapes the
risk culture. Acknowledging this
interrelationship is essential,
since these two jointly define
the level, complexity and
aggressiveness that firms can
take risks and expose their
stakeholders to these risks.”
Peter Went Senior Researcher, GARP Research Center
5
A Bridge Too Far? Risk Appetite, Governance and Corporate Strategy
“The headroom between the risk profile and the upper bound of risk tolerance allows management to deploy resources and take necessary mitigating actions before risk appetite as a whole is infringed. It also gives executives the freedom and the legitimacy to engage in risk taking and to act without constantly referring back to the board room or requiring regulatory nannying. The lower bound is also important, because it underlines the extent to which executive teams believe that it makes credible business sense to make further investments that would result in the reduction of risk. There is no point reducing risk if it the investment is not generating return.”
“Reflect on your own risk appetite statement, if you have one, and see whether there it reflects a difference between risk appetite and risk tolerance, whether you make a clear distinction between risk tolerances and risk profiles, and whether your resource deployment and your investments reflect your risk appetite in appropriate policies, processes, systems and transparent limits.”
Seven Recommendations for Stronger Risk ManagementOur panelists discussed seven practices that bring greater clarity to risk appetite while also embedding it into the overall risk management framework.
1. Address the Full Risk Ecosystem
In setting risk appetite, firms will attempt to quantify and analyze five common types of risk, said Lon O’Sullivan, Executive Director of Firm Market Risk at Morgan Stanley:
• Market risk focuses on changes in portfolio value related to changes in market prices, correlations and volatilities, using tools such as Value at Risk (VaR) analysis, stress testing and reverse stress testing to articulate this risk and quantify it to senior management.
• Credit risk relates primarily to lending and counterparty risk, pricing that risk and setting appropriate limits. “This is a critical piece for most banks, as a big chunk of the exposures that any financial institution will face has to do with counterparties and lending activities,” said O’Sullivan.
• Operational risk relates to processes and people, uncovering operational risk issues and determining how to mitigate them, often revealed through such tools as risk and control self-assessment (RCSA).
• Liquidity risk concerns the ability to fund and trade the products on the balance sheet, to manage the sources and maturities of the funding, and to make sure there is a sufficient liquidity pool.
• Capital risk, or the risk of a company losing the amount of an investment, has become one of the most important aspects of the firm in the last few years, and one of the key metrics used to measure risk appetite and risk tolerance.
Benefits of a Sound Risk Appetite Statement•Establishandcommunicatea
Deepa Govindarajan Lecturer, IMCA Centre, Henley Business School, University of Reading
6
SAS Conclusions Paper
1. Create a Meaningful Risk Appetite Statement
“Risk appetite is a corollary for business strategies, so boards that cannot articulate or oversee risk appetite are inherently saying they cannot oversee the associated business strategy,” said Govindarajan. “Currently, executives have found it difficult to engage the risk appetite statement, because the statement has come to resemble a series of very empty platitudes. The banality of such statements ensures that they cannot be turned into practical policies, and this clearly defeats the motives of soundness, consistency and transparency.
“Some boards have delegated the creation of risk appetite statements to the executive team or to the risk management function. This may be due to the mistaken belief that risk appetite can be aggregated from the underlying limits currently used within the risk management framework, which, unfortunately, means that the cart is placed before the horse. In such cases, interactions of risks – and the articulation and balancing of stakeholder objectives – have inadvertently been glossed over.
“It is important that risk appetite is articulated by the board. The executives must then translate that risk appetite into sensible processes, policies, limits and procedures.”
3. Manage the End-to-End Risk Life Cycle
Financial firms must have a mechanism that manages all the stages of the risk life cycle and aligns with the risk appetite statement. It must also have formal processes to:
• Assessthepotentialimpactoftheserisks,usingstandardizedriskmeasurementmethodologies and reporting.
• Implementacontrolstructurearoundtheserisks–suchasstatedlimits,ongoingmonitoring and early warning of potential breaches – to certify that risk appetite is being appropriately managed.
• Managethoseriskstooptimizetheriskandcapitalprofile,adviseseniormanagement on risk-based decisions, and help the corporate board and senior management set appropriate risk appetite levels.
“Reporting needs to occur at a variety of levels – at a very granular level and a very high level – to be able to aggregate a comprehensive set of risk reports that capture the full populations of positions and counterparties in one’s portfolio,” said O’Sullivan.
4. Establish an Environment of Collaborative Decision Making
Higher-risk products may carry higher margins; more conservative products deliver lower returns. Therefore, should the risk management function define the product mix that traders should sell? Whose responsibility is it to strike that balance between marketing/sales revenues and risk management controls?
“ Risks are not additive in nature.
If we were to take any traditional
firm and simply sum up the
lowest limits there, no firm
would be in business. There are
diversifications and correlations
to consider to understand how
the risks actually evolve in the
market and can interact or
trigger each other.”
Lon O’Sullivan Executive Director, Firm Market Risk, Morgan Stanley
7
A Bridge Too Far? Risk Appetite, Governance and Corporate Strategy
This is a provocative question for which the answer is evolving, said Went. “We have seen a change in practice in that the control function is getting more and more power in some decisions. Even though it should not be the risk managers’ role to decide what trades to put on, their voices have to be heard. Their understanding of other risk aspects that perhaps the business side is not fully aware of must be incorporated in these decisions. It should be an integrated and mutually supportive discussion between the business and the control side.
“I cannot masquerade as a trader, and traders cannot masquerade as risk managers. It is more important for these two professional groups to jointly arrive to a solution that is not only beneficial for the trader but also beneficial for the long-term success, survivability and sustainability of the institution.”
5. Strike a Balance Between Bottom-Up and Top-Down Approaches
O’Sullivan described and compared two very different models for managing risk: bottom-up and top-down.
“Bottom-up risk management considers risk at the transaction or risk factor level and is very detailed. For each product or position that comes on, an evaluation is done. Limits or other controls are set at the individual trading desk or at the business level. Risk reporting is typically done at the product or business level as well. Market, credit, operational and liquidity risks tend to be managed independently at this level. Risk and business heads attempt to put the story together in order to construct the big picture.
“The advantage to this bottom-up approach is that you get much more detailed information about product or business-facing risks in your portfolio. You are able to independently evaluate market, credit and operational risk in isolation – and spend a lot of time thinking about how each will impact the desk level or an individual transaction. You get a very detailed understanding of each transaction, which makes it easier to manage at a very granular level. Typically, you are working with heads of desks or individual traders to define the risk appetite and tolerance, and to negotiate amongst these parties. The challenge here is that it is very difficult to see the forest when you’re focused on specific trees.”
“If you look at the lessons from the financial crisis, it seems that many risk decisions were made in silos. There wasn’t a very good feedback loop between the bottom-up risk decisions and what the board and senior management understood was going on from the perspective of the risk appetite and the level of exposures that were trending up in many cases during the height of the crisis,” said Wallace.
In contrast, a top-down risk management approach takes a more enterprise-level view of risk, looking across combined market, credit, operational, liquidity and capital risks. Stress testing and reverse stress testing is implemented across all products, businesses and risk types. There may be a dedicated team that works with business and risk heads to manage the big picture. Risk appetite decisions are made at the firm level.
“ If you look at the lessons from
the financial crisis, it seems
that many risk decisions were
made in silos. There wasn’t
a very good feedback loop
between the bottom-up risk
decisions and what the board
and senior management
understood was going on
from the perspective of the
risk appetite and the level of
exposures that were trending
up in many cases during the
height of the crisis.”
David Wallace Global Financial Services Marketing Manager, SAS
“ The advantage to this
bottom-up approach is that
you get much more detailed
information about product or
business-facing risks in your
portfolio. … The challenge here
is that it is very difficult to see
the forest when you’re focused
on specific trees.”
Peter Went Senior Researcher, GARP Research Center
8
SAS Conclusions Paper
“The key advantage of this approach is that you can focus not only on individual transactions but also the correlations amongst the various assets, products, positions and counterparties,” said O’Sullivan. “We can consider risks across businesses and across products.
“Putting together a cohesive picture of risk across all dimensions is challenging, and something that needs to be invested in by firms to consider all risks, not just individual risks. Sometimes the sum of the parts is more than the whole, and sometimes it’s less, but putting this kind of structure in place will allow firms to gain competitive advantage.”
6. Report on Risk in a Way that Supports Sound Decisions
“Risk reporting sometimes gets trivialized as just something that one does,” said O’Sullivan. “However, it is one of the most critical components of the risk framework. Poor risk reporting, missing exposures, not having consistency in the way that you’re thinking about risks – it all equals bad decision making in firms.
“Good risk reporting should cover all material product areas and all of the aforementioned risks. It should use standardized measures, so risks can be clearly communicated,” said O’Sullivan. “If we have, say, interest rate risk being calculated one way for one position and a different way for another position, how would the firm put those risks together and determine its aggregate risk exposure on interest rates? Without standardized measurements, it is very difficult for a board or senior executives to act on a risk decision.”
Risk reporting should reflect ongoing monitoring of key controls, such as position limits or VaR limits, so the control process is transparent and senior management can evaluate how the portfolio stands relative to risk appetite.
Equally important, risk reporting should address its audience, be readily understood by them, and be comprehensive enough to support decisive action.
“The second element of delivering the message is effective management through risk advisory,” said O’Sullivan. “In my view, risk advisory is the most important element in risk management. Measuring and reporting is fundamental, but influencing risk decisions is the most important aspect of being a risk manager.
“In order to exert that influence, you have to be able to explain a case to board members who are not likely to be intimate with the jargon and complexities of risk professionals. Therefore, the most effective risk managers are those who can make themselves understood to an audience that might not have a technical or risk background. When I construct presentations, I often think: If I had to give this presentation to my grandmother, would she understand it? And if my answer is no, then I start over.”
“ Effective risk management
is often about delivering the
message in a simple and clear
manner, while still translating
the key message or challenge
that will require a risk decision
to be made. Many risk
managers are notoriously poor
at this critical management
skill.”
Lon O’Sullivan Executive Director, Firm Market Risk, Morgan Stanley
9
A Bridge Too Far? Risk Appetite, Governance and Corporate Strategy
7. Establish Ownership at Multiple Levels of the Company
O’Sullivan summarized three levels of governance that would typically occur in a financial institution:
• AtthetopofthelististheBoard Risk Committee, a subcommittee of the board of directors that is chartered to handle specific risk issues. Typically composed of non-management directors, this subcommittee sets risk appetite, enforces the risk governance structure and monitors the risk profile against the agreed-upon risk appetite.
• Executive Risk Committees are management committees typically composed of the most senior officers (C-level executives and their direct reports). These committees tend to meet once or twice a month and are accountable for day-to-day risk management for the firm.
• Divisional Risk Committees are charged with looking at each division independently and coming up with a risk strategy and a risk tolerance. These committees are typically made up of desk heads and other key executives who meet weekly and focus on business-specific issues.
“Effective governance means that information flows seamlessly up and down this hierarchy of risk committees,” said O’Sullivan. “Risk decisions made by the Board Risk Committee should be pushed down to the Executive Risk Committee and ultimately down to the Divisional Risk Committees. A feedback and interaction loop flowing up the chain is equally important.”
Govindarajan agreed: “There should be ownership at board level, ownership at executive level, and ownership within the firm. The board must oversee how the scene is set and balance strategic objectives. Executives must manage the risk profile and the risk management framework. And through a good risk culture, the organization must own the risk appetite statement.”
Closing Thoughts“Boards that view risk functions simply as a way to keep out of trouble – and who do not play an active role in setting risk appetite and risk limits – are really not doing a service to their shareholders,” said O’Sullivan. “Risk is also about addressing strategic business risk and future business opportunities, in addition to managing what’s currently on the books.” Effective governance structures promote better management of future risks, as well as better understanding of past risks.
“To do this well – to establish a meaningful risk appetite statement and framework – requires consistent and unwavering support and monitoring by the board and faithful enforcement by senior management,” said Went. “That is why risk appetite is not a static statement, but rather a proactive and dynamic framework that distills changing conditions, possibilities and constraints.”
“ Good risk management is not
only about having the right
answer. It’s about being able to
communicate the answer and
influence the correct decision
to be made.”
Lon O’Sullivan Executive Director, Firm Market Risk, Morgan Stanley
“ There should be no such thing
as a separate, standalone
risk appetite framework. Risk
appetite guides your risk
management framework and
the way you manage risk within
the firm.”
Deepa Govindarajan Lecturer, IMCA Centre, Henley Business School, University of Reading
10
SAS Conclusions Paper
About the Presenters
Deepa GovindarajanLecturer and Visiting Fellow, ICMA Centre Henley Business School, University of Reading
Deepa Govindarajan, Lecturer and Visiting Fellow at the ICMA Centre at the University of Reading’s Henly Business School, teaches compliance, risk management and regulation within the master’s program. Her research interests cover corporate risk appetite, senior management arrangements and governance within financial institutions, qualitative decision making, operational risk, the sociopolitical context of banking and financial regulation, and the comparative study of international banking regulations.
Govindarajan periodically serves as an independent expert advisor to regulators, banks, asset managers and insurers. She facilitates board discussions related to the definition and dissemination of risk appetite, and the risk implications of strategic choices. As a specialist in governance and risk oversight, Govindarajan also evaluates financial firms’ governance arrangements, risk management frameworks and risk culture.
In addition to roles at Citigroup, the UK Financial Services Authority (FSA), and Lloyds Banking Group, Govindarajan has also held positions in consulting and academia.
Lon O’Sullivan, FRMExecutive Director, Firm Market Risk Division Morgan Stanley
As Executive Director in Morgan Stanley’s Firm Market Risk Division, Lon O’Sullivan leads the Global Portfolio Analysis group and is responsible for briefing senior management on key market risk exposures. He spent three years at Morgan Stanley’s London office, where he was responsible for creating the regional analysis and reporting team.
Prior to Morgan Stanley, O’Sullivan worked as a market risk manager for foreign exchange and commodity risk, and as an equity derivatives product controller at Deutsche Bank.
O’Sullivan earned a bachelor’s degree in economics from Binghamton University, State University of New York (SUNY), and a master’s in finance from the London Business School. He has been a certified Financial Risk Manager (FRM®) with the Global Association of Risk Professionals (GARP) since 2005. O’Sullivan served on the committee for GARP’s professional chapter in London before his relocation back to New York and is currently a co-director for the New York chapter of GARP.
11
A Bridge Too Far? Risk Appetite, Governance and Corporate Strategy
David M. Wallace Global Financial Services Marketing Manager SAS
As Global Financial Services Marketing Manager for SAS, David M. Wallace is responsible for defining industry strategy for the banking and capital markets segments of the global financial services industry. He has more than 30 years of experience in applying information technology to solve customer needs, including a focus on the financial services industry for nearly 20 years.
Before joining SAS, Wallace was Manager, Corporate & Investment Banking, Americas FSI Marketing for Hewlett-Packard. He also held a number of senior sales and marketing positions over a 23-year career at HP. During a 10-year assignment managing the relationship with a top-five US financial services firm, Wallace was responsible for client projects in consumer banking, commercial banking, trust administration, retirement services, corporate and investment banking, shared services, and retail brokerage, among others.
Wallace holds a bachelor’s degree in economics from the University of North Carolina at Wilmington and an MBA from East Carolina University.
Peter WentSenior Researcher GARP Research Center
Peter Went is a Senior Researcher for GARP’s Research Center, where he conducts research in financial risk management. Went has co-authored five books on risk management and numerous articles on foreign exchange, global equity market and commodity risk, as well as on the effects of emerging financial regulation on financial and capital markets.
Previously, Went worked for a boutique investment firm and taught finance and risk management at University of Nebraska and the University of Connecticut.
Went has a degree in economics from the Stockholm School of Economics and a doctorate in finance from the University of Nebraska. He is a Chartered Financial Analyst (CFA) and a board member of Woodlands Financial Services Corporation.
About SASSAS is the leader in business analytics software and services, and the largest independent vendor in the business intelligence market. Through innovative solutions, SAS helps customers at more than 55,000 sites improve performance and deliver value by making better decisions faster. Since 1976, SAS has been giving customers around the world THE POWER TO KNOW®. For more information on SAS® Business Analytics software and services, visit sas.com.
SAS Institute Inc. World Headquarters +1 919 677 8000To contact your local SAS office, please visit: sas.com/offices
