United States: The Risk Culture Takes Hold

Implementing Some Sort of Enterprise-Wide Risk System or expanded risk-control functions is getting a lot of attention these days. Companies are getting pressure from all sides to shore up risk management operations pressure from the board, shareholders, even local state commissions because of the volatility of the gas and power markets.

In normal cases it's the supply group that's in charge of risk management the hedging and so forth there is no dedicated or central risk control function independent of the various unregulated subsidiaries.

"In power and gas there is a change a foot, particularly among those companies with a lot of unregulated subsidiaries. They're starting to migrate the risk management concepts to the corporate level. Much of what we're doing these days is to help companies build that basic foundation or framework to manage overall risk better market, credit and operational risk," says Tim Schutt of PricewaterhouseCoopers.

The process is no different from say, ERP, in that "you're going to do the same type of process at a business unit level. Now it's just elevated to get a view of risk at the enterprise level," Schutt says.

The modern risk infrastructure is made up of a few distinct items like a risk management organizational structure, reporting and a corporate risk management committee, designed to define and capture risk tolerances and objectives of executive management (and the board), and pass this through to the whole organization.

"The implementation of a risk-control function feeds into the day-to-day operational aspect of the risk control. Then you have defined policies and procedures which captures those objectives and risk tolerances. You develop risk measurement limits which are made up of qualitative and quantitative limits. The more successful companies have moved well ahead of the majority of the market in implementing these procedures throughout their organization. The risk management mindset is creeping up and down the corporate structure, from retail to wholesale."

Well, this might be the case with a few companies, but the vast majority of small, mid-sized and even large players have yet to develop even the most basic risk framework. Position limits, VaR, even marking to market isn't as pervasive as you might think.

"The next key aspect of this risk infrastructure involves the risk management reporting. Now that a company has defined its tolerances, defined its objectives, identified risks and measured them to a certain degree - and put limits on them - the next step is to develop a process to capture those risks and report them effectively, throughout the organization. A key aspect of that is, of course, your risk management systems."

While all risk systems are not created equally - pick your favorite flavor - the real game, Schutt says is in the implementation. For despite what you think, if the system isn't set up to mirror your strategies and objectives - your book structure - it matters little which system you decide to buy.

"The system has a lot to do with book structure and how your positions are captured. It's this underlying book structure that's the key, and how have your systems been implemented in the context of capturing positions. A lot of this goes back to the inherent weaknesses of the commercial trading systems. And secondarily, when these systems are initially implemented, how did they design the databases to capture and aggregate positions."

Schutt says that because there are so many moving parts in competitive energy companies these days, marketers in the field, traders on the desk, the structure group, retail, wholesale, what have you, your book really has to be laid out almost by strategy. Retail marketing, electricity; retail marketing, gas; and so on. Next you should move to aggregate like-risks and report on them. These concepts are relatively new, especially when you get to the retail side.

"One of the common things I see is companies setting up a book structure by commodity, as opposed to by strategy. What causes problems in the former structure is when you do a cross-commodity hedge. If your limits are based off the commodity, you may be blowing the limits, but with a cross-commodity hedge, management wouldn't get that clear a view of your positions.

"While many companies might have purchased some relatively sophisticated systems in the past, unless they were implemented correctly or if database structures were set up correctly - that is correctly in relation to the book structure - it causes a lot of problems in the back end. As you'll find, remodification of these systems to bring them in line with new book structures and strategies, you may as well start over. Despite what you read, not all commercial systems are as flexible as they say. Many are set up with a commodity focus and not a strategy focus.

"In an ideal situation, many of these questions need to be pushed up front during system implementation. There needs to be a strategy consensus in the beginning, which has been driven by the risk management committee. And the book structure is going to be based off those strategies, whether it's retail gas, power, or maybe you have a spec book or a spread book. And you design your book structure that will capture positions by strategy and you aggregate risks within those strategies and report off them. This way, management is able to see your risk reporting off of those strategies. And you support all this with that risk management foundation from which you've applied quantitative and qualitative limits."