The other week, JPMorgan Chase announced it was adding Barry Zubrow to its C-suite as the company's new CRO. That acronym stands for chief risk officer – and, with luck, this will be the first of many new CRO appointments within the industry.
Zubrow is an excellent addition to the JPMorgan Chase team – he was previously president of the private investment management firm ITB LLC and the chief administration officer at Goldman Sachs from 1996 to 2002. In his new position, Zubrow will oversee all risk management for JPMorgan and report to chairman and CEO Jamie Dimon. He will also be a part of the company's operating committee.
The concept of a CRO is relatively new (thank you, Sarbanes-Oxley) and, to date, it is primarily limited to the major money center financial institutions and publicly traded companies. In mortgage banking, CROs are decidedly less common. But if the current market is any indication, it might not be a bad idea for mortgage banks to add risk management professionals to the upper chain of command.
Risk management's value is diluted when it is used as a reactive strategy, rather than a proactive approach. Too often, the risk manager is called on to mop up a mess in progress instead of being tapped to predict problems before they metastasize.
A corporate culture that incorporates risk management from the top down will have a greater impetus to avoid business decisions that can lead to major problems. It is the difference between controlling destiny and controlling damage.
Putting risk management at the C-suite level sends a strong message. In that schematic, risk management is no longer just one of the many functions required for a company to work at its fullest. Instead, it becomes a mandate from the powers-that-be – or, to employ a cartoonish analogy, it is something the boss demands from the workers…or else!
In mortgage banking, today's embrace of risk management may seem like the ultimate case of closing the barn door after the horses gallop off. But in this case, the horses will be back (later, if not sooner), and the mechanism needs to be in place to avoid a reprise of the situation that resulted in our current conditions.
But to ensure that risk management policies don't get tossed aside once profitability returns and memories fade, having a CRO in the C-suite will ensure that risk management policies are an executive priority. And this is more than symbolic – having a CRO as part of the CEO's trusted team places an unimpeachable priority of the role of risk management in the pursuit of profitability.
But what if the company doesn't have an official C-suite? Even in smaller companies, risk management officers need to be at a higher level of the chain of command. At the very least, a VP slot is deserving of this responsibility (an EVP slot is even better). If current conditions are any indication, it is disastrous for any financial services company (whether money center or community-level) to relegate risk management to a lower-rung territory.
For Barry Zubrow at JPMorgan Chase: Congratulations! And here is hoping that we will see more CROs like you in the financial services world in 2008!
– Phil Hall, editor, Secondary Marketing Executive
(Please address all comments regarding this opinion column to firstname.lastname@example.org)