Many corporations may have gotten into trouble not just because they didn't listen to warnings from the their chief risk officer (CRO), but also because they were compensating the risk manager in the wrong way. So says Max Rudolph, an actuary with the Society of Actuaries (SOA) and principal in Rudolph Financial Consultancy. Corporate compensation has become problematic because it is one-sided--managers get bonuses when a company does well as a result of bets they take, but if things later go south because of that same bet, there is no penalty. When it comes to risk officers, the problem is compounded.
"There is a question as to whether risk officers should even receive bonuses at all," says Rudolph. "If the risk manager has a bonus tied to the current year income, it aligns his motivation with the rest of management.
Even if you were to give the bonus based on three-year or five-year performance, there could still be a problem. It is better for this position to be a straight salary, but better paid than it generally is at present."
And the position of risk manager should be relatively short term, not a career. "It should be a job people rotate through," he says. "Ideally, you'd have people go into risk management from the production area, the corporate area or finance, and then after a few years rotate out into strategic planning.
That way, they could eventually get into a position where, if they did their risk job well, they'd be able to benefit from incentive pay."
Meanwhile, bonuses for other top executives should also be based upon multi-year performance records, and paid out not in options, which he says are "like lottery tickets," but in equity stakes that cannot be sold for a set number of years.
Risk managers also need to be much more skeptical in their roles, Rudolph says. "To accomplish this they have to have the ear of senior management, and they have to be able to say, about any decision, 'yes, but what if?'" he says. The input from the risk manager has to be sought out and taken seriously.
Perhaps counter intuitively, Rudolph says it may be harder for large corporations to successfully establish a risk culture than for smaller firms.
In smaller firms, he explains, the CEO role is far more important, and so if the CEO wants management to listen to a risk officer, it will happen. In a larger corporation, "CEOs have to fight hard to get their position, and then they feel like they must be smarter than everyone else, which can make it difficult for them to listen to the risk officer," he says.