Recently, I have focused on risk production and control.
Reading through the various regulations and proposals, errors, in the market and credit risk production itself, fall into, and get a little lost within, the op risk side of life. My main issue with this is that far from being an economic capital driver, good risk production control is the central plank in establishing an adoptable risk culture in any firm.
My main fear is that the general, and understandable, focus on meeting the regulatory changes has been at the cost of moving forward with better risk controls.
Effectively, if the lack of risk as a cultural imperative within financial firms is a major contributor to the recent crisis, then its correction should be a major driver in the aftermath. It is difficult to see how there can be any serious adoption, or buy in, from the stakeholders of risk, if the numbers themselves cannot be trusted, or at least correct quickly, once errors have been detected.
From what I have read, most of the control functions are around the trading itself, with risk incentives being in the form of punative measures such as CVA or IRC (sticks rather than carrots). On the risk side itself, it has all been about the capital numbers (again, sticks over carrots), with CVA, IRC, Stressed VaR, DSR etc.
I have always felt that making the risk numbers useful from a strategic point of view, which means that they are genuinely useful in terms of planning, would put risk at the heart of a firm in a far more 'sticky way' than simply making it a capital issue (which leads, in part, to increasing product sophistication and model/complexity arbitrage). It does require, however, that the numbers are either correct, or quickly correctable, and therefore trusted.
As I said, this has been a main focus for me and my firm for a while. i would love to hear other folks opinions.
CVA, IRC, VaR, DSR and a description of the roles they play in an organizations finances and management.