Risk Management: Insights From Noble Group

Singapore-listed Noble Group has just released its financial results for the first nine months of 2009, and it’s a doozy. Despite the global economic recession and lower commodity prices for much of the year, Asia’s largest diversified commodities trading company reported US$472.4 million in net profit, up 7% from the same period last year, even though revenues fell 26% to US$21.6 billion.
One important enabler for Noble’s stellar results is its robust risk management system, which helped the company pick up on signals that a crisis may be brewing. Did the company foresee what was going to happen? “We didn’t have a crystal ball,” says Richard Elman, Noble Group’s founder and CEO, “but by the second quarter of 2008 we had a very strong feeling we were going to have significant reversals in the commodities market so we had a period of time during which we were able to mitigate our exposures.”
CFO Innovation’s Cesar Bacani spoke to Elman for the research report “From Hindsight to Foresight: Improving Business Transparency in the Wake of the Financial Crisis,” which was released in October. Here are excerpts from the interview.
Did the risk management system alert you that a crisis was brewing?
We certainly had market intelligence and some of the leading indicators telling us there was going to be a reversal [in the commodities market]. There were, of course, consequences for our business, but we were very active in mitigating the effects. We weren’t burying our head in the sand, we were very proactive in mitigating our exposures.
How do you approach risk management at Noble?
We have a very pragmatic risk culture, structure and processes and a flexible organisation able to react to uncertainty. Risk management is very much part of our culture. It’s not something that can just be tasked to the risk management department. It has to be something that is part of the day-to-day culture of the organisation, so that when people are approaching events or situations, they’re considering the risks and making rational decisions.
We have a governance structure, driven from the board of directors and we have a risk management department which is independent, that is able to talk at any level in the organisation.
We have put robust measurement and reporting in place. We have a comprehensive VaR [Value-at-Risk], stress [testing] and scenario analyses. But most importantly, we have people at the front end who are actually receptive to the culture of risk management within the organisation.
To us risk management is not just about quantitative techniques; it is as much about management of people on the ground and good communication within the organisation. If there’s something that’s a threat to the organisation or market intelligence that is out there which may indicate something may be changing, you need some method by which that information can be channelled and shared, and a method by which decisions can be taken very quickly.
But these things will only work if you have the processes and the people who are flexible enough to act . . .
We’ve kept a very flat management structure, which means that we have very good communication internally and we can make decisions very quickly. It doesn’t mean we don’t do due diligence. But it means that we avoid too many bureaucratic channels. We don’t tend to agonise over decisions.
How does the risk committee operate?
One of the key things that really benefited us was the change in the format of the risk committee. The committee before had been set up for general oversight of risk management and limit approvals. Then we decided that it should start to become a management forum, and we made it more inclusive so we brought on board the majority of our heads of our business into the risk committee. That led to a higher level of ownership over the process.
But didn’t it become unwieldy with so many members?
It only has eight members, the senior members in the organisation. In that forum we share market intelligence. And that is very critical.
How often does the risk committee meet?
Once a week. It’s based out of Hong Kong, so probably four will be sitting in and four will be online as they travel around the world or because they’d be based overseas. But everyone has the information in front of them. We have very interactive discussions.
The information being what the risk management department had prepared?
We have all the information from the risk management department and we also have the views of each of the different product groups.
We have to have pretty lively debates. It’s not as if everybody comes up with a uniform opinion. That’s not the aim. The aim is to challenge. Let’s say, six of the people will be saying: we feel quite bullish, we think things are improving in the Chinese market, and two will be saying they are not seeing that at all.
That will then lead to a discussion and views being exchanged about what we think could be happening. So you have a lot of different opinions. We are able to challenge our assumptions based on the intelligence that we have. That makes us a little bit more informed.
But in the end, the person accountable is the head of the product.
The head of the product is accountable, but he is constrained by his allocation of risk capital.
But is there a danger here that in the end that person will say: ok, I’ll just go with what the committee thinks because if anything goes wrong, then I can just blame everyone. It’s not my responsibility.
Part of the culture is about ownership. You have to have a very strong ownership over a situation. People are allowed to have a dissenting voice, it’s very important.
But if they’re wrong …
There is always a risk. Remember the way that we are rewarding people is typically on a long-term basis. So they tend to focus on both long and short term consequences.
And they can make mistakes.
People will make mistakes. The role of [the group risk manager] here in part is as coach. If, let’s say, there’s a situation where our people feel bullish, his role, is to take the other position, to take the other side, to question …
The group risk manager will not be making the decision?
There are very clearly defined limits [for putting capital at risk] that are not allowed to be breached. He monitors those limits.
How does the risk manager do that? Is there a real-time dashboard where you can see everything?
We have a risk dashboard which is produced every day. Some of the information is produced every day, some is produced every week. We have a whole range of different metrics, which helps us understand our underlying exposures.
Do you use commercial software?
The VaR calculator is a commercial package. The rest has been developed in-house.
Is VaR reliable?
VaR is good for certain things, but it’s not the universal solution. When markets are range-bound, then it’s actually an extremely good tool.
If they break out of that range and they start trending in an erratic manner as we saw last year, VaR is not a terribly good tool. You need other tools to counter that. So you use stress and scenario analysis.
And the information is all on the dashboard?
They’re all on the dashboard. But it’s the interpretation of that quantitative information, its relation to the real world and the strategies that were undertaken, which is the value-added thing that the risk management department can give.
So we have to have real people who understand real businesses and who have a strong commercial understanding of risk management, rather than people who are quantitatively gifted, but have no other skills.
How big is the risk management team?
We’ve got 32 people in the risk management team, plus some administrative staff. We have a central quantitative function here in Hong Kong, and [the group risk manager] is based here in Hong Kong, as are the head of market risk, operational risk and credit risk. We also have people in each of our main regional hubs, in Europe, South America, North America and the rest of Asia.
And those people interact with the business heads in those areas?
They do. They’re encouraged to go and spend time [with them]. They have a very strong understanding of strategies that are taking place.
We’ve now reached to a point where [the risk management department has become a trusted partner]. So now the business heads see that risk is a value-added function, the risk management department is not just consulted in the beginning of transactions because they are mandated to do so, but because they are actually adding value.
Are there any conflicts at all? I’ve heard stories about operating managers saying: Oh, the risk people won’t allow us to do this so our hands are tied; they’re so persnickety; we have all this paperwork to do…
What we’ve done is to develop a way of managing risk in this organisation, where risk managers are ultimately gatekeepers and responsible to the board of directors. But they’re adding value to the organisation. And the more value that they add, the more useful they become and the more information that they are party to.
There are different kinds of risks. Is the risk management department overseeing all of them, or are there other operating units that handle some risks?
We have combined all the risk functions under one roof, credit, market risk and operational risk, because you have a lot of transfer of risk across different risk classes.
Let’s say you have an inventory exposure, and you have a choice to sell that inventory, by selling that inventory you’re going to be taking some credit and counter-party risk or by holding the inventory you take some market risk and operational risk in management of the inventory. That transfer of risk needs to be assessed so it makes sense that the people assessing those risks sit together in the same team.
Because it’s possible that you think there’s no risk, but it’s been transferred somewhere else.
Yes, exactly. You need to see it as a holistic chain of risks, just as we see our underlying businesses as a supply chain across the organisation.
I imagine that took quite some doing, just making sure that everything is integrated and seen as a whole, because that is not normally the way things are done.
Well, remember, it’s a physical business. It’s a real business, run by real business managers. These are really practical people, so the approach that we take to risk management is exactly the same. It’s a pragmatic, practical approach, rather than a theoretical approach.
It’s about communication, and an understanding of the end-of-the-line risks in the business that we’re operating in.
So when somebody in credit makes a recommendation or decision, he had taken into account all the other implications?
That’s right. So for example, we can make a decision that may involve taking delivery of a product from a warehouse and paying against some documentary proof from the warehouse. We would then have to seek the advice of the operational risk manager on the physical storage of the goods as well as understanding the credit standing of the counterparty, the warehouse and the freight forwarder, if applicable.

There will be a meeting?

Our company is not one where we have endless meetings. These are decisions that will be taking place, where someone will walk along to the operation risks person, talk and make a decision and come up with a plan.
We’re very non-bureaucratic. Noble has an entrepreneurial culture. It means that it is always searching out new opportunities. It doesn’t mean we do not have rules but they’re sensible and they’re practical. We don’t invent rules just to have rules. We have rules because they introduce controls that we regard as valuable for managing our business. Our aim is to share information effectively and make quick and informed decisions.
Going forward, what’s in store for the risk management function?
We will continue to develop the frontline activities of the RM function with the needs of the business. As our business evolves, the RM function will evolve with it. We’re trying to refine the risk techniques that we have in place, and sometimes go to a higher level of granularity.
In terms of the governance organisation, it’s about strengthening the risk department’s relationship with the board of directors and working to [further] develop this flexibility of organisational response.
On risk culture and leadership, that’s an ongoing project. We need to expand people’s perception of risk management so that they’re making decisions [that take] into account all the risks and pricing those risks into transactions.
What was your experience with expanding people’s perceptions? Are they hostile or closed off?
They’re actually very receptive. The nice thing about this company is that people are very open-minded. They like to try new things. They like to look at new techniques. If [the risk management function] can give them a practical toolbox, if they’ve got something they can work with and that enables them to make decisions and ultimately to make a better return at risk, they’ll use it.
How do you approach this issue of risk culture and leadership? Seminars?
We don’t look at it as an academic exercise. We try to make it hands-on, practical risk management, rather than making it too theoretical. And information has to be well presented as well. You can’t have reams and reams of [information]; less sometimes is more.
As with any key function you need good people to drive change and a receptive audience who are able to see tangible benefits from risk management. At Noble we are all [effectively] risk managers, and we recognise that as a competitive advantage.
Noble also has a flexible organisation to be able to deal with events which are unknown and uncertain. That differentiates us from other companies, which may have good risk management but when they’re faced with an uncertain environment, they have no structure and no ability to deal with unpredictable events.
You could say Noble has what used to be known as ‘character.’ No matter how strong or nimble you are, eventually everyone gets hit, and those hits can come fast and hard. It’s about how hard you can get hit and keep moving forward.
When you know those hits are coming, you know what it takes to absorb them. It’s about conditioning, obtained over time through real-world training and experience.