AIG Making Changes to Its Internal Risk Management Approach

American International Group Inc. (AIG) during the past year has been working to address weaknesses in its risk management and monitoring that played a key role in its near-collapse in 2008. Since its government bailout, new risk officers have been hired and its top executives are trying to implement a cultural change in the way employees think about risk and growth within the giant organization.

Source: Source: WSJ | Published on September 16, 2010

Led by Chief Executive Robert Benmosche and Executive Vice President Peter Hancock, the efforts involve making more managers across AIG's operating divisions aware of the business decisions and risks taken by every unit, and how they affect the enterprise as a whole.

Managers of business units attend monthly business reviews to hear about what colleagues at other divisions are doing, and each major unit now has risk officers that report directly to AIG's top executives. Before the financial crisis, only a small number of senior executives at AIG's corporate level were in a position to see risks across the whole company, executives have said.

"For a place this big … we need a broader number of senior leaders who are thinking about the whole and a culture where there's a sense of curiosity and accountability for something larger than just the nominal patch that each person is in charge of," said Mr. Hancock, who oversees finance, risk and investments at AIG and other aspects of its restructuring. "This way you have diversity of views and people looking around corners."

Before joining AIG earlier this year, Mr. Hancock, 52 years old, spent much of his working career as a risk manager and top finance officer at J.P. Morgan Chase & Co. and a finance company he co-founded.

There is still work to be done. In an August report, Standard & Poor's flagged AIG's enterprise risk management as "weak, though improving in key areas." The credit-ratings firm said the company as a whole "has had—and could continue to experience—losses outside its tolerances for some major risks" at noncore units because it has "a program and culture that we believe cannot consistently control all of an insurer's major risks."

S&P said it will continue to review AIG's efforts to improve risk monitoring and its governance structure, and the new system's effectiveness.

Before the U.S. government can get out of its majority ownership in the company, AIG has to demonstrate, among other things, that it has improved risk policies and procedures and can properly identify and manage its risks, the Treasury Department's chief restructuring officer Jim Millstein told a congressional oversight panel in May.

AIG is in the process of selling overseas assets and winding down its derivatives business. It expects to have a global property and casualty insurer and a U.S. life-insurance and retirement-services business after its restructuring is complete. Those businesses, which generally operate in mature markets, are unlikely to experience the kind of rapid growth that came to characterize some of AIG's noncore units in past years. In the future, AIG may grow at around the same pace of the broader insurance industry as it curbs excessive risk taking.

"If there's one thing I hope characterizes AIG going forward, it's that we pursue value over volume," Mr. Hancock said.

AIG's goal is to avoid a repeat of what a congressional oversight panel described in a June report as "a blatant risk-management failure" at the insurer before the crisis, when a securities-lending business within AIG's asset-management unit parked large amounts of cash in subprime mortgage-backed securities after a separate part of AIG, its derivatives-trading unit, had already amassed a large exposure to subprime mortgages. When credit markets froze up, subprime debt plunged in value and AIG had to come up with tens of billions of dollars to meet its obligations. The government stepped in with emergency funding.

In testimony before a financial crisis inquiry panel this past summer, Bob Lewis, AIG's chief risk officer since 2004, said the company knew about the activities of its various units, but "what ended up happening was so extreme that it was beyond anything we had planned for."