One individual or a group of individuals can make a bad judgment about a specific transaction. As a result, a firm can lose money—even a lot of money, if the transaction is sizeable—but it is unusual that a single transaction leads to the bankruptcy of a company. Serious problems that lead to bankruptcy occur when portfolios of toxic transactions are built. In the absence of fraud, what allows this to occur is a poor risk management framework and corporate governance failure. All professionals follow the rules, but either the rules don't function as intended, staff are not adequately skilled, origination lacks oversight, incentive systems reward the wrong goals, or the approval processes are flawed. When massive losses occur, investigations often reveal that all procedures were respected. It was a collective failure and there is nobody to blame.

Therefore, the question is: What is the best way to organize credit risk management in a large organization? The focus of attention must be on the processes that lead to risk taking—primarily origination, credit risk assessment, and approval processes. We are not saying that operations of Portfolio Management (Part Three of this book) and Mitigation and Transfer (Part Four) are not important as well, but the best way to avoid losses is to not enter into bad transactions to start with. There are no efficient portfolio management or mitigation strategies that can compensate for deficient risk‐taking activities. When ...