It is truly ironic. After absorbing the profound impact of the banking legislation of 1989 and 1991, the industry has supposedly embraced a renewed emphasis on risk management.
Yet in the midst of this process, neither bankers nor lawmakers and regulators have mastered the concept of risk clearly enough to prevent future debacles.
As an industry, we have taken false comfort in the latest arsenal of risk management tools and have allowed political and regulatory forces to skew the rational relationship between risk and return.
A dramatic example of this can been seen in banks' being urged to abandon secured, cashflow lending and bring back the old-fashioned "character loan."
It sounds great, but in reality, the "character loan" will end up being an excuse for bankers to ignore, underprice, and mismanage risk. Loan volumes would increase, business activity would heat up, and things would start to "feel good" again.
But before it's over, banks will have used insured deposits to take high, venture-capital risk for low, debtlike returns. With liberal bankruptcy laws, one questions how much "character" will be around to repay these loans. It could get ugly.
Closer Look at Risk
Does this mean we need to keep the hoard of restrictive regulations currently in place? Hardly. It means that the banking industry needs to increase its understanding of risk and that our government needs to increase its appreciation for capitalism.
Webster defines risk as the "possibility of loss or injury." Ironically, our industry has continued to address this broad and infinite concept with "cookie cutter" measurement and management techniques. This line of thinking reached its pinnacle with the passage of the Federal Deposit Insurance Corporation Improvement Act in late 1991.
While the banking industry has loudly protested the act and the regulatory community has been loathe to implement its provisions, we have, nonetheless, witnessed an unconscious acceptance of the act's rigid approach to risk management.
Unfortunately, many are beginning to equate risk management with regulatory compliance, and therein lies our industry's greatest threat.
Seeking |Quick Fixes'
The irrational perceptions created by regulatory compliance can be seen everywhere. The FDIC improvement act purports that a bank's capital level is the sole indicator of its risk exposure.
Risk-based capital standards ignore interest rate risk and oversimplify credit risk to the point of absurdity (e.g., a wellstructured commercial loan is 200% more risky than a poorly underwritten mortgage loan). The Federal Reserve recently had to offer a conditional surrender after attempting to create a standardized methodology for measuring interest rate risk.
The overall conclusion is simple: no regulation, contract, guideline, nor amount of oversight can address the infinite number and combinations of risk that a free-market economy will deliver.
As an industry, we need to stop searching for illusory "quick fixes" to operating volatility and instead become comfortable with the ongoing analysis, reflection, and debate which should accompany the proper management of risk.
Growing Complexity
Over the past few decades, the banking industry has become much more complex and, thereby, much more risky. Will this trend continue?
When one considers the explosion of derivative instruments, the rapid growth of secondary asset markets, the Federal Reserve's diminished influence on interest rates. and the increased volatility that businesses and consumers will face in a global economy, the answer is a resounding "Yes!"
How will the banking industry handle this rapid change? Not with laws like the improvement act. Instead, the entire industry - its owners, managers, regulators, and lawmakers - will need to develop a deeper understanding of risk and capitalism. We will need to ready a set of core values and universal tools to manage risk in any situation.
Core Values
The core values which must be present in any risk management strategy are leadership, ethics, and debate.
Leadership is essential if risk management is to be viewed by the entire organization as a top priority and if the core values of ethics and debate are to be instilled.
Bank managers must view themselves as Socratic investigators, who do not blindly rely on the opinions of their line managers and staff specialists, but rather lead an ongoing investigation with the aid of these individuals.
Ethics is an obvious prerequisite for risk management to work. As bankers, we should constantly remind ourselves what is at stake when we manage risk. Risk management should be viewed as a "moral" obligation to the bank's stakeholders.
This obligation is not fulfilled by simply refraining from fraud or conflicts of interest. It is fulfilled by putting hard thought into each action and decision and by having the courage to speak out when this obligation is not being fulfilled by others.
Atmosphere of Questioning
Debate must not only be allowed in a banking organization, it must be encouraged. In the past, banks have seen improper risk-taking when an egotistical leader or even an unchecked specialist began to feel immortal.
The main problem: neither the professional training nor the corporate cultures of most banks have adequately encouraged employees or board members to question the powerful executive or the exalted expert.
Board members and subordinates need not duplicate the role of senior managers, but a constant atmosphere of questioning and debate must be present for banks to build strong risk cultures.
The universal tools of risk management are the traditional tools of capitalism, beginning with strategic planning: a well-thought-out, detailed, and written plan that identifies areas of weakness and disciplines management to develop the competencies, systems, and controls necessary to mitigate threats.
Transfer of Responsibility
An institution's primary risk is its inability to meet the cash obligations necessary to continue operations as a financial intermediary. Maintaining ample amounts of liquidity is certainly a deterrent to risk; however, excessive liquidity carries opportunity costs.
Therefore, banks must optimize liquidity by striking a balance among earnings, liquidity risk, and the "safety value" that the market assigns to the bank for maintaining this liquidity.
Banks must also continue to seek sources of contingent liquidity beyond cash and marketable securities. Conscious efforts to effectively underwrite, document, and maintain detailed information systems on the banks' loan portfolios will facilitate asset sales if the need arises.
Bank capitalization levels have declined dramatically since the implementation of deposit insurance. In effect, deposit insurance has been substituted for capital as a buffer against loss to depositors, and the ultimate responsibility for ensuring "safety and soundness" has been transferred from bank owners to the insurers/regulators.
Agency Theory Is Critical
Contrary to the improvement act, the appropriate level of capital depends on the risk profile, management expertise, and market environment of each banking institution. However, one cannot overemphasize how strongly "at-risk" capital will affect the risk management practices of an organization.
The threat of losing money has always mobilized more character and action in people than the opportunity of riches; it is a quirk of human nature that should be recognized and incorporated into any risk management strategy.
Strong capitalization is a primary risk management tool; however, this equity will be useless if the goals and incentives of the bank's management and owners are not closely aligned.
Agency theory refers to the contractual relationships that exist between principals (owners) and agents (management). Several academic studies have proven that companies run by strong owner/managers have outperformed those run by professional managers.
A keen appreciation for agency theory is critical in banking for two reasons: management has unlimited opportunities to subject the institution to devastating risk; and, the complexity of embedded risk within banking organizations allows management to downplay problems for some period of time - often until it is too late.
Optimally, bank managers should "act like owners" by actually being long-term shareholders with significant equity positions.
The Human Factor
In risk management, people make the difference. Although management will typically pay 20% more for an outstanding employee, a skilled credit officer may be 200% more valuable than a marginal credit officer.
A "skilled" risk manager should be defined as one who knows when, how, and why to take risk, not one who categorically avoids risk.
For all employees, ongoing training and education is key to creating a rational, inquisitive risk management culture. Banks need to develop more "teeth" in their training programs by placing greater emphasis on financial analysis, investment analysis, and credit analysis.
Great strides will be made over the next decade in the technological and analytical tools that support risk management.
Banks that correctly see the economic value of risk information and invest wisely in this intangible asset will make better business decisions, will be subject to less stringent oversight, and will see their stock price increase because of diminished "black box" fears from the market. To effectively utilize risk information, management must improve its capabilities to distinguish data from information.
Data is essentially the raw material for information. Many bankers are currently wasting their efforts by generating mountains of computer printouts without analyzing their true information needs or developing adequate methodologies to apply this information to decisions.
Using Measurements
The old saying, "You cannot manage what you cannot measure" applies strongly to risk management. For risk information to be used properly, bank managers and board members must receive clear, concise reporting measurements that are closely aligned with the strategic objectives of the bank. Acceptance criteria should also be established for each critical measurement.
Risk measurements and acceptance criteria are important tools, but management and boards should not fall prey to "cookie cutter" decision-making. The results of most quantitative models are highly sensitive to a few input variables.
Before making decisions, management and boards should understand these sensitivities and either accept or modify the key assumptions that drive the model. When used properly, risk measurements will provide questions to begin discussions, not answers to complete decisions.
The Push to Securitize
Risk must be thought of as a commodity that can be packaged, bought, and sold. The insurance industry is living proof of this. As the banking industry becomes more disaggregated, bankers must continually search for opportunities to sell their risk. Securitization is the prime example.
Banks can earn income from the origination and servicing of these assets and unload the credit and interest-rate risk when the market price implies a higher economic return than that of holding the risk in portfolio.
To sell risk without destroying shareholder value, banks must become more adept in their ability to measure and price risk.
