First came Orange County, then Barings and Daiwa. The string of financial debacles in 1994 and 1995 quickly turned "risk management" into one of the hottest topics in banking. And it shows no signs of cooling.
In fact, what once was just another piece of consultant-speak now seems destined to serve as a guiding principle for the industry well into the future - thanks in no small part to the work of regulators. Over the past year, the Office of the Comptroller of the Currency, the Federal Reserve Board, and the Federal Deposit Insurance Corp. each have started to pay close attention to banks' risk management programs. The regulators are even planning to amend Camel - the standard rating system for banks - to incorporate an assessment of risk management. "Banks generally are required to embrace what their regulator tells them to kiss on the mouth," said Karen Shaw Petrou, president of the industry consulting firm ISD-Shaw Inc. "There is a causal relationship between banker interest in risk management and regulatory mandates." This supplement to the American Banker explores the increasingly broad range of practices that fall under the heading of risk management. While risk management rose to prominence in the derivatives field (see story, page 3A), it is now being applied throughout many banks, including in the consumer lending area (see story, page 4A). As the story on page 3A shows, Wall Street is following closely as bankers and regulators fundamentally redefine how they size up and control risk. And certainly, few chief executives are ignoring the trend. Richard M. Kovacevich, the CEO of Norwest Corp., offers his views in an interview on page 6A. So what, exactly, do the regulatory agencies mean when they talk about risk management? In essence, the supervisors are interested in how banks prepare for expected or unexpected events that could adversely affect capital or earnings. For example, is the bank ready for a one-point drop in interest rates, is it prepared for new competition from its rivals, and can it detect and recover from fraud committed by employees? "Our focus in the past was a snapshot," said Nicholas J. Ketcha Jr., the FDIC's director of supervision. "We looked at what was present at a given date. Now we are looking at what is on the horizon for this bank, and are they prepared with policies and procedures." All of the agencies emphasize that implementing risk management does not take the place of traditional exams, which focus on asset quality, loan reviews, and compliance with specific policies. Rather, risk management allows examiners to concentrate traditional reviews on areas likely to contain the most problems. "It is one thing to look at the process and understand it," said Richard Spillenkothen, the Fed's director of banking supervision and regulation. "But you can't leave it at that. You've got to make sure those policies and procedures are honored, observed, and complied with." That means reviewing the loan files and securities portfolios, he said. The agencies began embracing risk management in 1993, when derivatives became a hot product. Realizing these instruments were subject to radical price swings, regulators decided they couldn't rely on traditional exams. Instead, they began to focus on the internal controls a bank uses to manage its exposure to price fluctuations. Risk-based exams have expanded exponentially since then, with the OCC and the Fed leading the way. Risk-based reviews begin well before examiners enter a bank. Economists at each agency constantly dissect the latest economic and call report data to identify situations that could threaten a bank's health. For example, the FDIC recently warned examiners about rising personal bankruptcy rates. The examiners then are supposed to determine how well a bank is reacting to an economic threat. The three agencies also are deploying risk specialists - examiners who have received extensive training in either capital market investments, accounting, mutual fund sales, or interest rate exposure - to examine specific transactions. The agencies are even planning to amend the Camel rating to incorporate risk management. The Federal Financial Institutions Examination Council, an umbrella group for the bank, thrift, and credit union regulators, is expected to release the proposed changes this month. The regulators, however, have taken different approaches to the on-site reviews. The Comptroller's Office was the first out with written, risk- based exams. Comptroller Eugene Ludwig announced in September that his examiners would review how a bank handled nine categories of risk, including credit risk, interest rate risk, compliance risk, and liquidity risk.
Examiners at large national banks completed risk profiles for their institutions in late March that detailed how institutions dealt with the nine risks. Then they assessed the quality of the risk management system against the quantity of risk in each of the nine areas. The OCC will concentrate exams on the riskiest areas with the weakest controls. "This will make sure the exams focus on where there is risk in the bank," said Susan Krause, the senior deputy comptroller for bank supervision policy. "This focuses on where the bank is vulnerable." The OCC will adjust a bank's management score within the Camel rating to reflect the bank's overall risk-management approach, she said. The Fed has adopted a similar system, with risks divided into six categories. The Fed's categories encompass all of the areas the OCC identified. Examiners review how banks handle each of the risks, Mr. Spillenkothen said. They award an institution an overall grade on a five-point scale, which is factored into the bank's management score on the Camel test. The FDIC, however, is taking a different tack. It is creating flow charts to specify how detailed a review an examiner should give to any of the risks that a bank faces. The agency so far has completed only a chart for interest rate risk, although others are on their way. The interest rate chart requires examiners to ask five questions about internal controls, off-balance-sheet items, earnings, volatility, and the balance sheet.
Problems in any of these areas require the examiner to move to progressively lower levels on the flow chart, which has increasingly detailed questions. "We like this approach, and we will build it in for operations risk, credit risk, and any other area that is a traditional part of an examination," Mr. Ketcha said.
