BankThink

Getting ahead of risk involves asking the right questions

No one has a crystal ball that can identify tail risk, but experience and recent developments suggest several danger signs that can point us in the right direction.

Equating tail events with systemic events often elicits the following reactions: a systemic event is once in 100 years, and we’ve just been through one; there is nothing I can do about it; this is fundamentally a financial event, and I am safe because I understand our capital, balance sheet and/or credit risk.

However, many tail events that are most harmful to a financial institution are idiosyncratic to that institution. Such institution-specific risks occur in the aggregate fairly often. While they should be more easily identified and mitigated than systemic risk, they are often masked by generally good economic times and groupthink that dismisses a systemic event in the foreseeable future.

risk.jpeg
Button with the word risk pointing between medium and high level, 3D render suitable for risk management or decision-making process situation. Depth of field.

Even when times are good, we have seen institution-specific events related to credit, fraud, trading and operational risk or conduct that have toppled or nearly toppled individual financial institutions. This is just as likely to happen today — if not more so — than in decades past.

So, what does experience tell us about where to ferret out institution-specific areas where tail risk might arise? I explore some possibilities below.

First, we should look at unusual profitability or rapid growth from a particular business line, office, or even an individual at an institution. Another red flag: When trading schemes, products or models are not thoroughly understood by senior management. Finally, outsize financial commitment to almost any financial product is a precondition for many tail events.

Firms also need to be cognizant of obvious risk-mitigation steps. For instance, when a firm overrelies on liquidity funding that is short term and not federally guaranteed (such as short-term, interinstitution funding or short-term deposit funding that’s not federally guaranteed), it can dry up within days or weeks and may not be easily replaced. And when an institution, particularly a larger one, doesn’t build high-quality technology infrastructure that quickly identifies risks, including system abnormalities, and protects against security threats, the institution is left vulnerable.

Individual leaders of the firm’s businesses or infrastructure should be able to answer simple questions in a clear and convincing manner. When they can’t, this is cause for concern. Further, instances where information must be revised, restated or otherwise “clarified” signal a shop may not be in order.

More broadly, when an institution has a culture that tolerates extreme behaviors that are contrary to the well-being of colleagues or customers or contrary to applicable laws and regulations, tail risk could be in the offing. For example, the behavior of a successful trader or other front-line moneymaker that is abusive to colleagues and dismissive of their questions, particularly those of risk professionals, can be a tip-off that something is wrong.

An open, transparent culture that emphasizes good news fast, but bad news faster always pays dividends to the bank. It gives the institution more time and more information to fix problems more quickly, and that almost always saves money.

At the same time, many of the markers used to identify emerging institution-specific tail events can also be useful for identifying systemic events. Though systemic tail events are less common and harder to identify, there are symptoms that can help us spot them and potentially minimize the impact to institutions that are paying attention.

Many of us think about what’s going on in the economy that poses potential risk, but often it’s with our boards, teams and advisers in a less organized way than is valuable. Questions to focus on include: What areas of the economy are growing unusually quickly and commanding significant market share? Let’s also consider which segments of the economy are the most complex and highly interconnected or highly leveraged from a financial perspective. Where do we see vulnerability to a severe drop in value, and who would be disrupted/who could survive the drop? Lastly, if inflation comes roaring back and interest rates increase materially, who in the economy is injured and how severely?

Increasingly, cyber risks dominate the headlines. As such, what technology-related security risks could create severe economic disruption and loss, particularly in the financial services area? How long could any bank maintain customer and regulator confidence if a cyberattack impaired its ability to process transactions for a day or longer?

Additionally, it is my belief that risk is building in the shadow banking sector. As such, what new, unproven and/or unregulated means of transacting and acquiring liquidity are being used, and how widely? What areas of the economy have less comprehensive and/or less frequent reporting practices, particularly when compared to the speed and complexity with which they operate? Further, does the federal government, particularly financial regulators, have the necessary tools to avoid financial panic and contagion?

The signs of the subprime mortgage crisis were obvious long before 2008. There was excessive borrowing. Loans were being packaged into securities with lax oversight of these products. There were governance failures at huge firms. Housing prices were falling and mortgage defaults were rising. Regulators weren’t ready for the ensuing storm. If enough people — more than the few who actually did — had paid attention to the indicators laid out above in the lead up to the crisis, it may have been mitigated.

The next crisis, for an individual institution or the economy as a whole, may well erupt from something not currently on our radar. However, as the old adage goes — history may not repeat itself, but it rhymes.

For reprint and licensing requests for this article, click here.
Risk Cyber security Business administration
MORE FROM AMERICAN BANKER