The historical approach to risk management has not been adequate. It has not prevented major problems in "old fashioned" banking. Neither has it been successful in containing within tolerable parameters leading edge product risk.
There is need to change - both to contain potential problems and to maximize earning power.
The evolving complexity of products and markets is forcing a dramatic change in the management of risk. On the one hand change is being led by forward-looking banks. At the same time it is being forced from behind by state and federal regulators.
The change in the management of risk is being driven by the speed of product evolution. Credit remains the primary area of risk. Market activities are now a close second. The public record suggests that the management of new risks, let alone old has not yet been mastered.
Why the concern? Why is there a need for change? There are many examples. All kinds of new products are flooding the market. Market activities have shifted increasingly from client needs to trading for the account of the bank, in an effort to make meaningful amounts of regular earnings.
Many feel competition in an increasingly crowded market has led to shaving of standards. There are meaningful embedded risks in products as diverse as home mortgages and securities trading.
The result has been a number of painful and costly toe stubbings at some large domestic and foreign banks. Some have called these "event risks," or have implied that they were acts of God.
These judgments are wrong. These were good examples of the poor management of risk.
Bank managers and regulators on the cutting edge view risk as a continuum. Risk can no longer be evaluated as a series of facts in the past. The management of risk must be approached as a comprehensive process. Its purpose is to anticipate the future, and to prevent.
The management of risk can not be viewed as a won/lost historical scorecard. This has not worked. There need is to be prospective - not retrospective.
This recognition has driven all of the regulatory agencies to band together conceptually. The Comptroller's Office, the FDIC, and the Federal Reserve are all in the process of implementing new procedures and amending their Camel rating methodology. "Management of risk" will be the sixth and defining key element.
Each agency has identified the key functional risk areas to be managed. There is some variance among agencies. The same ground is covered, however, by all.
There is unanimity on the need for a new, forward-looking approach. This approach must control risk at an optimum level. To do this, a comprehensive management process must be created.
Regulators and management must move from looking at a historical scorecard ("How well did we do?") to "how well should we do?" in the future - that is, management of risk against preset norms.
The regulators correctly have concluded that risks can no longer be viewed in "silos" separate from each other.
Historically, such silos as asset quality, liquidity, or capital adequacy have been measured in isolation. Now the view is that risk needs to be measured and managed as a whole across the total enterprise.
Management of risk will be graded. It will become part of the overall examination score of the bank. It will be important.
Much seems new about this task. It is. At the same time, much is not new. It is in a new package and perspective.
Twenty years ago Citibank pioneered the concept of 'process management' in its corporate lending business. It was viewed to be truly revolutionary at the time.
I have since installed this process in two other banks - one large, one small. In all cases, when the process was followed, there were few to no problems. There was no "event risk." There were no disgruntled participants. There were no unforeseen losses or large surprises.
On the other hand, in the instances when the process was not followed, trouble invariably followed.
Much has been written of the new management-of-risk process. Words like "control," "contain," or "reduce" have been used. Management of risk has been discussed as a method of restraint, not as a positive.
True. But management of risk also should be viewed as a way to enhance earnings across the bank. Proactive management of total-enterprise risk is not now common. It should and can be.
There will be a debate as to the best methodology. There will be intense discussions as to which parts of the organization are allocated how much risk. All of this is good, though painful.
Otherwise this the industry will remain where it is today - passively accumulating risk, like a dart-board approach to portfolio investing.
Positive management of risk can build bank earnings. Risk must be actively managed at the highest levels in order to successfully be in balance with line management. The individual risk profile chosen should be consistent with the requirements of capital, liquidity, and market flexibility.
The result from such an active approach to total-enterprise risk should be like the behavior expected from the management of accounts receivable in industry, or from credit card scoring models. But there is one major difference: This type of management is integrated. It takes in the whole business, not just a piece of it.
An all-embracing approach to risk management is being promoted by the regulatory agencies to avoid problems. Positive and proactive management of risk by line organizations also can build bank profits.
Mr. Davis is president of New York-based Scarborough Partners, a financial services consulting company.
