WASHINGTON — On its face, the Federal Deposit Insurance Corp.'s new Office of Corporate Risk Management sounds like a unit dedicated to ensuring banks have a proper risk management system in place.
But it's actually the opposite. Rather than looking at individual banks, the agency's new office is designed to apply risk management processes already undertaken in the industry to the government. The office is less concerned with the industry's risk assessment ability and instead focused on equipping the FDIC to handle unseen risks to the agency internally and from the financial system.
"Government agencies are behind the banking industry in the recognition of risk management function," said Stephen A. Quick, a former official at the Inter-American Development Bank who was hired in July as the FDIC's first ever chief risk officer. "Having an office with the responsibility constantly to ask 'what are our risks?' as policy is being debated is likely to contribute to an improved culture of risk management throughout the institution."
Risk assessment is already part of the job description for government officials, and the FDIC said division heads and other senior managers who assess risks in their specific areas will not see such responsibilities diminish.
But the new office will coordinate risk-management functions across the agency and advise the FDIC board about which issues demand the most attention.
"The FDIC is a government insurance company. … If we ask insurance companies in the private sector to do risk management, it only makes sense for a government agency doing insurance to do the same thing. I only see an upside," said Robert Litan, a senior fellow at the Brookings Institution and research chief at the Kauffman Foundation.
"There is an ethos in government that it's not like the private sector. But in fact some government activities are very similar or identical to private-sector activities and insurance is one of them."
Quick said the agency's responsibility for the Deposit Insurance Fund — a finite pot of money that is exposed to risks in the economy — and its balance sheet of failed-bank assets make it especially vital for the FDIC to be ready for danger signs around the corner.
"The FDIC is unique from other banking regulators in that, one, the insurance fund is actually exposed to financial risk in the event of bank failures," Quick said. "But also unique is our large portfolio of assets of our own that were taken over from failed institutions."
He said former FDIC Chairman Sheila Bair, who stepped down in July, saw the need for better corporate risk management after an unprecedented run of few if any failures during the boom gave way very quickly to a wave of failures — which exhausted the agency's insurance reserves — during the crisis. After two years of being in the red, the fund's balance finally reached positive territory in the second quarter of 2011.
Bair "had found during the crisis that the FDIC was exposed to a large number of risks of which the institution had not been fully conscious," Quick said. "The FDIC had a period of time in which it did not have to deal with wholesale failures."
After failures picked up, he added, "when the organization had a moment to relax and step back from firefighting and crisis management, it was realized that having a centralized risk office would be an asset to the institution."
The new office is expected to report quarterly to the FDIC board, and may also start issuing annual reports. Quick said some information gathered by his section will be disclosed publicly, and some will be kept confidential.
"Our board is privy to the confidential information, but we do not make that information public. But there will be some categories of risk that will be appropriately disclosed," he said.
With a staff eventually of 15 people, the new office will assess risk in six areas: how the risks to the industry will impact the insurance fund; portfolio risk from failed-bank assets; broader economic shifts and changes in banking behavior; risks to the FDIC from legislation and other public policy; internal controls; and risks to the FDIC's reputation as a stabilizing influence for banks and customers.
"There will probably be one senior person responsible for each of those areas," he said.
Among Quick's early duties while on the job has been assessing any risks to the FDIC from the turmoil in the European sovereign debt markets. "Since I have been here, a lot of my time has been spent trying to get a handle on how the risks facing the European banking [system] pose risks for our institution," he said.
Risk-management experts said, like in the private sector, success of the FDIC's approach relies on the agency's being willing to scrutinize its beliefs about the future.
"If regulators are really going to do this better, they need to make sure their assumptions are more accurate and they don't lead to unintended consequences," said Robert Charette, president of the consulting firm ITABHI Corp. "They need to be skeptical enough to question their own findings in addition to what other people are telling them.
"During the crisis, there were a lot of risks that were seen as assumptions, so they weren't challenged. It became obvious after the fact that … they were risks that you had to manage. Any assumption that you make is a risk that you have assumed."
But while government-based risk management has similarities to practices already employed in the private sector, there are also differences. For example, observers said adequate risk management at a federal agency requires distinct divisions to talk to each other, while at a private company one business line - which is mainly pursuing growth opportunities for the firm - may be somewhat in the dark about the findings of the risk-management side.
"This [structure] can go a long way toward strengthening the culture of risk management in an organization, where risk identification flows from both the risk management function and the front-line business lines," said Robin Lumsdaine, a former Federal Reserve Board official and now a professor at American University. "In this case, given the FDIC's supervisory role, a natural question that arises is how much information sharing will be allowed to pass between the risk management and supervision sides of the business?"
Quick said since the FDIC is not occupied with earnings targets, there will be a freer flow of information between different divisions than what exists at a private company.
"In the private sector, one operational unit won't talk to the other because they are in competition to some extent with one another. We do not have that situation here," he said.
"Our staff will ensure that there is coordination across the institution" between the different divisions "for categories of risk, and we will highlight areas of specific risk that may require additional attention other than that which is already being paid by the frontline divisions and offices."