In September the FDIC added a new risk to the panoply that bankers are required to manage. Atop credit, interest rate, operational, reputational, and liquidity risk there is now "stroke-of-the-pen" risk.
The FDIC defines this as risk emanating from sudden policy changes like the Sarbanes-Oxley Act or the 1986 tax reforms.
In its analysis, the agency proves beyond a doubt that this risk can cost a bundle. It also generally views it as tough to manage or — better still — mitigate.
In fact, though, effective government relations and legal analysis spots stroke-of-the-pen risk in the making, and good advocacy can be a most effective mitigant.
Let’s shorten the term “stroke-of-the-pen” risk to event risk. This, of course, hits all and sundry, regardless of charter.
Therefore, to the extent that banks bear a new regulatory capital cost for event risk but competitors don’t, bankers have a tougher competitiveness challenge. Retroactive examiner actions because of exploding event risk can similarly have an unfair impact.
We think the best way to handle event risk is to anticipate it, build appropriate mitigations, and change strategic course if necessary.
To do all this, many banks already have a well-established risk-management function: their government-relations departments. But too often government relations is viewed as mere lobbying, principally focused on how much to give when members of Congress come around.
What it should be is a rigorous analytical function that monitors the wide range of legislative and regulatory developments with a keen eye to the external environment that drives them.
When event risk is spotted, the government-relations unit should be made responsible for developing the right mitigation and management plan. In an industry so vulnerable to event risk, government relations should be viewed as a key profit driver.
The FDIC paper rightly analyzes an array of events and quantifies their often substantial adverse impact on insured depositories. None of these events occurred without warning — bills are, for example, introduced long before they are become laws. Therefore, as with all the other risks that banks must manage, the first part of effective event-risk management is developing a framework for disciplined monitoring and analysis.
Banks should have a way to monitor proposed laws and rules as quickly as possible in every jurisdiction that can tell them what to do. The framework must distinguish between proposals that are sure not to go anywhere, those that might, and those that almost surely will.
The bank should then measure the quantitative and qualitative impact of possible and probable proposals. Low-probability, high-severity events should be taken seriously in the event-risk context, as in all other risk-management efforts. Mitigation, if needed, should get under way quickly.
Though mitigation is much the same regardless of the kind of risk, there is a critical difference for event risk: A single bank, which cannot influence credit or rate risk, which are driven by macro factors, can make some event risk go away.
Event risk is driven by decisions taken by policymakers. Therefore, a bank that sees an event risk emerging can work hard to change their minds.
Easy? Of course not. Possible and doable? To be sure.
