Let's Face the Risks in |Noncredit' Services
As banks evolved from a pure credit product orientation to their relatively new focus on fee generation, they rapidly invented a wide range of transaction products originally known as cash management services. This designation evolved into a broader scope of services that we generically called "noncredit" services.
That was the first mistake. When banks began to use the noncredit designation widely, people began to believe that there was no credit risk, or any other kind of risk, associated with these products.
A close inspection of the operating characteristics of these so-called noncredit products indicates that significant exposure can arise through the normal daily operations related to them. The sheer dollar volumes that can be created as a result of these transaction services can expose banks to significant financial risk.
Transaction product risk can be viewed as falling into several broad categories:
* Credit risk: exposure resulting from an excess of debit entries over available funds concurrent with an inability of the customer to fund the resulting overdraft.
* Operating risk: exposure resulting from internal/external processing mechanisms that support each product.
* Temporal risk: exposure resulting from time lags between the initiation of a transaction and the final settlement of that transaction. Also includes time lags between an event and the availability of actionable information regarding that event.
* Systemic risk: exposure resulting from the failure of other transaction parties in the payment system. This can have a domino effect throughout the system.
* Fraud risk: exposure resulting from deliberate malfeasance.
All products have some element of risk. Basic product design is intended to limit fraud risk and operating risk. However, the other types of risk tend to be overlooked in the normal course of business.
The most common exposure is through occurrences of negative collected balances within the demand deposit accounts system.
Fraud risk and some components of operating risk are insurable.
But credit, systemic, and temporal risks are not as easily dealt with since they are generally regarded as a cost of doing business in this industry. Further, the cost of completely eliminating these risks can far exceed the actual financial exposure, hence the need for selective risk-limiting procedures.
I have analyzed the sources of credit risk based on the nature of its origin; in other words, what circumstances lead to risk occurrences. Following is a review of each risk type with examples of how each arises.
Possibly the most significant of the categories is credit risk.
In fact, many of the other types of risks ultimately result in a credit exposure with customers.
In essence, credit risk exists whenever banks extend funds to customers (or on behalf of customers) in excess of available, irrevocable balances in their account.
There are two ways to view operating risks: as "processing" oriented or "customer application" oriented. These risks can be financial or legal in nature.
Processing risks arise when the bank creates an error or when some portion of their processing system fails to perform as intended.
An example of this is the misposting of debit or credit entries. This error creates fictitious balances in the affected accounts until the error is identified and corrected. This can result in releasing funds to the wrong customer or returning checks on an account that should have funds, thereby creating a potential legal liability.
Customer application risks arise from the particular use that each customer has for cash management products. These risks occur either from the bank's dependency on customer generated input or from a customer's dependency on the bank's output.
An error may occur when a customer encodes dollar amounts on checks deposited. If the customer encodes an amount higher than the amount that check maker intended, the bank will give available funds to depositing customer based on that higher dollar figure. The customer can remove these funds before the check maker's bank is able to identify the error and return the item to the depository bank.
Because of the time lag between the initiation of a transaction and the final settlement of that transaction, temporal risk occurs.
The risk also exists because of time lags between a transaction event and when an institution is able to see the results of that event and take appropriate action. This latter risk exists because most banks are not using real-time, on-line, integrated processing systems.
In fact, posting of most transactions occurs only once each day after the close of business and prior to that posting there is no way to determine or forecast the ending balance position for a given account.
This sort of exposure occurs when customers use automated clearinghouse debits to concentrate funds out of your bank into their lead banks. Although the ACH debit is received by you during the morning, the existence and amount of that debit item is not known to the account officer until after posting - usually the next morning.
Any intraday credit decisions, such as daylight overdraft approvals for wire release, are made without knowledge of the pending debit.
Temporal risk may also be illustrated by a situation in which your customer uses automatic clearing house direct deposit service to pay employees. ACH credits to employee accounts at other banks are released to the Fed two days prior to payday. Your bank's Fed account is debited on payday and you post the debit to your customer's account on payday.
If sufficient funds are not available, you have credit risk exposure since you cannot retrieve the credit entries from the employee's accounts.
Dependence on other players - banks and thrifts, for example - within the payment system that have the ability to fund your bank to support customer transaction settlements results in systemic risk.
Should another party fail or be otherwise unable to settle, would put you at risk of credit exposure. This scenario is complicated by the interdependence of many major players: a failure at one institution could very quickly jeopardize the viability of many other banks.
An example of this would be if company A utilizes your bank as its major controlled disbursement bank. Daily check activity of $1 million is funded via Fed wire transfer from a New York City bank. If that bank fails or is unable to execute the wire due to daylight overdraft restrictions on its Fed account, your bank is exposed.
The risk of fraudulent losses exists in all transaction services. These risks result from our dependence on paper and electronic transaction instructions that are assumed to be valid and authorized by the appropriate customer representative.
For example, say your bank serves as automatic clearing house concentration bank for company Y. And facing mounting creditor claims, company Y initiates several ACH concentration debits that are substantially larger than the actual balances available at the drawee banks. Your bank provides next-day availability in Y's concentration account for these sums. Company Y then wires these "available" funds to selected creditors and files for bankruptcy.
The drawee banks then return the ACH debits to your bank. You may be legally prevented, however, from debiting the concentration account under provisions of the Bankruptcy Code. You become an unsecured creditor of Company Y.
As shown, most of these risks arise from a lack of perfect information. Authenticity of documents, status of funds, creditworthiness of settlement parties, and such are not ascertainable in a real-time sense. Our best defense against losses is to maximize the availability and awareness of existing information.
Toward this end, the following solutions are presented:
Account officer knowledge. This single factor is the key to minimizing exposure. Knowledge of the customer and how he uses the product are essential to identifying transactions and trends that are outside the norm for a given relationship. This requires an in-depth knowledge of how the product works and where to access relevant data on a given customer's transactions.
Systems integration. The ability to quickly identify all accounts and services in a relationship is critical when a credit crisis occurs. A comprehensive data base to support this need often does not exist:
On a day-to-day basis the ability to monitor a true daylight overdraft position frequently does not exist: Integration of demand deposit accounts, savings, ACH, wire transfers, check processing, and several other sources of data, via a memo posting or other on-line real-time process, would allow for a more realistic evaluation and monitoring process. This procedure would be particularly valuable for relationships of deteriorating credit quality.
Operations integrity. Many risks result from "normal" operating errors. Any efforts to minimize, identify, and quickly resolve such errors will serve to reduce risk exposure. Systematic identification of extraordinary large transactions by type and by relationship would aid this process.
Systems security. As we become more dependent on computer-based systems to deliver our transaction services, the risks of incorrect data or unauthorized access increase.
The response to this trend is to develop sophisticated (but not necessarily complicated) security mechanisms. Multilevel passwords with functional and dollar limit controls can serve to limit exposure. Appropriate editing of all customer input and encryption of all communications will mitigate many of the risks associated with computer-based products.
Documentation. Particular attention should be paid to obtaining appropriate contracts with appropriate signatures for services. Although not all services represent a large degree of risk and agreements must be frequently modified to meet customer needs, any service involving a potentially irrevocable transfer of funds should be covered with a current, valid agreement.
Facing the Facts
Transaction or "noncredit" services do, in fact, entail credit and other risks.
Banks' credit products have traditionally involved a structured approval and periodic review process. They represent a decision to extend credit and banks are compensated for the risks associated with each transaction.
The decision to extend credit via transaction services is generally not subject to the same process and banks are usually not directly compensated for the associated risks.
The continued movement toward automation, coupled with aggressive sales efforts, are generating increased profits for many banks. The downside of these trends lies in not recognizing operating risks of individual products and of certain combinations of products. To successfully manage our risk exposure, we must first be aware of it, and ultimately price it appropriately.
Mr. McElhaney is vice president of corporate services at Southeast Bank, Miami.