In a world of ever bigger and more complex financial institutions, some regulators have concluded that old-style bank supervision just won't work anymore.
The old way was to pore through loan files. The new way, as pioneered this year by the Office of the Comptroller of the Currency and the Federal Reserve Board, is to scrutinize banks' risk management procedures.
If examiners cannot make sense of a bank's every asset and transaction, the agencies reason, they can at least judge if its management is equipped to deal with the risks it faces.
The approach marks a major change of direction, and is winning plaudits. Bankers think it could lead to shorter, less burdensome examinations. Regulators contend it will help them identify problems before they become disasters. And even some industry watchdogs praise it as the only way to keep up with a rapidly changing business.
Indeed, the two biggest banking debacles of last year - the massive losses from unauthorizing trading at Barings Bank and Daiwa Bank - both could have been prevented by better internal controls and risk management systems.
But the new supervisory technique is still untested, leaving a crucial question: Can risk really be measured?
The Comptroller's Office thinks so. It announced late last year that in 1996 examiners would score large banks on their exposure to and management of nine categories of risk - everything from credit risk to compliance risk to reputation risk.
The Federal Reserve believes as well. It followed suit last year with instructions to examiners to rate banks on their management of six risks, which differ slightly from the OCC categories.
These scores will only supplement, not replace, the Camel rating system, developed in 1978 to measure capital, assets, management, earnings, and liquidity. And so far the Federal Deposit Insurance Corp. and Office of Thrift Supervision - which supervise smaller, less complex institutions than the banking behemoths overseen by the OCC and Fed - have chosen not to jump on the supervision-by-risk bandwagon.
But officials at the two agencies say they're likely to join in eventually - a topic they and other bank regulators will discuss before the House Banking Committee March 13. And even if no one follows, the steps taken so far by the OCC and Fed are big ones.
"It represents probably the first significant departure from the Camel methodology," said Warren Heller, director of research for Veribanc Inc., a Wakefield, Mass., bank-rating firm. "The thinking is, if the risk profiles in these categories can be reasonably well quantified, then in a nice, compact way you can have a feel for not only where the institution is, but where it's headed."
Which comes back to the question - can these risks be quantified in a useful way? Some experts doubt it.
"It's one thing to say we understand these risks," said Bert Ely, an Alexandria, Va., banking consultant. "It's another thing to actually come to grips with them through the supervisory process."
At least one regulator agrees. Thomas Hoenig, president of the Federal Reserve Bank of Kansas City, said in a speech last week that government agencies simply aren't capable of effectively supervising the riskiest, most complex banks.
The weakness of a risk management approach, he said, is that to effectively monitor a bank's exposure to, say, market risk, "examiners have to know as much about a bank, its model, and control procedures as the rocket scientists who built the model and the management team who designed the risk management strategy."
On the other hand, regulators hoping to measure risk can at least count on a thriving cottage industry devoted to doing just that. The same technological advances that spawned intricate and often risky derivatives have also brought sophisticated risk measurement programs that can "slice and dice" credit risk in loan portfolios and calculate banks' risk from market movements.
Big banks are also providing for independent oversight of risky activities such as derivatives and foreign exchange trading. And accounting firms are increasingly focusing their audits on risk management and internal controls rather than just looking through the books.
One informal measure of this trend: The phrase "risk management" appeared 325 times in the pages of American Banker in 1995, up from 72 in 1990.
In that environment, the approach of the Comptroller's Office and the Fed makes perfect sense, said Kevin Blakely, executive vice president for credit policy and risk management at Cleveland-based KeyCorp and a former deputy comptroller of the currency.
"What they're looking for is how good are your systems to be able to manage any level of risk going forward," he said. "If you have a good risk management system, it will reflect favorably on the capability of your institution to do what it does."
At $66 billion-asset KeyCorp, OCC examiners experimented with the new risk-based supervision methods during its latest exam. "It worked pretty well," said Mr. Blakely. "It was a confirmation that we seemed to be on the right track."
Such confirmation is part of the process of developing what Jimmy Barton, the OCC's chief national bank examiner, calls "a common lexicon in assessing and determining the quantity and quality of risk."
This "common lexicon" could also helping in synchronizing bank regulations across international borders, said Karen Shaw Petrou, president of the Washington, D.C., bank consulting firm ISD/Shaw.
"With a qualitative risk management approach, you just do not have the domestic accounting issues, you don't have the terminological subtleties" that have complicated attempts to devise international regulatory standards, she said.
Tom Emerson, executive vice president and chief auditor at Norwest Corp., Minneapolis, sees another potential advantage.
If examiners learn to identify risk management weaknesses, he said, they can "focus their time and energy on the worse-managed organizations" and possibly charge lower fees to the well-managed banks.
KeyCorp's Mr. Blakely adds that regulators might be more likely to "let a company take on more risk if its risk management systems look good."
Edward J. Kane, professor of finance at Boston College and author of books about the 1980s savings and loan collapse, also likes the risk-by- supervision approach. But he said annual risk management exams won't do much good if banks aren't required to use their new risk measuring technology to report daily to regulators on their financial condition.
"It's like monitoring children who are playing with matches," he said. "You can't just look in once every year and expect that your house won't burn down."