A more complex banking environment brings with it more chances for banks to slip up. American Banker recently discussed bankwide risk with John Drzik, president, and James Lam, director, of Enterprise Risk Solutions, a unit of Oliver Wyman & Co., New York.
What is bank risk?
DRZIK: We define risk as an exposure that can create volatility in the value of the business. A bank's mission should not be to avoid risk, but instead to take risks that will produce attractive returns and consequently increase shareholder value.
What are the risks banks face?
DRZIK: The conventional view is that there are three categories: credit risk, market risk, and operational risk.
Credit risk would include on-balance-sheet transactions like loans and off-balance-sheet transactions like derivatives. Market risk would include interest rate and liquidity risks from treasury operations, as well as the price risk arising from trading activities.
Operational risk is the most loosely defined category, and includes all sources of value volatility not captured by credit and market risks.
We would subdivide operational risk into two types: event risk and business risk. Event risk arises from the low probability but high potential loss incidents, such as rogue trading or system failure. Business risk includes exposures to changes in the competitive or regulatory environment, which can create volatility in volumes, margins, or costs.
What are trends you're seeing in risk and risk management?
LAM: One trend we're seeing is the broadening of the definition of risk and the integration of risk management techniques.
Executives recognize that risk comes in many different forms. They must manage all aspects of risk across their enterprise, and not just the traditional focus on credit and market risks.
For instance, fiascoes at some large investment banks highlighted the importance of operational risk management. More recently, Long-Term Capital and other large trading losses clearly demonstrated that issues such as liquidity, leverage, and risk transparency are even more critical when investing in emerging markets.
Another trend is the convergence of financial markets and the creation of advanced risk management products, such as credit derivatives and integrated financial/insurance products. These tools provide management with a much more efficient means to analyze their overall risk portfolio and decide which risk exposures they should retain and which to transfer to a third party.
DRZIK: Additionally, business managers are recognizing that risk management is not just about protecting against the downside-it can be a powerful tool for improving business performance.
For example, risk management techniques can help management allocate capital and resources to more attractive businesses, make better product and customer management decisions, and even transfer unwanted risks associated with target acquisitions.
What can banks do to better manage risk?
LAM: Banks need to strike more of a balance between what we call the "soft side" and the "hard side" of risk management.
Banks have traditionally focused on risk management systems, models, reports, and audits. These are the tangible "hard side" components of risk management and these tools provide some comfort to senior management.
However, the comfort might be false without proper attention to the "soft side" components. For example, do you have the right organizational structure, people, and skills, incentives and other reinforcements to achieve your business and risk management objectives? The answer to that question may be far more important than if you have the right value-at-risk model.
Another challenge is for banks to optimize their significant investment in risk management.
Currently they might buy risk methodologies and processes from consulting firms, software and technology companies, derivatives from investment banks, and insurance products from insurance companies. However, different parts of the organization are making buying decisions, and therefore the value from these investments is not optimized.
How should banks approach risk management:
DRZIK: Banks need to adopt an enterprisewide approach. They need to integrate their risk management groups, processes, and systems so they can measure and manage all their risks on a portfolio basis.
Externally, they need to rationalize their hedging and insurance strategies to ensure that they are achieving their risk transfer objectives at the lowest cost. Many banks are now appointing chief risk officers to oversee this function and are setting up firmwide risk management committees.
LAM: Ultimately, all risk-intensive businesses need to develop risk management as a source of competitive advantage, to optimize risk and return of the overall business portfolio and increase the transparency of risk to senior management, directors, and outside constituencies such as shareholders and regulators.
Executives must recognize that the old ways of managing risk by silos don't work, and that it is time for a much more integrated approach.