-
Proper supervision of underwriting standards and proper specification of risk-based capital requirements are keys to bank soundness.
September 21 -
A recent FASB proposal, if enacted, would reduce capital on banks' balance sheets, particularly during the downward part of the cycle when they need it most to continue lending.
August 5 -
We in the industry must make sure that Washington understands the direct link between leverage and profitability — and between profitability and the economy's general well-being.
May 26 -
Given the tremendous mismatch between high pay and bad results, it is not too radical to suggest that compensation structures need a top-to-bottom overhaul that would encompass much more than the involvement of risk managers in the creation of incentive plans.
March 26
The financial crisis turned risk managers into rock stars who suddenly attracted the attention of boards, chief executives, investors and the media. Now that the severity of credit losses seems to have peaked, and the emphasis is back on asset growth, are banks' efforts to improve risk management still on the front burner? And where in respect to improvements are risk management resources being concentrated?
William F. Githens, president and chief executive of the Risk Management Association, sees the industry making big strides in terms of its overall thinking about risk. But he said there is much work to be done in the areas of stress testing, data quality and the development and enactment of risk-appetite statements, in which banks lay out their tolerance for different kinds of risks.
Githens, whose group is based in Philadelphia and has 3,000 institutional members representing financial institutions of all sizes, spoke with American Banker about the latest risk management trends. A condensed version of the interview follows.
Outside of the risk function at banks, is risk management still in vogue? Are boards and chief executives as fixated on the topic as they were two and three years ago?
GITHENS: Using the word "vogue" implies something that comes and goes, and that's the crux of the question here. I think it is becoming part of the fabric of organizations, which really gets into the issue of culture. Maybe three years ago it seemed like we were in a sales culture, and clearly today we're in a risk culture. And I think that will continue because of all the things that have happened from a legislative standpoint, and all the things that will likely take place from a rulemaking standpoint in 2011. The bar has been raised and there's no expectation that it will be lowered.
In which areas of risk management do banks still have the most work cut out for them?
While some banks, the large banks, certainly are addressing risk appetite statements, there's a lot to be done yet at other banks. [Regulatory pressure means] they're going to have to go through the exercise of developing one if they don't already have one. But even the large banks, they're now going to have to go through the process of operationalizing the concept of risk appetite within their organizations.
On stress testing, a lot has been learned but the expectation is that it's going to have to be done on a continuing basis, and other banks [beyond the 19 tested in 2009 by the federal government] now are going to have to learn how to do it if they haven't already done it.
There's also going to be a premium now put on quality data. When I was in D.C. in November, one of the regulators said to me that the quality of data is nowhere near where it needs to be. That's a signal that the industry has to be ready to make an investment in improving the quality of the data.
Another area where more work needs to be done is training. There will be more done around director training, getting the skill set in the boardroom that [banks] want and getting the understanding of risk that regulators want.
Do you see the training issue filtering down past the executive suite?
There's no substitute for sound credit underwriting. There's an opportunity now to get people trained so that they have the skill set to do the job.
And in what respects has the industry made good progress in risk management since the crisis began?
Certainly there's a greater appreciation around understanding of concentrations and correlations across portfolios and across the enterprise. There's greater emphasis today on limit-setting and limit-monitoring [and] a better understanding today than there was three years ago in regards to aggregated exposures. A lot of that has to do with an inward look, within the institutions, but I think institutions today also are looking outward more, at their customers and at the interrelationships of customers and guarantors and industries.
There's been better reporting, better communications about positions and exposures. Certainly in the area of liquidity risk management, banks today are doing a better job. Maybe that was forced by the regulators, but nonetheless I think we're in a better position today in terms of understanding liquidity risk.
With the severity of credit losses having seemed to have peaked, and with the pressure on now to show loan growth, have banks increased their appetite for risk again?
I wouldn't say that their appetite is getting larger. Their risk appetite is their risk appetite, and that should be defined at the board level. It's not something that's going to change from quarter to quarter. The banks are pushing the envelope for their very best customers, their very best credits. It's not inconceivable that banks are taking bigger pieces of a credit that's highly rated. That's the easy part. We also need the economic situation to keep improving so there will be more business out there. We have a risk analysis service that we do on a quarterly basis, and we look at growth from quarter to quarter, and it's been pretty nominal on a new-loan basis and a renewal basis.
Credit risk, market risk, operational risk: which do you think will be the biggest issue for banks in 2011?
Approaches to all of these risk areas are extremely important components of a well-functioning risk management system, and a failure in any one of these could have serious consequences for an institution. For 2010 I think we were in what I would call the legislative year. For 2011 we're in a rulemaking year. There are going to be a lot of issues around compliance, whether it be the cost of compliance, the data required, the people required; I think there's going to be a lot of stuff around consumer compliance. This whole rulemaking phase I think is going to be the focus for 2011 and maybe beyond.
How important will the new Basel rules be in setting a baseline for the safety and soundness of institutions?
Capital isn't the only answer. There are a lot of moving parts that have to be considered in order to have a strong risk culture in an organization.
What evidence have you seen that banks are serious about making that organizational change?
Knowing that the expectations of the regulators are higher these days, we've seen an increase in requests for board training, not only on broader risk management issues, but on understanding the board's role as it pertains to risk management. So there are lots of questions being asked, and that's a sign that people are getting it.
We have an advanced risk management program with the Wharton School at the University of Pennsylvania and this year, the 2011 program, we have our largest class ever. That's an indication to us, too, that institutions are willing to invest in their [risk] people.
The RMA was founded in 1914 to help commercial bankers exchange credit information and therefore make better lending decisions. Is the collaborative spirit still alive and well, even in the current environment?
Absolutely. All of our surveys and studies are collaborative efforts. We may have 20 banks giving information [for a particular survey]; they want to know how [they] stack up against the rest of the group. We do about 50 roundtables a year. Chief risk officers will get together, and it's peer sharing and networking. In the very beginning [the RMA's focus] was the exchange of credit information, and now it's the exchange of risk management information, and sound risk management practices that can be shared.
