The Three Risk Factors Keeping Bankers Up at Night
Top financial executives met Thursday to discuss how their industry can innovate, but most of the discussion focused on a more defensive topic: what banks and the government need to do to stave off mounting cybersecurity threats.March 27
Federal Reserve Board Gov. Daniel Tarullo endorsed supervisors developing so-called "time-varying policies" that would help to address procyclicality, a key contributor to systemic risk.February 25
Regulators are expected to stick close to their original plan to establish how much the biggest banks are allowed to borrow against their total balance sheets when they issue a final rule on Tuesday. But that doesn't mean there isn't room for a significant twist.April 4
Any bank facing an examination is well aware of the eight risk factors that examiners look at in determining a bank's health. Since the onset of the financial crisis, regulators have drilled into bankers' heads that they will be focused most on credit risk, interest rate risk, liquidity risk, price risk, strategic risk, reputational risk, information technology/operational risk, and compliance risk.
Of the eight, three risk categories interest rate, liquidity, and IT/operational are of most current concern. How banks deal with these risk factors could very well affect their future fate, success and viability.
Let's start with interest rate risk. Interest rates have remained at historical lows since the beginning of the economic crisis. The last time rates were this low was in the mid 1950's. Rates generally increased between 1955 and 1981 when they topped out in the 20% range. Many of you likely remember the negative impact those rates had on net interest margins and that many thrifts failed because their assets were made up largely of fixed-rate mortgages.
There were some banks that thought the high interest rates of 1981 would last forever. One in central Pennsylvania developed a CD product that offered a floor rate of 10%. As rates dropped well below 10% and balances grew, this became one of the deciding factors in the sale of the bank.
The takeaway from this is to not assume anything is permanent, and don't try to predict the business and interest rate cycle with any certainty.
I'm afraid that too many banks have not heeded these lessons. As rates have remained at historic lows, many banks have reached for yield by extending terms and booking 30-year fixed-rate mortgages, or buying similar type securities in investment portfolios. To some extent, the length of this low-rate environment has given some a false sense of security, as loans are paying as agreed, and balances are slowly amortizing down. Unfortunately, history tells us this won't last forever.
In the long run, concentrations are never good, and lack of product and maturity diversity puts everyone at risk. For some, it may be too late. For others, a focused effort on diversifying loan portfolios and funding sources, as well as deploying appropriate hedging strategies may fend off bad outcomes. While many banks claim to be asset sensitive, the real impact of a rising rate environment may prove some ALCO models wrong. Don't let assumed sensitivity, improving credit quality, and better levels of capital fool you into not addressing this serious issue.
The liquidity issue is two-fold, and to some extent an outgrowth of the interest rate risk problem. After the stock market crash in 2008-9, consumers fled to quality and bank funding sources grew nicely. In addition many customers transferred their funds from CD's into either low interest rate money market and savings accounts or interest bearing checking accounts. The impact of credit issues, along with the decline in loan-to-deposit ratios, meant banks needed fewer funds and as a result, deposit costs have fallen to unimaginably low levels.
As the economy slowly recovers and loan volume begins to grow, this will likely coincide with the Federal Reserve raising the Federal Funds rate. The pace and next peak will determine the resulting impact on many banks. Among issues they will need to consider is whether they will have the access to funding sources to meet the demands of future loan volume and are able to retain customers in a rising and increasingly competitive interest rate environment.
Perhaps the biggest and broadest risk of all is IT/Operational risk. Technology is taking over, and for all its benefits, the threats it poses are real. For evidence, look no further than the hacking incidents at the major retailers like Target and Neiman Marcus, as well as denial-of-service attacks on banks themselves.
Let's also recognize that we live in a global economy that has been taken over by social media. We've witnessed how social media campaigns can take down governments, so it's no stretch to say that a bank's reputation can be destroyed by a similar campaign.
I remember back to 2009, listening to Jamie Dimon, the chief executive at JPMorgan Chase, speaking at a New York Bankers Association event. This was at the peak of the financial crisis, and Mr. Dimon spoke of his college age daughter asking him how concerned he was about the current economic crisis. His response was that he was "already worrying about the next crisis, and suggested that it could very well be related to data security and technology.
Identity theft, fraud, cybersecurity these all have to be top-of-mind issues for banks these days. The attacks on Target and other stores is not just a retailer's problem, it's everyone's problem. MasterCard, Visa, banks, and retailers all need to stop pointing fingers, collectively take responsibility and secure the risk soon. These hackers are smart, and the longer banks, retailers and card networks wait, the more vulnerable they will be to future attacks.
Robert Kafafian is the chief executive of The Kafafian Group, a bank consulting firm in Parsippany, N.J.