The term “subprime” has a unique way of summarising many of the fundamental causes of the global financial crisis. It implies that these assets were not ideal, but certainly not disastrously risky. It’s like calling an airplane with a faulty engine sub-prime – it’ll fly; what’s the worst that could happen?
Well, the worst did happen. And adjectives were quickly replaced with far more accurate descriptions like “toxic” and “irresponsible” as soon as the fundamental risks inherent in these assets were fully understood.
The purpose of risk management in any bank is to understand fully the risks facing the institution (such as subprime), and quantify them in a way that is understandable and usable by those in decision-making roles.
Once the risk is known, bankers can assess the “risk versus reward” trade-off that permeates almost every aspect of banking activity.
The more risk taken on by the bank, the higher the expected return. The return on assets is usually known up front, relatively easy to measure and generally linked to a banker’s bonus. On the other hand, risk is a set of numbers produced by people with PhDs in applied mathematics, generally appreciated only by other people with PhDs in applied mathematics.
Hestie Loots, chief risk officer of Absa Capital, takes a more positive view on the crisis. “The international turmoil has been very unkind to the business of a bank,” Loots says.
“But it has also been very kind to risk management because it has justified the existence of our function in any bank. It has put risk management back in the heart of the decision-making process.”
Essentially, it has put the focus back on the risk component of the risk versus reward trade-off, where it will remain until any semblance of confidence returns to the industry.
But risk management functions were part of a bank’s daily operations long before the crisis hit and banking regulations have attempted to force risk sensitivity. Basel II, Sarbanes-Oxley and Glass-Steagall are all international standards for risk management that, in theory, should have assisted in preventing a financial crisis. And yet, here we are.
On a recent visit to Singapore a senior risk officer in one bank, who used to work for the local regulator, suggested to me that compliance with risk management regulation and actual risk management can be very different.
“Unfortunately I have seen many banks view [risk management] regulation as a process of ticking boxes which the regulator requires of them,” he said.
“The real benefit of understanding the risks in a bank are not transferred to those making decisions. It’s important that top executives in a bank appreciate and understand the work done in the risk management function and that it is communicated throughout the business. But that is too often not the case.”
Despite the suffering share prices of most Asian banks, the true force of the liquidity drought has not been widely felt in the region. The Singaporean banker puts this down to two main reasons – one being the fact that many large Asian banks are still run by their single-biggest shareholders; and the other that Asia in general has a culture of high savings rates, reducing the reliance on the troubled interbank market.
“We still have a number of banks being run by the same family who started the bank at the beginning of last century. They are so close to the business that they are aware of almost each risk the bank faces and manage it accordingly.”
Gareth Baines, Africa region director of Commercial Lines at insurance company AIG South Africa, which is capitalised and operates independently of the US-based AIG group, echoes these thoughts when discussing the manner in which the local company assesses the nature of a bank’s risk.
“A big positive in any bank is the culture of ownership – what would I do if this were my money? Do I fully understand the risks enough to be able to make that decision?”
Baines also believes that the reason bankers might not be able to answer these questions is because the work performed in risk management is not constantly reported and fed back to the rest of the bank.
“It should be a cycle of effective identification, review and action which runs throughout the organisation, but it is often missing within some of the banks we assess,” he said.
There’s little doubt in a senior risk officer’s mind that banking regulators will react to the new crises by producing a new framework for measuring risk. Not only could the methods of calculating risk change, but the type of risk measured also may change. Already the Basel Committee on Banking Supervision is working on a means of incorporating liquidity risk – fatally left out of Basel II -into a revised version of its current Basel Accord. Could there be a Basel III in the near future?
Aside from a new framework to measure liquidity risk, Loots from Absa Capital suggests that another risk type will rise to prominence in the near future: interest rate risk in the banking book. More importantly for her organisation is the threat of silo risk – that each risk type is considered in isolation, ignoring the interplay and correlation between these risks. An integrated risk approach across all risk types is widely punted as the risk management nirvana, in which measures such as economic capital and economic value of equity hold much more value that a reliance on pure regulatory capital.
Another important development from an integrated risk perspective is that it provides a means for rewarding staff on a risk-adjusted basis. Risk-adjusted performance measurement is a means of weighing up the returns a banker has earned for the bank, against the potential risks to which he has exposed the bank.
Regulatory arbitrage, such as the creation of off-balance sheet special purpose entities or vehicles, has allowed the “risk-adjusted” element of performance management to be side-stepped quite conveniently – if the risk doesn’t sit on our balance sheet, then it doesn’t exist.
The party could be over in the near future as critics of this system look forward to a shake-up of accounting practices to prevent banks from parking risky assets off balance sheets.
Regulators may be preparing for a new round of banking regulation to prevent further crises from occurring, but Loots recommends banks look internally to gain the most from risk management.
“It’s about encouraging a risk culture in the bank. Not just people looking at reports put on their desk about what has already happened, but being able to look around the corner and seeing what’s next. The international turmoil is an opportunity to rethink the way in which we quantify risk, but also about the fundamentals of risk and how the behaviour and culture in the bank reflects this.”
As painful as the financial crisis has been, it has taught banks and regulators a lot about the way in which real, catastrophic risk manifests itself in the bank and the industry as a whole.
At the very least, it gives the quantitative minds with the bank some data to test future “worst-case” scenarios.
At the best, it has put risk management back into the centre of decision-making and hopefully tipped the scales towards a focus on risk in the great tussle between risk and reward.
Bruce Dixon is a risk management consultant