Heather McKenzie explains how some, though by no means all, financial institutions are beginning to appreciate that risk has an important part to play in strategic planning.

The subprime mortgage crisis in the US has sent stock markets tumbling and raised questions about the risk management activities of financial institutions. Despite the crisis, risk management has improved during the past decade and is now being considered by some institutions to be a core discipline, playing a role in their overall strategy.

In fact, ratings agency Moody’s said in a statement in August that the risk management of major US commercial and investment banks was working effectively during the subprime “stress period” and it would not be downgrading any of its ratings.

Philippe Carrel, global head of business development at Reuters Trade and Risk Management, says that in the past, risk management was a technique used mainly for the internal reporting of the exposures of a financial institution’s lending. However, regulations, such as Basel II, gave risk weight to capital allocation and made external risk reporting mandatory.

“Risk management is becoming a core activity for financial institutions because a value is being attached to risk,” he says. “We now see risk measurement and assessment being used to make buy or sell decisions in trading rooms, or when banks decide whether or not to lend.”

Risk value

Otbert de Jong, chief executive of ABN AMRO Risk Advisory Services, a unit of the Dutch bank that provides independent advisory services to banks in rapidly developing markets in Asia, Europe and the Middle East, says financial institutions are beginning to understand that risk has an important part to play in strategic planning. “Financial institutions are keen to get value out of risk,” he says.

They realise, says Mr de Jong, that if risk cannot be properly managed or measured, they will be excluded from certain markets. “When a financial institution wants to sell a particular product or take a position in a certain country, it must know the risks and be able to ensure it has sufficient capital to do what it wants to do. This is a very important yet elementary process. Risk must be in the strategic balance, but that doesn’t happen at all financial institutions.”

Financial institutions and corporates have invested a great deal of money in risk management, says Nigel Harman, partner and head of financial risk management at consultants KPMG in the UK. The benefits of this costly endeavour are not as well understood as they should be, he adds. “The question is whether they are getting enough value from their risk management capabilities.”

Mr Harman says in most financial institutions there is a “patchwork quilt” of different risk imperatives. Some institutions, for example, have a prior history of losses and their risk strategies are designed to prevent that happening again. But there are also regulatory imperatives that are pushing people to make investments.

“In approaching risk, most financial institutions have implemented a series of technical initiatives, which may be based around the data they collect or the processes they have put in place,” he says. “Some institutions are better organised than others, but most recognise they have to do something to get better value out of risk. They are all taking a fairly fundamental look at the way risk management is organised and are reshaping it.”

New methodologies

This reshaping could include more dynamic, scenario-based methodologies, says Reuters’ Mr Carrel. He agrees with Mr Harman that compliance with regulations such as Basel II is expensive if financial institutions do not take the opportunity to apply improved risk management to more than just compliance. “Previous methodologies such as value at risk [VAR] were designed for reporting. Now that financial institutions are taking a more active approach to risk, I would anticipate that new ideas and methodologies will develop that are scenario-based and measure risk in a more dynamic way,” he says.

Such scenario models enable combinations of factors to influence trading decisions, which would be based on looking at the real-time position of a portfolio and the risk attached to different scenarios, which could include a combination of factors. With regard to loans, a bank could grant or deny loans based on simulations of the risk scenarios under certain conditions. “These are examples of a more dynamic use of risk measurement compared with VAR,” says Mr Carrel.

The result of embedding risk management into the strategy is that risk is brought under better control, he says. Mr Carrel identifies two different styles of keeping risk under control: “A financial institution might choose to slow down the business on purpose, by refusing loans and being more selective. On the other hand, they can hedge credit or market risk and bring risk under control this way.”

Room for improvement

Mr de Jong says awareness of risk has improved at financial institutions, but it is not high enough up on everyone’s agenda. “Too often, something bad needs to happen for risk to be made a top priority,” he says. “Accidents will happen, as we’ve seen with the subprime mortgages, but there are other events, such as competition, merger and acquisitions and new, more sophisticated products that should also drive risk up the agenda.”

The risk management concept is straightforward, says Mr de Jong. “Take for example a bank that wants to acquire a bank in a neighbouring country. It would have to ask whether it is in a position to acquire the bank: does it have a superior core banking system and are its products good enough? Also, it has to consider the reputation of the bank and whether it has enough staff.

“All these issues need to be worked through and the risk of each quantified. In strategic decisions like this you need to be comparing oranges with oranges, rather than going purely on gut feeling.”

KPMG’s Mr Harman says financial institutions should ask themselves what good risk management looks like throughout the organisation, covering all activities from lending to trading to providing insurance. “Financial institutions should look at the component parts of their activities independent of how they are organised or managed and also independent of regulatory obligations. This is a big change for financial institutions,” he says.

Once they have studied who is doing what with risk and have identified common data, reporting processes and requirements, financial institutions can satisfy differing risk requirements in a more organised way, he says. “This isn’t easy because there are political issues – the head of one department may not be happy to concede control over risk to another person. A single view of risk and return removes such issues, giving one person accountability for risk and de-duplicating risk processes throughout the organisation.”

The advantage of a single view of risk and return, says Mr Harman, is that once the infrastructure is right to support risk management, the risk agenda can move up the strategic order of priority. “Financial institutions can allocate capital by understanding what risks are and take better decisions. Of course, most financial institutions will say they can do that already, but just how good the risk management data is to support that type of decision making is variable,” he says.

Mr de Jong agrees that a single framework for risk management is what the industry should be trying to achieve. “In western Europe, banks have gone a long way towards this, but they are not there yet. A major problem is the models that are being used, which may look great, but in reality they are not. Time will tell if risk models are adequate, but in the meantime, financial institutions should be careful not to totally rely on models alone,” he says.

Stronger frameworks

Mr Carrel says the recent subprime problems have led some commentators to observe that the markets are more volatile and risky, but he does not agree. “This is an erroneous view, because markets have been risky in the past. Financial institutions need to consider their long-term risks and I think they are beginning to realise that risk management can provide business continuity and enable growth. The risk management framework banks have built up is here to stay, but of course there is much more that can be done to improve things.”

Mr Carrel says he still meets people who believe managing risk is merely a process of calculation. “Today, risk management is no longer just about reporting risk. It should be all about assessing risk and deciding whether to diffuse it, hedge it or bear it. To a large extent, the regulators have forced financial institutions to change the way they think about risk. As to whether financial institutions have what they need when it comes to risk, I think we have only just touched the surface.”

PLEASE ENTER YOUR DETAILS TO WATCH THIS VIDEO

All fields are mandatory

The Banker is a service from the Financial Times. The Financial Times Ltd takes your privacy seriously.

Choose how you want us to contact you.

Invites and Offers from The Banker

Receive exclusive personalised event invitations, carefully curated offers and promotions from The Banker



For more information about how we use your data, please refer to our privacy and cookie policies.

Terms and conditions

Join our community

The Banker on Twitter