Integrated risk strategy holds promise for shareholder value

Financial institutions traditionally managed their risks in separate risk ‘silos’. Although individual risks, such as credit, market or liquidity risk, may have been managed well, on the boundaries they overlapped and omissions were frequently made. Also, risk was often managed separately in each business unit and function, with little co-ordination between them.

Today, the situation is different. Banks, insurers and other financial sector companies manage (or at least aspire to manage) all their risks in an integrated way, across all of the organisation’s central functions and business units. This is known as enterprise-wide risk management, whereby the organisation takes a single view of risk and return: risk is more closely aligned with business strategy, capital is more efficiently allocated, business performance is improved and the outcome is enhanced shareholder value.

This was the subject discussed at The Banker’s Risk Management Round Table in London in September, attended by senior risk and finance executives in the finance sector. Participants discussed the role of risk management in the current liquidity and credit crisis, and what risk managers might do differently in the future. But the focus was to discuss the concept of a single view of risk and return and explore some of the ideas presented in a supplement published in September by The Banker, in association with KPMG – Standing out from the crowd: bright ideas on risk management.

THE PARTICIPANTS:

	Brian CaplenEditor, The Banker (and round table chairman)
	Jean AlexisVice-president, global e-business risk and control head, Citibank
	Brandon DaviesManaging director, risk academy, Global Association of Risk Professionals
	Shaun CookeVice-president, EMEA finance,corporate & investment banking,Bank of America
	Tim HarrisGroup chief accountant,Aviva
	Nigel HarmanPartner, financial risk management,KPMG
	Volker ThierPartner, financial risk management,KPMG

The debate was started by Brian Caplen, editor of The Banker. He was concerned about the negative impact that regulation – and its “massive complexity” – was having on the financial sector, and whether taking an integrated approach to risk could mitigate some of the red tape burden. Nigel Harman, a partner in financial risk management at KPMG, said that the rush to comply with an increase in regulation – in particular the Basel II capital accord and the Sarbanes-Oxley Act – had initially resulted in banks and other financial institutions taking an unco-ordinated and overlapping approach to regulatory compliance and risk management. Now, however, having had time to reorganise and reflect, organisations were taking a more integrated, “single” view of risk, with the aim of managing them together and gaining more value from the process. This holistic approach necessitated a closer alignment with business strategy and capital management, said Mr Harman. Shaun Cooke, vice-president, EMEA, corporate and investment banking, at Bank of America, said: “Risk in its own right is a huge subject but matching risk with reward adds another dimension.”

Being in finance, it was his job to look closely at “the reward side of the equation”, including the calculation and use of economic capital.

Solvency II

“From an insurance perspective, there is something of a sense of ‘watch and learn’ from the banking sector,” said Tim Harris, group chief accountant at Aviva. “Solvency II [the European Commission directive proposed in July, which will require insurance companies to improve their risk management and capital adequacy] is coming, and that will allow insurers to identify diversification benefit, which will be essential from an economic capital perspective, although it is an imprecise science.

“But you will not be able to take advantage of diversification benefit unless you can demonstrate the strength and vigour of the risk management practices that will be necessary to underpin it. That will create a huge impetus to ensure that we raise our game in this space,” he said. However, the regulators will not be the only ones looking more closely at insurers’ risk management practices: the commercial world, led by the rating agencies, will be interested, too.

Mr Caplen asked to what extent operating across many countries with different regulatory regimes made risk management more difficult. Jean Alexis, vice-president, global e-business risk and control head at Citi, said it had a big impact. “We have activities in over 100 countries so it is quite a challenge,” he said. “Our primary regulator in the US is the Office of the Comptroller of the Currency. As a US bank, we operate according to the US rules with, in the UK for example, the Financial Services Authority [FSA] in second place in terms of supervising our operations.”

Mr Alexis said that risk management in banking had “changed considerably” in the past two years as a result of Basel II. “Risk management used to be completely independent from the business and operated according to its own agenda, albeit in a way that was sensitive to business requirements. Now it is more regimented and process-oriented. There is still an element of independent risk thinking, but less than [there was] four years ago.”

Force for change

Brandon Davies, managing director of the Risk Academy at the Global Association of Risk Professionals, agreed that Basel II had been a major force for change. “The internal capital adequacy assessment process required by Pillar 2 of Basel is now central to how we look at risk and return,” he said. “Many useful changes in risk management have been driven by regulation. With Basel II, and even more so with Solvency II, banks and insurance companies have been very involved in the process. The Solvency II directive is Basel with the rough edges smoothed off. It has been well received. Much closer work with the regulators has meant that it makes sense.”

“I completely agree,” said Mr Harris. “The engagement of the industry with the Committee of European Insurance and Occupational Pension Supervisors and with the European Commission in the development of Solvency II has been hugely positive. Provided it really does give an economic view of the insurance business – based on the risks the industry takes – it will be a massive step forward and is the right way to achieve buy in from the regulators of the industry.”

Supervisory spotlight

Mr Caplen noted that regulatory bodies assigned specific staff to supervise specific institutions. Mr Alexis said: “At Citi, we certainly see a lot of the FSA.”

It was the same at Aviva, said Mr Harris: “There is an FSA team, perhaps not solely dedicated to looking at us, but with a lot of full-time resource. We find it works well. A close and continuous relationship is a neater way of doing it than doing it on an arm’s length basis. One thing that has impressed me about our supervisory team is the close dialogue they maintain with the various European regulators. The FSA is our primary regulator because we are a UK domiciled company, but the individual regulators in other countries are also important, and the FSA does an excellent job of ensuring they all talk to each other.”

“Is all the regulation joined up?” asked Mr Caplen. “In some jurisdictions, surveillance of e-mails is regarded as a good thing, but in others it is seen as interfering with privacy. What other examples are there of contradictory regulatory requirements?”

Mr Davies said that Basel II was an example of divergence in regulatory approach. “On the whole, I would suggest that under Basel II we have more joined up thinking than ever before,” he said. However, there was a strong likelihood of the US implementing Basel II differently from how it would be applied in Europe.

Mr Harman said that how US lawmakers and regulators would apply Basel II was not yet entirely clear and would be of great significance to the industry; and Mr Cooke said that at least in the EU there was greater harmony.

Organising risk

On the topic of how risk is organised in a company, Mr Caplen said it was important that it was managed at the highest level and was an integral part of business’s strategy, especially where mergers and acquisitions were concerned.

“Risk management operates at a very senior level at Citi, and the approach is now uniform, globally,” said Mr Alexis. “The processes are identical in Japan and New York.” However, the input of risk managers at a regional and a business level is still essential, he said.

Mr Harman acknowledged that the question of where risk management is applied is important. “Should it be close to the business, or should it be centralised? The recent trend has been towards risk management as a partner to the business and therefore close to the business,” he said.

“At Bank of America, there is a degree of connectivity between the business and risk at every level,” said Mr Cooke. “For example, our risk managers sit on the trading floor in close contact with traders, and most risk managers are ex-traders themselves.”

Mr Harris said there were parallels in insurance, but that banking was ahead. “The acid test, as we move from risk management being a response to regulators and rating agencies, to risk management practices informing business decisions, is whether we can develop business partner relationships.”

Volker Thier, a partner in financial risk management at KPMG in Germany, said it was important to introduce “the right amount of connectivity between local and top levels” of risk management. “Banks are often not homogeneous in the way they conduct their business, so an appropriate risk management presence is also needed locally... But, at the tactical and strategic level, it all has to be brought together through an efficient governance structure and standard reporting process that have to be followed.”

Market volatility

Mr Caplen said that the current credit crisis and volatility in the markets was, to a large extent, caused by the complexity of modern products and banks’ inability to measure the risks that these products posed. Mr Harman said it threw the subject of scenario analysis into a sharp light. “Should we go back and look at how scenarios are constructed?” he asked, and said that the crisis had caused many banks to re-evaluate the risks they faced and the assumptions underlying risk management techniques.

Mr Caplen said that reputational risk had come to the fore as a result. “I do not think Bear Stearns, for example, would have had to support its funds if it did not want to; they were off the balance sheet. It supported them for reputational reasons. When these kinds of financial structures are put in place, banks should think about the reputational implications as well as the legal, credit and market implications,” he said.

Mr Davies said that under Basel II, capital is required for support lines for commercial paper, which means that banks have entered this crisis heavily capitalised. “I do not know the exact figures, but most banks are running at between 12% and 15% capital ratios,” he said. “They have an ability to take some of that risk back on the balance sheet. They have not made much use of their capital. They have not been able to use their balance sheets to make profits; they have made profits by moving things off the balance sheet.

“Active risk management has told banks that there is no way they can justify holding this stuff on the balance sheet on a shareholder value added basis. For many of the big banks, it did not make economic sense to keep things on the balance sheet,” he said.

“The analysis being made before the crisis was that in our new world, with the use of credit derivatives and off balance sheet structures, risk was being spread around the system so banks were much safer,” said Mr Caplen. “That may have been true. But now we are finding where that risk really is, and US sub-prime risk is being held by German bankers who have perhaps not had experience of dealing with it.”

Liquidity supply

“The other assumption made previously was that liquidity was plentiful,” said Mr Harman. “That’s certainly not true now. This assumption has been proved wrong more than any other. Most scenario type analysis for risk management did not cater well for this turn of events, but in most banks, risk management structures have stood up very well. Losses, although unwelcome and in some cases significant, have generally not been unexpected given the type and scale of market movements that have occurred,” he said.

“Liquidity is what we least understand,” said Mr Davies. “We have become more reliant on exogenous liquidity, where liquidity comes from the assets themselves. Liquidity from assets is effectively pawn broking, and has become a major source of liquidity. Full intermediation banking was liquidity coming from the deposit side of the bank and the long-term funding side.

“Northern Rock is reliant on exogenous liquidity, and that is a very different form of banking. When asset-based liquidity in the market breaks down, pressure builds very quickly.”

Mr Thier said that the current credit and subsequent liquidity crisis was asking for a fresh perspective on liquidity risk within risk management organisations. The market had not seen a big liquidity crisis for years. When looking at liquidity risk management, monitoring and modelling was predominantly focused on the short-term liquidity and compliance with regulatory ratios. With the crisis, it became apparent that focus needs to move to the term structure of liquidity and its interdependencies with other risk categories, he said.

Mr Caplen said the banks’ thirst for mortgage assets to securitise and move off balance sheet led to the growth in sub-prime lending. “You can see the weaknesses in that.” Mr Davies said that he thought there would be a regulatory backlash as a result. However, Mr Cooke said that he thought there would also be many internal post-mortems by banks that would take action to prevent “something like this happening again”, which might pre-empt drastic regulation. Mr Cooke did not think that big banks would come under regulatory pressure, but that smaller banks and hedge funds managers might.

Public opinion

Mr Thier said the credit crisis had affected opinion in Germany: “There is a certain degree of bewilderment in the press and among the regulatory bodies about the dramatic nature and effects of the credit and liquidity crisis in what has been regarded as a strongly regulated market environment with a strong focus on risk. These effects have occurred while institutions have been adhering to all their internal risk management principles and limits.”

That, according to Mr Their, poses some interesting questions: “Do we need to take a fresh look at what risk management functions should look like and what they should focus on?” One component of the answer, he said, was to ensure that risk management organisation was well aligned to the business model and all the risk that comes with it.

Mr Caplen said some of the blame could be laid at the door of the rating agencies, which had not accurately predicted which institutions would present the biggest credit risk. Mr Cooke said the problem was, arguably, that rating agencies had been “bullied” by banks into giving more favourable credit ratings than they should have done.

Mr Harris said that after the Enron scandal, auditors were now properly regulated, “but regulation of rating agencies is practically non-existent”. There are not many of them, and the impact they have on the market is “amazing”, he said.

To sum up, it was generally agreed that all of the problems faced by the modern risk manager could be tackled better if the risk framework in place spanned the entire organisation. But ensuring there is a single view of risk is only half the story – the other half is aligning that view to the business, and improving business performance.

This round table was sponsored by KPMG but the report was independently written and edited by The Banker.