Extracting value for higher business performance

RISK MANAGEMENT ROUND TABLE

THE PARTICIPANTS:

Sundeep TuckerAsia financial correspondent of the Financial Times and chair of the round tableLarry FarleyDirector within the leverage finance credit group of Citigroup Asia PacificRoy KinnearChief operating officer JPMorgan Asia PacificAndy SoHead of risk management for greater China at DBS Bank

Kevin LindsellChief risk officer of Standard Chartered Bank (Hong Kong)Douglas LecocqHong Kong-based partner in KPMG’s actuarial and financial risk management divisionFrederic LauGroup risk director of Dah Sing BankMartin WardleHong Kong-based partner in the financial services division of KPMG

Sundeep Tucker, Asia financial correspondent of the Financial Times and chair of the round table, started with the topic of regulation and that the Markets in Financial Instruments Directive (MiFID) had just been implemented after nine years in gestation.

“This is the latest of all kinds of regulation that has happened over the past few years including Sarbanes-Oxley and Basel II,” he said. “How complex were these regulations and how did they impact on the risk management within organisations?”

Larry Farley, director within the leverage finance credit group of Citigroup Asia Pacific, acknowledged that the welter of new rules had resulted in myriad stress tests required by the regulators, although he observed that it was one thing to conduct them and another thing to act upon them.

Roy Kinnear, chief operating officer JPMorgan Asia Pacific, said that regulations such as MiFID, Basel II and Sarbanes-Oxley, had resulted in a greater level of senior management involvement in the whole risk process and an increased awareness of risk.

“Certainly within our organisation the risk awareness has gone up the chain; it has become much more of a globally managed but locally executed process,” he said. “There is a much greater awareness around the need to have the appropriate controls in place, the appropriate risk procedures, the appropriate limits, monitoring of those limits and monitoring of behaviour generally, and probably an increased awareness around all the operating risk issues that banks like us are facing.”

Andy So, head of risk management for greater China at DBS Bank, said that the new regulations introduced three challenges – starting with the raised expectation on directors and senior management to oversee the risk management process, and the fact that many of the newer regulatory requirements impinged on frontline staff, and not just the back office.

The third challenge was having to implement regulations across the different locations DBS operated in, including mainland China, Hong Kong, Singapore and the rest of Asia, where regulators each have their own standards and expectations.

Mr So said: “The general requirements are more of less the same, but the devil is in the details. For example, you may encounter small differences in the definition and classification and as such you cannot just use one single set of reports to meet all local regulatory requirements.”

Kevin Lindsell, chief risk officer of Standard Chartered Bank (Hong Kong), pointed out the industry’s role in the creation of Basel II: “We wanted the change in regulation; the regulators responded to the banking industry’s call.”

However, Mr Lindsell agreed with Mr So that the home-host conflict presented a challenge, especially given that Standard Chartered operated across 55 countries.

“Our home regulator is the FSA [Financial Services Authority] in the UK and different regulators are applying different interpretations of the same accords,” he said. “That is the biggest challenge that we face in terms of managing those conflicts, because I think all banks tend to run their businesses as global business lines, so it is very difficult to carve out one country.”

Mr Tucker asked what was the solution to this home-host issue?

Mr Lindsell admitted that the bank would face difficulties in jurisdictions in which the regulator did not adopt a principles-driven approach. He praised the “accommodating” approach of the Hong Kong Monetary Authority and regulators in China and Taiwan for encouraging the creation of industry working groups to address the issues.

Mr Lindsell distinguished between Basel II and Sarbanes-Oxley – the latter he believed was being imposed by regulators as a draconian measure.

Douglas Lecocq, a Hong Kong-based partner in the actuarial and financial risk management division of KPMG, said: “I see a lot of organisations where, when something new comes out, they say, ‘Okay, well, we need a project team’ and essentially it is a process of bolting on MiFID, bolting on Basel II, bolting on Solvency II, rather than saying, ‘Okay, well what do we already know?’”

Martin Wardle, a Hong Kong-based partner in the financial services division of KPMG, agreed with the distinction made by Mr Lindsell regarding Basel II and Sarbanes-Oxley.

He added: “There has been a huge burden, in my view, over the past few years and, frankly, there is not an awful lot of regulatory co-ordination in terms of when some of these things come in, so you have securities regulators implementing Sarbanes-Oxley, you have Basel II coming in, and IFRS [International Financial Reporting Standards]. All of these things came along for the banks at pretty much the same time and… it puts a particularly huge strain on the finance functions and the compliance functions within those organisations.”

Mr Lindsell and Mr Kinnear noted optimistically that regulations would converge over time as regulators, industry and the audit profession became more familiar with them.

Organising risk

How the risk management process is structured within an organisation has emerged as an important issue at boardroom level in recent years. Mr Tucker asked whether banks still operated on a ‘silo’ basis or had appointed a single executive to oversee risk?

Mr Farley answered: “We have the compliance and the risk function joined at the hip and they work together as a team to make sure that all risks are appropriately monitored and comply with the various regulations within whatever geographic region we are working. However, we keep the audit function separate and distinct and I think that is critical.”

Mr Kinnear said that the audit function was also independent at JPMorgan. He added: “Within our various lines of business we have robust risk organisations that then come together at the top of the house and it is really the responsibility of those guys working with the business to make sure that they are aware of all the regulations that apply appropriately to them and to their line of business.”

Frederic Lau, group risk director of Dah Sing Bank, said he reported to the CEO and to a separate risk management committee. “In our bank all risks are under the direct or indirect supervision of the risk director.” He added that there was a separate audit department, which reported to the audit committee, to audit the work of the risk management function and the other frontline operations.

Mr Lecocq asked which of those present were board members. Mr Lau, who previously worked for the HKMA and the US Treasury, said that he was on the board of Dah Sing Bank and Dah Sing Banking Group.

Mr Lindsell said that Standard Chartered was organised along the “three lines of defence” structure as outlined earlier in the discussion by Mr Lecocq.

The first line covers the front and back offices that expose the organisation to risk and these should report to management. The second line of defence is the area of risk management and compliance, which should monitor the front line. The third line – the internal audit – should be separate from the other two and report to the audit committee.

Mr Lindsell said: “I think a lot of banks are still struggling with how they determine what risk appetite should look like at the operational risk level. Credit and market risk is something the banks have done a fairly good job at, current liquidity problems aside. But operational risk is going to be the next frontier that we all have to get to grips with.”

Much has been written about how the compliance function can be used to enhance business performance and extract value from risk management. Mr Tucker asked how the banks are going about this.

Mr Kinnear said that there must be a robust approval process surrounding the introduction of new business initiatives, so that these risks are fully understood both by the business and at the sign-off stage. “There is an increasing awareness around the suitability and appropriateness of the product to the client,” he added. “You are beginning to see some of the processes that were applied automatically on the fiduciary side now also being applied elsewhere, because of this view that we have to be able to manage that residual risk.”

Mr So said that his bank was using the Basel II regulations to better link together capital risk and return.

However, he said that the subprime crisis has given a wake up call to Asian banks. He added: “When we evaluate risk versus return we cannot just look at the risks being taken on or off our balance sheet. There are other kinds of invisible risk. There are reputational risks, so when a crisis like that happens there could be the situation where some customers come back to you saying ‘why did you not tell me this?’”

Mr Lau said it had been a challenge to implement the concept of a common language of risk and return since his arrival in 2004. “In the bank there are all different kinds of measurement of performance and I always ask one question: our retail bank earned $300m a year and the trading desks earned $300m a year; which one performed better?” he said.

“The answer is we do not know. In a small bank such as Dah Sing there is no urgency to have this answered. I think that the regulators who push Basel II requirements really help the risk management progression.”

Mr Lindsell said that the bank was using Basel II to help drive through business decisions. “For instance, you can do more unsecured lending to high quality investment grade names and you will now get a lower capital charge than what you had under Basel I,” he said.

He added: “Interestingly, on the consumer side it is a little more difficult. What do you do with a credit card portfolio where the capital charge under Basel II just goes through the roof, despite the fact that customers are increasingly using credit cards? This is forcing them to look at the true value proposition. Is the credit card really the driver that gets your client through the door so you can cross-sell other products? The business has to articulate that now, whereas in the past it was likely to be a basic assumption without really knowing the answer.”

Mr Wardle said that pricing of products sometimes did not reflect the risk, and that remuneration structures were often focused on short-term returns. He said: “Focusing on the risk functions is very timely, but as time goes on and the good times come round again, it is important that the banks institutionalise this process, because banks tend to have short memories.”

Current credit crisis

The past few weeks have been tumultuous for the global banking industry with some of the world’s biggest investment banks, including Citi and Merrill Lynch, revealing collosal write-downs.

Also, a bank that you would have expected to manage risk better, such as UBS, has said in recent weeks that it is going to take another look at the way it manages risk following unexpected losses. Mr Tucker asked what had gone wrong and what lessons were to be learned?

“Generally speaking, people were somewhat blind to the lack of focus on the liquidity risk, because the markets had been so liquid for so long and that just totally vanished,” said Mr Farley. “There was no bid at all for the paper. It is very difficult, irrespective of what your model says, if there is no bid out there on how you price it.”

Mr Tucker asked whether the case of Northern Rock, the troubled UK mortgage lender, showed a lack of intellectual rigour of the risk management function?

Mr Kinnear answered: “The interesting thing about the Northern Rock situation was that it seemed to have had all the discussions with the regulator that it needed to do and all the stress testing and scenario analysis that it was required to do, yet what happened still happened.”

Mr Wardle agreed with this point, but asked whether banks’ were undertaking extreme stress testing or just playing around at the margins?

Mr Lindsell added: “I think it is widely regarded the Bank of England got it wrong. Northern Rock is probably an embarrassment for them.”

There was general agreement that financial instruments that were being used were successful in moving risk off the vendor balance sheets – but the problem was that no-one knew where that risk finally came to rest and how it was being financed.

Asian banks largely did not place big bets in the world of structured products such as collatoralised debt obligations (CDOs) or subprime mortgages, and so have escaped much of the fall-out. Nevertheless, the discussion showed that the issue is very much at the top of the agenda for risk managers across the region.

Mr So said: “We do not actually learn from each other. I like [quantitative] models but I would like to highlight the fact that we are over-reliant on them and we forget traditional wisdom. Human behaviour has never been factored into models, but that is what drives everything. The liquidity is still there in the system, but all of a sudden people are basically reluctant to take the risk.”

“One thing we learned is that you can never fully understand the market, said Mr Lau. “We have never before seen what happened in the CP [commercial paper] market in the past two months. Coming back to the subprime issues, I think the US regulators encouraged a lot of these innovative instruments to be put up by financial institutions and I do not understand why they allowed this to happen.”

The role of institutions

Rating agencies, regulators and shareholders all have a key impact on the risk management process and Mr Tucker asked whether they could each take steps to help banks better manage the risk landscape.

Mr Kinnear called on governments and regulators to avoid knee-jerk responses to current issues and to take a step back to understand the situation before deciding if further changes are needed.

Views were mixed on what role the rating agencies played in the current credit crisis, with Mr Farley saying that the ratings on certain products were not based on reality.

“I have some sympathy for the rating agencies here,” said Mr Lecocq. “What they do is assign a rating primarily based on probability of default. What has happened in the subprime market is that there is a liquidity issue, rather than a case of defaulting, so I am not sure the credit agencies got that wrong.”

Mr Lindsell said: “To prescribe regulation on how people develop products would, I think, be going in the wrong direction. Maybe it does come down to rating agencies and I agree that there is a conflict of interest, but fundamentally pretty much all of our businesses have the same conflict. We are all there to generate revenues but the market trusts us to apply a certain level of control.”

He added: “Take it a stage further, everyone is looking at Hang Seng index right now and saying that this level [of 29,000] is madness. Does the regulator step in and stop it? That would ruin the concept of a free market economy.”

Mr Wardle said: “I do think one area where the regulators could focus more effectively is liquidity, looking at the source, quality and sustainability of liquidity rather than focusing on short-term, legislative and numeric measures of liquidity. I do not think, in some cases, they tell you an awful lot about the real risks.”

He added: “I think the problem you have got with the rating agencies now is they are so entrenched and so big, it is like looking at the big four audit firms and asking ‘what do we do? Do we force one to break up?’”

Blue sky thinking

The final theme discussed was the latest developments in the field, such as risks to brand, reputation and the environment, which are rising in importance. Mr Tucker asked what organisations were doing to account for such scenarios.

Mr Farley said many of these supposedly newer risks were not really new, though he added that it was important to take a holistic approach to aggregate exposure throughout your organisation.

Mr Farley said that the buzzword was convergent risk, where market risk and credit risk move together, and that some products are evolving into that. He added: “It is no longer a bifurcation of the two, it truly is more of a meld of the two. Within Citigroup we are starting up our convergent risk group.”

Mr Wardle said: “I would agree that the risks have always been there, but I would say that I think social values change and the awareness of risks change.” He added: “There will always be the next unforeseen event, whatever we do, we will be sitting here in a few years’ time talking about that one.”

Cost issues will come to the fore, said Mr Lecocq, as the appetite to continue to increase spending on risk management starts to wane. He said that firms will start to rationalise expenditure and aggregate the approach to ensure that money is spent efficiently.

Mr Lindsell said: “The one thing that will change the way we do business going forward, although it is difficult to predict precisely how at this stage, is that under pillar three of Basel II, banks have to increase the level of disclosure on how they manage risk. Banks are going to have to disclose a lot more about how their portfolios are put together and how they manage the risks within those portfolios.”

This round table was sponsored by KPMG but the report was independently written and edited by The Banker.