Weak Links in Risk Management Programs
An article published in the current issue of Bank Systems & Technology discussed the weak links in the risk management infrastructures of some of the larger financial institutions during last year’s economic meltdown. It seems that many institutions had to rely on highly manual, time consuming processes to understand their full risk exposures. Here is their view.
Weaknesses in the infrastructure often limited banks to identifying and aggregating exposures across the bank. A fragmented risk architecture dispersed over a multitude of systems made the reconciliation of the relevant data a time-consuming exercise, which was at best semi-automated, but more often a manual process. This led to banks needing far too long to aggregate their exposures and other relevant accounting and risk figures on a firmwide level. In the bankruptcy case of Lehman Brothers, for example, it was reported that it took some banks more than three weeks to determine their overall exposure to Lehman.
An inflexible risk environment within the banks rendered them incapable of reacting to sudden changes driven by external and internal circumstances—for example, the ability to perform ad hoc stress tests to assess the impact of new stress scenarios designed to address a rapidly changing environment.
In short, the interlinkage among risk types was not captured. The recent crisis has exposed the strong dependency among credit risk, market liquidity and funding liquidity pressures. Banks need to move away from silo-based risk management to achieve a more integrated and connected way of managing risk.
An integrated approach is not only required, it is also the most cost-effective solution in times like these. Wheelhouse Advisors provides services to help companies build an integrated risk management program. Visit www.WheelhouseAdvisors.com to learn more.
Much More Enterprise Risk Management Work Remains
A recent report by Governance Metrics International (”GMI”) demonstrates that most major public corporations have a great deal of work remaining to improve their enterprise risk management practices. GMI rates corporate governance and risk management practice for 4,162 companies worldwide. Here is a summary of the major findings from the report.
Standardized disclosure of company-wide risk management is lacking
- Only 33.1% of the 4,162 companies covered by GMI worldwide provide comprehensive disclosure on their enterprise risk management policies (ERM) in the annual report or other publicly available source
- Only 8.4% disclose they have implemented a nationally or internationally recognized risk management charter or standard such as COSO’s Integrated Framework for Enterprise Risk Management
Risk committees of the board are even less common and are sector-specific
- 27.6% of companies covered by GMI disclose having a combined audit and risk committees
- 5.9% of companies covered by GMI disclose a stand-alone board level risk committee or subcommittee
- These were most often found among Banks (35.1%), followed by Life Insurers (21.3%) and Non-life Insurers (17.6%)
- There were no stand-alone board level risk committees or subcommittees in 11 of the 41 sectors covered by GMI
According to GMI President and CEO Howard Sherman, “Events of the last year have made it clear there is a need for heightened risk oversight at the board level. As companies start to come to grips with the challenge, we thought now would be the right time to start to develop a baseline. Our expectation going forward is that companies seen to be taking serious steps to augment risk oversight, especially in the financial sector, will be rewarded by the market.”
Wheelhouse Advisors is prepared to help your company improve its corporate governance and risk management practices in a cost-effective manner. Visit www.WheelhouseAdvisors.com to learn more.
Resorting to Plan C
This week, the Washington Post revealed that the U.S. Treasury has launched an internal effort to determine the size and nature of credit risk across the U.S. financial system. The effort is portrayed as the development of a last-ditch plan to understand the full scope of credit risk and where it resides. Here is how the Post described the effort.
Informally known as Plan C, the internal project is focused on vexing problems such as the distressed commercial real estate markets, the high rate of delinquencies among homeowners, and the struggles of community and regional banks, said government sources familiar with the effort.
Part of the mission is assessing which firms are the most vulnerable and trying to decipher what assets these companies hold and whether they pose a danger to the wider financial system. Plan C is a small-scale, relatively informal approach to a problem the administration hopes to address in the long term by empowering the Federal Reserve to oversee systemic risk. The creation of Plan C is a sign that the government has moved into a new phase of its response, acting preemptively rather than reacting to emerging crises, officials said.
This revelation is somewhat disturbing and promising at the same time. It is disturbing that the government is just now beginning to work on an effort such as this, but promising in that they are working to prevent future problems rather than just cleaning-up after the fact.
Keys to Success for a Chief Risk Officer
In a recent article written by John A. Wheeler of Wheelhouse Advisors LLC, the evolving role of the Chief Risk Officer (”CRO”) is examined. Many companies are either elevating the role or creating the role anew. To be successful, companies must be aware of what is ultimately required for both the role and the person assuming the position. Here is a brief excerpt from the article addressing this issue.
The true CRO should be the champion and ultimate sponsor of ERM within an organization. To succeed in achieving this objective, the role requires the commitment and full support of both the board of directors and CEO. In addition, the role requires a unique skill set that combines a deep understanding of the business, an appreciation for risk management principles, strong leadership capabilities, and a strategic mind-set. This is a tall order for most organizations, especially when budgets are tight and short-term earnings pressures are so acute.
The challenges do not end there. At the core, the organization’s culture must align with and support the ERM program. This means that its managers and employees must have a certain level of risk awareness as well as a willingness to own the risks they take. This is created by leadership emphasis from the CEO, CRO, and other senior management members. However, more importantly, the compensation and performance management structure must be designed to provide incentives for appropriate behavior within an organization’s risk appetite.
Simply appointing someone to the position of Chief Risk Officer without understanding what the role requires or addressing the cultural implications will result in certain failure. Wheelhouse Advisors can help your company establish the proper environment for a Chief Risk Officer to succeed. To learn more about how Wheelhouse Advisors can help, visit www.WheelhouseAdvisors.com.
Regulatory Reform Details Begin to Emerge
Details of the Obama administration’s plan for regulatory reform are beginning to trickle out and it appears as though the devil for financial institutions is truly in the details. Here is what the Associated Press reported yesterday.
Under the administration’s proposal, companies such as Citi, Goldman Sachs and others in a broad top tier engaged in complex transactions would face stricter scrutiny and have to hold more assets and more cash as cushions against a downturn. They also would have to anticipate their own demise, drafting detailed descriptions of how they could be dismantled quickly without causing damaging repercussions. Think of it as planning their own funerals — and burials.
Obama’s plan, in short, aims to make it far less appealing to be so big. That was the middle ground the administration sought, a step short of an outright ban on systemically risky companies. ”Without banning them we’re providing some pretty heavy penalties for entering” the top group of institutions that could pose a risk to the entire financial system, said Diana Farrell, deputy director of the White House’s National Economic Council. ”The regulator might say to a large institution, ‘Make sure there is very good reason to allow yourself to get that big, or that interconnected, or that complex because the penalties will wipe out any advantages, such as lower cost of capital, you might have.’”
Large financial institutions in the U.S. will face many regulatory challenges and should be preparing their companies for the imminent changes to come. Many of these companies’ strategic plans will be impacted by the new rules and the risks they carry.
Shifting Risk Landscape Requires Greater Focus
The current issue of Harvard Business Review is dedicated to providing insights and recommendations on managing in the new “post-meltdown” world. One article focuses squarely on the impact to risk levels throughout an organization and how companies are responding. Here is what they reported.
Since the recession set in, many shifts have occurred in the enterprise risk environment; some threats are rising, while others are falling. Security budgets are being cut deeply and pervasively—though not always in ways responsive to these fluctuations. Security directors must do more with less while helping their businesses clearly understand the shifting threats and ensuring that the most urgent priorities are addressed. For that reason alone, adopting an enterprise risk perspective as a recession coping strategy is itself an urgent priority. The goal of enterprise risk management is to track, quantify and analyze these shifting thresholds of risk throughout an organization.
Companies must find ways to work smarter and more efficiently. One of the most effective ways to streamline enterprise risk management is to adopt an integrated approach that aligns all risk related functions and eliminates redundant activities. Wheelhouse Advisors can provide a quick diagnostic review to determine how your company can improve its enterprise risk management program in a cost-effective manner. Visit www.WheelhouseAdvisors.com to learn more.
Obama Financial Regulatory Overhaul Blueprint Released
The Obama administration today released their much anticipated blueprint for financial regulatory reform. As expected, it outlines several goals of a reform effort. The goals include the following:
- Promote Robust Supervision and Regulation of Financial Firms
- Establish Comprehensive Regulation of Financial Markets
- Protect Consumers and Investors from Financial Abuse
- Provide the Government with the Tools it Needs to Manage Financial Crises
- Raise International Regulatory Standards and Improve International Cooperation
While these are noble goals, the blueprint document offers little in terms of specific actions other than the creation of more agencies and committees to address the concerns. This will result in greater regulatory complexity and reduced governmental accountability. For individual companies, this will certainly require greater investment in compliance programs to address the new governmental requirements. Since the requirements are unknown at this point, companies will be well served to have a nimble and flexible infrastructure in place in order to adapt to the new regulatory regime. Are you prepared? Wheelhouse Advisors provides cost-effective solutions to help companies meet the increasing risk management and compliance demands. Visit www.WheelhouseAdvisors.com to learn more.
Mark-to-Market Mess
Former Federal Reserve Chairman Paul Volcker recently provided some interesting insight into the role of mark-to-market accounting in the current economic crisis. In a speech to the International Institute of Finance, Mr. Volcker noted the following.
There isn’t much doubt that attempts to enforce strict application of mark-to-market accounting procedures has contributed to confusion, uncertainty and inconsistencies among financial institutions. There is a strong case for reviewing the application of so-called fair value standards to commercial banks, insurance companies and perhaps certain other regulated financial institutions.
The problem is not only the difficulty of measuring value in highly disturbed market conditions. More broadly, strict mark-to-market accounting — entirely appropriate for trading operations and investment banks — may introduce a degree of volatility in reporting incompatible with the basic and essential business model of banks, which inherently intermediate maturity and credit risks.
There is no doubt that mark-to-market accounting contributed to the death spiral of many institutions as they tried to mark positions to a market that temporarily ceased to exist. While mark-to-market accounting is noteworthy in its attempts to provide greater transparency, it currently possesses some very serious unintended consequences that must be rectified.
Risk and Reward Debate Heats Up
The debate over incentive compensation plans role in excessive risk taking at major corporations is heating up. In today’s Wall Street Journal, an article provides a good overview of both sides of the debate and what companies can expect from potential government regulation.
“There’s not an easy cause and effect relationship” between pay and risk, says Don Delves, a Chicago compensation consultant. “We don’t know how to do it yet.” Nonetheless, federal officials want companies to try. Treasury Secretary Timothy Geithner Wednesday recommended companies assess pay packages to discourage “imprudent risk-taking.” Soon after, Securities and Exchange Commission Chairman Mary Schapiro said the agency is considering requiring companies to disclose “how compensation impacts risk-taking” in annual proxy statements.
Is your company prepared to assess risk associated with pay packages? Wheelhouse Advisors can help. Visit www.WheelhouseAdvisors.com to learn more.
More Risk Management Work Remains
A recent survey demonstrates the need for more work to improve risk management practices at financial institutions across the globe. Results from the survey conducted by Deloitte show that while great strides are being made in strengthening corporate governance, the supporting risk management infrastructure at many institutions continues to be a work in progress. The following are some significant findings from the survey of 111 financial institutions across the globe.
- Seventy-three percent of the institutions surveyed had a Chief Risk Officer (CRO) or equivalent position. As an indicator of the role’s importance, the CRO reported to the board of directors and/or the CEO at roughly three quarters of these institutions.
- Only 36 percent of the institutions had an enterprise risk management (ERM) program, although another 23 percent were in the process of creating one. Among institutions with $100 billion or more in assets, 58 percent had an ERM program already in place. The institutions that had ERM programs found them to be valuable: 85 percent of the executives reported that the total value (both quantifiable and non-quantifiable) derived from their ERM programs exceeded costs.
- Roughly three quarters of the institutions had fully completed or substantially completed the work required to identify operational risk types, and to standardize the documentation of processes and controls for operational risk. Yet, only roughly 40 percent of executives considered their operational risk assessments and their internal loss event data to be well-developed. Other operational risk methodology areas, such as key risk indicators, external loss event data, and scenario analysis, were said to be well-developed by 20 percent or less of the institutions surveyed.
- Many institutions may have significant work to do to upgrade their IT risk management infrastructure. Roughly half of the executives were extremely or very satisfied with the capabilities of their risk systems to provide the information needed to manage market and credit risk. In other areas, such as systems for liquidity risk and operational risk, 40 percent or fewer provided ratings this high.
