• No tags were found...

Regulatory Capital, Models, and Holistic Balance Sheet Management

Credit Risk Management: Part 4Assets50February 2008 The RMA Journal

Regulatory Capital,Models, and HolisticBalance Sheet ManagementBy taking a holistic approach to balance sheetmanagement, you can see beyond the hype of currentrules and model-based approaches. This article detailsthe principles of such an approach as well as the stepsyou can take to effectively manage complex balancesheet risks.b y Dav i d M. Ro w e a n d Th o m a s DayBa n k i n g a n d f i n a n c e practitioners realize that risk,particularly its management, is a difficult topic. By itsvery nature, risk describes that which is unknown buthas the potential to occur. And risk management isabout trying to understand, explore, and mitigate unknownbut potential exposures.Perhaps as a response to risk’s unfathomable qualities,modern risk management portrays itself as a scientificexercise in prediction and forecasting. But itis not always so. Although specialized and complexmodels can be valuable tools for converting a disconnectedmass of data into actionable information, theyare simply one part of a wider process of risk managementthat is as much art as science.Recent market upheavals have emphasized onceagain that models—their implementation, specification,calibration, and parameterization—are mereapproximations, not “realities.” Moreover, gratuitouscomplexity can result in “black box” risk, in which thelack of model transparency becomes a risk factor.Today’s crisis environment also emphasizes how riskmodeling and risk management tend to focus on onetype of risk at a time when reality is much more complex.Although some risk models try to account for allrisk types (credit, market, price, interest rate, liquidity,operational, etc.), the practical reality is that many risks,especially complex, interconnected risks, border on theunknowable in a data- and model-driven context.Thankfully, we aren’t limited to data and models, butare able to use imagination and good judgment to thinkthrough business models and risk connections in a moreholistic way. This article has three simple aims:1. To highlight why a holistic approach to balance sheetmanagement is necessary.2. To describe how current rules and model-based approachesfall short—and why they always will.3. To propose several pragmatic steps to see beyondthe hype and into the harsh reality of what it takesto effectively manage complex balance sheet risks.What Is “Holistic” Balance Sheet Management?At the risk of introducing new slang into the riskmanagement lexicon, it is important to differentiate“enterprise risk management” (ERM) from “holistic”balance sheet management. Some would have youbelieve that ERM is a model- or vendor-based platformsolution. Rather, ERM is a governance functionthat starts with the board of directors, not models orThe RMA Journal February 2008 51

packaged software. There is no “easy button” for effectiveenterprise risk management. Nevertheless, sound ERMfor a bank or other financial institution does include aholistic approach to balance sheet risk assessment.Such an approach recognizes, first, that all risk is“derived.” That is, risk is a derivative impact originatingfrom some “source.” In the case of a balancesheet, risk is derived from cash flows, contingent andotherwise, and how those cash flows react to changingand evolving market factors. Serious—potentiallycatastrophic—risk is generally not transactional; it isthe result of risk pools and concentrations with linkagesacross the balance sheet that are often obscure atbest. For example:• Credit risk and operational risk: Was a loss the resultof credit risk or the result of an operational lapse thatfailed to perfect the bank’s security interest?• Reputational risk and funding liquidity risk: Will a regulatoryfine cause a funding problem for the bank?• Interest rate and default risk: Will rising reset rates onindexed ARMs cause a dangerous jump in paymentdefaults?Many risk linkages are far more subtle and complexthan the above examples. Given that most models aretargeted toward specific risk types—credit, interest rate,price, liquidity, structure, correlation, volatility—it becomesclear that integrating across these risks requiresmore than models; it requires improved governance,processes, principles, and, perhaps above all, imagination.Holistic balance sheet management accepts thismandate.Such active balance sheet risk management meanstaking a unified view across all risk types at the consolidated,or enterprise, level. This reaches beyond BaselII, wherein risk quantification is limited to credit, operational,and market risk and in which even standardasset/liability management for the banking book is relegatedto Pillar 2. It is also an approach based more onprinciples and expert judgment than on simple fixedparametermodels, such as the asymptotic single-factorcredit risk model embedded in Pillar 1 of Basel II.To effect good balance sheet management, one groupmust be given a mandate—backed by senior managementsupport—for active identification, measurement,assessment, and management of balance sheet risks.Perhaps ironically, this risk management activity maynot be performed by the bank’s risk management function.Why? Too many “risk management” groups areconsidered cost centers, just “compliance” functionserected to appease regulators, stockholders, and ratingagencies. Such risk groups document what businessunits do, but they don’t actually manage risk. Theirability to influence the business is severely limited.One risk practitioner described his role as a “glorifiedscribe.” In the words of former Citibank Chief ExecutiveJohn S. Reed:“Everyone in banking points to risk managementas a top priority, but that is often just lip service.Risk analysis can easily become a series of routinechores that offer little protection from theunexpected.” 1The existence of such groups is not necessarily abad thing. In highly regulated and privileged industriessuch as banking, where a public trust is at stake,there is a legitimate role for an independent group thatmonitors risk-taking business activity. Calling such activityrisk “management,” however, is misleading; risk“policing” would be a better term. There must be anothergroup that isn’t merely a cost center or a strictlycompliance function.This group is the balance sheet management function,and it should be expected to add—as well as protect—value.The job of such a group goes several stepsbeyond today’s traditionally staid ALM and Treasurypractices. It undertakes active management of holisticbalance sheet exposures across risk types. The aim ofthis division is to maximize earnings potential of thebalance sheet while being highly cognizant of where,why, and how risk is stored—including contingentand off-balance-sheet exposures.Moving in this direction often involves couplingeconomic capital, portfolio credit, and ALM groups, or,minimally, creating collaboration forums across thesegroups to produce a more holistic perspective on thebalance sheet. More often than not, such combining orcollaborating rapidly leads to better risk-based pricing,capital management, concentration monitoring, andlimits and discretionary activity to hedge, transform,or reduce oversized exposures. Holistic balance sheetmanagement—when done right—is exploratory andrelies as much on good judgment, expertise, and wisdomas on models and portfolio risk methodologies.Some might ask, “But isn’t this precisely what Basel IIis aiming to accomplish?”How Current Rules and Model-Based ApproachesFall ShortBasel II is an excellent, rules-based document. Much ofthe philosophy behind Basel II can be traced to value-atriskmodels used for trading-book risk assessment thatevolved in the early to mid-1990s. The credit portfoliomodel used in Pillar 1 of Basel II is a default-modemodel with fixed, albeit conservative, parameters. 2 Butconservative in exactly what sense? It’s conservative onthe basis of its measurement goal—credit risk—and theparameters resulting from calibration for expected and52February 2008 The RMA Journal

unexpected losses systemically.Although a huge advance from Basel I, the corecredit model of Basel II is already showing its age. Betterportfolio-modeling technology is already available.This highlights one of the regulatory burdens of BaselII. By being too rigid in model specification withinthe rules, capital assessment for Pillar 1 is now seenas mainly a compliance exercise, an outcome at severeodds with the inspired wisdom of Basel II’s original intentto create better risk management and improvedtransparency. One must wonder: If the dollars spent on“compliance with rules” had been spent on “adherenceto principles,” might some of the losses from the recentsubprime crisis been avoided? Without any claim tobeing exhaustive, some of those principles might includethe ideas listed in Table 1.Although Principle 3 from Table 1 is contained in Pillar2 of Basel II, industry focus has been concentrated onthe “rules” of Pillar 1 and the need to meet the demandsof Pillar 1 at all costs due to the unfortunate timelineswritten into law. Perhaps the timeline, or rollout, shouldhave started with Pillar 2 economic capital principles,not Pillar 1. Perhaps the better risk principles and moreintegrated risk management that adds business value aremore important than minimum regulatory capital rules,as unpopular as that statement may be. Perhaps suchprinciples apply to the entire industry, not just “bluechip” (otherwise known as “core” or “opt-in”) banks.Maybe “get it done” isn’t as valuable to safety and soundnessof an entire industry as “get it done right.”Recent announcements from rating agencies 3 andtheir approach to capital assessment seem more alignedwith where we should be aiming and are consistentwith the spirit of Basel II. Both pragmatic and groundedin basic principles, these new approaches rewardstrong risk management with potential for lower capital,earned via expert judgment rather than technicalcompliance with prescriptive regulatory capital rules.Compounding the above problems is the more technicalfact that much of the regulatory capital assessmentframework is data driven and limited in risk scope. Ofcourse, it is axiomatic that data is necessary for anyacceptable risk-modeling framework. Nevertheless, exclusivelydata-driven regimes will be found wanting inmany circumstances as a result of:• Product innovations.• Lack of sufficient historical time-series.• Fundamental market changes, such as regime shifts,new markets being connected, changes in tax law,and so forth.Model-driven risk assessment also suffers from thelimited range of risk coverage offered by most models.Most such models are designed to assess one or, atTable 1Principle 1:Principle 2:Principle 3:Principle 4:Principle 5:Principle 6:Principle 7:Maintain an integrated stress-testing framework.Impose escalating capital penalties for excessive risk concentrations.Deploy an internal capital assessment and allocation process.• Instrument level = advanced.• Product and business-unit level = standard.Ensure feedback into business decisions from return on risk capital.• Tied to incentive-based pay = advanced.• Used in relationship pricing models = standard.Implement a holistic balance sheet management process.Ensure a strong governance structure for risk monitoring and control.Ensure coverage of and integration across risk types, including liquidity,reputational, business, legal, and regulatory.most, a few risk types. Yet it is the complex interconnectionof risks that often does the most damage—especially under stress conditions.While we have criticized models and rules-basedpolicy, it is critical to recognize that models in general—andBasel II in particular—have been importantdrivers of improved risk management. The industry’sunderstanding of risk has improved significantly. Thenecessary data gathering and consolidation requiredto satisfy Pillar 1 of Basel II has produced a muchimprovedfoundation to support holistic balance sheetmanagement. For this alone, perhaps, Basel II has alreadybeen a success. Going forward, Pillar 2 and Pillar3 must gain significance relative to Pillar 1. In themeantime, what practical steps will strengthen the effectivenessof risk management?Pragmatic Steps Forward, Without HypeWhile achieving a more holistic approach to balancesheet management may seem difficult, its benefits areenormous. Can this be done? We think so. Here’s how.1. Start with risk-based relationship pricing. Most bankscontinue to price transactions, not relationships.Moreover, they consider the price from across thestreet (the competitor’s), not the risk-based returnfrom the customer and how the relationship increasesor decreases the firm’s specific marginal riskbasedreturn. The rule of thumb is that one defaultrequires six to 10 new loans of the same amountto recover through earnings. By better pricing risk,banks can better control risk.2. Embrace portfolio credit analytics and economic capital.Risk is inherently a portfolio concept. The risk ofany given position is only meaningful in its portfolioThe RMA Journal February 2008 53

context. An additional exposure that aggravates an existingover-concentration will be riskier than one thatimproves diversification. Banks are naturally prone todeveloping credit concentrations based on characteristicsof their home markets. Fortunately, the many innovationsin credit risk over the past 15 years provideeffective tools for overcoming such concentrations.Active credit portfolio management need no longer bethe preserve of massive global banks. In many ways,it can be a more powerful risk management tool forsmaller regional banks where the pattern of loan originationtends to provide less natural diversificationthan is true for larger institutions.3. Empower and improve internal “active” risk governanceand collaboration. In the simpler and less dynamicworld of banking 25 or 30 years ago, fragmentingvarious functions such as credit risk management,asset/liability management, and market risk managementcould work effectively. Today, all forms of riskare becoming increasingly interconnected. Indeed,it is often the less-than-obvious interconnectionsand feedback loops that can produce the biggestproblems. In this environment, a more holistic approach—andthe associated cultural change requiredby the organization—is essential.4. Take responsibility and don’t believe in miracles. Achievingthe necessary cultural change will inevitably taketime. Organizations become set in their ways, andstaff often find change difficult; people particularlyresist change imposed on them for reasons they don’tunderstand. To facilitate a smooth evolution, seniormanagement must take the lead in explaining theneed for change and conveying a compelling visionof what is required to meet the risk managementchallenges of the 21st century. When employees understandthe problem, they are far likelier to buy intothe solution.5. Don’t expect instant gratification and don’t underestimatethe obstacles. Holistic balance sheet managementrequires a significant restructuring of authority andresponsibility. This restructuring must be thoughtthrough carefully and communicated explicitly if amore holistic approach is to be successful. It also willtake time for the new relationship to become the acceptednorm.Perhaps most importantly, senior managers mustinternalize the essential trade-off between risk and returnin their own thinking. Many market participantsknew intuitively that trends in the subprime mortgagemarkets were unsustainable in the long term. Nevertheless,backing away from the market too soon couldhave looked foolish if the crisis had taken another twoyears to materialize. Alan Greenspan famously coinedthe term “irrational exuberance” in late 1996. The dotcomequity boom continued for over four more yearsbefore imploding in 2001. Any money manager shunningInternet stocks beginning in 1997 would have hada difficult four years before being vindicated.The key point is that business units have little choicebut to continue in a risky arena if that appears the onlyway to make their numbers for the year. Risk managementpersonnel—even if they have the authority—arerisking their jobs by closing down an apparently profitableactivity prematurely. Only senior management canrealistically make the call to exit such a market despitethe necessary implication of lower earnings. Having theanalytical tools to assess the danger and the courage topull back from a risky area despite continued marketeuphoria is an essential element in building long-termvalue, and it is a responsibility that only senior managementcan assume. Senior management must serve asmore than heads of the line units of a bank; they mustbe de facto leaders of a holistic risk management functionas well.ConclusionIncreasingly, the most serious dangers facing a bank liein the potential interactions among risks that have traditionallybeen viewed as separate and distinct. Organizationalstructures are usually designed accordingly,and this fragmentation can hamper the ability to dealwith these vital interactions. Consolidated data and effectiveanalytical tools can support a more holistic approach,but they are not the whole answer. At its best,technology provides effective support for experienceand seasoned judgment. It can never supply a substitutefor these vital requirements of good management.Only when senior management shoulders responsibilityfor balancing risk and return will the increasinglyinterconnected types of risk facing modern banks be aseffectively managed as is humanly possible. vDavid M. Rowe is executive vice president for Risk Management,SunGard Treasury, Trading and Risk Systems. Contact him by e-mail at Thomas Day is SVP of Product and Engineering for Sun-Gard BancWare. Contact him by e-mail at Wall Street Journal, “Veteran Weighs in on Tackling Bad Loans,”November 14, 2007, p. A2.2. See, Finger, Christopher, “The One-Factor CreditMetrics Modelin the New Basel Capital Accord,” RiskMetrics Journal, Spring 2001,p. 9.3. See, for example, Standard and Poor’s ERM framework and thecompany’s focus on policies, infrastructure, and methodologies(PIM). Weak ERM infrastructure can lower a credit rating while anexcellent ERM can increase that rating—with a direct impact on capitalrequirements and funding rates.54February 2008 The RMA Journal

More magazines by this user
Similar magazines