The independence of the chief risk officer (CRO)

It is imperative that a CRO be insulated from business line, or other, pressures that would cause him or her to give biased, incorrect, or incomplete information to the board. While various methods can be proposed for accomplishing this, the review suggests that the CRO should report directly to the risk committee (with an internal reporting line to the CEO), and be completely independent of the business lines. Additionally, removal of the CRO and the CRO’s compensation would be subject to approval by the board. This arrangement will provide a degree of independence for the CRO, although dual reporting responsibilities will make it difficult to prevent the CRO from being completely insulated from pressure by the CEO.

Additionally, the review was largely silent on the issue of the process for hiring the CRO. If the hiring is done by the CEO, either from internal or external candidates, some degree of the wanted independence may be lost. However, if the board is in charge of the hiring (or has approval power over the hire), current boards may not feel up to the task of rigorously evaluating the credentials of a CRO candidate and may rely heavily on senior management’s recommendations - again possibly losing a degree of the sought-after independence. Hopefully, over time, as board’s skills and confidence in risk management improve, this may become less of an issue.

Read more >>

Posted by William May, Senior Analyst at 2:13 PM 2 comments

The role of the risk committee

While the specifics of committee structure should remain the responsibility of individual boards, the review’s recommendations concerning the need for a separate risk committee warrants serious consideration. Risk should be a consideration in board’s forward-looking considerations; not as a backward-looking measure - a tendency which may exist when handled under another committee, such as audit. Separating risk from other committee structures should help foster the development of a risk management-prism through which many business decisions – acquisitions, new product and market development, remuneration, etc. – can be viewed.
Having a competent risk committee, however, will require boards to critically evaluate their skill and experience needs and to consider any shortcomings when they develop recruitment and training plans. An empowered risk committee may also encounter resistance at the board level as it involves itself with issues that are typically the purview of other committees (such as compensation). The board chair will be important in this period of transition as he or she will need to lead the board forward in the process of giving the risk committee sufficient breadth of responsibility to not only advise on the development of the bank’s risk appetite but to play an active role in the creation of policies that seek to align employee behavior with it.

Read more >>

Posted by William May, Senior Analyst at 9:35 AM 0 comments

On Thursday, Sir David Walker, a former chairman of Morgan Stanley International issued a report (at the behest of the UK Prime Minister) entitled “A review of corporate governance in UK banks and other financial industry entities”. This review covers a wide range of issues and offers thirty-nine recommendations in total. While many of the issues addressed in the report warrant comment, over the next few days, I will focus on three:

1. The “specialness” of banks and the primary responsibility of bank boards to shareholders
2. The role of the risk committee, and
3. The independence of the chief risk officer (CRO).

Bank “Specialness”

The special role of banks in the economic and social order introduces unique challenges for a board. As deposit holding, loan granting institutions that retain only a small fraction of the deposits entrusted to them, modern banks are inherently highly leveraged institutions for which the management of financial risk is a fundamental - as opposed to an ancillary or derivative - aspect of their business model. Through their role in trade finance and business and personal credit creation, banks are connected and interconnected in ways that other, non-bank, institutions are not. The failure, or partial failure, of a bank can have a significantly greater impact on the society and economic system in which it exists than, say, the demise of an industrial firm. The possibility of these negative public interest externalities puts significantly greater pressure on bank boards to properly steward their operations.

Despite the important role of banks, the growing pressure from some corners to charge bank boards with statutory responsibilities beyond those owed to shareholders – to include employees, depositors, and/or taxpayers - is rejected in the review. While I do understand the idea that protecting the interests of depositors, taxpayers, and other non-shareholders is an important issue, I agree with Walker that this protection must be attended to via other means and that in order to function effectively a bank board must be explicitly charged with only one master – the shareholder. How then to attend to the proper protection of depositors – and by extension in many cases – to taxpayers?

Improved risk management practices certainly can be expected to afford depositors added protection. If the actions of the board are driven by a desire to benefit shareholders, however, the achieved level of protection may be less than that desired by a depositor. In many modern economies this issue is largely handled through deposit insurance - which has the effect of shifting the ultimate risk in many cases to the taxpayers and renders the depositor as somewhat indifferent to the risk management activities of a given bank. As the discussions of how to improve the risk management of banks, both individually and systematically, advance, it may be beneficial to include in these an evaluation of deposit insurance – the rationale for it, the moral hazards and behavioral effects it introduces, and its proper pricing. Perhaps an improved risk pricing mechanism associated with either public or private deposit insurance could serve a useful purpose in aligning board actions with depositor and taxpayer objectives.

Read more >>

Posted by William May, Senior Analyst at 1:18 PM 0 comments

1. Everything is standard; the burden of proof is on the institution to prove otherwise. - I have to presume that markets are in fact in favor of central counter-parties, to help mitigate credit risk and operational risk (the system does take new concentration risk). Meanwhile, ensuring that “non-standard” contracts are at least as stringently regulated as standard ones should mitigate incentive to innovate around the regulations.
2. Institutions must be asked to decompose their “products” into underlying “factors of risk exposure”.
   All exposures, however complex, can be broken down into underlying Market Factors, Terms & Conditions determining payoffs, and Time (this is Derivatives 101).This way, we will get out of the confusing product jargon. A uniform market model for breaking down risk into components means that it can be communicated and aggregated easily across institutions, and across the market as a whole.
3. A College of Regulators -While the Federal Reserve seems ready to take on the driving regulatory role, there are alternatives with unique merits. A college of regulators could have the mandate to collect and examine inventories and exposures in the market at factor, instrument, product, and player levels, and set alerts to determine how much gross and net exposure warrants attention. This would be a “heat map” of risk levels fed by regular scenario analysis and stress-testing against liquidity, correlations, market risk factor, and macro-economic considerations.
4. But empower one regulatory voice for the global dialogue -Our financial solutions seek to address issues nationally but the markets and risk are global. The US must appoint one regulator, to be its voice at the international table of regulators. A new systemic regulator is a redundancy. Having said that, the Fed (if it is the chosen one) needs some cultural transformation from the micro to the macro, and in resolving the conflict between monetary policy and supervision, and between regulation of a firm versus the market.
5. Create additional sharp focus on Liquidity - Liquidity risk remains very little understood and the least developed of all Risk-types. At the height of a crisis, Liquidity risk creates binary outcomes…here today, gone tomorrow. The Regulatory College must develop good perspective for liquidity in markets as a whole.
6. But above all, smart principle-based Regulation, please - Do recognize there are no guarantees. Smart regulation will not allow players to abdicate risk responsibility to the regulator and the politician. It will instead put the onus firmly on institutions to establish complete and transparent principles, practices, and policies. It is high time that Boards and CEOs, with their CROs, define and articulate their risk appetite (it doesn’t have to be all quantitative); and then prove they have the architecture to implement, support and manage actual risk exposure against appetite & tolerance.

Bottom-line, Regulators must

• Provide principles and incentives that each firm clearly articulates risk appetite and tolerance
• Demand disclosure across all stakeholders, including shareholder, investor, and regulator
• Create aggregate simple metrics for risk at the level of the system
• Require standards as to what firms do warehouse and trade outside of the standard systems
• Require strong independent internal risk management structures for reliable measurement, monitoring, reporting and management
• Provide disincentives to arbitrage out of standardization without curtailing ability to innovate and customize client solutions

It is not going to be easy. There is much rock and many hard places.

Read more >>

Posted by Jaidev Iyer, MD, GARP at 9:26 AM 0 comments