Читать книгу A Risk Professional's Survival Guide - Rossi Clifford - Страница 8

Managing risk at a banking institution is one of the most critical activities carried out by financial firms. Banks could not expect to have much longevity if risk management were ignored or poorly executed. The subprime mortgage crisis of 2008 offers a once-in-a-lifetime case study of how many different types of financial institutions lost sight of the importance of risk management and either went out of business, were forced to merge with healthier firms or had to take a bailout from U.S. taxpayers. And this was not a U.S. phenomenon limited to only the U.S. banking industry: The global financial sector during the 2008–2009 period was in virtual free fall with many experts fearing an economic depression on an unprecedented scale. While many causes have been attributed to the crisis – a number of gaps in regulation, a financial incentive structure that rewarded short-run profitability and production, the interconnectedness of banks and other financial entities comprising the so-called shadow banking sector – nevertheless, at the heart of the crisis was a fundamental lapse in risk management across a great swath of the industry. Particularly problematic was that the largest financial institutions were among the companies where risk management deficiencies were most acute. Given the scale and scope of these global financial behemoths, these gaps in risk management at the institution level would manifest as systemic risk and contribute to one of the worst financial calamities on a global scale. These institutions became the focus of intense scrutiny by regulators after the crisis and have been designated as systemically important financial institutions, or SIFIs for short.

We begin our journey of risk management by taking one such SIFI (we will refer to it as SifiBank) and following it though its various business functions with the intention of understanding how such firms identify, measure and manage their risks. Risk management is not a separate discipline as is finance or accounting, and in practice every employee of a bank should take an active role in risk management, whether they are in sales and production, trading, operations, or other important areas of the company.

SIFIs are a unique class of financial institution. The term SIFI surfaced after the crisis as concerns arose over the size and complexity of some firms to become, in principle and reality, too-big-to-fail (TBTF). Institutions were designed as SIFIs by U.S. federal regulators and as G-SIFIs by the United Kingdom’s Financial Stability Board (FSB) based on their size, complexity of operations, degree of interconnectedness across the financial sector, global reach and substitutability of activities. The largest banking institutions worldwide have found their way onto this list and in addition, regulators have developed a set of criteria to designate other institutions as systematically important, such as insurance companies and nonbank companies.1

SifiBank makes an excellent case study for risk management since its far-flung businesses touch on every aspect of financial risk management that most banks would encounter. In fact, one could say that banks are in the business to take prudent risk. As will be seen shortly, banks that take zero risk are not going to be profitable enterprises. Similarly, banks taking excessive risk – that is, risk not well understood and outside the firm’s capabilities to price and manage that risk and its risk appetite – will eventually be doomed. That’s why the term prudent risk is critical to understanding the process of risk management.

Thinking of risk management as a process or system in itself is helpful since managing risk effectively entails establishing a feedback loop (Figure 1.1) in which risk tolerance is communicated across the organization; expectations are set in terms of how much risk is acceptable for businesses to take (usually expressed in terms of capital allocated to each line of business); there is ongoing measurement and reporting of risks, there are processes and controls for managing risk coming into the firm in the way of transactions, loans, and services; there are techniques and controls for mitigating risk on the books of the firm; and there are methods to adjust the level of risk on an ongoing basis consistent with the above process as well as market and environmental considerations.

Figure 1.1 Risk Management Feedback Loop

Unlike most products of nonfinancial companies, financial products are not physical in nature. Loans, deposits, and investment products for example provide customers with access to credit, enabling them to purchase physical products and services or compensate them for storing their financial assets with the institution. Risk management is an inextricable component of financial product development as a result. The features of financial products such as the term of the loan or deposit, the rate of interest, payment features, and eligibility criteria are effectively levers that the bank uses to manage the risk that the borrower defaults or the bank faces losses from interest rate risk exposure, among others. Consequently, effective risk management requires a deep understanding and appreciation for the business of the bank, the market, its competition, and the regulatory landscape it operates in as well as the structure and organizational dynamics of the firm itself.