Banks adjust to new risk culture

Financial firms stress their risk management credentials, but frauds and failures are likely to grab future headlines unless incentives are appropriate.

Banks are in the risk business. Assessing, quantifying and acting on the trade-off between risk and potential return of a loan, a transaction or project is what they do. Their staff — or at least the rainmakers and top traders — are highly paid for their expertise and the success of their judgments. Hefty profits are channeled upwards as bonuses to senior management and across to shareholders as dividends and share price performance.

Well, apart from retention of the bonus culture despite taxpayer bailouts and governmental support, we all know that this model imploded with destructive consequences across all parts of the global economy in 2008. Market-risk systems based on probability assumptions had failed after an orgy of pass the derivative parcel of risky loans: solid enterprises crumbled, the eternal fountain of liquidity suddenly dried up, criminality and incompetence were exposed, and the financial industry and its practitioners were ridiculed and reviled. And, clearly they still are, if the current worldwide demonstrations are any guide.

Although a few senior heads have rolled, the industry has been fighting an aggressive rearguard battle to maintain its monetary rewards and even regain its preeminent status and influence — real and imagined — in societies. A sense of entitlement bolstered by the separation that huge wealth produces, ideological commitment, obfuscation and, perhaps, a confidence that public memories are short are potent weapons.

However, the dogged insistence by regulators and some politicians and media means that practices in the industry have to change. Most critically, better risk management within financial firms and the prevention of future systemic meltdowns across the industry are at the heart of the agenda.

Before the crisis, many banks “tended to pay lip service to their commitment to risk management as something of a public relations tool, used to reassure clients, regulators and ratings agencies, without actually taking it as seriously as they should have been from a business sense — as the sidelining of the senior figures in Lehman’s risk management division in the months before its collapse showed,” said Stuart Witchell, managing director of FTI Consulting.

Risk management takes a seat at the top table

But since then, “there is now a greater awareness of connectivity and the need to take a holistic approach”, said Paul Aldrich, managing partner of CTPartners, a consultancy firm.

Citi, for example, claims that its risk management “has been completely overhauled” since 2008. Brian Leach joined that year as global chief risk officer with a direct reporting line to Vikram Pandit, the bank’s CEO, and apparently set up a “comprehensive, best-in-class risk management function that sets strategic risk parameters and plays a critical role in capital allocation to ... take advantage of growth opportunities that meet appropriate risk-return standards”, according to the bank.

An Ernst & Young survey of 62 financial firms conducted for the Institute of International Finance in late 2010 and released in April this year, found that there is generally a greater emphasis now being placed on risk governance and risk management. Most organisations reported that boards of directors are playing a more prominent role and working with senior managers to set a clearer direction. They also stressed that the power and authority of chief risk officers and their teams has been elevated, notably in such key areas as business strategy and planning, risk appetite definition and management, product development and compensation.

But, Patricia Jackson, Ernst & Young’s head of financial regulatory advice for Europe, Middle East, India and Africa warned that “the reform programmes are far from complete. A central finding [was] that still more needs to be done by many firms to strengthen the core risk culture, in particular the embedding of a clear risk appetite throughout the organisation”.

However, some banks are more confident that improvements are taking place. Nomura claims a “long history of strong risk management culture”, and reckons that attitudes throughout the industry have changed and are continuing to change — particularly after the false sense of “business as usual” that prevailed in 2009, encouraged by buoyant markets and injections of liquidity by central banks. Now there is widespread recognition that the world is different said David Benson, vice-chairman risk and regulatory affairs, Nomura Holdings.

“The tone is set from the top of a firm, and then it is the key responsibility for line managers to ensure that attitude is embedded among teams. Of course, compensation practises and incentives are also critical,” he added.

Richard Raiford, managing director and Asia-Pacific head of credit risk management at J.P. Morgan, emphasises that one of the most important developments since Jamie Dimon’s arrival in 2004 has been the inculcation of positive attitudes towards risk assessment, control and management throughout the firm, reinforced by training programmes. Transparency of activities, attention to detail, leadership and standards are set from the top, he said. There is a consistency of message, such that no one questions the primacy of risk control anymore. Whereas in the past risk management was perhaps a support function, now it sits at the top table.

Raiford echoes Benson when he stressed the role of leadership. “Experienced personnel exercising good judgement, guided by clear procedures, is perhaps the critical feature of effective risk management,” he argued.

Fraud reveals flaws in the systems

Clearly, not all banks can feel so sanguine about the effectiveness of their programmes to embed a risk management culture. The revelation of an alleged $2.3 billion trading fraud at UBS in September — possibly undetected for three years — which shared similar characteristics to the $6.7 billion fraud perpetrated by Societe Generale’s Jerome Kerviel in 2008, suggests that systems are still inadequate, supervision ineffective and individual behavior unreformed.

Tommy Helsby, chairman Eurasia, at Kroll Consulting pointed out that, “a feature of several prominent fraud cases was the back office experience of the fraudsters, who were able to use the knowledge they acquired to game the system.”

“More often than not, I suspect that what happens is that a trader commits an error, rectifies it in the system using techniques learned and deployed in the back office [to correct fat-finger errors, for example] and then discovers that no one notices. Having found vulnerability, he now has a vehicle to commit fraud — which he probably doesn’t intend to do; instead it builds up due to a series of errors or gambles which he intends to remedy later.”

Yet, electronic systems and human supervision are meant to spot and prevent fraud, whether planned or not.CTPartners’ Aldrich suggests that one solution would be for banks to employ “ethical rogue traders” to attack their trading systems, in the same way that some banks are reportedly using “ethical hackers” to attack and test their payments and other systems.

But, he added, control systems cannot be totally infallible. “They are designed and monitored by people, and occasionally there will be mistakes, errors or even instances of fraud”.

Helsby’s Kroll colleague, Abigail Cheadle, managing director of financial investigations for Southeast Asia, pointed out that increasingly the large banks have inhouse dedicated anti-fraud departments for both reactive investigation and proactive fraud risk mitigation. “Unfortunately, too often there is still a silo approach to investigations of fraud or irregularities. One division might know what’s going on, but another — equally important for that investigation — might not.”

Of course, “rogue traders” often insist that others, including their managers, were, if not complicit, at least deliberately oblivious to their actions — as long as they were making money. This was a key part of Kerviel’s unsuccessful defence.

Finding the right incentives

The undercurrent is that the pressure to make high returns is still far greater than the restraints imposed by a stronger risk culture. And the main motivator is almost certainly an expectation of personal gain: the remuneration culture is alive and kicking.

“For traders and those involved in the creation of exotic or risky financial products, despite some changes, their bonus-driven pay structures remain heavily weighted towards relatively short-term performance metrics, reducing the importance they place on systemic risks or risks which aren’t directly tied to the business divisions they are involved in,” said Witchell at FTI Consulting.

On the other hand, Aldrich argued that while traders will seek to maximise revenues and therefore their bonus potential, their risk taking is limited by the risk parameters they are allocated by management. Risk limits represent the maximum business risk that the bank’s management feel is acceptable for each trader. Indeed, Witchell agreed that senior managers have a strong incentive to keep risk at an acceptable level — with the caveat that exposure to systemic risks remains difficult for them to assess.

The broader issue of systemic risk is addressed by Nomura’s Benson, who pointed out that “the best risk management practices occur when the incentives are appropriate”.

That is not the case when the interests of shareholders and company managers are aligned to increase shareholder value — through vast dividend payouts, stock buy-backs, insane mergers, poor management practices — while neglecting other stakeholders. It encourages the taking of excessive risk. Hence people shouldn’t have been surprised that shareholders hadn’t been better “custodians” of their assets in the run-up to the crisis. Bondholders need to have a greater influence, Benson argued — but they (correctly) took the view that governments would bail out the banks, so were happy to provide irresponsible amounts of leverage.

The key is to “take the taxpayer out of the equation”. This is now understood in the US and UK, so unsecured creditors will be compelled to take greater responsibility in the behaviour of banks they have lent to, for their own self-interest.

Meanwhile, despite the regulatory changes underway and the apparent elevation of risk management in the hierarchy of values at financial firms, life seems to continue as normal.

At the end of October, MF Global, a futures and options broker-dealer headed by Jon Corzine, former chairman of Goldman Sachs, became the eighth-biggest bankruptcy in US history. The firm, with $41 billion of assets, made a $6.3 billion bet on the recovery of European sovereign bonds, including those issued by Italy, Portugal and Spain. Corzine, who has so far avoided the perp walk reserved for more junior traders, had told the Financial Times last year: “We cannot go running 30-to-one leverage ratios. We need to manage risk.”

By the time it failed, MF Global’s leverage ratio apparently exceeded 30 to one. In addition, it seemed that $630 million of client funds couldn’t be found.

Corzine reportedly had ambitions to transform MF Global into a new Goldman Sachs; instead, he gambled in the old way, and sent the firm down thesame path as Lehman Brothers.


This story was first published in the November 2011 issue of FinanceAsia magazine.

¬ Haymarket Media Limited. All rights reserved.
Share our publication on social media
Share our publication on social media