View original document

The full text on this page is automatically extracted from the file linked above and may contain errors and inconsistencies.

ESSAYS ON ISSUES

THE FEDERAL RESERVE BANK
OF CHICAGO

NOVEMBER 2013
NUMBER 316a

Chicag­o Fed Letter
Chicago Fed risk conference: Low rates and slow growth
challenge financial industry
by Marshall Eckblad, senior supervision analyst, Supervision and Regulation, Thomas Jacobs, assistant professor, DePaul University,
and Alexander Perry, finance department assistant, DePaul University

The Chicago Fed’s Supervision and Regulation Department, in conjunction with DePaul
University’s Center for Financial Services, held its sixth annual Financial Institution Risk
Management Conference on April 9–10, 2013. The conference focused on the challenges
to financial institutions’ business models.

This Chicago Fed Letter summarizes the

The agenda and some
materials presented at this
year’s conference, Business
Model Risk: Navigating
the New Playing Field,
are available at
www.chicagofed.org/
webpages/events/2013/
risk_conference.cfm.

presentations and discussions of regulators, academics, risk-management professionals, and business leaders at the
conference. These presentations and
discussions focused on the close relationship between the quality of a firm’s
risk-management capabilities and its
performance—and even survival—in
times of distress. About four years after
the Great Recession, the financial services
industry and its business models face a
considerable number of risks, including
persistently low interest rates, a slow economic recovery, and difficulty rebuilding
core earnings. Moreover, the operational
risks of financial firms are on the rise, as
the number of cyberattacks on their websites and data systems is growing quickly;
a strong defense requires capital investment from increasingly scarce resources.
Current landscape

The conference convened against a backdrop of challenging macroeconomic
circumstances. In early April, financial
firms of all sizes were continuing to
grapple with a fragile operating environment that was about five years removed
from the height of the most recent financial crisis but still far short of full recovery. Challenging long-term economic

trends were compounded by government
decisions at all levels to cut budgets and
curtail spending. The circumstances
remain largely the same now.
David Marshall, Federal Reserve Bank
of Chicago, presented data showing
federal government budget cuts and tax
increases in 2013 alone will account for
a 1.5 percentage point drag on the growth
of U.S. gross domestic product (GDP).
According to Marshall, the federal
budget sequestration,1 the phaseout of
various tax cuts in the first quarter of
2013, and taxes associated with the
Affordable Care Act are forecasted to
effectively reduce GDP growth in 2013
from 4% to 2.5%.
Marshall underscored the challenges facing firms attempting to grow their business lines. He noted that while a number
of economic barometers point to improving conditions, those encouraging signals
also carry more troubling undercurrents.
U.S. vehicle sales and home prices both
staged strong rebounds in the early part
of 2013 while the unemployment rate
ticked steadily downward over the first
quarter. But Marshall also explained that
in typical postrecession recoveries dating
back to 1980, consumers’ expectations
for growth in real income took at most

five quarters to return to positive readings,
according to the University of Michigan.
In the cases of at least two recoveries, expectations for income growth were, in
fact, never negative. By contrast, throughout the first four years of the current
recovery, consumer expectations for
income growth have remained deeply
negative. “Things are okay,” said Marshall.
“But I’d argue that’s not good enough.”

greater duration and interest rate risk
of the 30-year bonds.
An extension of the current low-rate
environment carries its own challenges.
Taylor said low levels of interest income
make it harder to cover fixed overhead
costs, including branch costs. “Most retail
branch deposits are not as profitable as
five years ago, when retail deposits were

“Risk appetite statements are important because they’re what
allow you to say to the people that work for you: Here’s what we’re
in the business of doing. And here’s what we’re not in the business
of doing.” — Mike Alix, Federal Reserve Bank of New York
Interest rate risks

Kevin Stiroh, Federal Reserve Bank of
New York, moderated a panel on business model risk featuring industry experts. The panelists focused on the
variety of risks rooted in the current
low interest rate environment, which is
intended to encourage economic growth.
Chief among them was forecasting: The
federal funds rate2 has been near its
zero lower bound since December 2008,
and the Federal Open Market Committee
(FOMC) has provisionally linked future
increases in the federal funds rate to
changes in economic conditions (e.g.,
reaching thresholds for the unemployment rate and inflation projected between
one and two years ahead).3 Moreover,
the panelists discussed how rising-rate
scenarios and extensions of current low
rates both pose specific sets of challenges
for financial institutions.
The panelists noted that while interest
rate risk4 is in some sense ever present
for most financial institutions, the current magnitude of this risk exposure is
a keen focus of bankers and supervisors.
Stephen Taylor, BMO Financial Group,
described the challenge of finding adequate return on long-term assets. “How
far out on the [yield] curve do you really want to go right now?” said Taylor.
“And yet there’s still pressure to find
earnings.” At the beginning of July, for
example, the yield on 30-year Treasury
bonds, at 3.5%, was not even one full
percentage point above that on ten-year
Treasury bonds, despite the significantly

very profitable,” Taylor said. “Without
asset management or fee business, there
is much less spread from deposit activities
to cover branch infrastructure costs.”
Most large banking institutions have
responded to weak earnings by shrinking
or overhauling branch networks. But
that strategy may not be as attractive for
smaller banks with assets under $500 million. Robert DeYoung, University of
Kansas School of Business, said branchshrinking strategies can undermine
community banks’ business models.
“Large banks are happy with a low-touch
model, while small banks have historically fostered a high-touch approach,”
he said.
Decisions to “reach for yield” are often
intertwined with a financial firm’s overall activities and strategies, and identifying risky behaviors is a challenge for
supervisors. In many cases, regulatory
agencies must discern which types of
risk-taking pose a threat to financial stability and which are more prudent uses
of risk rooted in well-planned business
strategies. “We are being charged with
distinguishing more risk-taking from
excessive risk-taking,” said Ron Feldman,
Federal Reserve Bank of Minneapolis.
“This is the main challenge facing the
people in supervision at the moment.”
A natural reaction to low rates squeezing
existing liabilities is a reach for yield on
the asset or investment side. Marshall
noted during his aforementioned presentation that life insurers and pension
funds are particularly vulnerable to the

temptation to reach for yield, since their
business models rely on income derived
from investing policy premiums to cover
future claims. “Life insurers and others
have a target yield based upon their liabilities,” he said. Life insurers and pension
funds provide financial guarantees of long
maturity. Many outstanding guarantees
were made in a time of higher interest
rates. The current low rates magnify the
value of these outstanding guarantees
(liabilities), forcing the guarantor to
seek an alternative means (assets) to
offset the future promise.
Search for growth

Financial institutions’ earnings continue
to reflect the economy’s uneven recovery.
While many firms have managed to restore their earnings to pre-crisis levels,
a significant portion of the improved
profitability is attributable to expense
reductions, improvements in loan losses,
and one-time gains on asset sales, rather
than broad growth across core business
lines. Since the crisis, loan demand has
been confined to very few sectors, including commercial-and-industrial and
auto lending.
Introducing a panel covering current
and emerging risks from chief risk officers’ perspectives, Steven Durfey, Federal
Reserve Bank of Chicago, said: “One of
the lessons of the financial crisis for firms
and their supervisors is to focus on the
new and existing revenues firms generate, and the risks they take to do so.”
Representatives from financial firms
around the country noted how current
circumstances call for concentration
limits for specific asset types as well as
controls for underwriting and credit risk.
Bruce Thompson, Bank of America Corp.,
noted that in the most recent financial
crisis, the most severe losses were typically
concentrated in business lines that in
prior years had experienced the fastest
growth. In the current environment, “if
you’re growing significantly faster than
the market you’re competing in, you’re
probably doing something you shouldn’t
be,” Thompson said. Panelists urged
participants to remember that during the
most recent crisis, many financial institutions suffered their deepest losses
from new product lines. “Firms that did

well during the crisis stuck to basics,”
said Richard Hidy, U.S. Bancorp. “Firms
that got in trouble were taking risks they
didn’t quite understand.” Ken Phelan,
RBS Americas, said risk managers should
see warning signs when one business line
begins to book unusually large quarterly
profits. Some participants said it is incumbent on supervisory agencies to fully
understand firms’ strategic plans, which
would entail scrutiny of their growth in
new markets or products. The pressure
to chase growth by expanding into new
markets was a hot topic at the conference
among risk managers and supervisors
alike. Rising loan demand in niche markets such as oil and gas production and
equipment leasing have made them attractive to institutions looking for alternative
sources of revenue growth.
The conference discussion also focused
on a need for firms to have flexible
strategies they can update as operating
environments evolve. During a panel
on residential mortgage securitization,
the moderator, Scott Frame, University
of North Carolina at Charlotte, described
how mortgage lenders must adjust to the
new “ability-to-repay” rule and “qualified
mortgage” requirements issued by the
Consumer Financial Protection Bureau.5
At the same time, firms must stand ready
to adapt as federal government officials
and policymakers continue to weigh a
variety of reforms to the structure and
mission of government-sponsored enterprises (GSEs) Fannie Mae and Freddie
Mac. These GSEs, which are the two principal purchasers of mortgages on the
secondary market, were put into conservatorship by the federal government
in September 2008, in the midst of the
financial crisis. According to Mario
Ugoletti, Federal Housing Finance Agency
(FHFA), the FHFA in its capacity as conservator for Fannie Mae and Freddie Mac
has developed a strategic plan for GSE
operations that seeks to build a new infrastructure for the secondary mortgage
market and contract the GSEs’ presence
in the market. “Conservatorship is not
a long-term option,” Ugoletti said.
Stress tests and business model risk

The Federal Reserve’s supervisory stress
test program represents a recurring
opportunity for supervisors to analyze

financial firms’ business lines and strategies. But conference participants also
explored the ways stress test requirements
have the potential to create unintended
consequences, including a temptation
for firms to engineer specific results.
A panel on stress testing and capital
planning, featuring industry and regulatory experts, discussed the capital stress
testing process. First introduced in early
2009 to help supervisors better understand selected banking organizations’ risk
exposures, the stress tests are also partly
aimed at encouraging financial institutions to improve their ability to analyze
and understand their own risk profiles.6
David Palmer, Board of Governors of the
Federal Reserve System, said: “One of
the goals is for companies to do some
hard thinking about the full set of risks
and vulnerabilities that they face, including firm-specific ones.”
Panelists also described some potential
unintended consequences from capital
stress testing measurements. Thomas
Day, Moody’s Analytics, said he regularly
talks to bankers who are focused almost
exclusively on achieving specific stress
test results, rather than using the process as an opportunity to improve their
firms’ strategic planning and risk management. “The emphasis has gone so far
in one direction that I encourage the
group here to think about unintended
consequences,” Day said.
Some panelists argued the industry will
be better served by the stress test requirements if firms use the process to build
stronger, more detailed risk-management
capabilities. “The banks that continue
to stub their toe will be those that continue thinking about stress tests only as
a compliance exercise,” Day noted.
The previously referenced chief risk
officers’ panel also discussed stress testing, including qualitative factors such as
workplace cultures that encourage employees to faithfully execute risk-management protocols. Hidy urged attendees
not to overlook the crucial role of institutional culture in effective risk management. “If you have a cultural defect, you
have to correct it before risk policies
can work effectively,” he said. Phelan
said risk-management protocols should

empower employees on “the first lines
of defense”—especially those who have
the earliest opportunities to identify and
mitigate risks. There was also broad
consensus that firms should regularly
reexamine and update their risk policies
to prevent them from becoming stale.
Cyberattacks and operational risks

At the conference, considerable attention was also given to emerging operational risks. While less quantifiable than
traditional threats such as liquidity and
credit risks, operational risks are growing more prominent by the day. The
recent rise of cyberthreats is particularly
challenging for operational risk managers, in part because of timing. At a time
when earnings are weak and pressures
to reduce overhead are intense, executives and directors face difficult decisions
over how to fund expensive cyberdefense
systems. But as conference presenters
demonstrated, defense systems are
must-haves for any well-run organization.
Andrew Hoog, viaForensics, provided a
presentation on cybersecurity, indicating how cyberattacks on U.S. companies
have increased 75% since 2010. He noted that dozens of large U.S. financial institutions have already been targets,
Charles L. Evans, President ; Daniel G. Sullivan,
Executive Vice President and Director of Research;
Spencer Krane, Senior Vice President and Economic
Advisor ; David Marshall, Senior Vice President, financial
markets group ; Daniel Aaronson, Vice President,
microeconomic policy research; Jonas D. M. Fisher,
Vice President, macroeconomic policy research; Richard
Heckinger,Vice President, markets team; Anna L.
Paulson, Vice President, finance team; William A. Testa,
Vice President, regional programs, and Economics Editor ;
Helen O’D. Koshy and Han Y. Choi, Editors  ;
Rita Molloy and Julia Baker, Production Editors;
Sheila A. Mangler, Editorial Assistant.
Chicago Fed Letter is published by the Economic
Research Department of the Federal Reserve Bank
of Chicago. The views expressed are the authors’
and do not necessarily reflect the views of the
Federal Reserve Bank of Chicago or the Federal
Reserve System.
© 2013 Federal Reserve Bank of Chicago
Chicago Fed Letter articles may be reproduced in
whole or in part, provided the articles are not
reproduced or distributed for commercial gain
and provided the source is appropriately credited.
Prior written permission must be obtained for
any other reproduction, distribution, republication, or creation of derivative works of Chicago Fed
Letter articles. To request permission, please contact
Helen Koshy, senior editor, at 312-322-5830 or
email Helen.Koshy@chi.frb.org. Chicago Fed
Letter and other Bank publications are available
at www.chicagofed.org.
ISSN 0895-0164

most notably through “distributed denialof-service” (DDoS) attacks, which aim
to shut down website portals by overwhelming them with traffic. But even as
DDoS events have grabbed headlines
over the past few years, Hoog and other
speakers noted they still represent just
one of many emerging cyberthreats.
Hoog used the majority of his address to
demonstrate how mobile devices, such
as smartphones and tablets, are new hot
spots of risk. While financial firms offer
more consumer services through mobile
platforms, their employees are increasingly using mobile devices—both the companies’ and their own—to perform daily
tasks. “Everybody’s going to be on these
devices—customers, clients, and employees,” said Hoog. He and viaForensics
employees in the audience used a live
exercise to show how hackers can rather
easily penetrate institutions’ databases
and systems by hijacking mobile devices
connected to a laptop’s port.
In a conference panel that followed
Hoog’s address, cybersecurity professionals discussed how the cyberattacks have,
in a matter of a few years, evolved into a
series of enduring risks that institutions
will have to manage indefinitely. “One of
our examiners described DDoS attacks
as the ‘new normal,’ and many banks
have taken strong steps to incorporate
DDoS threats into their security and
resiliency configurations,” said Adrienne
Haden, Board of Governors of the Federal
Reserve System. She also underscored
Hoog’s warning that employees can provide an opening for attacks without ever
realizing it. “Insiders may be accidental
enablers,” Haden said.
While mitigating credit and market risks
requires financial firms to look inward,
1 For more on the sequestration’s implications,

conference panelists argued that an effective defense against cyberattacks is, by
contrast, only possible when firms look
outward—by collaborating with one
another and by working closely with law
enforcement. Eric Brelsford, Federal
Bureau of Investigation, urged financial
institutions to proactively engage law enforcement agencies to stay abreast of
emerging trends.
Keynote address

The conference’s keynote address was
delivered by James Rohr, chairman, PNC
Financial Services Group. Rohr urged
bankers and supervisors to expand their
emphasis on operational risks—including legal, cybersecurity, and reputational
risks—beyond their traditional focus
on credit and market risks.
Rohr said the rise of cyberattacks requires
bank managers to think more dynamically
about operational risks than many are
accustomed to. “In the past, operating risk
was the security of the Brink’s cash truck
or maybe a power outage,” Rohr said.
“Operating risk is totally different today.
Cyberattack is the biggest threat we face.”
Rohr touched on some specific operational risks that financial institutions are
only beginning to account for—some
tied to the aftermath of the financial
crisis and others stemming from new
regulations. He described how mortgage
underwriting departments can open
themselves to costly litigation by not
following the fine print of new requirements, including those for handling
mortgage borrowers and foreclosure proceedings. He noted financial firms must
also develop methods for monitoring
the work of consulting firms and other
third-party service providers.
4

Interest rate risk is the risk that an investment’s value will change because of a change
in the absolute level of interest rates, in
the spread between two rates, in the yield
curve’s shape, or in any other interest
rate relationship.

5

For details, see www.consumerfinance.gov/
newsroom/consumer-financial-protectionbureau-issues-rule-to-protect-consumersfrom-irresponsible-mortgage-lending/.

see www.cbo.gov/publication/43961.

2 The federal funds rate is the interest rate

depository institutions charge when they
make loans to each other (usually overnight)
using funds held at the Federal Reserve.

3 Details on the FOMC’s state-contingent

monetary policy, which remains in place,
were first announced in December 2012;
see the penultimate paragraph of
www.federalreserve.gov/newsevents/press/
monetary/20121212a.htm.

6

The agencies that participated in the
2009 stress tests—officially known as the
Supervisory Capital Assessment Program

Echoing some of the conference’s panel
discussions, Rohr urged financial industry
executives to see value in the Fed’s stress
test exercises, calling them “one of the
best things the Fed has done in a long
time.” However, like a number of conference panelists, he also cautioned they
could become a catalyst for rising systemic
risk. “If the whole industry lives by one
model, then that represents even more
risk,” Rohr stated.
Rohr also endorsed reform of incentive
compensation schemes to align the interests of executives and directors with
those of the institution and its shareholders. He applauded efforts to tie compensation to an organization’s long-term
performance, including equity-based
awards and “clawback” provisions.7 “We’re
in a long-term business,” Rohr said. He
contended that financial institution executives “need to be investors. They need
to have their money at risk.”
Conclusion

The conference’s two days of presentations
and discussion pointed to broad agreement that the current operating environment requires financial institutions to
manage risk in new and different ways.
Well-rounded strategic plans must explain
how a firm expects to operate in a context
of prolonged low interest rates, sluggish
economic growth, intense competition,
and emerging forms of operational risk,
including reputational threats and cyberattacks. In keeping with the conference’s
broad themes, panelists repeatedly returned to an enduring lesson from the
most recent financial crisis: There is often
a close relationship between a firm’s performance in trying times and its ability
to take a forward-looking approach to
identifying and mitigating potential risks.
(SCAP)—were the Board of Governors of
the Federal Reserve System (along with
the Federal Reserve Banks), the Federal
Deposit Insurance Corporation, and the
Office of the Comptroller of the Currency.
Subsequent stress tests—officially known as
the Comprehensive Capital Analysis and
Review (CCAR)—have been run annually
by the Federal Reserve since 2011.
7

Clawback provisions are contracts allowing
a firm to recover employee rewards if critical
indicators on which the rewards were based
are revised in the future.