The full text on this page is automatically extracted from the file linked above and may contain errors and inconsistencies.
For release on delivery 2:00 p.m. E.S.T. December 11, 1995 Remarks by Susan M. Phillips Board of Governors of the Federal Reserve System to the RMA Risk Management Conference Sponsored by The Robert Morris Associates Washington, DC December 11, 1995 I. Introduction Good afternoon. I am pleased to have been invited to address today's conference. Robert Morris Associates is to be commended for providing a timely forum for discussing risk management. This organization has a long history of working with financial institutions and the supervisory agencies to promote prudent banking practices. RMA has been particularly instrumental in alerting the banking industry recently to the risk of easing lending terms and standards. Risk management is not a new term. It has been used in an insurance context for some time to describe the process of analyzing, controlling, and treating insurable risks. And in the banking industry, it has been used to describe the practice of matching the duration of assets and liabilities to minimize exposures to liquidity and interest rate risks. In recent years, however, risk management has taken on a broader meaning within the financial services community. It now refers not only to practices designed to limit individual product line risks, but also to systematic, quantitative methods to identify, monitor, and control aggregate risks across all of a firm's activities and products. This significant change in the scope of the risk management concept has been made possible by advances in technology. The process began when enhancements in information technology and financial theory permitted traders and other market participants to separate the various cash flows of traditional financial instruments and recombine them into new derivative instruments tailored to the particular needs of investors. Of course, each new derivative instrument devised by financial engineers presented its own unique risks. Effective management of these 2 risks required the development of comprehensive risk management systems for derivative products. So organizations turned to the same financial innovators who developed derivatives to create systems for managing the full range of risks to which an institution is exposed. And, in recognition of the promise that such internal risk management systems hold for the continued safe and sound operation of banking organizations in a dynamic market environment, supervisory agencies have increasingly been encouraging their further development. At the same time, the supervisory agencies have been making changes in oversight procedures to account for the changed risk management environment in banking. Today, in my remarks, I will briefly describe the evolution of the Federal Reserve's supervisory emphasis on evaluating the risk management process, including internal controls. The Federal Reserve's recently announced formal rating of risk management for state member banks and bank holding companies is part of that evolution for supervisory examinations. Then, I will highlight the need for further enhancements in the risk management process. II. Evolution of Federal Reserve's Emphasis on Risk Management Federal Reserve examiners have long evaluated the quality of risk management practices, including internal controls. They have also taken the quality of risk management into account in determining the overall adequacy of bank management. Changes in the nature of banking markets, however, have made the 3 adequacy of the process used to identify and control current and emerging risks much more important. Indeed, it may be argued that the risk management process is becoming as important as the quality of the assets that make up an institution's balance sheet at any point in time. This is particularly true for those institutions that are very active in the capital markets and whose portfolios of assets change materially from day to day, and even from moment to moment. As a result, the Federal Reserve has heightened its focus on the risk management process over the past few years. This recent supervisory focus on risk management first surfaced in the 1993 guidance to examiners entitled, "Examining the Risk Management and Internal Controls for Trading Activities of Banking Organizations." This guidance applied longstanding supervisory principles to a rapidly growing banking activity and was subsequently expanded and formalized in the Trading Activities Manual issued early in 1994. This manual provided examiners with the tools necessary to evaluate risk management systems for the full range of risks associated with trading activities. During 1995, the Federal Reserve further focused its examiners on risk management through the issuance of a directive on "Evaluating the Risk Management and Internal Controls of Securities and Derivative Contracts Used in Nontrading Activities." In addition, under the supervisory rating system for U.S. operations of foreign banking organizations adopted earlier this year, we intensified our consideration of management processes by requiring that individual ratings be assigned to the risk management and operational controls of foreign branches and agencies. 4 Last month, we also announced our intention to formalize assessments of risk management and internal controls in a supervisory rating for all institutions. Under this initiative, beginning in 1996, a rating for risk management will be assigned to every state member bank and bank holding company we examine as part of the management evaluation process. III. Risk Management Rating The risk management rating assigned by Federal Reserve examiners will range from 1 to 5, with 1 designating "strong" risk management and 5 signifying "unsatisfactory" risk management. This risk management rating will not alter the way that our examiners apply the interagency CAMEL rating framework. In fact, it will be used as a primary foundation for determining the overall management component rating assigned under the CAMEL rating system. In assigning the risk management rating, examiners will be considering each of four basic elements of sound risk management. The first element examiners will be considering is the degree and quality of oversight provided by boards of directors and senior management. As banking activities have become more specialized, it has become important for directors and senior management to define clearly risk tolerances for an institution and take steps to see that they are not exceeded. It is important to identify and review all risks associated with activities or products that are new to an institution-and to ensure that the infrastructure and internal controls necessary to manage these risks are in placebefore these activities or products are initiated. It is also essential that management be able to respond to risks that may arise from changes in the competitive environment or from innovations in markets in which an institution is active. The second element of risk management examiners will be taking into account is the adequacy of policies, procedures, and limits for all activities that present significant risks to an institution. Certainly, while such policies and procedures are expected to be tailored to the types of risks that arise from an institution's significant activities, they should generally include limits designed to protect the organization from imprudent risk exposures. Third, examiners will be looking at risk measurement, monitoring, and management information systems. In evaluating these systems, examiners will seek to ensure that they accurately capture and report an institution's risk exposure in a form that can be readily understood by directors and senior management regardless of how complex an institution's transactions may be. Indeed, I cannot accept the argument that some people have advanced that many of the new derivative products and market strategies are too complicated to be fully understood by senior managers and institution directors. The challenge is to present information on the risk exposure of complicated activities in a way that can be used by directors and senior management to make effective judgements on how much risk an institution should assume. Finally, the fourth element examiners will be considering is the adequacy 6 of internal controls. Simply put, comprehensive internal controls are essential to the safe and sound operation of our financial institutions. Weaknesses in internal controls will be given significant consideration in assigning a rating to risk management. These include inadequate separation of duties or the lack of clear lines of authority and responsibility for monitoring adherence to policies, procedures, and limits. The factors contributing to the rating assigned to risk management will be highlighted in appropriate sections of examination reports. Moreover, when a less than satisfactory rating is assigned, Federal Reserve examiners will be expected to delineate the deficiencies leading to the rating in considerable detail. Of course, as has always been the case, serious lapses in risk management will result in the initiation of appropriate supervisory actions, which might include formal enforcement actions. This more structured approach to the evaluation of risk management should facilitate better communication of examination conclusions about the risk management process at banks and bank holding companies. We anticipate, as well, that it will foster continued improvements in risk management practices at the institutions that we supervise. IV. Implications of Developments in Risk Management for Supervisory Examinations As credit professionals representing the banking institutions subject to 7 supervisory examinations and ratings, I suspect you are all wondering what the Federal Reserve's increased emphasis on risk management means to you. I am pleased to reassure you that, although there will be some redirection of emphasis, the changes in our examination process will be far more evolutionary than revolutionary. Furthermore, when changes do occur, we believe that they will parallel changes taking place in your institutions and will be beneficial to the banking industry on the whole. For many years, Federal Reserve examinations have focused on the evaluation of lending standards and the detailed review of loans. This will not significantly change. Exposure to excessive credit risk arising from the loan portfolio has historically been the most severe threat to the solvency of banking organizations. Supervisors have sought to assess credit risk by focusing examination resources on the review of individual loans and on the assessment of lending standards in place at financial institutions. Nonetheless, banks' entrance into new activities has made it necessary to devote additional resources to the evaluation of other types of risks and the management practices followed to control them. Such risks include increases in exposures to market, liquidity, operational, legal, reputational, and other risks. In order to ensure that these risk exposures are adequately assessed without sacrificing the focus on loan quality, staff at the Federal Reserve have recently taken a number of steps to improve the efficiency of our loan reviews. These initiatives will also reduce the supervisory burden on financial institutions by streamlining loan reviews and making them less disruptive to the credit administration process. 8 Steps that are being taken to make our loan reviews more efficient include increasing the time devoted to planning and preparing for an examination in advance of actually entering an institution. This will allow us to better focus our resources on areas of high risk in the loan portfolio once onsite. We are also developing an automated loan review system to minimize manual operations and facilitate more timely analysis of the composition of loan portfolios. In addition, examiners have been using statistical sampling techniques to test the accuracy of internal loan risk rating systems. When the reliability of internal rating systems can be verified by sampling, examiners draw conclusions on the quality of some loans based on internal risk ratings. Finally, the Federal Reserve also has been experimenting with a loan screening approach that is designed to reduce the time spent reviewing sound loans. While we intend to retain our examination focus on loan quality and underwriting standards, I believe over time our supervisory activities will focus even more on the risk management process and less on statistical balance sheet analysis. Examples of this trend are already evident. For instance, one recent Federal Reserve proposal would establish capital requirements for market risk based on the internal models used by financial institutions, rather than on supervisory models or strict balance sheet assessments. In developing approaches for factoring market risk into the risk-based capital framework, we have increasingly focused on the complex interrelationships between the various types of risk that are addressed by integrated risk management systems. To use a relatively simple example, any successful trading position that puts an institution "in the money" and, thereby, reduces its market risk exposure will correspondingly increase its credit risk as the likelihood increases that counterparties that are "out of the money" will default. Thus, there is a clear need for supervisors to take account of dynamic cross-correlations in establishing capital requirements-a need that calls for consideration of risk across the entire institution and not just in individual portfolios of assets. Other such changes can be expected to occur in the Federal Reserve's supervisory approach. However, it is important to note today that the current emphasis on risk management is not a replacement for, but rather a complement to, other traditional examination techniques. Consequently, resources will continue to be devoted to traditional examination procedures, such as the assessment of the quality of loans and investments and the evaluation of the adequacy of capital, even as risk management is more strongly emphasized. V. Further Possible Enhancements in Risk Management Practices Clearly, significant improvements in the management of risk have been achieved in recent years. For example, great strides have been made in developing value-at-risk models for the measurement and monitoring of market risk exposures. We have also seen a refinement in the techniques for stress-testing bank positions to assess the consequences of unexpected market movements. Furthermore, on a more basic level, the quality, comprehensiveness, and timeliness of information provided to 10 the management and boards of financial institutions have improved considerably. Nonetheless, thfere is room for further improvement in risk management practices. A case in point can be made in considering the management process for credit risks. Since the severe credit problems of the late 1980s and early 1990s, there has been considerable improvement in the quality of bank assets. Recently, however, although delinquencies generally remain low by historical standards, they have increased for certain loan types. At the same time, over the last several years, deterioration in loan underwriting standards and terms-particularly in the pricing of loan products-has been reported by a number of sources. These sources include Robert Morris Associates, the Federal Reserve's Senior Loan Officer Survey, and a quarterly Examiner Survey we initiated late last year. While such easing may be appropriate at institutions that unduly tightened their lending standards in response to credit problems, it may also suggest substantial deterioration in loan portfolio quality. In light of these trends, the importance of sound risk management practices to measure, monitor, and limit credit risk cannot be underestimated for any financial institution. Indeed, while the sophistication of risk management systems necessarily varies depending on the size and activities of a banking organization, all institutions must develop workable solutions to similar risk management problems. For example, in light of recent developments in bank lending markets, a financial institution's risk management process should be able to provide answers to a number of fundamental questions, such as: 11 How will changes in terms affect the performance of individual borrowers and the loan portfolio as a whole under different economic scenarios? Are a substantial portion of an institution's borrowers either directly or indirectly vulnerable to deterioration in the performance of specific industries? What is the institution's aggregate exposure to credit risk across all on- and offbalance sheet products and activities for each customer and overall? Are loans being offered at prices that are commensurate with the risks that are being accepted by the institution? Other questions readily come to mind, but these examples suggest the types of information about credit risk exposures that a fully developed risk management system should be able to provide. Given the wide range of risks to which institutions are exposed and the cross-correlations between various types of risk, there is also a need for risk management systems to consider credit risks in concert with other risk exposures. A good first step is to ensure that the risk management process identifies not just the credit risks, but all of the risk types, associated with each customer relationship, regardless of the activity from which the risk arises. However, as risk management systems evolve, it will increasingly be possible to aggregate and quantify all or most of 12 the risks faced by an institution, allowing banking organizations to more systematically manage their exposures to various risks on a firmwide basis. VI. Conclusion In conclusion, the recent advances in risk management are clearly important. The Federal Reserve's examination process is being continually adapted to take them into consideration. At the same time, in light of historical experience, it is essential to maintain an examination focus on loan underwriting standards and asset quality as risk management practices are developed further. Accordingly, examinations will reflect a balanced consideration of the quality of assets, the appropriateness of risk management practices, and the adequacy of capital as examination procedures evolve to take account of enhancements in the ability of financial institutions to identify, monitor, and control risks. Thank you.