A Risk Professional's Survival Guide. Rossi Clifford
more stringent reporting and capital requirements.
The CFPB has been quick in setting up many new consumer-friendly regulations such as defining what a quality mortgage is, and regulations on fees and interest rates charged to bank and other financial institution customers. In addition to these mandates, the Federal Reserve established a new set of rules on limits on interchange fees that banks could charge for debit transactions. The CFPB in conjunction with the U.S. Justice Department and Housing and Urban Development (HUD) have elevated their focus on fair lending practices. This increased scrutiny has required banks to redouble their efforts on making sure their lending practices are compliant with various regulations regarding fair lending.
SifiBank is also subject to a set of capital, stress testing, and liquidity requirements (referred to as Basel III standards) established by the Basel Committee on Banking Supervision (BCSB) and implemented by the Federal Reserve Board. Large, complex banking institutions such as Sifibank are subject to a number of capital requirements, some of which are risk-based and require considerable data management and analytics to be performed by such banks. Banks that do not meet certain thresholds for well capitalized institutions as determined by the regulatory authorities may be subject to certain limitations on their activities and/or face other regulatory actions such as establishment of capital plans for a bank to raise capital to designated target levels.
Bank regulation requires a substantial commitment of resources and staff by SifiBank. Within the Corporate Division, a unit known as Regulatory Affairs operating under the Legal Department is charged with staying abreast of the various regulations, examination schedules, and other regulatory developments and works with the business units and risk management functions to coordinate responses and analysis to regulatory inquiries and activities. Clearly, SifiBank faces substantial regulatory risk from noncompliance with various local, state and federal regulations. This risk poses yet another important consideration in SifiBank’s strategic planning and risk assessment exercises each year. Some banks have taken adversarial positions with bank regulatory agencies that they believe provides an effective check against unnecessary intrusion into bank activities. At times, however, this strategy may backfire against the bank in the event that it needs the regulator to support a particular initiative or temper a regulatory response to an uncovered deficiency. The best course of action is to cultivate a respectful relationship with the regulators that is based on credibility, trust and sound expertise.
SUMMARY
SifiBank’s fortunes have ebbed and flowed over time with different management, regulatory, market and economic conditions. The financial crisis of 2008 exposed deficiencies in risk management governance and infrastructure that nearly led to its demise. The company enjoys a second chance at remaking itself into a world class institution known for its risk management expertise by virtue of a government bailout. The bank still faces a dizzying array of financial and regulatory challenges in the post-crisis environment.
Most notably, the regulatory environment is taking a heavy toll on the bank’s ability to increase operating revenues while managing expenses. Fees associated with various bank services and products such as debit cards and consumer loans have dampened important income sources for SifiBank. This has incented the bank to look for other products that boost profitability without running afoul of regulatory requirements. Mortgages that lie just outside the CFPB Qualified Mortgage criteria could provide the bank with better spreads than conventional mortgages while exposing the firm to minimal legal risk in the future. However, a product development and design framework that vets the collection of bank risks against each other in a way that meets the bank’s objectives would offer the most effective protection. This is where strong risk management practices can make the difference between a sustainable business model and one that experiences a major risk event that puts the entire firm at jeopardy.
Financial risk management is not an exact science despite a revolution over the past two decades to leverage quantitative approaches in measuring and managing risks. A key to successful risk management is knowing the right combination of qualitative controls and quantitative tools to use. The remainder of this book introduces the reader to a complement of key risks faced by SifiBank. While individual risks are examined within specific operating units of SifiBank, it should be understood that these risks span most divisions with variations in exposures based upon the nature of the transactions, and services in place, among other considerations. Further, while most chapters that follow focus on a particular type of risk, as discussed earlier, SifiBank’s risk managers must think about risk holistically. Even within an operating unit such as the mortgage group, business risk managers must evaluate tradeoffs between the credit exposure of putting a mortgage on the balance sheet and the interest rate risk exposure and operational risk it creates. Moreover, potential reputation, regulatory and legal risks must be factored in before implementing a product strategy. Some of these risks do not lend themselves to quantification but still expose the firm to lost business, regulatory actions and penalties, and large legal tabs if not carefully accounted for in product development.
QUESTIONS
1. What is a SIFI and how does that relate to the concept of too-big-to-fail?
2. Describe the four elements of the risk management feedback loop.
3. What differentiates banks from nonfinancial corporations?
4. Describe SifiBank’s profit-maximizing function.
5. Describe a conceptual model that relates risk-taking to asset generation and firm growth.
6. In a potential merger with another institution, what should SifiBank take into consideration that would mitigate potential risk later?
7. What factors led to the near death of SifiBank after the financial crisis of 2008–2009?
8. What is the Volcker Rule and what impact does it have on banking and financial risk management?
9. What are a few key measures that banks use to monitor their performance?
10. What is systemic risk and how does it affect bank risk?
11. What is risk layering?
12. What is CAMELS?
13. What are some of the key provisions of DFA?
CHAPTER 2
Overview of Financial Risk Management
RISK MANAGEMENT DEFINED
Risk management describes a collection of activities to identify, measure, and ultimately manage a set of risks. People and organizations confront risks every day: For example, an individual decides to leave a relatively secure job for another with better opportunity and compensation across country, a government faces the threat of terrorist attacks on public transportation, or a bank determines which financial products it should offer to customers. While some risks are fairly mundane and others a matter of life or death at times, the fundamental process for assessing risk entails evaluation of trade-offs of outcomes depending on the course of action taken. The complexity of the risk assessment is a function of the potential impact from a particular set of outcomes; the individual deciding to take a different job is likely to engage in a simpler risk assessment, perhaps drawing up a pros and cons template, while a government facing terrorist threats might establish a rigorous set of quantitative and surveillance tools to gather intelligence and assign likelihoods and possible effects to a range of outcomes.
Regardless of the application or circumstance, each of the assessments above has a common thread, namely, the assessment of risk. But what exactly is risk and is it the same across all of these situations? Risk is fundamentally about quantifying the unknown. Uncertainty by its very nature tends to complicate our thinking about risk because we cannot touch or see it although it is all around us. As human beings have advanced in their application of technology and science to problem solving, a natural evolution to assessing risk using such capabilities has taken place over time. Quantifying uncertainty has taken the discipline of institutional risk management to a new level over the past few decades with the acceleration in computing hardware and software and analytical techniques.
Risk and statistics share common ground as uncertainty may be expressed using standard statistical concepts such