A CEO’s guide to building competitive advantage through enterprise risk management, by Robert Wyle, Senior Director, Moody’s Analytics, Enterprise Risk Solutions
Firms that persevered through the crisis had one thing in common: they had a robust risk management infrastructure. It wasn’t a turn-the-crank, back-office risk management – nor was it silo-based. It was the kind of risk management that permeated an entire organisation: it was culture; it was governance; it was infrastructure; it leveraged advanced quantitative risk practices; and it was transparent. But, most importantly, it was integrated into the business.
All firms are now obligated to reinvent or rejuvenate their risk infrastructure at the behest of regulators. But beyond regulatory reporting there is a significant and meaningful opportunity for firms to reinvent their risk management practice in a way that opens up opportunities to do business smarter, faster and with more meaningful outcomes. In fact, risk management is no longer a cost centre – its new role is to enhance business strategy, identify opportunities and ultimately create long-term shareholder value. This article provides six key themes CEOs should focus on as they build their companies into the future and focus on creating long-term value for their shareholders.
Elevate risk management
Start with giving your group risk function the authority and funding that it needs in order to achieve its mission. Create the governance and internal institutions that can prospectively support the management of the risk strategy – this includes building an enterprise-wide policy and committee infrastructure to assess, quantify, and monitor the full taxonomy of risks to which your firm is exposed.
With governance in place, set your new organisation the task of creating a risk appetite statement that reflects your firm’s business strategy and the related risks. It’s beneficial to base your appetite statement in economic capital terms to facilitate advanced types of analysis and business practices, such as capital allocation, risk-adjusted performance measurement, linking incentive compensation with risk-adjusted performance and more. With risk management’s heightened profile, you will begin to create a responsive risk culture that speaks the same language and is accountable to the same objectives.
Build a cross-functional infrastructure
The crisis revealed that silo-oriented risk management created separate and often irreconcilable data infrastructures. For example, while Asset and Liability Management (ALM) data repositories capture capital markets data and instrument level bank data, they often lack detailed information regarding off-balance sheet facilities, counterparty agreements, securities information and counterparty credit risk exposures. Conversely, regulatory or Basel II implementations frequently lack the capital markets data and instrument level data necessary to forecast cash flows. Thus, an integrated approach that warehouses cross functional data is needed to ensure consistent enterprise-wide risk quantification.
First, consolidate your different source systems spread across your organisation and subsidiaries into one risk data warehouse. Then build your financial datamart so that it can quickly process, clean and standardise your data. Also, ensure that it covers your entire balance sheet – all assets, liabilities and off-balance sheet items. Once you achieve a ‘single source of truth’, build your multiple analytical systems on top of it. This ensures that departments across your organisation will be making assessments and decisions based on consistent, integrated and valid information. Finally, build flexible and agile monitoring and reporting systems that can help members across your firm communicate timely and significant risk management information across your enterprise.
Understand the nature of your risk
The crisis revealed that looking at one risk factor was myopic. Even two was insufficient. Indeed, looking at silo-based risk factors was the problem. The crisis underscored the fact that risks are deeply interrelated – and, as a result, are complex to understand and even more difficult to manage. For example, the credit crisis demonstrated that ALM risk assessment was not sufficiently prospective. This is largely due to the fact that ALM has traditionally been focused on one risk factor, interest rate risk. In order to address this inadequacy, a more holistic ALM paradigm that considers credit cash flows for both net interest income simulation and market value based risk metrics is needed.
Another example was the misunderstanding of the joint dynamics of interest rate risk and credit risk. Just prior to the credit crisis, price became disconnected from value as an asset bubble developed in the sub-prime housing market. This is partially due to the fact that participants in the capital markets did not necessarily have adequate tools to be able to evaluate expected losses. Third, accrual earnings are not only affected by the magnitude and direction of interest rates, they are also affected by delinquency, default, real estate owned (REO) levels, and recoveries.
In order to assess the financial risk for the totality of the balance sheet, robust ALM models need to also include traditional credit risk metrics like Probability of Default (PD), Loss Given Default (LGD), and delinquency in order to forecast future credit migration and default. A new, integrated risk management paradigm should clearly identify capital risk exposures and provide the controls to mitigate them.
Improve your stress testing regime
We live in a dynamic global economy where macroeconomic factors change in the blink of an eye. Regulators and shareholders expect financial institutions to understand the effect these volatile macroeconomic factors have on its business performance. They also expect banks to ensure that there are sufficient capital and liquidity buffers in place to withstand sudden or systemic crises. With higher capital requirements on the horizon, banks are under immense pressure to deploy capital more efficiently in order to off-set higher opportunity costs and prevent passing costs to the consumer. Without the right systems in place, these challenges are significant – and almost insurmountable.
Invest in a stress testing infrastructure that helps you easily measure the impact of changing market conditions at the enterprise level – across the entire balance sheet – and on individual portfolios. This type of stress testing capability will help your firm comply with regulations, (including those outlined in Basel III, Solvency II and Dodd-Frank, for regulatory capital and liquidity) but will also provide your firm with a foundation for strategic planning where your organisation’s executives can test the underlying assumptions for existing and proposed business strategies.
Manage liquidity risk holistically
The crisis proved that effective liquidity risk management practices increase the likelihood that your firm will meet its cash flow obligations when they come due and at a reasonable cost – despite external shocks. To ensure not just solvency and regulatory compliance, but also performance and stability, establish effective governance that measures and controls liquidity risk using forward-looking cashflow projections.
In addition, establish tangible liquidity tolerances and limits and create a scenario-based analysis that permits granular, drill-down opportunities to probe the effectiveness of different strategies. Next, incorporate liquidity costs and benefits into pricing and performance measurement to ensure a strong link between risk taking and the bank’s overall liquidity position. Finally, develop a granular contingency plan that articulates clear responses to multiple liquidity events with increasing levels of severity – that is supported by an adequate cushion on unencumbered liquid assets.
Use FTP to manage performance
Funds Transfer Pricing (FTP) is an indispensible tool for disaggregating the gross margin among the lines of business and creating the desired performance incentives. Technically, FTP is an internal measurement and allocation system that assigns a profit contribution to funds gathered, lent, or invested by a bank.It is a critical component of risk transfer, profitability measurement, capital allocation and specifying business unit incentives as it allocates net interest income to the various products or business units of a bank.
Following the market turbulence that began in 2007, there has been a renaissance in FTP best practices since it was identified as a practice that distinguished banks that performed better than others. However, like any complex internal control system, numerous challenges must be overcome – particularly, gaining buy-in from the lines of business.
There is one important rule of thumb to bear in mind: deciding which transfer-pricing method is most appropriate depends on the use of the information, the understanding and acceptance by the users and the degree of measurement precision desired. Therefore, implementing a fund’s transfer pricing system requires consideration of institution specific balance sheet characteristics and firm dependent requirements and decisions.
In a prescient statement, Former Chairman of the Federal Reserve Alan Greenspan wrote in 2004: “It would be a mistake to conclude that the only way to succeed in banking is through ever-greater size and diversity. Indeed, better risk management may be the only truly necessary element of success in banking.” That statement is as true today as it was in 2004.