Banks Face Added Risks in a Tough New Regulatory Arena
Banks Face Added Risks in a Tough New Regulatory Arena
Bankers Trust was an aggressive and entrepreneurial commercial bank that developed some of the basic risk management tools now used throughout the banking industry. (It merged with Deutsche Bank in 1999.) "We moved from Keynesianism to monetarism in my career and it wiped out one whole generation of traders," said Charles Sanford, the former chairman of Bankers Trust. He added that double-digit inflation in the 1970s wiped out another group of traders.
His point was that for a bank to manage its risks successfully, it must make sure that those making decisions within the bank are accurately gauging the environment around them. If their assumptions about significant changes in the markets are wrong or outdated, they are liable to make bad decisions.
"Judgment and Character"
Sanford made these remarks at a recent Wharton conference called "Financial Risk Management in Practice: The Known, the Unknown and the Unknowable," which brought together academics and industry participants to discuss how risk is seen in different parts of the financial system, including banking, financial policy-making, asset management and insurance. The conference was co-sponsored by Mercer Oliver Wyman Institute, the Alfred P. Sloan Foundation and Wharton's Financial Institutions Center. In addition to Sanford, the panel on banking included investment banker Geoffrey Boisi, and H. Rodgin Cohen, chairman of international law firm Sullivan & Cromwell and an expert in bank mergers and acquisitions.
Each speaker focused on different risks that can affect the success of a bank. Boisi stressed the importance of relationships and accountability. Developing a culture for success within a bank depends on the type of people hired, the motivational structure (in effect, the compensation system), the strength of the review system, and accountability -- and it all starts with leadership, he said. He noted that the fundamental risks a bank must manage involve human nature. We can't develop a "mathematical tool to deal with that," he said. "It always gets back to judgment and character."
Boisi is a former investment banker who spent 22 years at Goldman Sachs, 15 of them as a senior managing partner. In 1993, he and three former colleagues from Goldman formed The Beacon Group, a private investment firm. Care was taken in creating the partnership structure to foster the right attitude toward risk. "Each of the original partners had an equal share in the upside and low current income [at Beacon] so they were locked in, and capital was maintained inside the business to engender long-term thinking," Boisi said.
The firm raised an initial $700 million, the largest amount for a private equity firm at the time, and went on to raise another $1.1 billion. Beacon developed a strong middle-market M&A practice and money management business, and grew to about 125 employees. When Goldman went public in November 1999, however, the motivation of some of Beacon's executives changed. "They wanted more immediate liquidity than the agreement we had when we started," said Boisi.
Beacon was acquired by Chase Manhattan Bank in 2000, just before Chase merged with J.P. Morgan to become the one of the largest global financial services firms. Boisi became vice chairman of the new entity, JPMorgan Chase, and co-head of the investment banking division.
Then the "thunderbolts" hit: recession, the tech bubble, the death of some key leaders within the organization, 9/11, Enron, Tyco, and the equity research scandal. Dealing with that during a period of bank consolidation was "an immense challenge, yet we were named bank of the year, and we instituted, with a lot of bumps in the road, a new risk management system within the new organization," said Boisi.
He noted that those in risk-taking positions must be accountable for their decisions. At Goldman, Boisi said, the firm's partners were accountable because they had their capital on the line. If there was a disagreement about, say, underwriting, it would be taken to the eight-person management committee. At Chase and then JPMorgan Chase, a different system was in place. "The head of the business line no longer sat at the table, with bottom-line responsibility [for what went on in his division]," Boisi said. "That surprised me and was a cause of friction in my mind philosophically with the senior management there."
Boisi left the bank in 2002. That year, as the pile-up of accounting scandals continued to grow, the Sarbanes-Oxley Act overhauled corporate governance. The legislation has had positive effects, Boisi said, although it has gone too far. "Are we providing the right checks and balances in looking at the governance structure?" he asked. In his view, the long-term success of any organization depends on the way individuals think about risk. "How can you look into the soul of a relationship and determine if you can trust it?" asked Boisi. From a risk standpoint, that's what managers must do, he said.
Countering the Biases
Sanford agreed with Boisi that a bank's culture must be imposed from the top down. He emphasized the importance of understanding how people think and make decisions, particularly under stressful conditions. "We rely much, much too much on what we think we know," he said. "We should always be more skeptical than we are."
Inertia and proprietary attitudes toward a department or group are also risks. In Sanford's view, one way to get around that is to move people around within a bank. Moreover, intellectual agility must be encouraged. "We recruit and train people under an existing environment at that time," he said. But times change, and that makes it critical for managers to continually "be judging their people's understanding of the current environment."
"We ought to treat people doing risk management like pilots in airlines," Sanford suggested. "Every X period of time, at a minimum of once a year, have them go down and sit in a simulator and see if they're up to speed and see if they understand what we think the environment is." If not, all the available analysis and quantitative modeling won't counter the biases individuals carry with them.
At the same time, Sanford noted that risk management has become more sophisticated in recent years. Faster communications and the increase in computing power have "allowed us to transform a stream of data into usable information we couldn't possibly [have had] before, and it creates more knowns," he said. The focus on the risks a bank's institutional customers face, the use of probabilities and data analysis, and the tailoring of financial products to meet clients' needs -- all this helps banks innovate and improve their business, he added.
Sanford made a number of other observations: It's important for a bank's traders not to be too confident of a model's forecasts about market conditions more than two weeks out. Banks should be over-capitalized, especially as they increase in size, because of liquidity concerns. Banks should have a risk management committee on the board of directors, and the CEO should be the top risk manager. On the subject of compensation, he pointed out that it can serve as a rough check on risk. What's key is the "size of the bonus and the computation -- is it asymmetrical? So often it's heads he wins, tails I lose," he said.
Cohen took a different approach to risk in the banking industry, noting that the risk that looms largest is the uncertainty surrounding the current regulatory environment. Cohen is one of the country's experts on banking M&As and regulatory issues. Over the last two decades, he has been involved in most of the major mergers between banks.
He outlined the risk succinctly: "What is known today is that the regulatory environment is far more stringent and unpredictable. What is unknown is what impact this regulatory environment will have on the banking industry, including consolidation. What's unknowable is the impact of this environment on individual institutions because of the randomness of the process."
From Collaborative to Confrontational
Over the last few years, bank supervision has "moved from a regulatory approach that was collaborative to one that is confrontational, from market-oriented to prescriptive," he said. Regulators have become more hard-nosed. They search more aggressively for violations, mete out stiffer punishment, and treat bad judgment and mistakes "as worthy of severe sanction," he said. "They reject common practice or the absence of prior criticism as a defense."
In Cohen's view, banking institutions are especially vulnerable to the current combination of tough laws and "subjective judgment" for two reasons. First, banks face a "multiplicity of regulators." They deal with federal bank regulators, state bank regulators, FinCen (the Treasury Department's Financial Crimes Enforcement Network), the Securities and Exchange Commission and the Commodity Futures Trading Commission, as well as foreign regulators. This creates a complex and overlapping network of regulation. The second reason banks are vulnerable is the "criminalization of the banking law," noted Cohen. Until a couple of years ago, bank regulatory agencies were the primary overseers of banks. That's no longer the case. "Law enforcement [agencies] now see themselves as having direct and primary jurisdiction over violations of banking law," he said.
An example of the increasing stringency is the hardening of compliance standards associated with the Bank Secrecy Act. The BSA was amended by the USA Patriot Act of 2001 to combat money laundering and terrorist financing. There are now "more rigorous BSA examinations, more stringent standards, harsher criticism, and more automatic applications of sanctions," Cohen said. Failure to maintain a robust BSA program "is today a truly franchise-threatening matter."
This shift could affect the trajectory of the banking industry. An enforcement order could result "in a ban on acquisitions for a period of time -- until the [enforcement] order is lifted," said Cohen. A criminal prosecution would up the ante. So far, banks have avoided criminal prosecution by entering into deferred prosecution agreements, but "if the Department of Justice insists on a guilty plea, it is far from clear that the banking organization could survive -- at least as an independent entity." At its extreme, a conviction of a money-laundering offense would require the FDIC to determine whether the bank should lose its federal deposit insurance.Cohen ended with a plea: that regulators and law enforcement agencies distinguish between violations arising from mistakes or negligence and deliberate transgressions of the law. "In the absence of clearly stated prior regulatory criticism, remedies should be prospective and structural, as opposed to being retroactive and punitive," he said. Echoing one of Sanford's earlier points, he added that bank executives should be careful about what they think they know since a changing environment can leave them operating under outdated assumptions.