Risk Management for Banks and Banking Regulators in the 21st Century It is a great pleasure to have the opportunity to talk with you today. I was going to tell you the exact pattern of future interest rates over the next 12 months, but I decided that you probably wouldn't be interested. In any event, as most of you know, monetary policy is only one of the responsibilities of the Federal Reserve. Payments system issues and the regulation and supervision of banking companies are other major responsibilities. It is a surprise to many, but supervision especially seems to occupy a large portion of our, and particularly my, attention. Therefore, I've decided to talk today about a subject that should be near and dear to any group of financial analysts--namely, how safe is our banking system? Put another way, what is the chance that we will suffer, any time soon, the kind of banking crisis that we experienced during the late 1980s, when about 1000 banks failed in just a five year period? The short answer is "virtually zero," but how I arrived at that conclusion will take up the rest of my allotted time. In some ways, my job as a bank supervisor is not too dissimilar from your job as a market analyst. We both spend our time assessing risk versus return. Rating agencies opine on whether the subordinated debt of a financial institution should be rated single-A or double-A, or whether its stock should be rated a buy, hold, or sell. You step in the shoes of your client to determine whether the return on a stock or bond is worth the risk. Bank examiners also assess risk, and we concentrate on the quality and quantity of capital supporting a bank's ventures. Banks, in doing their job, do take on risk, extend credit, and grease the wheels of the economy. We want banks to take on risk, we want them to be profitable. But too much risk-taking is unacceptable from a systemic point of view. The important questions are: can we accurately assess the risks that our banks are taking, and how much risk is too much? The Revolution in Bank Risk-Taking If you've been doing your homework, you know that banks in the 1990s, especially the very largest banks, are very different animals from those of 10 or 20 years ago. No longer do banks simply take in deposits and lend money to businesses and households. Much of the banking activity of today, and much of banking risk, does not involve the balance sheet at all. For example, when a Fortune 500 company issues commercial paper to borrow directly from the marketplace rather than from its banker, the banker still may get a piece of the action in the form of a credit enhancement issued to the commercial paper facility. Or, when a company issues a bond, it may be the investment banking subsidiary of a bank holding company that underwrites the issue. When a computer software company hedges a foreign sale of its product by entering into a foreign exchange forward contract, the derivative counterparty may be a commercial bank. Banking is indeed undergoing rapid change, but the basic business of banking remains essentially the same. That business is to work with, and profit from, financial risk. Just as they did 20 years ago, banks measure risk, price risk, assume risk, and manage risk--risk of all kinds including credit risk, market risk, and ordinary business risk. But the risk manifests itself in different ways and in very different financial products than twenty years ago. We can point to at least three major arenas in which this banking revolution is being carried out. Derivatives First, the advent of financial derivatives--including interest rate, foreign exchange, and credit derivatives--permits banks, as well as their nonbank competitors, to "slice and dice" the risks associated with the underlying asset in a dazzling variety of ways. Of course, derivatives can be an effective way for a bank or its customer to hedge existing risk and, as such, we have heartily supported their development. But derivatives also permit the construction of positions for which risk can be more difficult to assess than simpler, more traditional activities. That is, quantification of risk becomes more complex as the instrument becomes more complex.

Return to top

Also, derivatives permit financial engineers to divide an underlying instrument into component pieces, then recombine the pieces in ways that, effectively, create "new" instruments that were once thought to be outside the scope of banking. For example, although banks generally are not permitted to underwrite insurance, they may write put options, which can be thought of as a form of insurance. It is now possible, at least theoretically, for a series of put and call options to mimic the risk (and the return) of other financial or real activities. Thus, derivative instruments have the potential for blurring the distinctions among banks, investment banks, and other forms of financial as well as nonfinancial institutions. Permissible Nonbank Activities While derivatives can permit almost anybody, including banks, to take on almost any risk, or to hedge almost any risk, our laws and regulations restrict banking companies in their ability to reap economies of scale and scope by directly joining forces with nonbanking companies. In general, commercial banks are permitted to engage, through their holding companies or affiliates, only in activities that are closely related to banking, with prior approval from the appropriate regulatory agency. The banking agencies have used this authority to permit certain bank-nonbank affiliations in order to foster greater efficiency in the provision of financial services. Most recently, the Federal Reserve has liberalized the so-called Section 20 rules for investment banking subsidiaries of bank holding companies by raising the limits on the scale of permissible underwriting and dealing activities, and by removing costly restrictions on the joint operations of the subsidiary, its affiliate bank, and its holding company. The Comptroller of the Currency also has recently proposed a liberalization of its rules for bank operating subsidiaries in a manner that may eventually permit broader nonbanking activities to be permitted through the sub of the bank. In general, these are constructive innovations, although, as you may know, the Federal Reserve has concerns with the operating subs of banks directly benefitting from the federally subsidized safety net that was set up to protect our nation's banks. By safety net, I mean federal deposit insurance, discount window credit, and payments system guarantees. The broader issue is quite clear, however--whenever such regulatory liberalization has taken place, banks typically have responded by offering new products, increasing services to customers, and generally adding to the level of competition for the provision of financial services. As is the case with derivatives, however, new nonbanking activities create the potential for greater complexity in banking and greater complexity generally means greater difficulty in assessing the level of risk associated with the consolidated operations of the banking company. Securitization If I had to nominate any one innovation as having had the greatest impact on the business of banking it would be the advent of securitization. A mortgage-backed or asset-backed security can be thought of as just another derivative product. But these products were around before we even used the term "derivative." Bank-sponsored securitizations currently account for over $200 billion of assets that, in the absence of securitization, would have been handled the old-fashioned way, by carrying them on the books of the banks or other financial institutions. Banks securitize every kind of traditional banking asset, and some that are not so traditional. The list includes short-term commercial loans, trade and credit card receivables, auto loans, first and second mortgages, commercial mortgages, and lease receivables. There is also an emerging market for the securitization of small business loans. Securitization removes the assets from the bank's books, but does not necessarily remove all of, or even most of, the risk of the underlying credits. Indeed, as is the case with some other derivatives, a securitization can effectively result in a leveraging of credit risk for the sponsoring bank. To understand how, let's review the basic securitization process. Typically, the sponsoring bank creates a bankruptcy-remote vehicle called a loan securitization conduit. The conduit purchases loans or other assets from its sponsor or, in some cases, originates the loans directly within the conduit. The loans in the conduit are financed by the issuance of multiple classes of asset-backed securities. The most senior securities of the conduit generally are rated double-A or triple-A by the rating agencies. To achieve these high credit ratings, the conduit must obtain credit enhancements on the underlying assets in the conduit. These credit enhancements generally are provided by --you guessed it--the bank sponsoring the securitization conduit. The credit enhancements can take several forms, including purchase of subordinated securities or provision of a standby letter of credit to the conduit, generally large enough to absorb most of the risk of the assets being securitized. In return for providing the credit enhancement and servicing the loans on the books of the conduit, the bank sponsor lays claim to all the residual spread between the return on the conduit's assets, net of any losses, and the conduit's costs, including the interest cost of the securities issued. The credit enhancement itself is a derivative instrument; its value, and its risk, derives from the underlying pool of loans in the conduit. It is fairly typical for these credit enhancement positions retained by the bank to involve considerably more credit risk, per dollar of book value, than is implied by retaining the underlying assets on the balance sheet. For example, the enhancement could guarantee absorption of first losses on the entire pool, not just the proportional share of losses represented by the face value of the credit enhancement. If you were assessing a bank's credit risk, what level of capital would you require the bank to hold to protect against losses, for example, on a junior security? Or suppose the bank held a credit enhancement position for a conduit whose assets themselves consisted of credit enhancements, such as other subordinated securities? Or suppose the bank, rather than holding a first loss position, holds a second loss position, insuring the conduit against losses beyond a particular amount up to some other particular amount?

Return to top

You can see that securitization can very easily involve quite complicated risk positions. As in the case of the emerging derivatives markets and the direct conduct of nontraditional financial activities, we wholeheartedly support the development of securitization by banks. The technique has permitted the "slicing and dicing" of the risks associated with a pool of assets in ways that permit each investor to choose positions that most closely reflect desired risk versus return. Market efficiency and liquidity are enhanced. But like derivatives and other complex activities, securitization makes my life as a supervisor, and yours, more difficult in one respect. Measurement of risk becomes more difficult. The Revolution in Risk Measurement The financial product innovations to which I have been referring could not have taken place had there not been a parallel set of innovations in the technology of risk measurement. Indeed, risk measurement innovations can be said to have spawned financial product innovations. So while I complain that the new products have complicated our job of supervising banks, I do not mean to imply that the increased complexity has rendered our supervision of banks any less effective. Rather it has been a case of the supervisor using ever more sophisticated tools to assess risk and to determine the limits of risk-taking. In this regard, supervisors have learned a lot from the technological innovations in risk measurement that have taken place within the banks themselves. In particular, we have sharpened our determination of capital adequacy, along with the adequacy of risk management procedures, by critically examining certain internal risk modeling processes within the largest banking organizations. These risk models have been developed to measure market risk and credit risk, which, taken together, are two of the most important types of risk faced by financial institutions. Market Risk Modeling For several years now, the largest banks have been modeling the risk versus return probabilities facing them within their trading account. Activities within the trading account include a bank's holdings of marketable government and private bonds, its interest rate and foreign exchange derivatives, written or purchased options on traded instruments, as well as futures and forward positions on and off established exchanges. Each of these positions is marked to market daily and the bank's entire portfolio of such positions can gain or lose value from day to day, or within a day for that matter. To measure this market risk, banks have developed so-called Value at Risk or VaR models that estimate a loss probability distribution for the entire market portfolio over a particular future time horizon, generally one day. The shape of this loss probability distribution typically is collapsed into a single statistic called the Value at Risk. For example, VaR may be defined as the loss which would occur with a 1 percent or less probability over one day--this is tantamount to a 99 percent confidence interval. A bank might use these VaR estimates in setting constraints on the risk taken by its portfolio managers. For example, a portfolio manager might be expected to alter portfolio composition toward positions that involve lower probability of future loss whenever the portfolio's VaR approaches a certain limit. Banking regulators have recognized the validity of the VaR models by employing them within the regulatory capital requirements for a large bank's trading activities. Beginning in January of next year, large multinational banks will be able to use their internal VaR models to determine their own capital requirements based on the peculiarities of their own portfolios, rather than be bound by the current capital requirements that do not take into account the diversification of risks within the market portfolio. Regulatory capital for market risk of trading activities at these banks will be set at a multiple of Value at Risk, calculated at the 99 percent confidence level, over a two week time horizon. Further, in an experiment begun last year, the private sector and the regulators have been examining the possibility of using a so-called pre-commitment approach for capital for market risk. Under this approach, the bank can commit to a capital level to protect against market risk in its trading account. If cumulative losses during a quarter exceed the specified capital, the bank would be subject to significant penalties. These penalties are intended to induce banks to set reasonably high capital levels for market risk and to continually strive to make their risk management practices as effective as possible. The pre-commitment approach also recognizes that market risk management is dynamic and that managers can respond to changing market conditions quickly, closing out risk positions, accepting current losses if necessary, but reducing exposure to future losses. Credit Risk Modeling Some of the larger, more sophisticated banks have also been making considerable progress in developing quantitative measures of credit risk, including risk associated with traditional lending as well as the newer activities such as securitization and credit derivatives. Thus, as was the case for market risk, bankers are now beginning to estimate the shape of loss probability distributions associated with their portfolios of loans and other credit-related instruments. This credit risk quantification generally begins with an internal credit grading process in which each potential credit position is graded on, say, a 1 to 10 scale, with 1 representing the best credit quality, similar to a triple-A rating, and a 10 representing a loss position. For each loan grade, which can be thought of as a loan sub-portfolio, the banker estimates a loss probability distribution. As is the case with VaR models, the entire shape of the loss probability distribution is collapsed into a single statistic which is called the "risk capital" or "economic capital" allocation. For example, risk capital can be set as that amount of loss that would occur, with a 1 percent or less probability, over a one year time horizon. In defining risk capital, the banker has developed a tool for comparing risk across very different kinds of instruments, from a term loan to a credit derivative. Risky positions are those that have higher risk capital allocations per dollar of carrying value.

Return to top

The risk capital calculations within credit risk models are used for a variety of tactical and strategic purposes by the major banks. For example, risk capital can be calculated for each product line or business unit. These capital calculations can then be used to determine risk-adjusted return on allocated capital, or RAROC as it is generally known, for each business line. The RAROC calculations, by permitting a comparison of all business lines on a common, risk-adjusted basis, can lead to an optimal reallocation of scarce corporate resources toward those business lines that show the highest risk-adjusted yields. Indeed, some institutions are beginning to disclose their RAROC calculations in their annual reports, to give the investor a sense of how much risk and how much return are generated within each division of the banking company. Risk capital calculations are also used within pricing models to help determine whether the bank should enter into individual transactions. If the market-determined yield on a particular transaction is not sufficient to generate some minimum rate of return on allocated risk capital, the banker might not enter into the transaction. Even if lending of a certain type is not profitable on a stand-alone basis, the RAROC models can help the banker determine the amount of nonlending or "relationship" business that is needed in order to turn the overall relationship with the customer into a profitable arrangement. Parenthetically, we should take notice of the recent relatively thin margins on investment grade and near investment grade loan syndications, as well as the increased competition for the leveraged and highly leveraged portions of the syndicated loan market. These market conditions justify raising a mild caution on the need for banks to maintain sound credit underwriting standards, pricing policies, and risk management practices in their lending activities. As was the case with VaR models, supervisors are examining the ways in which the internal credit risk models of the major banks can be useful to our task of determining the safety and soundness of individual banks and the banking system as a whole. Already we see that the banks' internal risk capital calculations capture a very much wider array of risk levels than is encompassed by current relatively crude formal capital requirements, which after all are intended only to provide for minimum capital standards. For example, internal risk allocations may range from less than 1 percent capital for a Grade 1 short term loan--a credit with the equivalent of a triple-A rating--to 20 percent or more capital for, say, a Grade 7 loan or a credit enhancement position supporting an asset securitization. This wide array of risk capital calculations warns us that looking at a simple ratio of equity to total assets for a bank, or even its regulatory risk-based capital ratio, can tell us very little about the true insolvency probability facing that bank. Very high nominal capital ratios are becoming quite commonplace in banking; indeed, over the last few years these capital ratios have been at their highest levels in several decades. But we all know that, if high capital is accompanied by highly risky portfolio positions, the probability of insolvency may itself be high. Bank examiners continually "look through" the nominally high capital ratios at banks to the specific risks the banks are undertaking. More importantly, we have begun to place a greater emphasis on the process of risk management. We are interested not only in what the portfolio looks like but also how the bank measures and manages risk, and how it protects itself from internal control failures of the sort we witnessed in the Barings debacle. The Federal Reserve is now giving bankers "grades" for the overall quality of their risk management processes, and these grades affect the overall grade the bank receives during the examination. I can tell that bank examiners are not the only ones that "look through" simple equity ratios when determining the soundness of an individual institution. Market analysts appear to do the same. For example, the top 50 bank holding companies have historically high regulatory capital ratios that average over 12 percent. Yet none of the top 50 banking companies have achieved triple-A ratings and only 6 of the 50 have achieved double-A ratings on their senior debt. The details of portfolio construction appear to matter to market analysts as much as they do to bank examiners. Details do matter. Therefore, let me close by calling for an effort on the part of the largest, most sophisticated financial institutions--be they banks or nonbanks--to disclose more rather than less about the details of the risks that they take. We applaud recent efforts on the part of some managements to increase voluntary risk disclosures in footnotes to their financial statements, but still more can and should be done. Bank examiners have access to the most intimate details of a bank's business, but market efficiency would be served if bank stock analysts and debt rating agencies also had more information on the content of risks taken by our largest financial institutions--within, of course, the bounds of appropriate confidentiality of customer and other proprietary records. This need has become especially evident as market participants and others call for expanded powers and/or reduced regulatory burdens based on so-called market tests of "good management" or "adequate capital." As a bank supervisor, I would not want to rely even partially on the market's assessment of the capital adequacy of a bank--unless I were assured that market analysts had the data necessary to reach informed judgments. As the risk-taking activities of our largest institutions become ever more complex, it is appropriate that the scope and content of disclosures keep pace. Let me end with a more complete answer to the question I posed at the beginning of my talk. I believe that, despite the increased complexity of bank risk-taking activities, the chances of a repeat of the banking crisis of the late 1980s have been reduced. The banks' higher capital levels and the improvements in their risk measurement and management processes contribute to the safety and soundness of the system. What is important is that we financial analysts--government and private sector alike--stay "ahead of the curve." We must not relax our guard or grow less diligent. And we must continue to press for a growth in the analytical tools and information base necessary for us to do our respective jobs. Thank you very much.

Return to top

1997 Speeches