The Federal Reserve Board eagle logo links to home page
Remarks by Governor Susan M. Phillips
Risk management
At the Asset/Liability and Treasury Management Conference of the Bank Administration Institute, Chicago, Illinois
November 4, 1997

Good morning. It is a pleasure to be here to discuss the Federal Reserve's perspective on risk management. As you know, advances in the methods and techniques in this area are having wide ranging effects on the corporate decision making process in all types of business. The effects on banking institutions have been especially profound. Clearly, financial engineering and improvements in risk management have helped banks to expand product lines, offer more efficient services, and control the risks of ever more complex financial instruments and the growing volume of financial transactions.

For some institutions, the application of new risk management techniques to specific areas is leading the way to a broader, firm-wide risk consciousness that is completely, and appropriately, transforming the entire corporate culture. This is particularly important since the very essence of banking and financial intermediation is the acceptance and management of risk. Adopting a "risk-focused" corporate culture from the highest levels of senior management down through business line personnel represents the ultimate product quality assurance program for individual customers and the financial system more generally.

From the Federal Reserve's perspective, effective risk management at financial institutions plays a critical role in helping to achieve our central bank responsibilities of:

  1. promoting an efficient and effective financial system that adequately finances economic growth, and
  2. ensuring that financial institutions do not become a source of systemic risk, or pose a threat to the payment system or burden taxpayers with losses arising from the federal safety net.

Advances in risk management clearly help reduce potential systemic disruptions. The Federal Reserve, along with other supervisors both here and abroad, have focused increasing resources on encouraging developments in this area. Indeed, just as financial engineering and advances in risk management are changing the operating methods and business cultures of financial institutions, they are also transforming both the operations and the corporate culture of bank supervisors. While ultimate goals and objectives remain the same, over the past several years, supervisors have been moving to more "incentive-compatible" approaches to 1) foster sound risk management within the institution rather than comliance with narrow rules and regulations, 2) minimize burden through the use of new examination approaches and internal risk measurement systems, and 3) reinforce market discipline.

Fostering Sound Risk Management
Key to almost all of these initiatives has been an increasing effort by supervisors to avoid locking themselves into formulaic, one-size-fits-all approaches to supervision and regulation. Too often financial engineering has been targeted at regulatory arbitrage--that is, the exploitation of loopholes in narrow regulatory policies are based on old traditional instruments, activities or business lines.

Supervisors are increasingly recognizing that the underlying risk characteristics of a financial instrument, activity or business line are of primary importance and not what they are called or officially labeled. To be sure, financial engineering can create derivative instruments which can combine component risks (including market, credit, liquidity, operational and reputational risks) in complex ways. But seemingly simple traditional cash instruments can actually have higher risk profiles than many instruments that are formally labeled "derivatives." In fact, the categorization of financial instruments and activities without regard to their underlying risk and economic functions can actually handicap sound management.

Thus, Federal Reserve and other supervisors have increasingly issued supervisory guidance that emphasizes managing the risks involved in bank activities and de-emphasizes the supervisory focus on specific instruments or traditional products.

Most recently, the FFIEC, published for industry comment a new policy statement that would eliminate the 1992 interagency policy that instituted the FFIEC high risk test. The older policy statement placed significant constraints on a depository institution's holding of certain "high-risk" mortgage securities that met specific market risk sensitivity tests. The new policy would replace the high risk test with broader guidance on sound practices for managing all investment and end-user activities. In essence, the new statement would allow an institution to hold any bank-eligible instrument as an investment as long as the institution had an adequate risk management process commensurate with the scope, complexity, and sophistication of its investment and end-user holdings.

The old FFIEC high-risk tests offer an excellent case study of the potential pitfalls of narrow formulaic supervision in an age of dynamic financial engineering. By requiring a pre-purchase price sensitivity analysis, the high risk test successfully helped institutions better understand the interest rate risk of certain mortgage securities. It effectively constrained many smaller financial institutions from acquiring certain types of securities that subsequently created large losses for other investors.

However, while protecting some institutions, the tests may also have distorted the investment decision making process at other depository institutions. Concerns about burden and heightened examiner review of all types of mortgage securities may have led institutions to blindly eliminate them as potential investments--regardless of the merits of their risk/return profiles. Also, by focusing only on certain products, the test provided incentives for institutions to acquire other types of securities with embedded options that required no testing. Such instruments were thought to have a supervisory "stamp of approval," but in fact often had risk characteristics similar to or greater than those designated as "high risk."

Assuming positive industry comments, the FFIEC hopes to implement the proposed new policy in early 1998. The comment period extends through November 17, and I encourage all of you to comment.

I might mention that the new policy will apply to all investment and end-user derivatives activities. It illustrates that supervisors are increasingly emphasizing risk management on a portfolio rather than an instrument specific basis. Although this is arguably the first principle of finance and is widely appreciated by bankers and regulators, putting this principle into practice in banking has not been easy. Past banking crises have, in part, reflected a failure to recognize or to prudently limit concentrations of risk. However, technology and financial innovation are now enabling financial theories and conceptual techniques that have been around for decades to be put into practice to manage market, credit and liquidity risks. Moreover, these risks are increasingly being managed across activities and in some cases on a global basis.

This move to a broad portfolio or "macro" approach to managing risk has influenced bank supervisory efforts in several ways. All three of the U.S. banking agencies now take a more "risk-focused" approach to bank supervision. Bank exams are no longer exhaustive reviews of all of a bank's specific activities. Instead, they now take a more targeted approach to identifying and reviewing the sources of risk within a bank's "portfolio" of activities. Exam resources are now targeted at evaluating the soundness of a bank's processes for managing risks and our supervisory tools have been enhanced in this direction.

Increased Use of Internal Measurement and Management Systems
In addition, supervisors increasingly are relying on internal risk management systems, including increasingly sophisticated risk measurement systems used by banks to manage their businesses. The objectives here are two fold--to help improve the effectiveness of our examinations and to reduce burden on banking organizations.

Examinations now involve significant off-site, pre-planning, analysis and fact finding. Then the on-site examination activities include spot checks to determine the reliability of the bank's internal risk management system. To the extent examiners gain confidence in the bank's risk management process, they will place greater emphasis on the findings of the bank's internal auditors at an earlier stage in the examination process and focus resources in other areas.

An area of bank risk management systems that has been particularly useful to supervisors is risk measurement. No better example exists than the banking agencies' adoption of a risk assessment approach for evaluating capital adequacy for interest rate risk.

Early on in that rulemaking process, supervisors recognized that a number of banking institutions had internal models for measuring interest rate risk that were much more sophisticated than any possible standardized regulatory model. However, at the same time, supervisors were acutely aware that many other institutions had limited capabilities in this area and that many banks may have been hesitant to develop more sophisticated internal measurement systems prior to the determination of a supervisory approach. Accordingly, in 1993, supervisors proposed to use the results of internal models for evaluating the quantitative level of interest rate risk exposure at individual institutions. While the rulemaking process was ultimately longer than desired, it did demonstrate the clear intent of supervisors to encourage and provide incentives for improvements in risk management and to take full advantage of such advances when possible. I think most banks would agree that the discovery process and comment periods supervisors convened from 1993 through 1995, and the ensuing dialogue, spurred significant industry development and refinement of interest rate risk models.

A similar process evolved in developing the international capital standard for market risk in the trading activities of internationally active banks. Beginning next January, banks that meet certain qualitative and quantitative standards for risk management will calculate market risk capital charges for their trading activities on the basis of their own internal Value at Risk (VaR) measures. Here again, supervisors recognized early developments in the quantitative measurement of market risks, encouraged industry progress, and sought to build on the VaR concept when developing a supervisory approach. During the discovery and rulemaking process the supervisory attention paid to VaR techniques led to more robust modeling and has helped spread the use of VaR techniques worldwide.

Moving forward, perhaps such supervisory/private sector synergies can be gained in other areas of risk management, as well. The quantification of credit risks, by far the most important risk in banking, may be a candidate. At present, some institutions are making significant strides on a number of fronts to better quantify and manage credit risk. In addition to major developments in credit scoring and the use of artificial intelligence in underwriting various types of consumer loans, a few banks are beginning to use historical data to estimate probability loss distributions for the credit risk of different quality commercial loans. In some banks, credit risk adjusted returns to capital are being used to construct a portfolio management framework for credit risk. This, in turn, is providing a proving ground for a risk-adjusted pricing of loans as well as a myriad of new instruments such as credit derivatives. While industry efforts to quantify credit risks are still in the early stages of evolution, recent progress holds promise for reducing both institutional and systemic risks.

Indeed, these efforts might eventually lead to new supervisory regimes for addressing credit risk. Better methods of quantifying credit risk have significant potential for reducing the time examiners spend in on-site examinations. Moreover, advances in credit risk measurement may ultimately allow supervisors to design regulatory capital standards around internal models. We recognize the inadequacy of the existing risk-based capital regime where such assets as loans are all treated as having the same risk. We are actively encouraging the development of more quantitative approaches to credit risk management. However, better regulatory tools are not yet available. While supervisors can prod developments in risk management, ultimately it will be up to the industry to find other ways to better measure and manage credit risk.

Strengthening Market Discipline
Harnessing market forces to reinforce supervisory objectives is another important goal in the changing culture of supervisors. Reliable financial information and adequate disclosure of risk exposures is an essential ingredient to achieving this goal. Market participants can benefit from enhanced disclosure by being in a better position to understand the financial condition of counterparties and competitors. Investors have an obvious interest in being able to make meaningful assessments of a firm's performance, underlying trends, and income-producing potential. Sound, well-managed firms can benefit if better disclosure enables them to obtain funds at risk premiums that accurately reflect lower risk profiles. Inadequate financial disclosures, on the other hand, could penalize well-managed firms if market participants are unable to assess fundamental financial strength.

It is this desire to see market discipline play a greater role in influencing banking activities that has prompted the Federal Reserve Board to join the debate about the derivative accounting standards that are being developed by the Financial Accounting Standards Board (FASB). Everyone agrees that a critical function of financial statements is to reflect in a meaningful way underlying trends in the financial performance and condition of the firm as well as the economic substance of its activities. However, the Board believes that the application of market value accounting to business strategies where not appropriate, and particularly when applied on a piecemeal basis, or when market prices are not readily available, may lead to increased volatility or fluctuation in reported results. Such accounting practices may actually obscure underlying trends or developments affecting a firm's condition and performance. Requiring companies to adopt market value accounting where it is not consistent with business strategies can cause them to incur significant costs to provide information that may not realisticly reflect way underlying circumstances or trends in performance. Moreover, from the standpoint of financial statement analysts and other users, having to make adjustments to remove the effects of meaningless accounting volatility from income statements and balance sheets can also impose significant costs without offsetting benefits.

The Board believes that these problems can be minimized by having large firms with active trading portfolios place market values in supplemental disclosures rather than by forcing their use in the primary financial statements. Such an approach would give analysts the information they need, without imposing costs on an unnecessarily wide range of firms and without imposing the broader costs of having to reverse or "back out" the distorting effects of the proposed accounting standard.

Emerging Challenges to Risk Management
Without a doubt, banking institutions have made significant progress in implementing new techniques and methods in risk management. To date, most work in this area has centered around the "science" of risk management--that is, the quantitative measurement of risk.

However, quantitative measurement is only one element of the overall process of financial risk management. Other elements such as board and senior management oversight, internal controls, and the role of internal and external audits are just as important. Given the pace of technological and financial innovation, inadequate internal controls can expose an institution to significant risk. Indeed, inadequate management oversight, combined with a lack of internal controls, has been the primary cause of the losses experienced by several high profile major international banking organizations. In some cases basic time-honored internal controls such as segmentation of duties and independent risk assessment had been ignored. In others, internal management processes have failed to keep pace with technological development, financial innovation, and global expansion. It is these "low tech" areas that pose continued challenges to risk management.

Some institutions are beginning to address these challenges in their attempts to identify, monitor and control the operating risks of various business lines. Indeed, operating risk is quickly emerging as the next frontier of risk management. While no clear standardized definition of operating risk has yet emerged, several progressive institutions are expending significant resources to address the operating risks inherent in particular business lines. For some, this involves conducting extensive risk assessments throughout business and product lines to identify both the types of processing, information, and personnel risks that exist and the potential measures that can be taken to mitigate them. Others, are buttressing these assessments with attempts actually to quantify and charge internal capital for operating risk exposures.

Supervisors can also be expected to more closely monitor banks' efforts to identify and manage operating risks. One very important operating risk that all banking institutions face is the challenge of addressing the Year 2,000 issue. U.S. banks appear to be taking this matter seriously and are generally well underway toward identifying individual needs and developing action plans. The Federal Reserve and the other federal bank supervisors are reviewing the relevant efforts of every insured depository institution in order to determine whether adequate progress on this issue is being made. Meeting the demands of this review and ensuring proper remedies both before and after the Year 2000 will be a significant and costly task to both the industry and the banking agencies.

However, even within the context of banking, the scope of the Year 2000 problem extends far beyond U.S. banks to foreign banks, bank borrowers, depositors, vendors, and other counterparties. Banks and others need to address Year 2000 system alterations, not only because of the potential effects on overall markets, but also as a threat to individual firm viability. At a minimum, banks should be concerned about their ability to provide uninterrupted service to their customers into the next millennium. If nothing else, it is simply good business.

Summary
In summary, advances in computerization and communications have created a paradigm shift for financial markets, the financial services industry, and the management of financial risks. In response, supervisors are also moving to a new more "incentive compatible" regime of greater reliance on banks' own risk measures and internal controls. This transformation may be slow and will be challenging for all. Supervisors can encourage innovation, but the private sector must do much of the development work.

As always, a transition to an improved framework will work best with cooperative, open dialogue between the financial industry and its regulators, so that compatible and efficient answers are found. In today's markets, institutions and financial systems are linked as never before, and such connections are likely to grow in the years ahead. How effectively institutions manage their risks and allocate their capital, will have substantial consequences for economic growth.

We have seen significant progress in measuring market risk, and the groundwork is being laid for future gains in measuring credit risk, but those are only two risks. Operating risks such as fraud, human misjudgments, and the failure of information systems, processing operations and basic internal controls must be addressed comprehensively. At this point, we can take satisfaction in the risk management strides we have made. But I am confident that opportunities for even greater progress lie ahead.

Return to topReturn to top

1997 Speeches