|ALCO BEAT: Time to scrap yesterday’s ERM plan|
ALCO meets evolution of integrated Enterprise Risk Management
Increasingly, using yesterday’s approaches to asset-liability management and ERM--enterprise risk management--will serve you about as well as the rusted clunkers above.
By Michael Guglielmo, managing director, Darling Consulting Group. For more about the author, see the conclusion of the article.
The last several years have been an eye-opening experience for the financial industry. One of the many results has been the regulatory community's complete reworking of its expectations for what constitutes appropriate balance sheet risk management. Combine the numerous advisories, guidelines, and proposed rules, and an evolution in risk management is clearly afoot.
The old ways no longer suffice--and forward-looking enterprise-wide risk integration and stress-testing is the new reality for banks and their ALCOs.
RIP: “Check-the-box” risk management
Gone are the days when examiners readily accepted risk measurement and management practices that relied upon simple “point-in-time” analyses or ratios.
The key risks that ALCOs have traditionally been tasked with managing (i.e. liquidity, interest rate, capital/earnings) have never been more interrelated than today. Ignoring the interaction of these risks and maintaining them in separate silos will put an institution in jeopardy not only from a regulatory perspective, but because financial performance will be impacted as well.
In addition, other organizational risks have entered into the fray--notably credit and operational risk--and while these risks may not be directly managed by ALCO, their influence and impact must be clearly understood and communicated.
Most banks are in need of notable refinements to their ALCO process in order to accommodate this new reality. In addition to developing and integrating new analyses that provide a broader view and early indicators of risk, reporting is becoming more forecast based. This includes such factors as cash flows, collateral forecasts, and simulations of anticipated net interest income, net income, and capital ratios.
Regulators have come to expect “what-if” simulations and stress-testing that illustrate the impact that various potential business strategies, assumptions, events, and circumstances may have on the bank’s balance sheet and risk profile. But it’s not just an exercise for the regulators.
For many, the transformation from a regulatory risk-review ALCO to a more proactive decision-oriented ALCO will be a challenge that will require training and on-going education to facilitate. Organizations that invest in this education for both management and the board will be in a much better position to succeed.
Paradoxically, one danger, as the ALCO discipline expands, is overkill.
With this expanded risk management framework, maintaining a simple set of risk limits and guidelines is becoming more challenging. Examiners are expecting more and more limits to be defined--ALCO and board risk reports are expanding rapidly.
It is easy to succumb to regulatory pressure and add a multitude of risk limits. However, this is coming at a cost. The price is time, energy, financial expense, and most important: decision-making focus and effectiveness.
In some instances, we have seen executive “summaries” become as large as the detailed portions of ALCO packages with scores of risk limits and triggers. This results in ALCO groups and banks’ boards expending an excessive amount of energy to review and address all this material.
If this regulatory emphasis continues, we could conceivably have hundreds of limits or triggers to contend with. But to what benefit?
Find the right line to walk
One of the most effective ways to manage these changes and growing challenges is to revisit and enhance your risk management policies to ensure they fully inform and educate all of your stakeholders: management, ALCO, the board, and your examiners. Stakeholders need to understand the bank’s operating philosophies, its risk measurement and management process, and why you use (and don’t use) certain sets of risk measures and limits.
Also, distinguishing between primary (core) and secondary risk measures and developing differing response levels for the various risk measures can go far in reducing the ongoing impact and burden on ALCO and the board.
It is also important to ensure that your various risk management policies interrelate well with one another and represent operating philosophies and risk tolerances in a consistent fashion. To this end, there is a growing trend towards policy consolidation--bringing all of the risk management policies under one cover.
Banks need to merge policies such as investments, liquidity and funds management, liquidity contingency, interest rate risk, ALCO, hedging, brokered deposits, capital planning, and credit under one umbrella. The benefit of doing so: Common interrelationships, measures, limits and stress-testing activities can be more effectively presented.
Stress-testing’s role in integrated risk management
At the heart of this integrated risk management evolution is stress-testing. And while it seems like virtually every regulatory advisory that has been written within the past three years includes the words “stress-testing,” you will not find much in the way of specific guidance on how to effectively design and implement an integrated stress-testing process.
You can be certain, however, that the bar has been raised. And you will be expected to do more than you are today.
At its core, integrated stress-testing involves the use of a financial forecasting model with the ability to dynamically simulate earnings, capital, cash flow, and value under varying stress parameters. These stress parameters can be related to changing market conditions; local, regional, and national economic issues; and events or systemic crises. The duration of these factors may be short-term or more long-term in nature. In addition, stress-testing involves evaluation of key modeling assumptions and their respective impact on results.
Developing the “right” stress-tests is not a simple matter.
Every bank’s balance sheet and risk tolerances differ. Risk managers must develop a set of stress parameters that are meaningful and plausible to the organization. Moreover, once these stress parameters are established, they need to be revisited with regularity--often quarterly--to ensure they are still valid and representative of potential adverse conditions the bank could face.
In addition to comparing results to already-established policy limits and guidelines, evaluating the impact on the bank’s overall risk monitoring system--“early warning” triggers--is expected. To the extent that policy violations occur or that triggers are reached, additional analysis and resolution strategies will be expected. Lastly, these stress scenarios are going to include numerous assumptions which need to be logical and well documented and in some instances supported through quantitative and qualitative studies.
Making necessity meet reality and practicality
And who has the time and resources to do all of this?
In many instances, larger banks are one step ahead of smaller ones because the regulatory and international mandates for more robust risk management and stress-testing have been pursued more rigorously by policymakers and regulators. Community banks face the greatest challenge, because the information systems infrastructure, expertise, and related expenses are significant.
And when organizations’ bottom lines are already under significant strain, this can be especially burdensome.
Outsourcing and co-sourcing (shared modeling and analysis activities) is becoming a more prevalent solution as organizations seek ways to manage the costs and ensure adequate effort and expertise is being applied. However, an extra level of due diligence is required to confirm that your prospective outsourcer has the requisite expertise and experience necessary to meet the growing and evolving demands of Enterprise Risk Management.
No time to hang back
In some regards many bankers tend to let other institutions go first, and follow the pioneers’ path. But risk management represents an area where everyone must now be moving forward--everyone who expects to be around in, say, five years.
The concept of Enterprise Risk Management is far from new, but its evolution and broadening to include all aspects of operational risk is, and cannot be dismissed. It is important that organizations recognize the critical importance of integrated risk management, and the convergence and interrelationship between the various balance sheet risks.
The great risk is that which comes from doing nothing.
About Michael Guglielmo
During his tenure at DCG, he has served in various capacities including Director of Financial Analytics. In addition, he has served as a technical resource for the development of DCG’s products and services.
Prior to joining DCG in 1992, he managed the asset liability management and strategic planning process for a large regional bank in the Northeast.
[This article was posted on July 20, 2012, on the website of ABA Banking Journal, www.ababj.com.]
| TechTopics Plus