When she arrived at the Federal Reserve Board in late 2001, Susan Schmidt Bies brought banking, economic, and risk management experience to the job.
 
Having now been on both sides of the regulatory relationship, Bies, who left the Fed in March, has a unique view on this pairing. Regulators have many tools, some routine, some extreme, says Bies, but one stands out in her mind.
 
“I’m more convinced than ever that the primary tool we have is regular interaction with the banks that we supervise,” says Bies. “It’s important that examiners have good relations and good communications with bank management, and that they are aware of how the business operations at the bank are evolving. This gives examiners a good sense of how things stand, and about where we might want to focus in the next regular exam.”
 
Because examiners see many banks, they develop a sense of “best practices,” according to Bies, and can impart that to the banks they examine. “They can give value-added advice,” says Bies.

 

“They can say, ‘You are really running this area well—you’re ahead of the game, from what we see.’ On the other hand, they may need to have the hard discussion, saying, ‘Look, folks, your risks are changing and you haven’t invested enough in strengthening your controls here, or here’.”
 
The value of such relationships—and the loss where they don’t exist—formed the basis for a parting interview.
 
ABA BJ Today’s financial services business evolves at a breakneck pace. Does the regulatory apparatus need refreshing?
 
Bies The supervisory approach must reflect the emerging challenges of a very dynamic financial services sector. Here are a few of the areas that currently are presenting challenges.
 
First, we need to be constantly aware of a potential for an unlevel playing field, that even with regulations that apply to the entire industry, such as the Truth-in-Lending Act, the enforcement of those rules tends to be uneven. There are some independent organizations that do not receive routine examinations.
 
Another example reflects the fact that financial products are growing more and more complex. And in many cases the financial sophistication of the users of those products isn’t keeping up with that complexity. While one solution is more disclosure about product features, this can have unintended consequences. Too much detail may make it more difficult for consumers to focus on the range of issues.
 
Another challenge for regulators is to appropriately respond to strategic changes in the structure of a line of business that may span various regulated and unregulated players. For example, let’s look at the mortgage business. Oversight is very difficult because the industry itself has grown very fragmented.
 
We’ve seen strong growth of standalone mortgage brokers who originate loans and then sell them off to be securitized. We’ve got the securitizers, who want to be compensated for creating new products that can be sold to investors. Then we’ve got investors who are looking for a variety of asset classes that they can invest in, with pre-payment penalties to protect against early payoffs of those investments. And then you’ve got servicers, who work for the investors in those pools, and the borrower doesn’t get to choose their servicer.
 
So you really have a great deal of fragmentation in the mortgage banking industry’s structure. Each segment’s profitability is driven by diverse factors. Further, each of those players could be regulated by different entities or not routinely supervised and so it gets to be a very complex picture.
 
ABA BJ In January you spoke on what I’d call the “right-sizing” of an institution’s enterprise risk management. Do you feel the emphasis on risk management has been heard at all levels of the industry?
 
Bies Yes. People in all levels of management, and at all organizations, are more aware of the need to manage the risk of their business. This awareness has been brought on by the big corporate failures in the early 2000s, Sarbanes-Oxley, and other factors.
 
What we have tried to do as our examiners visit the banks, is emphasize that we’re not trying to mandate exact forms of risk management. We know that, depending on the complexity and size of an organization and the way it has organized its businesses, risk management has to have flexibility. So what we’re expecting to see in smaller banking organizations, clearly, is not as sophisticated as what we expect in very large, complex organizations.
 
ABA BJ Here’s a “what if.” You walk out of the Fed next Friday, and you walk into a mid-size or community bank and receive free rein to adopt your philosophies on risk management. What are the first things you’re going to be looking for?
 
Bies As I talk to the senior management team, I’d want to see a clear understanding of the bank’s inherent risks. I’d want to see this in both a strategic sense as well as a day-to-day operational sense. Assuming that was there, I would say, “You’re aware of the risks. What’s your appetite for risk? What mitigating controls do you have in place to make sure risk exposure stays at a level you’re expecting? And how do you monitor how well the organization is managing risk?”
 
The answers to these first questions would give me a clue whether risk management as a concept is something that they really implement daily, or is something that they talk about only occasionally.
 
ABA BJ Say they come back with, “Well, we’re all experienced bankers here, and we’ve always kind of gone by our gut feel.”
 
Bies Clearly, gut feel is still very important. And it’s important to understand, especially for bigger organizations, that risk models are not always precisely accurate. That’s because whenever you build a model, it’s based on past behaviors and past events. That’s a key weakness, and so good bankers supplement any models they have with gut feel and experience.
 
On the other hand, while in some cases gut feel might have been appropriate, before, things have changed. You might be looking at a product that appears to be similar to a type of product of the past. However, it may be that business strategy has made risk take a different direction. So you might have a blind spot, as a manager, and not be looking for how risk exposures have changed, because you are relying solely on your gut feel.
 
ABA BJ What might be an example?
 
Bies Consider the recent guidance on commercial real estate.
 
I went through the commercial real estate problems of the late 1980s and early 1990s, as many other bankers did. In the current environment, we regulators have seen that bankers really have strengthened the underwriting process, compared to those days. The underwriting standards are much more robust, so that lesson has been learned and people haven’t forgotten it.
 
But what regulators wanted to emphasize in the new guidance is that we are seeing organizations having much greater exposure in the aggregate to commercial real estate and some banks are not focused on the need to manage concentration risk. Most banks have done that, but there have been a few laggards.
 
ABA BJ When one brings up the phrase “enterprise risk management” in the company of many community bankers, you see the hair on the back of their necks bristling.
 
Bies Some bankers are thinking we have a rigid framework in mind, for ERM, and we don’t. Most bankers are already doing very appropriate enterprise risk management for their organizations. But what we’re trying to do for the folks that aren’t is remind them that it does add value to their decisions.
 
Strategic planning is common. For some, it typically comes down to: What is our strategy and what is the most likely outcome? But this could be taken further, with an enterprise risk management perspective. During planning, bankers and boards can consider: What happens to the nature of the risks we are accepting if we implement this strategy? How aggres-sive is this? Is this going to significantly increase our risk exposure in given product lines? What is the risk of going into a wholly new business?
 
So you don’t just focus on the most likely outcome; you look at the range of possible outcomes.
 
Many bankers do that without calling it enterprise risk management, because they just think about it as the way they approach planning. And so that’s what we’re trying to emphasize—make sure that your eyes are open and you think about alternative outcomes.
 
ABA BJ Where should risk management “live” in a mid-sized to smaller bank?
 
Bies No matter what the size of the organization, risk management should live with the management team, broadly. It isn’t a staff function. Risk management ought to be inherent in what managers do, not an add-on.
 
Now if you’re large enough to afford a special person or group who can focus on ERM, the major job of that group is to find ways to integrate such management issues across the organization.
 
ABA BJ What about the role of the board versus management?
 
Bies You need somewhat different risk reporting for, and attention from, each group. One of the challenges is to make sure that the board is seen as having the prime role in oversight of risk management. As directors think strategically, they need to be aware of how risks are changing across the organization.
 
Because most directors don’t come from banking or risk management backgrounds, the bank must offer a way to translate the vocabulary that risk managers use into something that is clear and understandable to the boards.
 
And boards need to know how effective the bank’s risk management is, overall. Management at all levels, especially executive management, must handle the day-to-day management of risk. So they need day-to-day monitoring, and features like exception reports that provide an alert when risk exposures rise above risk appetites. Executive management must ensure mitigating controls effectively limit risk to desired levels. BJ