|Credit risk management: Sunk by crisis? (December 2008)|
Many feel risk management models failed to protect the industry in the buildup to the current crisis. But not everyone. Some point to missing support; complex legacy systems; and redundant data as key factors affecting credit model performance. Today’s models need revisions, yes, but not replacement.
Market stress prompts calls for drastic change, but many advise against scrapping everything
In the days leading up to the presidential election, a punctured and weakening economy was still very much in the frame, and the postmortem of dysfunctional world credit markets had cycled through denial, rage, and despair.
In the weeks following news of economic rescue, a more sober analysis was beginning to surface. Risk management systems and credit risk models, which didn’t get mentioned all that much during the first, explosive phase of the crisis, were quietly being recalibrated at the offices on Wall Street—and off.
That’s when ABABJ interviewed experts in the field to find out how, if at all, risk management let lenders and dealmakers down. What, if anything, could be done differently?
Paul Stark, senior vice-president of credit risk at $10. 4 billion assets FirstMerit, a Cleveland based supercommunity bank, says that his bank, like many others, stayed out of trouble by remembering fundamentals. “A lot of the deals that I was hearing about just didn’t make sense to me,” Stark says, adding that he was still trying to make sense of the National City scenario, which featured so prominently in Cleveland. “Some banks were making loans based on nebulous criteria for people they’d never met,” Stark recalls. “And the derivatives based on subprime loans didn’t make much sense to me either. The idea that you can subdivide risks sounds good, but how do you know which loans will actually go bad? Tranche making is a guessing game.”
Protecting the enterprise
Not surprisingly, many indicated that risk management systems should be set up to “blanket” the entire bank environment from middle-to-front office, although models would have to be adjusted to better reflect liquidity risk and have broader application in managing derivatives. This makes sense because enterprise risk management (ERM) isn’t new, having been called for since Basel II had been under development and has the virtue of being a thorough method. (Although Basel II’s reliance on internal models and credit rating agencies has been questioned by groups such as the Financial Stability Forum’s Working Group on Market and Institutional Resilience.) Still, many interviewed took educated guesses that improved credit management in the context of ERM would be called for with new urgency, and with louder voices after the government shifted out of emergency response mode.
Stark, for instance, says that his bank is interested in—and has begun to deploy tools to support—an enterprise approach, although FirstMerit doesn’t need to meet Basel II requirements.
Yet, the reality on the ground at many banks—especially the spawn of new mega-mergers—is that they are burdened by a series of redundant data marts, missing support of models, and complex legacy systems, says Frank McKeon, financial services industry director, Cognos, Burlington, Mass. So bringing more effective measures and mitigations will be big projects. “The issue will be that a given bank, having spent millions on a project, will consider their risk program completed,” says McKeon. “Beyond the infrastructure development to accommodate a better risk program, which can be a relatively short term project, actual risk monitoring and management is an ongoing process.”
Extreme remedies called for
While extreme voices in the market were calling for everything from a ban on derivatives to a rollback on aggressive home ownership policy objectives, those in the middle acknowledged that individual practices of lending, packaging debt for liquidity, and trading complex instruments needed to be revised—and nothing scrapped.
“There is nothing wrong with trading derivatives or making loans to new segments of the market, but the risk needs to be evaluated from the start as part of strategy development,” says Leo Tilman, president of L.M. Tilman & Co., a strategic advisory firm based in New York. “That is, the language of risk management—the delineating of new risk exposures and hedging strategies—has to happen among the senior officers and key business executives. It can’t simply be an activity of risk specialists done for the sake of compliance.”
Certainly, to incorporate what’s just happened to the industry, risk models will also need to reflect the complexities of the trading environment, including such details as better defining counterparty risk and assessing risk for market timing.
Even lending operations, which are comparatively simpler, will have to grapple with “business as unusual” by being able to parse out opportunity and get a better understanding of who their customers really are and what types of loans they can actually handle.
Did the models fail?
Just what can we expect from risk management? For starters, the industry should never expect a soothsayer, nor does it, particularly. “No system could have predicted the full dimension of this crisis,” says Ed Grau, a New York based head of North American risk management practice for capital markets banking at Accenture.
Indeed, Alan Greenspan told Congress he was surprised at the events of September. Many CEOs and boards, sources tell ABABJ, were equally blindsided by the amplification effect that asset-backed securities had on the subprime fiasco.
“I’m sure no risk manager in the U.K., for example, modeled for the assumption that the U.S. housing values would begin to go down,” says Grau. “Nor did they model for a downturn that would go national, or for an economy that would begin to crawl,” he said with a quiet, unemotional emphasis. “That’s the kind of foresight you would have needed to figure out in advance what, in the interrelated world of global finance, was going wrong.”
While the global credit instability that made September so rough could be simply dismissed as a whopper of a “fat tail”—in statistical parlance, a relatively large number of apparently unusual occurrences—that no system could have helped to contain, some of the events leading up to the trouble—difficulties at Fannie, Freddie, AIG, and others could have been looked at months before they worked in concert to destabilize the global economy.
If any one of the individual firms implicated in the collapse of subprime had acted differently, months sooner, crises and contagion that spread from one category of loans might not have had the same reach.
In an Oct. 3 article in the New York Times, for instance, Fannie Mae leadership admitted to ignoring warnings about lax lending and high loan-to-value ratios which would compromise secondary market holdings. According to one source, who spoke on background, Fortis Holdings gave an excellent, compelling risk management presentation at an industry conference just days before the Dutch government took over the firms’s Dutch banking and insurance activities.
Cory Gunderson, vice-president financial strategy and management at Protiviti, New York, says: “It’s an oversimplification to say the models didn’t work. Asset-backed securities were designed by Wall Street firms to take advantage of financial accounting and reporting standards and they obscured the underlying economics.”
Moreover, many in the equity markets wrongly assumed that the very process of securitization would lead to greater liquidity and transparency, wrote economist Frank Milne, Bank of Montreal Professor of Economics and Finance at the Queen’s University, Kingston, Ontario.
Certainly, some we talked to were inclined to agree that many simply ignored the signs of economic slowdown and other issues and hoped for the best.
“We lived through a period of cheap money, and everyone made their decisions accordingly,” Gunderson adds. “It was George Box, an industrial statistician, who famously said, ‘all models are wrong and some are useful’,” Gunderson says. “Risk management is mostly a historically-focused discipline that will be one step behind what’s being done by the business units, much the way umpires call plays after they’re completed.”
A context of good news in real estate
Participants in “liar loans” and “thin file” loans aside, many mortgage issuers kept going because margins appeared to justify the risks of expansion into new geographic regions. Overall U.S. economic fundamentals, viewed in forgiving light, seemed strong enough to sustain lending to riskier groups of borrowers.
On Wall Street, hedge funds and other buy-side titans made “side bets which weren’t correlated to underlying asset values, only reflected assumed values. In the usual mayhem of daily trading, many didn’t know what they owned and what they were owed, according to Milly Cohn, Lombard Risk, New York. Again, the big-picture payoff of annual bonuses and sky-high, year-end profits seemed worth it during the boom years.
And then boom went bust, and suddenly all the details mattered. “The events of the last year certainly called to question the business model of extreme risk appetite for extreme rewards,” says David Rogers, global product marketing manager for SAS, based in Cary, N.C. Rogers also tends to look at the situation neutrally, avoiding hot feelings or accusation.
“Decisions that look greedy in hindsight often seem reasonable in the context of a certain business environment,” says Rogers. “It really is a matter of context.”
In other cases, models (in hindsight) simply reflected poor assumptions about sustained housing prices, as Accenture’s Ed Grau asserts, and because of a failure to see how instruments would trade, a given credit security became illiquid and difficult to value, wrote economist Milne in July 2008.
Led astray by ratings
When times are good, the voice of risk management tends to get silenced, especially on Wall Street, where any activity that doesn’t contribute directly to revenue tends to be treated dismissively. Further clouding the issue was the fact that some big banks had relied on structured investment vehicles, and engaged in other off-balance-sheet approaches to lower their regulatory capital requirements. More than one source said that Wall Street business managers trusted Moody’s, Standard & Poor’s, and other rating agencies.
“If a risk manager pointed out that there might be a problem, they were told, ‘Why should I question the value of this AAA asset’,” says Ralph Baxter, senior vice-president of product management for New York- and London-based ClusterSeven, a vendor of spreadsheet systems.
Baxter, an unapologetic “extreme capitalist” of the bootstrap tradition, pointed out that Wall Street standout Goldman Sachs—known for taking big risks—also spotted problems before nearly everyone else on the street, in part because of its methodical efforts at pricing its holdings at current market value.
“Obviously, in retrospect, it’s a bad idea to lend at 100% loan to value because if trouble begins, the owner has no loyalty to the asset,” says Ed Grau from Accenture. He also believes that going forward, liquidity risks will need to be handled differently.
“The current systems are much better at counterparty risk and collateral risk.” Next generation methods, offers Grau, will reflect product risk rather than traditional risk measures. “Really, it’s about how the product behaves,” says Grau, “what it costs to deliver, what price range it will fetch under a variety of conditions.”
Grau very much believes that regulators will have to adopt more sophisticated benchmarking tools. “Regulators today can go into Bank A, understand how it functions and mitigates risk, then can go into Bank B and do the same thing and yet still not have a basis of comparison between them.”
Grau sees a future where the regulators have tools that generate stresses in predictable scenarios. For example, Scenario 27 might equal interest rates go up X points and company stock prices going down by Y. Then stress testing with Scenario 27 at Bank A and Bank B would give you a basis for comparing the two and shed light on risk mitigation.
In the quest for more predictive models, risk specialists will need to work with richer data sets, notes Colin Shearer, senior vice-president of market strategy, SPSS Predictive Analytics Software, based in Chicago.
“You need to create rules-based automation but still leave room for human expertise and refinement of models over time,” Shearer says. “Part of that complexity is looking at how your customers and your products actually behave and modeling with that information.” Soft data, such as information from a small business customer’s suppliers and customers, needs to supplement traditional data about performance.
Risk models still needed
Despite obvious modeling challenges, the notion of risk management hasn’t been discredited by the credit risk tsunami, according to Gary Sturisky, global practice leader Internal Audit & Controls practice for Jefferson Wells, who is based in Atlanta. Instead, the crisis simply points out the need for more accurate data, and for models that more employees can understand. “It’s really a shame that Basel II era compliance didn’t have more time to take root,” he says.
“You’ll see a big push by regulators to connect risk management to compliance efforts,” says Tom McEvilly, U.K. sales director for Atlanta-based Checkfree. In a white paper on cross-regulation compliance, McEvilly expected such critical business processes as exception management to be a foundation, with clean data driving both risk analytics and control activities such as approvals, authorizations, verifications, reconciliation totals and transactions, and segregation of duties. “What many institutions need is a technology infrastructure that allows them to meet Sarbanes-Oxley, MiFID (Markets in Financial Instruments Directive in Europe), AML, Basel II, and be able to evaluate potentially risky scenarios.”
Regulators will expect progress. Gunderson believes that a more evenly distributed risk delivery approach can help individual banks better control their environments. “You need to take risk from the middle office out to the front office and marry it to stronger governance,” says Gunderson. Certainly, he says, regulators will be better armed with tools that will help them examine bank exposures more rigorously. BJ
The electronic version of this article available at: http://lb.ec2.nxtbook.com/nxtbooks/sb/ababj1208/index.php?startid=30
| TechTopics Plus