Clik here to view.
The Evolution of Risk and Risk Management – A Prudential Regulator's Perspective John Laker
Conference – 2007
http://www.rba.gov.au/publications/confs/2007/laker.html
The paper addresses four main themes:
- the changing nature of risks in banking, particularly in sustained good times;
- the evolution of risk management;
- the movement to risk-based prudential supervision; and
- developments in economic capital modelling
For the larger Australian banks, the originate-to-distribute model is not predominant and the principal-agent problem or agency risk associated with that model is not APRA's main focus in the credit area.[1] In general terms, agency risk is the risk of loss to a principal from an agent's decision to resolve conflicts of interest in favour of the agent rather than the principal.[2] APRA has ‘clean sale and separation’ requirements to address agency risk in securitisation by making it clear that the banking institution is not the agent of the investor and the investor cannot rely on the institution for assessing risks on the assets that have been originated. APRA's main focus, however, is how banking institutions manage credit risk on the balance sheet. The exposure of the Australian banking system to the housing market and to highly-geared households has been a particular credit-risk issue for APRA – and a vulnerability identified in the International Monetary Fund's Financial System Stability Assessment of Australia in 2006 (IMF 2006) — but stress testing suggests that banking institutions would be resilient to a significant housing market shock.....
The ranking for operational risk is also not surprising. Defined in the Basel II Capital Framework as the risk of loss resulting from inadequate or failed internal processes, people and systems, or from external events, operational risk is one of the larger risks now facing banking institutions, an obvious consequence of the greater complexity of banking activity and its increasing dependence on technology and specialist skills. From a prudential perspective, the recurrence of small operational problems would not be an issue in a large, complex banking institution; the concern is the unusual individual problem or event that carries potentially large exposure to financial losses or loss of reputation. Two such problems have materialised in the Australian banking system in recent years:
- in 2001, a major Australian bank lost around A$3.0 billion because of errors in the valuation model for the mortgage portfolio held by its United States subsidiary; and
- in 2004, ‘rogue’ foreign currency options trading at that same bank resulted in a loss of A$350 million, an overhaul of the Board and senior management and a considerable dent in reputation.
Two particular sources of operational risk have been growing in importance. The first is outsourcing. As the value chain involved in developing, marketing and managing banking products is analysed and dissected, the outsourcing of some functions within that chain has become more commonplace. Cost pressures and the specialised nature of particular functions, which require large investments to achieve necessary critical mass, have also encouraged banking institutions to turn to external service providers in Australia and, increasingly in recent years, offshore (‘offshoring’). This trend towards greater specialisation in service provision is a global one. Nonetheless, outsourcing gives rise to a number of risks, including counterparty, contractual and business continuity risks, and these risks can be accentuated when the service provider operates from a different country and legal jurisdiction.
The second source is technology risk. Electronic commerce in financial services, particularly internet banking, has revolutionised the provision of banking services in Australia, as elsewhere, but it has also exposed banking institutions to costs and reputational risk from service disruptions, whether accidental or malicious. The recurrence of such incidents, and the failure of large and expensive information technology (IT) developments in some banking institutions, have put pressure on boards and senior management to seek improved IT security and better management of substantial IT projects and, where relevant, IT outsourcing contracts.
The other current risks in the Australian banking system that complete the picture of a ‘conventional’ risk profile are market risk and liquidity risk. Australia banking institutions are active in financial markets and foreign-owned banks in particular have stepped up their trading in derivative instruments. However, banks carry only small net exposures to market risk from trading activities..........
For Australian banking institutions, perhaps the most significant strategic risk over the past decade has been the erosion of their traditional business of intermediating between depositors and lenders. This has happened in two distinct ways. First, as noted above, the increased attractiveness of superannuation as a savings vehicle has meant that funds that might otherwise have been placed with banks as deposits have been invested in superannuation and wealth management products. Many banking institutions have responded to this strategic risk by investing, substantially in some cases, in wealth management operations. As a consequence, Australian-owned banking groups now account for around 40 per cent of total retail funds under management, a share that has doubled over the past decade; for the five largest banks, income from funds management has grown to around 14 per cent of their total income.
Second, in housing lending particularly, new channels have arisen for bringing lenders and borrowers together, bypassing banking institutions. Unregulated mortgage originators, making use of broker networks, have been very successful in originating, packaging and securitising loans, and distributing the resulting debt securities directly to investors. In response, banking institutions have themselves turned to broker networks to extend their distribution capabilities and, as noted above, some institutions have sought to capitalise on these new channels by moving more to an originate-to-distribute mode
An obvious area of potential agency risk after sustained good economic times is executive compensation. In the Australian banking system, executive compensation arrangements in listed institutions tend to involve a fixed annual salary and share options conditional upon performance. Typically, the option grant is zero if performance, often defined as total shareholder return relative to a benchmark group, is in the bottom half of the benchmark group; from the 50th to the 75th percentile of performance, the grant increases and a cap typically applies around the 75th percentile. The performance period is often five years.
Executive compensation that helps to deliver strong risk-adjusted returns on capital over time and rewards genuine out-performance of competitors does not raise prudential issues of itself. For a prudential regulator, agency risk issues arise if compensation arrangements encourage management to focus on a shorter-term horizon than the long-term approach that would also be in depositors' best interests. Incentives to drive up the share price more rapidly than competitors can tempt management to pursue aggressive growth strategies or to ‘hollow out’ the institution by paring back capital buffers or cutting costs, particularly in middle and back offices where risk management functions reside.
As a prudential regulator, APRA does not involve itself in the details of executive compensation arrangements. These are matters for boards and shareholders. Nonetheless, growth strategies, the size of capital buffers and the resourcing of risk management areas are major elements of APRA's supervision of banking institutions and form crucial inputs into its risk-rating system, discussed below. Moreover, boards of banking institutions seeking accreditation to use the more advanced Basel II approaches must sign off that the performance assessment of, and incentive compensation for, senior executives with profit centre accountability take into account the amount of risk assumed and the management of that risk.