Warning signs such as the failure of Enron, Arthur Andersen and others during and after the dot.com boom in the late 1990s were not internalised by banks or the financial market. Even though regulators took steps to make sure that the conditions giving rise to these failures would not be repeated, these steps were clearly not effective enough.
In general the steps taken by regulators included the introduction of Sarbanes-Oxley in the USA, enforced improvement of global risk management standards and tools and the revised Basel II capital requirements. The world believed that beefed up Financial Regulators would be the ‘new’ watchdogs ensuring that the financial community stayed within acceptable bounds. This created the impression that the twenty-first Century would be the golden hour and that regulation and risk management had advanced in such a way that the risks that banks were exposed to had become known and manageable.
There were warning signs but they were ignored
The exuberant confidence in risk management did not work out as planned. When in 2006 the warning signs became impossible to ignore, it was essentially to late.
As markets unravelled participants became to believed that the collapse of the USA sub-prime mortgage market was the cause of the financial markets crisis. It was certainly part of the problem but not as important as many believe.
Far more important is the evidence that banks had leverage ratios of between 30 and 40 times their capital. These borrowings were used to support assets on their balance sheets that they believed would continue to increase in value. These assets were held,
- either directly by the banks on their balance sheet carrying regulatory capital against the risk exposure, or
- through arrangement off-balance sheet through special purpose vehicles that were set up specifically for securitisation purposes. While the assets were off-balance sheet, the risk and exposure never was.
Securitisation’s employed by banks removed the assets from their balance sheet and housed it outside the regulatory ambit of regulators. Because the risk of default on the asset was supposed to transfer to the special purpose vehicle, there was no need for regulatory capital to be held by banks against the risk. This meant that once the assets was securitised the regulatory capital was freed to be used once more. This scheme enabled banks to take on more dubious loans. It became like a conveyer belt that moved assets on then off the banks balance sheet continually but with the same amount of capital being made available each time. This was happening and even though risks were building up, no increase in levels of capital match the increase in risk.
Banks and regulators seemed to be surprised when these assets began to decrease in value due to high default levels. This is not withstanding banks own lax credit risk standards being applied when granting the loans, which were sanctioned by regulators during their oversight of banks. Therefore, to understand the cause of the increase in defaults you need only to look at the credit risk policies in these banks. Today no bank would grant a loan to a client who had No Income, No Job or Assets (NINJA) but this was common credit risk management policy in banks before the financial crises. Banks held the mistaken belief that credit risk was not a problem anymore and that anyone could have a loan. Modern risk mitigation tools such as securitisation had superceded credit risk entirely and this was believed by both the banks and regulators.
It seemed to escape banks especially that the application of very poor credit risk management policies at the point of granting the loans was the underlying cause of the market failure. Confidence eventually began to erode in banks ability to absorb the losses arising from these loans whether they were housed on or off-balance sheet. As calls were made by lenders for the repayment of their loans that banks had used to acquire these now questionable assets, banks found when trying to realised these on or off-balance sheet assets that the value had just evaporated.
Bankers and regulators had forgotten or chosen to ignore fundamental risk principles, this was done on the premise that advanced models and risk management tools were effective and that the financial market had become self-regulating. They were wrong in their view and shocked when the financial system on which world economies are built upon, broke down.
Paul Moore, the former head of Group Regulatory Risk at HBOS said of the financial crisis that it felt like they were in a rowing boat trying to stop a tanker, when they should have been the pilot employed to steer the boat through a challenging course. Professional risk management is all about doing the right thing for the right reason, it should never become an ineffective tick the box exercise.
Laws and regulations are by their very nature generic and only define the minimum standards that are required to be implemented by banks and monitored by regulators. One of the most important roles of the regulatory risk management function in banks is to maximise opportunity for banks that within a strict regulatory framework, while minimising any potential downside that banks could be exposed to within this regulatory framework. In circumstances where it is an imperative to stop certain activity or practise in banks because of risk, authority should centre in an approved risk management framework. This means that for risk management to be effective this framework must include the conduct of every employee, the banks culture toward risk appetite and the ability for risk managers to voice concerns in statutory forums such as board meetings grounded on feedback from business.
The ISO 31000 risk management standard released earlier in 2009 proposes principles that should be adhered to if an organisations risk management is to be effective. These principles include among others, the following:
- Create value
- Be an integral part of organisational processes
- Be part of decision-making
- Be systematic, structured and timely
- Be tailored to the context
- Be dynamic and responsive to change
The regulation of financial markets has changed, whether one examines it from a self-regulating perspective i.e. the ISO 31000 standard or by increased regulatory vigilance and intensity applied by regulators across all markets. For risk management to be effective, risk managers should have a clear mandate and authority from both the board of banks and regulators and operate within an agreed proactive risk management framework. Unless risk managers have authority to do more than tick boxes and report after the fact, risk management practise will always be superseded by the principle of profit maximisation.
Regulators were surprised, what’s the policy?
The factors that took regulators by surprise during the recent financial crisis brings into focus some insightful indicators of potential future regulatory policy. This can be inferred simply because regulators do not like being caught by surprise. Regulators will put measures into place to avoid surprises if banks prove that they are unable to manage themselves or the risks that they are exposed to. The measures that regulators bring to financial markets originate in the promulgation of legislation.
Legislation has a significant long-term impact on markets and while not taken lightly by regulators, it is their main policy tool used to effect change. Regulators have always been guided in their policy by the activity conducted within financial markets and have been reactive to changes in market conditions and not proactive. A paradigm shift has occurred as regulators globally have become more proactive in their approach to the application of regulations. We will therefore increasingly see proactive engagement from regulators and less tolerance to any deviation by banks in what they consider to be acceptable risk management practices.
So, what were these surprises?
- Regulators were surprised by the speed at which banks were drawn into the financial crisis and how quickly it spread so severely to all parts of the globe. This phenomenon reinforces linkages and the global nature of business, which introduces fragility to the market that must be catered for in future.
- The role of securitisation as a risk mitigation tool was underestimated. It is unlikely that financially engineered products will be embraced again to the same extent in the near future.
- The weakness of capital buffers. The data used in models to determine capital buffers was insufficient therefore the predicted capital requirements were inaccurate.
Accordingly, the expected changes to the regulatory environment could include some or all the following changes.
- Internal risk rating methods used to asses counterpart risk by banks, supported by market credit rating agencies will be overhauled. The Basil capital accord will in future accommodate this and allow banks some discretion on the methods employed.
- Securitisations will be monitored more closely and evidence offered up to regulators that all the associated risks are being managed effectively.
- Regulators will require that increased prescribed capital and liquidity buffers be built up during the ‘good times’ so as to have better cushions in the ‘bad times’. This is common sense practise but it will have significant implications to the cost of capital for banks.
- Risk management will have to become more transparent. Regulators will require that all products marketed by banks undergo a rigorous risk analysis before they are offered to the market or public.
- Increased public disclosure and peer review processes may be prescribed by regulators and implemented by banks. Banks are custodians of public funds and it is the public that regulators believe have a right to know when their money is being placed at increased risk.
Ok, so what can we conclude from this?
Banks work within a global financial system and can choose where to conduct business and so choose how severely they are regulated. Not all jurisdictions have regulatory equivalence or apply the same standards of supervision over banks. This is however changing as regulators respond to the financial crisis and address regulatory deficiencies across jurisdictions. Banks as well, should take into account where they are registered and supervised because they should never be seen to practise regulatory arbitrage as it may damage their reputation and public confidence. Being free of regulation today may not go down well with their customers tomorrow. Depositors need their banks to be well-managed and protected by effective regulation.
There are increasing signs that common global regulatory practises are being adopted in jurisdictions that were previously lax. This is a positive development for financial market stability. Care should be taken though to make sure regulatory practise does not become so harsh that banks are unable to develop creative solutions for which they have become renowned.
Today the public consensus is that banks as custodians of public wealth have an obligation toward society to protect this wealth so entrusted to them. Regulators have a duty to make sure that banks uphold and respect this principle of trust and so impose themselves firmly on the financial market system when this principle has been ignored by banks. This focused regulatory oversight by regulators is happening and it will not change in the foreseeable future regardless of what jurisdiction banks decide to hang their hat in, regulation will be there.
Leave a Reply