Spreading the risk

The Risk Management Association (RMA) is a not-for-profit international industry association, specializing in promoting sound risk management principles. FST interviewed its new CEO, Kevin Blackley, who outlined his plans to promote better risk management across the industry.

FST. Given you mission to promote better risk management, with can you outline your main activities, especially around operational risk?
KB. RMA was founded almost 100 years ago to exchange credit information so that banks could make better lending decisions. RMA has evolved into a full service, member-driven industry association with a suite of products and services focusing on credit risk, market risk and operational risk. RMA currently offers nearly 30 products and services in the field of operational risk management including data exchange services, publications, conferences, round tables and 10 separate training courses.

RMA has been at the forefront of thought leadership in the field of operational risk. For example, RMA partnered with the BBA and ISDA in 1998 to conduct the first survey of operational risk management practices in the industry and published the results the following year. One result of this study was the use by the Basel Committee of the definition of ‘operational risk’ in their proposed capital accord.

RMA has invested heavily in our operational risk management practice to ensure that we create a sustainable value proposition for our members. One of RMA’s early initiatives was to assist in standardizing the definition and tracking of operational risk loss events, laying the foundation for the development of operational risk data pools, which could be used to analyze and compare loss events. Our biggest investment has been in the development of KRI (key risk indicators) services, which has grown to more than 80 subscribers worldwide and is being expanded in response to the anticipated needs of our subscriber base. For example, we have recently introduced a KRI monitoring service, which allows subscribers to define thresholds and reporting triggers for certain KRIs. In March, RMA hosted the premier operational risk event, the Global Conference on Operational Risk (GCOR) with ORX, with 400 participants from 22 countries.

FST. From an operational risk standpoint, what do you think are the most important threats to the financial services industry? Are there any new risks on the horizon that are growing or reducing in importance?
KB. The financial services industry is dependent upon technology to conduct its business. While technology has allowed banks to streamline operations and offer innovative products and services, it has also been the target of exploitation by the criminal element. The industry must continuously enhance its operational sleuthing capabilities to stay ahead in this game.

Also, many functions previously performed in-house have been outsourced to third-party vendors both domestic and foreign. This introduces a new realm of operational risks with which we must learn to deal effectively. For example, many mortgages are handled by servicers who contract with the bank or a securitization trustee to manage loan documentation and payment collection/distribution. Banks utilising vendors must be cautious about the ability of the underlying servicer to perform effectively, efficiently and legally. Any breakdown in the servicer’s operations can lead to potential liability on the part of the financial institution.

From the ORX data we know that the big dollar losses are in trading and sales, and corporate finance especially in business practices, while the largest number of losses are in external fraud in retail banking. Future worries are focused on electronic banking, fraud on the internet, on compliance risk – regulation is getting so involved – and generally on the growing speed and complexity of banking.

FST. An important facet of risk management is to create a ‘no surprise’ environment. What does the industry need to do to achieving this state?
KB. Unfortunately, I don’t think surprise events will disappear within my lifetime. Our objective as risk managers should be to try to minimise both their frequency and size of impact. I believe the tools now being created in the operational risk arena, including loss databases and key risk indicators can go a long way in achieving that goal.

Institutions need to focus on the things that they can measure and control. And the industry has certainly come a long way in better controlling the risks it takes during my career. The biggest factor driving the industry’s improved risk management is the development of economic capital estimation and allocation practices. Economic capital has enabled the industry to identify risk and then ensure that it is paid for the risk that it takes.

FST. Some firms have been suffering recently having been overexposed in subprime lending markets. Is this indicative of inadequate lending systems across the industry? Or is it more bad decision making by individual companies?
KB. I believe that over the course of time certain underwriting standards have come forward to represent the norm, be they consumer or commercial driven. There are times when underwriting standards tighten and times when they loosen. Eventually, however, they will revert back to the norm. Today’s subprime-driven turmoil is propelled by deviations from the norm. I can’t fathom what lenders were thinking when they originated high loan-to-value mortgages with variable rates to consumers with spotty credit records. Some say that originators were making loans to meet the appetites of investors. Obviously those investors were hungry for risk and now it appears they have a bad case of indigestion. When investors reach for yield, they need to remember that eventually there will be a day of reckoning. In a way, these cycles are a good thing for the credit markets as they tend to bring discipline back into underwriting. There’s some pain to be felt during the adjustment, however.

FST. How can firms improve lending controls to avoid this kind of problem? Are better reporting solutions available?
KB. Any lender must first ask him or herself the question, ‘am I being paid for the risk that I’m taking?’ That question must be answered honestly. Simply accepting what the market is currently offering as a reward for the risk taken can often be a loser’s game. Credit markets are not always rational in recognising and pricing for risk.

To objectively answer the risk/reward question, one has to employ tools such as economic capital attribution models. They are designed to be fact-based assessments of risk and reward. I will also say that such tools are no substitute for human judgement. They can, however, create a more informed human.

FST. One of the RMA’s activities has been to help facilitate the launch of ORX, based in Zurich, which provides a forum for institutions to share anonym zed op risk data. How valuable have institutions found ORX activities? Are you looking to expand this service?
KB. ORX is a success. Its database is now the largest of its kind in the world and continues to grow rapidly. The first ORX report summarizing that data for general consumption was just published in May 2007. RMA and ORX now jointly sponsor the Global Conference on Operational Risk. We are working to extend and harmonise the ORX framework to create what we hope will become a far more useful industry standard for thinking about the incidence, control and transfer of operational risks.

FST. You’ve just been appointed CEO of RMA. What are your main objectives for the operation under your tenure? What do you think the biggest challenges facing RMA and the industry will be in the next five years?
KB. One of my main objectives is to help advance the concept of enterprise risk management (ERM). There are many purveyors hawking products and services deemed to constitute ERM, but when you look under the covers you discover they fall far short of the goal. ERM, in my opinion, represents having the knowledge of risks being taken and appropriately pricing for them. These risks can be quantitatively measurable such as those represented by credit, market or operational risks threats, or they can be qualitative such as reputational or strategic. All these risks engage in a symbiotic relationship that needs to be as transparent as possible and managed under an appropriate governance structure.

In the next five years I anticipate continued evolution of the global financial markets. Regulatory initiatives such as Basel II will continue to challenge the financial services industry in both positive and not so positive ways. Simultaneously, however, the systems, methodologies, models and regulations deployed within the financial services industry will converge in ways that will allow ‘best practices’ to be more readily shared and implemented. I want to make sure RMA is a conduit for making that happen.