Humbled financiers reassess their culture

March 16, 2014 9:07 pm

Humbled financiers reassess their culture

By Patrick Jenkins

Geoff Taylor has been round the block. He used to monitor the production line risks facing sportswear group Nike and jeans maker Levi Strauss – checking the solidity of trainer soles and the sturdiness of denim seams.

These days, as a risk solutions expert at Willis, an insurance broker, he is more focused on making sense of the financial crisis – but is convinced “real economy” companies have valuable lessons to teach the risk experts in the banking industry, many of whom misread the danger signs in the boom before the 2008 bust.

“Seven or eight years ago,” Mr Taylor recalls, “I remember sitting in a strategic risk council meeting with representatives from different industries. The banks there were very cocky. I remember them saying they had a 99.9 per cent confidence level about their risk modelling.”

Within a couple of years, Wall Street and the City of London had experienced an unprecedented collapse, as the fallibility of their credit and market risk models was exposed in ghastly fashion.

For the banks and other financial institutions that were battered by the crisis, the natural response has been to elevate the importance they attach to risk. The chief risk officer (CRO) is no longer the irritating geek drafted in to sign off clever deals. The role, particularly in the US, is now often a board-level position and has become far more integral to the way financial institutions operate.

The CRO’s focus has also changed.

Bankers, as Mr Taylor’s anecdote suggests, traditionally thought of themselves as the smartest people in the room. Bank risk managers would model the default risk of the most obscure credit derivatives, or the trading risk of the most abstruse currency forward, confident that the better the model, the more money they and their employer would make.

As all the risk experts now recognise, models are only as good as the information fed into them. And the extreme volatility in market prices – and the swift evaporation of trading liquidity – were largely absent from models because they were both unprecedented and unimaginable, even for seasoned hands.

But if the crisis exposed the naivety of banks’ assessment of credit and market risk parameters, its aftermath – characterised by a persistent regulatory and legal crackdown on boomtime excesses and misdeeds – has shone an even harsher light on a third shortcoming of the financial sector: a bad misjudgment of operational risk.

“The trouble with operational risk is that it’s about human error,” says Charles Beresford-Davies, head of risk management for the UK and Ireland at Marsh, the insurance broker. “It’s about events that life throws at us. It’s a lot more difficult to measure.”

That has made many aspects of operational risk alien concepts to bankers and their traditional processes. But the humdrum dangers of everyday operations have for many financial services companies become just as important an area of risk as their core credit and trading operations.

Much of the work of risk consultants is now focused on transferring the operations applied at non-financial clients into the risk frameworks of financial groups.

Even those who have built their careers within the financial industry express frustration at the lack of attention banks have traditionally paid to the gamut of operational risk.

“The trouble with the term is that it sounds as though you should be able to fix it with a screwdriver,” says Carol Sergeant, a former UK regulator and Lloyds’ chief risk officer who is now a non-executive at Denmark’s Danske Bank. “But it’s crucial to so much of what a company does: how it serves customers, how its staff behave, how they are paid, the reputational risk that all this poses.”

Although the financial crisis is likely to be remembered most for the hundreds of billions of dollars lost on bad loans and the havoc wreaked on lenders’ capital and funding, most of their woes these days are operational, as pre-crisis greed and under-investment come home to roost, rogue operators become more sophisticated, and policy makers pursue a mission to clean up the system.

Technology shortcomings are a prime example. “Banks are effectively tech companies these days,” says Mr Beresford-Davies. “The failure of their technology has caused huge reputational damage.”

Problems have been manifested in a variety of ways. Royal Bank of Scotland has suffered the most embarrassing glitches with the hardware and software that underpin its retail banking services, leaving customers without access to cash for hours, days and on one occasion weeks at a time.

Back-office technology has also come up short: failing to spot and stop money laundering, sanctions breaches, and rogue trading perpetrated within the banking system.

Hacking and other forms of high-tech theft have become ever more sophisticated, posing challenges not just to banks but to a vast chunk of the global economy.

Reformers agree that poor remuneration structures underpinned much of what went wrong at the banks, with traders incentivised to take far more risk than was sensible. The same can be said of mis-sold retail and small business products, such as PPI loan insurance, and interest rate swaps across a sweep of countries, particularly in Europe. Many of these examples fall outside banks’ traditional ways of thinking about risk, says Ms Sergeant, and need new approaches.

Certainly, as more and more evidence has emerged of sharp and shady practice across the financial industry, reputational damage has been inflicted on some of the world’s biggest institutions, from Goldman Sachs to Barclays.

One traditional fallback – insurance cover – is probably not the answer, admits Mr Beresford-Davies. In areas, such as mis-selling, where traditional professional indemnity policies would have provided protection, mass blow-ups such as PPI have scared off underwriting capacity.

“Some of banks’ operational risks are outstripping the insurance industry’s ability to cover them, in the areas of technology failure, mis-selling, data security for example. The conventional approach isn’t fit for purpose – the scale is just too large.”

So, if it is impossible to model and hedge against all these risks, and increasingly difficult to insure them, what should financial companies do? The answer, risk experts agree, must be to devise better ways to catch problems early. Governance needs to improve, with better management of all kinds of risk, and a fostered culture of whistleblowing. Stress testing needs to become a routine continuous process, focused on realistic gradations of downside risk, not just disaster scenarios. Most of all, management priorities need to shift from short-termist risk-taking and reward.