The Federal Reserve Board eagle logo links to home page

Remarks by Governor Laurence H. Meyer
At the Risk Management Planning Conference, Chicago, Illinois
June 1, 2000

The Roles of Banks, Supervisors, and the Market in Advancing Risk Management

It's a little bit more than carrying coals to Newcastle to say to an audience like this that the environment in which banks operate--by which I mean 95 percent the markets and only 5 percent the regulatory and statutory rules--is changing at what appears to be an accelerating rate. Technology--and its associated competitive pressures--is affecting institutions of all sizes. Banks and their supervisory counterparts are responding in many ways, not the least of which is how they manage and evaluate risk

Before I get into risk management, however, let me note that in identifying technology as the driving force of change, I do not mean to demean the importance of the Gramm-Leach-Bliley Act. It greatly reduced the cost of operating a modern financial institution by explicitly authorizing a structure that had already largely been created--by technology, by deregulation, and, let us be frank, by loopholes. That, and bankers' good sense in looking before they leap, are, I think, the main reasons why we have not seen a rush to combine banks, securities firms, and insurance companies. Banking organizations will, it seems, continue to evolve with a wide range of strategies, in markets from local to global, with structures ranging from more-or-less standard commercial banking to operations combining trading, merchant banking, investment banking, and commercial banking. The financial modernization legislation facilitates these choices.

Reflecting the subject of risk management, my remarks today will focus mainly on the largest and most complex organizations because that is where the greatest change in the art has, and will, occur in response to real needs. Because complexity is the driving force requiring better risk management tools and practices, these new techniques will spread to smaller organizations as needed. But less complex and even traditional organizations are being affected by the changing technology; credit scoring and participations in securitizations are two examples. Moreover, as new systems are applied at the larger banks, other institutions are likely to find ways of using some of the new techniques. Thus, I hope my comments and observations will be of interest to most of you, and that your attention will not solely reflect the good manners characteristic of all bankers.

Internal Ratings
One of the most dramatic changes in risk management now underway is the development and application of more sophisticated internal risk classifications for loan portfolios. Virtually all large, complex banking organizations now have some form of internal risk classification system. Cutting-edge banks, however, are classifying their loan portfolios into risk classes of finer and finer gradation. They use those categories to control aggregate risk exposure, to allocate capital internally, to price loans, to determine loan loss reserves, and for other purposes. As with bond ratings, a probability of default, and a loss rate given default, are calculated for each grade. These data provide not only valuable statistical insight into a bank's evolving risk but also the information needed to control it.

This information could be critically important to bank supervisors. Indeed, central banks and banking agencies around the world are considering using the same information produced for internal risk classification systems as the raw material for the development of a much more accurate regulatory risk-based capital requirement. The purpose of capital is to absorb unexpected losses and, at least in principle, the probability functions I just described allow the policymaker to determine how much of the loss distribution probability should be covered by capital. Indeed, I believe a consensus of G-10 countries is developing around a capital accord in which individual bank capital requirements will vary with their individual credit risk profiles, based increasingly on the banks' own internal risk evaluations. To be sure, supervisors will need to ensure that, first, the risk classifications are empirically based and tested and, second, that they are also used by management for decision making. No less critical is tying risk weights to internal risk classifications so as to minimize inconsistencies of capital treatment among banks with similar risks. From the work I've seen, these problems look solvable, at least in stages.

This dual use by supervisors and bank managers of internal risk classifications is a dramatic innovation, creating a link between bank management and supervisory standards that has been needed for some time. Let me explain why that linkage is so important for, I'd say almost critical to, our evolving strategy of bank supervision and capital reform and why it should be so important for you as well.

If both the supervisors and management are using the same information--reading from the same prayer book as it were--the burden on banks should be dramatically reduced. Neither the agencies nor the industry should be happy when supervisory policies become separated from the reality of management and practice. Not only may one of us be doing something irrelevant, but bankers may be forced to duplicate their efforts. I might add that burdens on supervisors are also reduced when we both look at the same thing. Under risk-focused supervision, the current paradigm of all the agencies, we will be reviewing internal risk management practices anyway. There are real efficiencies if this review is also tied to the evaluation of the bank's capital. Moreover, supervisors do not have the resources to review each separate loan. The focus on systems and risk management provides a degree of comfort about loan quality.

If supervisors are emphasizing the linkage between internal risk classifications and capital, I think it quite likely that both will be interested in jointly developing improved internal risk management systems. Bankers, I am sure you will agree, will always have a better understanding of the credit quality of their customers than will the supervisors. The quality of supervision will, I think, thus be greatly enhanced when supervisors are plugged-in, literally, to the bank's risk management systems. I remind you again that, first, the supervisors have to be comfortable with management's internal risk classification systems; they have to validate its accuracy by reviewing it, by understanding it, by testing it. If the system falls short, we are both better off when it is improved. When the supervisor accepts the system, we both enjoy benefits: better capital regulations, greater efficiencies, reduced burden, and, one hopes, better risk management.

Our working hypothesis is that the scale of capital reform for most banks in the United States will be rather modest. Indeed, for most banks in this country it may even be possible to adopt a quite simple regulatory capital ratio consistent with the straightforward nature of their operations. As the operations of a bank become more complicated--please notice that I am not linking these gradations to size but to operational complexity--its capital regime might be revised to reflect the closing of certain loopholes and perhaps somewhat greater use of both external and internal grades. The most complex entities will require the most complex capital rules but also the most complex risk management regimes, on which we hope the capital rules will be based. The scope and complexity of supervision must reflect the scope and complexity of the banks to which it is applied.

Getting the proposed risk-based capital numbers correct, both in science and as an art, is especially critical for the most complex organizations. The current one-size-fits-all regulatory capital regime, as you know, has led increasingly to a gaming of the regulatory requirements. This amounts to at least a supervisor-permitted series of market-based transfers designed to reduce regulatory capital and, one hopes, link it more closely to economic capital. If we just create a few more risk weights and buckets we will, I submit, have done no more than create new opportunities for this kind of capital arbitrage. In short, we will simply continue to induce banks to retain their risky assets when their own internal capital allocations exceed the regulatory levels and to sell, securitize, and otherwise shift off-balance sheet those assets for which the regulatory capital requirement exceeds their economic requirement. The net result is likely to be riskier banks--quite the opposite of what policymakers and supervisors want.

Regardless of what we do, and I cannot emphasize this enough, the small but increasing number of banks on the frontier of risk management, will continue along their current path of ever more sophisticated use of internal risk classifications. And whenever regulatory capital differs from economic capital by more than the cost of arbitrage, they will arbitrage. Another way of saying this is that, regardless of supervisory actions, bank management will always attempt to manage its business to earn competitive risk-adjusted rates of return on equity. Today, our capital regulation encourages banks to withdraw from low-risk credit markets, or to arbitrage, when regulatory capital requirements exceed levels consistent with an activity's underlying economic risk. Not only is this situation costly and inefficient for banks and their customers, it has become increasingly difficult for supervisors to assess the residual capital adequacy of large, complex, banking organizations as relatively low-risk assets have been removed from the banking book. Indeed, I am concerned that regulatory capital is, as a result, becoming a safety and soundness irrelevancy and simply a compliance requirement. That is why we need a new regulatory capital framework and why it is so critical that both the bank and the supervisor use capital weights that are as risk-sensitive as possible.

As I mentioned, supervisors, have to be comfortable with banks' internal risk classifications. And the fact is that today supervisors would not have the necessary degree of comfort. Indeed, the fact is that today some large banks are surprisingly behind the curve in developing their own internal risk classifications. The major complaints are that categories are too few, historical data and stress testing are insufficient, and assumptions are too simplistic. That is why last year the Federal Reserve told lagging banking organizations that they should catch up and required our examiners to evaluate efforts to do so. If you take only one thing away from this conference, I hope it will be a resolution to put a high priority on improving your internal risk classification system, virtually regardless of your size, but certainly most critically as your operations become more complex. For their own benefit, banking organizations will, I trust, promptly revise the systems, not only to meet coming revisions in the regulatory capital regimes, but also to avoid the market's criticism as creditors become more familiar with best practices and come to expect it of their banks.

Market Discipline
Indeed, market evaluations will, I think, play an expanding role. Indeed, a discussion of risk management would be incomplete without mention of the best risk manager in a market economy: the market. As executives of banking organizations, I am sure that you feel the pressure of the marketplace throughout your working day. But I'm referring here to a different kind of market pressure or discipline that, the evidence is quite clear, is now less effective on insured depository institutions than on other kinds of financial and nonfinancial business. That is the market discipline that comes in a tight linkage between funding costs and availability, on one hand, and risk-taking on the other. The reason why this linkage is attenuated in banking is no great mystery. The safety net--deposit insurance, the discount window, and access to the Federal Reserve payment mechanism--coupled with a kind of an imprimatur that comes from supervision, both elevate the relative status of bank liabilities and weaken the nexus between the riskiness of bank portfolios and bank funding costs and availability. That is to say, the market gives banks a kind of pass to avoid the full costs of their own risk-taking because of banks' special privileges and a belief that the supervisor is acting as the market's agent, as it were. There is a kind of vicious circle at work here: The less the market does its job, the more the supervisor is called upon, and the more the supervisor is called upon, the less the market does its job.

Given the safety net, we cannot eliminate this circle. But it's time that we make it less binding.

Because as markets have become more global and competitive and because technology and deregulation have fostered more innovation, traditional supervision is no longer compatible with a responsive and innovative financial services industry. At the same time, the increasing concentration of banking and financial assets in a smaller number of very large organizations raises real systemic risk and concerns about taxpayer liability. It seems to me that we have a limited set of options: acceptance of greater risk coupled with prayer; or heavier and more detailed supervision and regulation coupled with an increasing number of outright prohibitions, a reversal of everything for which we've worked so hard; or a greater reliance on market discipline, linked with the improvements in internal risk management and capital reform I discussed earlier. Now, my rabbi and I support prayer, but I think the Lord would like us to help ourselves, and it seems to me that the choices require us to give market discipline a real chance.

There are certain prerequisites to expanding market discipline in banking. Uninsured creditors and shareholders have to believe that bad management or bad luck exposes them to loss; that the safety net is not a guarantee for other than insured depositors; and that the resolutions both large and small problem banks will be handled similarly. To be sure, for systemic reasons, under provisions of the Federal Deposit Insurance Corporation Act of 1991, the resolution of a larger problem bank may involve use of bridge banks and the minimization of outright liquidations, but in all cases the uninsured stakeholders will bear the cost of resolution. The rhetoric of the agencies and their actions must be the same if market discipline is to be credible.

Credible policies are not sufficient. In addition, banks must disclose the information that creditors and shareholders need to evaluate the underlying risk profile of the individual bank: not some boilerplate statistical report, but the information that is useful for understanding that particular organization's risk. Fear of loss, if linked with the availability of sufficient information about the banking organization to determine the entity's real risk profile, should in turn induce the uninsured creditors to behave like those of any nonbanking business. That is, uninsured creditors could be expected to command a risk premium linked to the portfolio and other risks of the organization. Such a risk premium should in turn act both as a governor on the risk-taking behavior of banking organizations and as a supplementary signal to supervisors. But, to do either, the uninsured creditors must have both a credible fear of loss and the necessary information about the individual institution to make judgments and decisions.

In late April, the Federal Reserve, in cooperation with the Office of the Comptroller of the Currency and the Securities and Exchange Commission, set up a private sector advisory group on public disclosure, under the chairmanship of Walter Shipley, former chairman of Chase Manhattan. We have asked the group, composed of senior executives of banking and securities firms, to review the state of the art on public disclosure, to identify best practices, and to suggest improvements in those practices. Their report will be public. While I have no idea what will be in their report, it is my hope and expectation that we will learn more about how to use market discipline both to strengthen our banking system and to avoid the necessity of additional regulation and supervision of global financial institutions. At the Federal Reserve, we plan, however, to require that at least the large, complex banking organizations establish and implement a disclosure policy that is designed to provide information stakeholders can use to evaluate the risk profile of the banking organization. Our examiners, as part of both the holding company inspection and the state member bank examination, will review and evaluate these disclosures to ensure that they conform to best practices and contribute to stakeholders' understanding of their risk at that organization.

We should all be aware that additional public disclosure is not a free good, especially if it works. Banks will find that additional market discipline constrains their options, and supervisors will be concerned about creditors' response to bad news. But both constrained options and swift market punishment are desired effects of market discipline. And, I say with great regret, our failure to use market discipline or the failure of market discipline to work as advertised will lead, I fear, to re-regulation, a return to more invasive supervision, and a general reversal of the freeing of banking markets.

Even with effective market discipline, better internal risk classifications and systems, and an improved regulatory capital framework, supervision will not disappear. So long as there is a safety net, there will be supervisors, and I would advise young supervisors that they have a lifetime opportunity in their present employment. But I do believe that the nature of bank supervision will change and evolve if and as banks are successful in developing meaningful internal risk classification and disclosure systems and the authorities are successful in modifying capital regulations and procedures for resolving problem banks.

The nature of the change I anticipate in supervision is more evolutionary than revolutionary, with an ever-expanding emphasis on understanding of, and comfort with, a banking organization's risk classification and risk management systems. As I noted, this undoubtedly will involve transactions and stress testing. But the more that the safety and soundness of banks come to depend on their risk management systems--and on the judgments the bank manager brings to bear in their use--the more supervisors will come to focus their evaluations on the same systems as bank management. Again, if and as supervisors become comfortable with individual bank's risk classification and management systems, the tighter their focus will be on providing the bank management with comments, evaluations, and suggestions on improving the systems rather than duplicating the efforts of bank management.

In short, it will, I think, be increasingly the job of the supervisor to evaluate and test systems and to evaluate and criticize the accuracy and helpfulness of the information banks disclose about their own risk profiles. I anticipate that market discipline at the complex banks will play an important role as a supplement to the evolving supervisory paradigm. Internal systems and public disclosure are the real first line of defense in the safety and soundness of our banking system. The only alternative for the large and complex banking organization, as I have noted, is a degree of supervisory intrusiveness and detailed regulation that would dramatically reduce flexibility and innovation in our banking system.

We have, I believe, already started down the road I have outlined. But several problems remain to be solved, and any one of them could slow or even stop our progress. I have already mentioned validation procedures for risk classifications and efforts to convert risk classifications into risk weights on an equitable basis across banks. The process of reaching a consensus at Basel that works in addressing the problems I have outlined is another. But whatever we develop, either here or on an international basis, we will be relying on the development by banks of better risk classification and management systems, on market discipline, on the good judgment of the nation's examiners, and on the development by examiners of the skills needed to keep pace with the activities of banks.

The changes in financial markets, technology, and law and regulation create new opportunities and risks for banks and supervisors. As institutions become more complex--let alone larger--and financial markets more complex and diverse, the requirement for better risk management increases exponentially. A critical component of better risk management systems will be an empirically based internal structure of risk classifications. Supervisors, once comfortable with the accuracy and sensitivity of such systems, will be able to use them in constructing and evaluating improved regulatory capital requirements. Supervisors will increasingly rely on market discipline and focus on critiquing risk management systems.

Return to topReturn to top

2000 Speeches