The Knowledge Exchange / Risk Management / The secret to making risk management a profit maximizer

The secret to making risk management a profit maximizer

Boaz Galinson, Bank Leumi, on risk-adjusted performance management

The financial crisis that unfolded in 2008 led many institutions to implement a broad range of initiatives to respond to the events that threatened the very existence of major components of the global financial infrastructure. Our institution, Bank Leumi, was no different. We wanted these strategic investments to strengthen our proactive posture and to reflect our risk-management vision.

Our previous systems supported profit-maximizing activities, of course, by streamlining and accelerating business processes.  But they fell short of factoring in the true nature of the risks inherent in these activities. By focusing solely on performance management, banks failed to build in sufficient risk-management into their decisions and operations. What was needed – is needed today: risk-adjusted performance management.

Volume vs. loss – The truer measure

Bank Leumi has implemented four separate new systems specifically to manage risk. However, perhaps the most important change in our institution is cultural – recognizing and responding to the nature of risk. For example, traditionally, many banks have defined their risk exposure in terms of the upper limit of loan volume – how much money did they give to that group or that sector or that geography?

But that’s not the true measure of risk. The correct measure is not the volume. It’s the loss – how much loss can you tolerate? In 2008, many banks struggled to translate the volume of their exposure into expected or unexpected losses. But, at a time of crisis, what you really want to know is: How much money could you lose? Unfortunately, many banks were compensating their sales teams based on volume, irrespective of the true risk involved in those deals. As a result, many banks have become “gun-shy” about risk – but that might not always be in their best interests.

For example, suppose a bank has a high volume of real estate loans – many with borrowers who become financially vulnerable because of shifting economic conditions. At first glance – looking solely at volume – the portfolio seems dangerously exposed. But, when you factor that there is substantial collateral (the real estate), if the contractor files for bankruptcy, the bank can simply get another contractor to complete the job. Yes, there will be additional costs, but the threat of catastrophic loss is much lower. A volume-only perspective will not show your true risk. And, since the actual loss may be smaller and the risk-adjusted return on equity (RAROE) is quite high, you might actually go in the opposite direction and pursue more volume in that sector.

Recalibrating capital reserves

As a risk officer for my bank, I share many of the same responsibilities and perspectives that any external regulator might have. However, as an employee and officer of the bank, my role encompasses more because I cannot sidestep the need to contribute to the bank’s profitability as well. I need to help create value.

This becomes apparent in thinking about how risk-centric IT systems can also play a crucial, quantitative ROI role in helping a bank gauge its capital requirements. Using an internal ratings-based (IRB) approach, a bank must properly calculate how much capital it needs on-hand given the risk profile of its loan portfolio – a framework instituted with Basel II.  Of course, after the 2008 crisis, we’ve seen more regulation, more stringent risk-management protocols – and a safety-first emphasis on retaining ample capital reserves. The result? Stockholders have seen a marked decline in ROE because, for the same activity, the same loan, the bank now needs more capital.

IRB provides a very risk-sensitive approach to loan-decisioning that is pleasing to regulators. But it can also be equally pleasing to shareholders. Naturally, if the borrower presents a riskier profile with relatively small collateral assets, the bank will need to set aside larger amounts of capital to cover the risk of loss. (And it can be difficult to explain to the other executives why – even with compensated risk – a loan may nonetheless exceed the bank’s threshold for risk tolerance.)

However, if the IRB – that you’ve calculated with your risk-management system – indicates lower risk and higher collateral, you can approve the same loan amount with far lower capital requirements. The loan portfolio becomes measurably more efficient, regulators are satisfied, and shareholders are happier. Risk-management becomes a value-contributor to the enterprise by providing risk-adjusted performance management.

How do you measure the return on investment of risk management and risk management systems? In the above article by Boaz Galinson, Bank Leumi measures ROI in more effective use of capital, regulatory compliance and value creation. Download No Silver Bullet. Measuring Return on Investment in Risk Systems, to learn how other financial services practitioners and experts measure ROI of risk systems.


Also read other risk officers’ opinion about how to convey the value of risk systems to executives

  • Facebook
  • Twitter
  • Digg
  • LinkedIn
  • email