Banks are considered to be stable, reliant and dull by the world, or that’s what we would like them to be.
Instead banks are inherently risk managers, as we have now specifically realised in the past five years.
Banks can be basket cases if they manage risk badly or high return investment vehicles if they manage risk well, but it’s all about risk management.
This is because banks make money out of lending and the art of lending is to ensure the customer will pay back and pay back at a profit with interest.
This is the basics of banking and goes back to usury in the times of the Romans.
It all sounds so simple, and it is, but the complexity of the modern world is breaking that simplicity.
Just thirty years ago, the simplicity was there because we had just two types of risk to manage: market and credit.
Credit risk speaks for itself: will the customer pay back; whilst market risk is also fairly obvious: are the markets good enough to support our position?
Then Barings Bank collapsed and another sort of risk appeared: operational risk. Operational risk is the risk of our own organisation screwing itself up through inadequate internal controls. This one is also simple, although harder to manage because the bending of internal rules is all too easily achieved if the interests of the few dominate the survival of the many, especially if the interest of the few lie near to the top of the tree.
Today, we think of Jérôme Kerviel and Kweku Adoboli as operational risk illustration of modern day organisations that got out of hand, but I would also place Fred Goodwin (RBS), James Crosby (HBOS) and Adam Applegarth (Northern Rock) in this space.
Now that may be unfair as there is another form of risk that appeared in much more recent times, post-2008, that had gone under the radar pre this crisis, and that is the risk of not being able to keep ourselves funded.
It is now called liquidity risk and it’s a good name, as I think of it as the ability for a bank to remain buoyant and a bank sinks if its funds run out. You see a bank’s job is to maximise returns by leveraging its lending as far as it can. That is how a bank makes money by lending it and getting interest back. Admittedly, banks also made money by investing it, and that’s where market risk comes in.
As you can see, these four sorts of risk are interoperable, interdependent and inter-related, but they have to be treated separately and in harmony to make sure that one does not explode at the expense of the others.
RBS, HBOS and Northern Rock were all good banks that went bad because they had modelled and managed their market and credit risk analytics, but had not taken into account the risk of markets closing the doors to funds. It was when this liquidity risk exposure appeared that they also realised they had an operational risk: CEOs that have been overambitious and who had overleveraged the balance sheet because they believed markets would provide never-rending funding (liquidity).
I’m blogging about this today because of two banks that I’ve been talking to or about over the past two days.
One is the Co-operative Bank, the small UK ethical bank that has been a mutual but is now becoming a proprietary shareholder owned bank.
Because it has a £1.5 billion capital shortfall under the new regulatory rules, and has to fill that hole by converting bondholders into shareholders. The bondholders aren’t happy about it but, if they don’t accept the plan, they will probably become the holders of nothing as the bank will close.
How did the Co-operative get into such a mess?
Because they – like RBS, HBOS and Northern Rock – over-stretched the balance sheet and created unmanageable liquidity risk.
In this case, everyone is wondering how come a bank that the regulators and media all thought was decent, small, mutual bank, has suddenly become a basket case.
And the answer is the arrogance of management in stretching the bank’s balance sheet when buying a bad bank called Britannia, along with another form of risk.
Again it is wrapped into the other four (market, credit, liquidity, operational) but has its own designation today: compliance risk.
The Co-operative had an 8.8 percent capital ratio – the amount they hold to cover a crisis- and this has been deemed unacceptable under the UK implementation of Basel III. Under this regulation, banks must achieve capital ratios of 10 percent or more, and the Bank of England recently came out with an analysis that said the UK banks each had some form of shortfall.
For a big bank, such as shortfall can be covered by selling non-core assets (RBS, Lloyds) or a rights issue (Barclays), but for a non-proprietary mutual, how do you find £1.5 billion you don’t have and find it fast?
That is the challenge that Cao-operative Bank face and so they’re converting £1 billion of bond debt into shareholder equity and then selling a few other bits, like their insurance business, to survive.
Or that’s the plan anyway.
So I finish that conversation and pick up the annual report of a bank I will present to tomorrow.
In their report of lots of interesting bits and bobs, but the real inspiration for this blog post hit me at the end as I picked up their risk section.
They defined their five types of risk that they must manage as follows:
Credit risk: the risk of loss which arises if customers and counterparties cannot meet their payment obligations.
Market risk: the risk of changes to the results caused by variations in market prices, and comprises equity, interest rate, spread and currency risk.
Liquidity risk: the risk that the group cannot meet its obligations when they fall due without incurring substantial costs in the form of expensive refinancing or the need to sell assets.
Operational risk: the possibility of losses arising from inadequate or unsound processes or systems, human error or external incidents, as well as legal risk.
Compliance risk: the risk of breaching legal enactments, statutory regulations, other relevant official provisions and internal regulations which involve the threat of official sanctions, financial loss and loss of reputation.
Nevertheless, are these the only risks we need to manage and what other ones will appear in the future?
Environmental risk, technological risk, social risk, political risk, reputational risk … there are so many forms of risk that what it convinces me to realise is that banks are not boring, dull, stable businesses at all. They are risk managers.
And now, when I think this way, I realise that banks are not the issue here, but the risk managers.
You can have the most leveraged bank in the world with a one percent capital ratio, as long as the risk managers are second-to-none whilst you can have the safest bank (the Co-op) with a ten percent capital ratio that’s as flaky as a fruitcake if it ignores its bad loans business (which the Co-op did).