As the United States and the world sort through the credit crisis, and the financial markets continue to gyrate and governments craft and recraft programs in an attempt to avert disaster, one wonders what went so very wrong with those much-touted risk management systems of major financial institutions. Weren’t the big guys with the highly polished reputations supposed to have in-depth knowledge of what their risks were, and manage those risks to be profitable and sustainable? How did they, and we, end up here?
We should consider where sophisticated risk-management processes failed these platinum-branded companies. I’ve written about this topic several times over the year; now let’s look at new information that has come to light, and see what additional insights can be found, focusing particularly on failures of risk management.
Boards of Directors
A board of directors is not directly responsible for managing risks a company faces. It is, however, absolutely responsible for providing effective oversight. That means the board must understand what management is doing to identify, assess, and manage significant risks facing the company. It must be comfortable that management has a process in place, and that the process is working effectively. The board must be comfortable with management’s appetite for taking on risk, and that senior management is positioned to obtain accurate information about key risks and relays that information to the boardroom.
All that means the board must be satisfied that management knows what the significant risks are, is communicating relevant information to the board, and is keeping risks within the agreed-upon parameters. So one can only wonder what the boards were doing at the likes of Citigroup, Bear Stearns, Lehman Brothers, Merrill Lynch, Wachovia and other financial services companies that have suffered greatly. (We’ll get to AIG in a moment.) Did those company’s boards carry out the aforementioned responsibilities? Whether to give Fannie Mae and Freddie Mac a pass is subject to debate, as they had a dual objective of increasing home ownership while making money. But we certainly can question what their boards were doing with respect to achieving the most basic corporate goal of ensuring the companies’ sustainability.
The Regulatory System
My last month’s column highlights some of the failures in the regulatory system that we thought was charged with responsibility for monitoring the financial system and keeping it functioning. Further, specific to risk management, we can look to the following:
Securities and Exchange Commission. The SEC has long been considered one of the most effective government institutions, held in high esteem on both sides of the Congressional aisles. Well, now its reputation has been badly tarnished. Recent press reports point to a brief and little noticed meeting the Commission held back in spring 2004 with major investment banks. The banks reportedly asked for—and received—an exemption regarding the amount of debt their brokerage units could take on. Billions of dollars held as a cushion against losses were freed up and invested in mortgage-backed securities and exotic derivative instruments, while the SEC relied on the banks’ own computer models to determine the risks inherent in those investments.
We now know all too well what transpired. The leverage ratios of the banks skyrocketed; Bear Stearns, for example, saw its ratio go to 33 to 1. The SEC did little to monitor the situation; the office originally identified as having responsibility to oversee the situation reportedly has had no director since 2007, and as of September had done no inspections in 18 months. Now word coming from the agency is that a director indeed has been in place since March 2008, but that it was really another division—Trading and Markets—that had this monitoring responsibility all along. The question remains, however: How could this have happened? Some say it was due in part to the broader deregulatory culture of the Bush Administration. Regardless, the lack of effective regulation clearly played a significant part in the mess that now has to be cleaned up.
Federal Reserve. Talk about being held in high esteem—who in government in recent times has had a better reputation than Alan Greenspan? Well, in some quarters, the judgment of the former Fed chairman now is being questioned. Recent news reports point to his fierce objection whenever derivatives came under scrutiny; in 2003, for example, he told the Senate Banking Committee, “We think it would be a mistake” to regulate derivative contracts more closely. Had Greenspan acted differently, economists say, the crisis might have been averted or muted. Reality is that the “derivatives market is $531 trillion, up from $106 trillion in 2002, and a relative pittance just two decades ago.” (Note we’re no longer talking in billions, but now trillions of dollars!)
Of course it’s easy to make assertions based on hindsight. But there were smart people who seemed to know back then what was coming down the pike. The report notes that well-known and highly regarded investment banker Felix Rohatyn described derivatives as “potential hydrogen bombs,” while Warren Buffet said five years ago that derivatives were “financial weapons of mass destruction, carrying dangers that, while now latent, are potentially lethal.” Chairman Greenspan took the opposite view, believing the risks could be managed by the markets themselves.
Way back in 1994 Charles Bowsher, head of the U.S. General Accounting Office, told a House subcommittee: “The sudden failure or abrupt withdrawal from trading of any of these large U.S. dealers could cause liquidity problems in the markets and could also pose risks to others, including federally insured banks and the financial system as a whole.” At the time Greenspan testified that “risks to financial markets, including derivatives markets, are being regulated by private parties … There is nothing involved in federal regulation per se which makes it superior to market regulation.”
We know that Fed Chairman Greenspan has provided our country with tremendous service, long viewed as the oracle helping to steer the economy through years of prosperity. But we now wonder whether more regulation of the risks financial services firms were taking would have been better than less. Interestingly, recent reports note that the former Fed Chairman now calls for tighter regulation, according to Bloomberg, “distancing himself from the free market culture that he helped to create.”
Insurance Company Regulators. We know that insurance companies are regulated at the state level, which seems to have worked reasonably well—until now. But how well regulators tracked activities of recently bailed-out American International Group is perhaps now all too clear. We’ve learned that a small London-based AIG unit began writing insurance—credit default swaps—on collateralized debt obligations, on the basis that if an issuer of CDOs defaulted, AIG would make good.
Where was the regulation of this insurance, and the related risks? Well, a recent media report says that this AIG Financial Products unit was not an insurance company, and thus didn’t have to report to state regulators. It’s noted that there was an element of review by the Office of Thrift Supervision, but the extent and quality of its involvement is suspect at best.
How this small unit could bring this huge and highly regarded insurance company to its knees, and has threatened the entire world-wide financial system, will serve for years to come as a textbook case study in the failure of risk management.
And All the Others
Of course, we can look directly at managements for failing to recognize the tremendous risks the companies faced. Some say incentives for short-term upside potential caused CEOs to ignore the risks, placing huge bets with corporate resources so they could line their pockets. While there may be an element of reality in those assertions, my experience points to situations where managers in these organizations knew what the risks were, but either didn’t sufficiently communicate upstream or their communications fell on deaf ears. Yes, quantitative models were deficient and there seems to have been inadequate stress testing, but another fundamental of risk management—effective communication and response to known information—failed terribly.
And we shouldn’t forget the credit rating agencies. Talk about tarnished reputations! One such firm has been looking at financial services companies’ risk management processes for some years now. Whether it knows what an effective risk management process is really about is highly suspect, with the answer apparently lying in the massive failures that resulted in highly rated companies and securities.
What Shareholders Should Expect
Investors and other stakeholders should be able to expect that managements, boards of directors, and regulators know what risk management is all about. Clearly, risk management isn’t rocket science. These players should look at the fundamentals—recognizing, for example, that housing prices will not rise unabatedly forever. They should know that spreading risk throughout the system does not reduce risk, and that insurance is insurance, whatever you call it. There must be recognition that firms cannot be allowed to take on ever-increasing amounts of risk under the veil of self regulation. All parties need to beware of the complexities of sophisticated transactions and models. And they must take shareholders’ long-term interests to heart.
And as important an anything, it’s essential that all parties understand that the next huge risks can be expected to come from another direction —and risk management systems must be positioned to deal with what now is over the horizon.
No comments yet