Helping the CEO's sleep patterns

There are many methods for predicting the future. For example, you can read horoscopes, tea leaves, tarot cards, or crystal balls. Collectively these are known as "nutty methods." Or you can put well-researched facts into sophisticated computer models, more commonly referred to as a complete waste of time.

--Scott Adams, The Dilbert Future

What keeps you up at night? is a standard question CEOs receive. Responses may vary month to month, but the reason some CEOs can respond with Nothing, really comes from the level of excellence continually sought in risk management practices. Brian Ranson reflects on ways to make the unknown more manageable.

Banks' portfolios of business loans--or bonds for that matter--have a very low incidence of problems. What dynamics are at work behind this heartening fact?

* Businesses that borrow, apart from a few rare cases, believe they will be comfortably able to repay the debt. After all, they will be at the front end of any problems and generally have more to lose.

* Lenders are both highly skilled and highly cautious. While they will be comfortable with their analysis of the business, but experience has taught them to have less inherent optimism.

* The CEO knows that optimism, caution, strategic risktaking, intelligent portfolio planning, and more caution all are part of the equation, yet banks are highly leveraged and the incidence of collapse or crippling credit losses is not at all uncommon. Moreover, accounting systems do not provide a CEO with a view of risk and how it is changing over time.

Bankers and investors who take on credit risk usually are highly educated and highly trained professionals. They're good at what they do. Moreover, this process of moving resources from savers to borrowers to create more wealth is as old as money itself. Why, then, does every bank CEO worry about his or her institution's vulnerability to a portfolio hit above all the many complex risks that are taken every day? Is Dilbert or the more erudite Nassim Nicholas Taleb correct in assuming that regardless of preparation, outcomes are almost random?

The role of skills. It comes down to this: However good the lending or investment decision, the result is subject to uncertainty about the future. And because decision making is a skill, there will always be a need for innovative thinking and process improvement. The best professionals will distinguish themselves not by avoiding what turn out to be bad decisions, but by making more good decisions over time--a basic precept of strategic risk management. They know that it is entirely possible to build an appalling portfolio from a series of good individual decisions.

The role of tools. As far as individual lending decisions are concerned, the process of "fundamental" analysis can be supplemented by risk measurement tools. Most of these tools are relatively new, but their scope and sophistication are increasing. To avoid them is to avoid information and research, which, if used intelligently, should always add value. The CEO should be aware of the credit risk measurement tools that are available and should understand why some are accepted and others are rejected. New tools must be evaluated and understood, for there are many fine minds applying themselves to the better measurement and management of credit risk.

Data as a path to improvement. The CEO must also be able to observe and evaluate performance; to that end, a comprehensive database of credit losses must be built and maintained. This entails much more than looking at accounting provisions and interbank comparisons. It requires a depth of knowledge that will allow a risk taker to understand governance policies, how errors occur, and how inherent propensities develop. Credit losses are not accidents or bad luck; they are the inevitable outcome of accepting credit risk. Understanding them expost should not be an exercise of blame attachment, but rather a requirement for improving the activity. It is not learning from mistakes, but learning from experience.

It's the Forest, Not the Trees

Credit portfolios in banks have around a three-year life. Within that time frame, a portfolio manager generally can alter the composition radically. Such alteration cannot be done in a shorter time frame because there is simply insufficient depth in the open market or in hedging products. Moreover, a bank must be sensitive to the longer term, as clients will not accept a high level of uncertainty around the renewal of a loan facility. In sum, a large loan portfolio takes a great deal of time to change course, and often those changes can be difficult to discern, especially for the CEO who does not live with the details.

It should not, however, be the role of the CEO to arbitrate transaction decisions or disputes. Even if the CEO is an experienced ex-lender or credit officer, that temptation must be avoided. To become the credit decision maker of last resort will almost inevitably result in the chief credit officer and the chief lending officer (or their equivalents) using the CEO as a crutch or a substitute for good internal negotiation.

Build a better portfolio. The key to good credit risk management lies in the construction of the portfolio, not in the individual credit decisions that made up the portfolio. The CEO must be properly informed on that portfolio and serve as a guide to its construction. To do so, he or she must understand the business and internal drivers that will cause the portfolio to change.

To direct the portfolio, the CEO has three key levers:

1. Policy, which can set limits on single-name and connected exposures, set authorization limits and controls, and generally provide the rules under which credit risk will be taken.

2. Economic capital, which can be allocated to the product line of corporate loans based on whether that business, versus other contenders for the capital, can provide adequate returns.

3. Compensation, which (by way of bonus and other incentives) is the most potent way to convince managers of their objectives. Rewards for volume will ensure that volume is the target, and consistent pricing will almost inevitably suffer. Rewards for return on capital will have everyone working on that calculation. This very difficult area requires the CEO to ensure that the needs of the organization are not defeated by individualism.

Regulatory requirements are not mentioned here, for they should not be the objective of the business. Regulation is there to be complied with, not attained. Indeed, there are no standards to be set, as the ultimate test is whether the policies produce the diversified portfolio with the appropriate volatility and profitability through time.

Business Planning

Within an institution that has multiple businesses being carried out within a commercial entity or group, a CEO must decide how capital should be apportioned given the often conflicting demands of the operating units. Economic capital can become a common denominator, and the return generated can provide the logic for its application.

The theory is sublime: The capital goes to the most successful business and is withdrawn or kept from those that are unsuccessful. This indeed forms the basis of work by some very expensive consultants, but it has a very dangerous simplicity. The Economist in 2000 published (and has since updated) a wonderful tale about Felicity Foresight and Henry Hindsight. Felicity had $100 on January 1, 1901, and each year she was clever enough to invest her capital in what was to become the most successful market in that year. She was in equities in the good years but in government bonds the year of the great crash, and so on. Henry Hindsight copied every move that Felicity made, except he did so exactly one year later. At the end of a century of investing, Felicity had accumulated the sum of $9.6 followed by 14 zeros and Henry had $783.

So much bank analysis of relative performance is based on the current year's production; thus, unfortunate or even catastrophic allocations can be made when it is used as the basis for future strategy. Credit risk is cyclical, as are many other business lines in banks, and time horizons are important considerations. By the same token, banks can cling to dreadful business and dreadful clients on the assumption that they will rise, phoenix-like, from the ashes and provide spectacular returns. Getting bigger is sometimes a poor short-term objective.

The logical conclusion is that capital needs to have the best possible flexibility. Assets that will tie up capital for long periods are often put on as acts of faith rather than acts of analysis. A loan book ties up capital, and therefore a strategy of origination and distribution should have enormous appeal to the CEO where such markets are available. Growth in revenue and profitability need not necessarily require growth in capital or growth in the size of the balance sheet.

The credit risk manager using the latest analytic tools can provide critical information on the changes in market risk that are likely to consume capital. A reduction in revenue in the short run may have a high probability of increased profit in the longer run through avoided losses. Often there is a great deal of information available. Sadly, however, condensing this for the CEO is difficult. Perhaps the best that can be done is to calculate expected loss along with economic capital, although it is important to remember that in most years expected loss will exceed actual losses. It is wise to avoid excessive optimism based on any single year. Moreover, an increase in expected loss is not an outcome that should necessarily be avoided. Consider the opportunity to acquire a $100 million mortgage portfolio with good spreads priced at par. This may add good assets and good earnings, but it will certainly also add some expected loss.

Loan portfolio planning must deal with all three elements. It should show a "before and after" picture with changes in capital, in expected loss, in diversification, and in profitability so that an informed capital allocation decision can be made. Business plans that simply demand 10% growth in lending revenue each year are not plans but wish lists and, on occasion, can resemble undated suicide notes.

Relationship banking. On reading the above, the relationship banker would probably point out that the lending function should not be considered in isolation. If the ancillary business from cash management, foreign exchange, swaps, or any other product is ignored, then the risk of losing profitable customer relationships is real. Arbitrating between those charged with a product focus and those charged with a relationship focus is an unenviable task, but the buck stops at the desk of the CEO. The CEO with a focus on the totality of the business should have a broader perspective and should be able to make a more considered decision. Before doing so, however, one would hope that answers to the following questions would be available or capable of reasonable estimation:

1. What is the amount of subsidy from required credit risk pricing levels that is being requested for relationship purposes? For how long will that subsidy apply?

2. Is relationship business truly in jeopardy if the credit business is reduced/eliminated, or does it rely on other factors (e.g., pricing, treasury relationships, product quality)?

3. Is the relationship business with this client sufficiently profitable to justify the subsidy?

4. Does the term of the loan exceed the guaranteed availability of the other relationship business?

5. If the loan has to be sold down at a loss or hedged at a cost, will the relationship product groups pay for that loss from their profit and loss?

6. If the relationship benefit is in the future and does not materialize, will there be any repercussions?

The CEO, of course, is not likely to make these transactional decisions. But the CEO has to set the tone by making clear the decision criteria to be adopted so that disputes are minimized and the bank's capital is used as optimally as possible.

Risk Measurement

The measurement of default risk and the calculation of expected loss are areas finally receiving the combined interest of academics and practitioners. Many trained mathematicians have entered the discipline in recent years to bring some of the academic skills into the business sphere. Models of risk have been introduced, tested, and refined, and new models will appear and go through the same process.

The CEO does not need to understand these models any more than he or she needs to understand the mechanics of neural networks employed in retail loan adjudication. However, the CEO does need to know that all recognized external measurement aids have been considered for inclusion into the credit risk management process. It would be a valid question if the CEO asked whether a significant credit loss might have been averted or minimized by the use of a risk evaluation model, for that saving would probably pay for that model in perpetuity. The CEO should be provided with a report, probably annually, of the advances in credit risk measurement technology with comments on why the models used are still employed and why those not used continue to be considered unnecessary for the process.

That is not to say that all input is valuable and that a risk manager must use everything available and accept the most pessimistic forecast as a conservative or precautionary measure. Rather, it is a recommendation that a risk manager become aware of the many options available, understand their strengths and weaknesses, and be able to give the CEO confidence that all potential improvements to the process have been considered.

It is also recommended that the board of directors (or at least the risk review committee of the board, if one exists) also be informed, perhaps through an annual presentation of the risk measurement methods. This will help ensure that they too understand the complexity of the problem and the quality of the decision processes in use.

Policy exceptions. Policies come from the top down and there are two schools of thought on their application. On the one hand, policy is regarded as a tablet from the mount and no exceptions are allowed. In reality, this can never be the case (even "Thou shalt not kill" has its exceptions); however, breaches should be rare indeed. The second school of thought sets policy standards somewhat lower and encourages exceptions to allow for a high-level approval process of important transactions. For example, a bank might set a policy cap on any loan to a non-investment-grade client of $25 million to isolate all decisions above that level.

This is a credit culture question. Those with the "hard" policy caps often face the problem that too many deals are done at $24 million simply to get the deal done or to avoid an onerous process. Those with the soft caps often face the problem of exceptions becoming so commonplace that the reason for the policy level is soon forgotten.

The CEO has to decide how policy will be managed, and to do so, some data would always be valuable. For example, looking at loan losses by number or amount could indicate that breaches/exceptions to policy (correctly approved) were more common than when the policy limit was observed. If danger increases when policy is breached, then it should follow that policy should be tightened. However, it is also important to consider the incidence of policy exceptions that performed at higher returns to assess the overall outcome.

Sticking to policy can be a test of character, especially when a juicy deal with a large balance sheet effect comes along. Passing these decisions up to the CEO is a process that represents upward delegation and, as such, is usually inappropriate. Unfortunately, there are CEOs who delight in this, for they often love to make decisions and exercise authority, but this really should be discouraged. Any CEO who becomes the arbiter of contrasting opinions on a regular basis should ask whether new decision makers need to be found to replace those who fail to reach agreement so often or who prefer to delegate upward. Policy limits are there to provide managers with knowledge of a tolerance level, and discussion about that level should be rare indeed. In lending, too much of a good thing is still too much.

Client information. The CEO is often an ambassador for the bank and as such can help retain clients and gather new business. Yet the CEO has limited time, so such meetings need to be organized to obtain the most benefit. Who, then, should the CEO wish to meet?

An exercise at Bank of Montreal in 1998 identified the top 10 clients by exposure (the highest nominal amounts of lines available), the 10 riskiest clients (those consuming the highest amounts of economic capital), and the 10 highest revenue-producing clients. Each list had eight new names and two common names. So whom should the CEO spend time with? Exxon may be the biggest nominal exposure, but is unlikely to represent the highest risk or indeed the highest revenue. A fast-growing but young company may be where great potential lies, but also great risk.

The politically correct answer, of course, is to let the CEOs decide. Let them see the three lists in order to make the decision. If the lists cannot be produced, then something is wrong with the information systems and that is a message in itself. One word of caution to CEOs and those who watch them go to clients with trepidation rather than joy. One major bank CEO promised a $500 million loan to a large borrower while sitting beside the borrower at a major banquet. Whether he was euphoric with the fine wine, whether the borrower was a convincing person, or whether the CEO thought he knew a good deal when he heard one, this type of interaction should not be in the job description.

Portfolio information. Expected and unexpected loss, loss distributions, and so forth may fascinate the credit risk manager, but they should at least interest the CEO. There should always be information that can show where all these measures stand. The business plan should explicitly factor in expected loss and should always either calculate or estimate whether the portfolio's risk has changed or is expected to change. There has to be a risk plan as well as a revenue plan.

Preparing this data is not an accounting exercise. Indeed, accounting rules are more a part of the problem than they are part of the solution. Unfortunately, the systems at most institutions are designed to provide the data that accountants or regulators want, and so this problem can be acute. Sadly, there is no easy solution or shortcut. Generally, one finds that the CEO demanding data tends to have the most powerful effect on systems design. Accordingly, the credit risk manager should work with the CEO to understand what, when, and how information is to be provided. It's a good idea to produce some sample reports that might represent the nirvana of the credit portfolio manager. These possibilities can then be shown to the CEO, after which the support may come for the databases needed to help manage the portfolio over time.

Measuring Success

There is no doubt (although there is denial) that banks are very risky businesses, but after all, risk is at the very heart of banking. Being good at risk management should not be the objective; frankly, those who are not good disappear. The objective must be excellence and to prove that excellence over time. Look at the earnings multiples that the equity markets give to commercial banks. They are consistently below those of most other industries. In large part, investors mistrust current high earnings on the valid historical grounds that they are prelude to unpleasant years with very high credit losses or other calamities. Proving excellence in risk management will take time and some significantly enhanced disclosure, but the prize may be very significant: a market multiple that will make all the shareholders and the CEO very happy.

Contact Brian Ranson by e-mail at branson49@yahoo.ca.

Credit Risk Management, by Brian Ranson, was published in July 2005. For more information about the book and a special offer for RMA members, call 1-800-456-2340.

[c] 2005 by RMA. This article is adapted from Credit Risk Management, published by Sheshunoff Information Services (www.sheshunoff.com). Until March 2005, Brian Ranson was executive managing director at HIM Monegy, a member of Bank of Montreal Financial Group. He now is doing consulting work and devoting more time to writing.

COPYRIGHT 2005 The Risk Management Association
COPYRIGHT 2005 Gale Group