By: Tom Hannagan In previous posts, we’ve dealt with the role of risk-based capital, measuring performance based on risk characteristics and the need for risk-based loan pricing. What about risk mitigation? Some of the greatest sins of the financial industry in the current malaise have been the lack of transparency, use of complex transactions to transfer risk and the creation of off-balance-sheet entities to house dodgy investments. Much has been made of the role of Credit Default Swaps (CDSS) as one of the unregulated markets (and therefore guilty parts) of the current credit meltdown. The regulatory agencies and the media are aghast at the volume (peak of some $62 trillion in notional value) of CDSS that have resulted from a totally private market. The likes of Lehman Brothers, Bear Sterns and AIG were all big issuers of CDSS. And the trillions of notional value of open CDSS is as much as 100 times the underlying value of the actual debt being insured. There are problems here, but it may be worth clarifying the useful risk management activities from the potentially abusive excesses involving such instruments. CDSS are derivative contracts whereby one party buys credit protection from a counterparty. The buyer pays a premium to the seller either in a lump sum or periodically over the life of the contract. If a credit event such as a default on a loan or a bond occurs, the seller of the CDSS pays the holder for the loss or purchases the initial debt, the reference obligation, at a pre-set price.  So, a CDSS is in effect a put option that is deep-out-of-the-money. They expire upon termination and most are never exercised. They are subject to fair-value accounting and can change in value from month to month as the credit markets premiums for similar cover moves up or down. Banks and others can use CDSS to, in effect, adjust the nature of credit risk in their portfolios by both buying and selling such contracts. Asset securitizations, whether mortgage-backed securities or other formulations, are in fact broken-down and re-packaged forms of assets that can be sold -- transferring certain rights, values and risk to another party for payment received. They are complex and therefore mostly opaque to the general public and even many practitioners. They often involve the use of special purpose entities or trusts that can further confuse investors. These tactics have added to the difficulty of the credit crisis and the collapse of capital markets. But, CDSS are contingent in nature and act more like fire insurance or a back-up data center. Such operational expenses are intended to control risks. The accounting treatment is complex and, to an extent (especially as regards the tax treatment), still not well defined by accounting authorities. For most banks, and most CDSS contract, the premium is amortized over the life of the contract. The premium expense entry in their general ledgers is an expense of doing business that is intended to alleviate some credit risk. We are now talking about a covered CDSS, where the bank has extended credit or invested in a debt instrument. Those who purchased uncovered CDSS are gambling on a default occurrence and used CDSS as a more cost-effective (and secretive) alternative to shorting securities. It is somewhat like a naked short. So, a covered CDSS is ultimately an expense associated with protecting the net asset value of a credit transaction. Importantly, this expense should be included in any performance analysis or pricing of the risk-adjusted profitability of the credit obligation and/or client relationship involved. This risk mitigation exercise may be in lieu of a higher required rate or fee on an otherwise uncovered/unmitigated credit transaction, or being satisfied with a lower risk-adjusted return where the bank assumes (self-insures) all of the credit risk. CDSS quotes/costs, similar to rate spreads on corporate bonds, are the open market’s current feeling regarding an entity’s credit quality or relative probability of default. There are some 400 or so participants in the CDSS market, including writers and dealers. Market data is published for many obligations. Even the previously risk-free Treasury securities now have CDSS quotes – and they have gone up considerably in recent months. It is always the buyers’ responsibility to decide if the quoted prices make sense or not and how such quotes should be used in evaluating credit and negotiating lending opportunities in addition to whether or not to purchase this insurance. Finally, the quality of the seller is a consideration. There is no good reason to buy fire insurance from someone that might not be able to pay for your building if it burns down. CDSS have been private party transactions and, as stated earlier, there have been solvency problems with some of the sellers of such instruments. There is now a move under way to create a central exchange for such transactions with both regulations governing the sellers, more standardized contracts and financial backing of the instruments from the exchange. Such an exchange will address both the transparency of the process and the efficiency of market prices. Risk mitigation strategies (risk-based pricing, portfolio risk management, credit risk modeling, etc.) need to be carried out thoughtfully. If something sounds too good to be true, it deserves a deeper look. Your bank’s credit regimen may well be better at evaluating default probability than a marketplace that is prone to feed on its own fears. But, CDSS “insurance” quotes are an outside point of reference and an option to mitigate some credit risk…no pun intended. Here are two interesting sources of information: *  BNET Business Network * Georgetown University -- Law Center

Just as with diet recommendations, moderation needs to be the new motto for credit risk management.  Diets provide for the occasional bag of chips or dessert after dinner, but these same food items become problems if the small quantity or occasional indulgence suddenly becomes the norm.   Similarly, we, in our risk management efforts, put forth guidelines that establish limitations on certain loan types or categories that have been deemed risky should the numbers or quantity become too large a part of the overall portfolio.  Unfortunately, we have a tendency to allow earnings or portfolio growth to cloud our judgment and take an attitude of “just one more.”   In the past several years, we have experienced excesses in commercial real estate, residential development and subprime mortgages.  It is now these excesses that are creating the problems that we are dealing with today.   Bringing back these limitations – in other words, reestablishing the discipline in our portfolio risk management – will go a long way in avoiding these same problems in the future.   As I learned early in my banking career:  “…soundness, profitability and growth…in that order.”

By: Tom Hannagan The problem in the 2005 to 2007 home lending frenzy was not just granting credit to anyone who applied. It was giving loans to everyone at essentially the same price range regardless of normal credit risk scrutiny.   While “selling” financial services may be largely an art form, appropriate risk-based pricing is more of a science.   Although the financial press seemed to have discovered sub-prime lending in the last year or so, such high-risk lending isn’t new at all. It has been (and is still being) done since finance and money were invented. And, importantly, sub-prime lending has been done profitably by many lenders all along.  The secret to their success, not surprisingly, has always been risk-based pricing -- even if they didn’t call it that until recent times.   Sub-prime funding has been available in many forms and from many sources. Providers range from venture capitalists to pawn shops. It includes pay-day lenders, micro loans, tax refund loans, consumer finance companies, and even dates to Shakespeare’s merchant of Venice.   We often hear complaints that the effective rates (prices) on loans from such sources are unfairly high and predatory. The cost of that credit is high, but so is the risk of that credit. Without these kinds of sources, and their high rates, there would not be any credit granted from for-profit sources to high-risk borrowers.   Listed firms that regularly provide pay-day loans or cash advances to sub-prime borrowers have very high gross margins and very high credit charge-offs, compared to banks. They also have much higher risk-based capital (or equity) positions that range from 40 percent to 60 percent of their average assets. This risk-based capital burden is much higher than the 8 to 10 percent found at commercial banks. So the sub-prime lenders have a significantly larger capital cushion than banks. Most of these financial results and ratios are examples of successful risk management where the credit risks are identified, managed, priced and backed by sufficient capital.   Then…along came the rose-colored greed of the housing bubble that resulted in aggressive building and selling of homes, loan originations to all (no-down, no-income, no-assets, no-problem mortgages), securities packaging and attractive ratings, and global leveraged investing -- all by prime-oriented entities and all at prime-oriented prices. Well, obviously, it didn’t work.   Risk-based pricing of mortgages would have dissuaded many home buyers to begin with… but what would we have done with all of those shiny new homes? Realistic credit models (that took into account a full credit cycle and a huge proportion of sub-prime credits) would not have rated mortgage-backed securities as AAA. Regulators that were still focused on earnings correctness (the last major snafu) should have been looking into realistic net asset values. And highly compensated investment bankers, with 30-to-1 leverage ratios, would not have gone overboard with intuitively dodgy investments. Few of these players took risk management seriously.   The new danger is that banks are doing the whole thing in reverse. They are tightening lending standards -- which is, of course, a euphemism for shutting off credit. The danger has nothing to do with so-called credit standards. It’s the general over-reaction of shutting off credit to all borrowers, again, without regard to relative risk. The latest Federal Reserve Board survey of senior loan officers paints a picture of rapid tightening to record levels.   We feel that credit standards should always improve AND that loan pricing should always proportionately reflect risk-adjusted rates and terms. Opening the flood gates and then slamming them shut is a very pro-cyclical behavior pattern on the part of bankers that doesn’t reflect a measured approach, borrower-by-borrower, using reasonable risk management at the client relationship level.

One of the more significant operational concerns around Red Flags compliance centers on the management of resultant referral volumes, i.e., the potential that the account origination or maintenance process will get bogged down due to a significant number of red flags detected.  These concerns are not without merit, and are arguably the most frequently discussed Red Flag issue with our client base. Organizations may be able to control referral volumes through the use of automated tools that evaluate the level of identity theft risk in a given transaction.  For example, customers with a low-risk authentication score can be moved quickly through the account origination process absent any additional red flags detected in the ordinary course of the application or transaction.  In fact, using such tools may allow organizations to speed up the origination process for these customers and identify and focus resources on those transactions that pose the greatest potential for identity theft. A risk-based approach to Red Flags compliance affords an institution the ability to reconcile the majority of detected Red Flag conditions efficiently, consistently and with minimal consumer impact.  Detection of Red Flag conditions is literally only half the battle.  In fact, responding to those Red Flag conditions is a substantial problem to solve for most institutions.  A response policy that incorporates scoring, alternate data sources and flexible decisioning can reduce the vast majority of referrals to real-time approvals without staff intervention or customer hardship.  Rather than implementing a “rules-based” program (one in which particular Red Flags are identified, detected and used in isolation or near isolation in decisioning), many institutions are opting to approach Red Flag compliance from a “risk-based” perspective. This “risk-based” approach assumes that no single Red Flag Rule or even set of rules provides a comprehensive view of a consumer’s identity and associated fraud risk. Instead, a “risk-based” systematic approach to consumer authentication employs a process by which an appropriately comprehensive set of consumer data sources can provide the foundation for highly effective fraud prediction models in combination with detailed consumer authentication conditions (such as address mismatches or Social Security number inconsistencies).  A risk-based fraud detection system allows institutions to make consumer relationship and transactional decisions based not on a handful of rules or conditions in isolation, but on a holistic view of a consumer’s identity and predicted likelihood of associated identity theft. Many, if not all, of the suggested Rules in the published guidelines are not “silver bullets” that ensure the presence or absence of identity theft. A substantial ratio of false positives will comprise the set of consumers and accounts being reviewed as having met one or more of the suggested Red Flag rule conditions. These rules and guidelines are intended neither to prevent legitimate consumers from establishing relationships with institutions nor create a burdensome and prohibitive volume of consumer “referrals.” While those rules incorporated into an institution’s Program must be addressed when detected, a risk-based system allows for an operationally efficient method of reconciliation in tandem with identity theft mitigation.

Whenever an industry encounters problems, the natural tendency is to play the blame game.  In the banking industry, credit risk managers are looking for who or what to blame for the tide of charge offs and delinquencies in their under-performing loan portfolios and in their commercial loan origination operations.  Credit scoring has definitely taken it on the chin as an easy target during 2008. Is credit scoring the problem? Absolutely not! As with anything, the more complacent we become…and the more we “turn off our brains” and stop thinking…the more risk we assume.  The more we solely rely upon the credit score alone, the more we subject ourselves to the risks inherent in “score and go” lending. We are all well aware that credit scoring measures propensity to repay and not capacity to repay.  Over the past several years, the propensity to repay has been boosted by ever-increasing real estate values and by the refinance boom.  For example, some consumers have been able to survive on a 50 percent debt–to- income due to constant use of credit cards …by paying off those cards with a home mortgage refinance.  That set of behaviors would have shown a propensity to repay…but  was it ever acceptable to have 50 percent of your income go to debt payments?! Statistically it may have worked for a few years, but once real estate values stopped escalating, the problem with lack of capacity to repay reared its ugly head. When it comes to risk management, let’s get back to reality and sound principles.

By: Tom Hannagan In my last post, I addressed the need for banks to advance their management of risk to include the relationship between capital and risk in their internal decisions and actions. While it is difficult for me to make this topic very exciting, it can’t be ignored. It very nearly resulted in bankrupting the global financial system. Beyond profitability, bank executives must measure and monitor their risk-based capital because: 1) equity capital represents the ownership interest in a bank; 2) equity capital is by far the most expensive source of funding; and 3) the risk associated with capital sufficiency and continued solvency is important. As Colonel Jessup might confirm, “Yes, we’re talking about mortal danger”. Many are scrambling to apply for the TARP (Troubled Asset Relief Program) capital infusion – and most are getting approved for these windfall funds. (Today’s investment advice from the experts: don’t buy common shares in any bank that applied and was turned down.) Let’s take a look at the impact of these funds. If we were, for example, a $10 billion total asset bank, with say $800 million in equity capital prior to TARP and had roughly $700 million in risk-weighted assets, we might get approved for $200 million in TARP-related preferred shares at a cost of 5 percent (after tax) for the next five years. If, our make believe $10 billion bank was earning an average pre-2008 economic-and-credit-crisis return on assets of 1 percent, or $100 million per annum, what are the implications of the added $200 million in capital on future earnings? That $100 million in “pre-crisis” earnings represented a return on equity of 12.5 percent on our original capital of $800 million. (Stay with me, now…)   Since we need to pay the Feds (our new shareholders) $10 million in preferred dividends per annum in after-tax money, we need to earn an added $16 million in pre-tax operating income just to break even on the deal. That would mean, in our otherwise static model, that earnings need to move from $100 million to $110 million. More importantly, pre-tax income needs to move from say $150 million to $166 million, assuming about a 33 percent effective tax rate. We’ve got the fresh $200 million to work with, assuming we don’t need part of it to cover credit charge-offs or other asset write-downs. To earn $16 million from that $200 million investment, we would need an 8  percent pre-tax operating income (that’s after expenses, folks). I’m open to suggestions at this point...And you thought banking was easy. You do that the old fashion way -- with leverage. You use the $200 million to get someone (depositors, the Federal Home Loan Bank, a Federal Reserve Bank, or anyone else) to give you more money to invest (at a critically important tax-deductible cost) along with your fresh $200 million in preferred equity. Remember, our bank is already operating with leverage, supporting $7 billion in risk-weighted assets, and $10 billion in total assets, with the pre-existing $800 million in capital. Unfortunately, leverage involves at least liquidity risk, and probably market risk -- on top of whatever direct (credit, market, operational) risks are associated with whatever end investment you choose (…and the Feds hope you choose loans). Obviously, the fastest way to get the added leverage, along with a quick addition to earnings assets, is to go buy another bank (and absorb them more successfully than the two of you ran separately). Thus, a new round of consolidation has begun. Regardless of the method used to grow into the TARP money, any bank that doesn’t take into account the risks associated with these decisions/actions is merely kidding itself. TARP funding will not make any real headway in improving risk-adjusted earnings going forward. There is (and always has been) a direct relationship between actual risk and risk-adjusted return.  It is now more important than ever for bank management to monitor and measure their organization’s activities (loan pricing and profitability, investing, deposit taking, investment management, credit risk modeling, buying other banks...and anything else they do) based on the relative risk of those activities and based on the equity capital realistically required to support those risks. This means using return on equity measurement internally as well as at the entity level. I look forward to your comments.

By: Tom Hannagan Much of the blame for the credit disaster of 2007 and 2008 has been laid at the risk management desks of the largest banks. A silver lining in the historic financial disaster of today may be the new level of interest in management of risk -- particularly, of the relationship between capital and risk. Financial institutions of all sizes must measure and monitor their risk-based capital for three critical reasons. Ownership interest First, equity capital represents the ownership interest in a bank. Although a relatively small portion of the balance sheet, equity capital is the part that actually belongs to a bank’s owners. Everything else on the liability side is owed to depositors or lenders. All of the bank’s activities and assets are levered against the funds contributed by the equity investors. This leverage is roughly 10-to-1 for most commercial banks in the United States. For the five major investment banks, this risk-based leverage reached 30-to-1. Their capital base, even with new infusions, could not cover their losses.  It is necessary and just good business sense to regularly let the owners know what’s going on as it relates to their piece of the pie—their invested funds. Owners want to know the bank is doing things well with their at-risk funds. Banks have a duty to tell them. Funding expenses Second, equity capital is by far the most expensive source of all funding. Transaction deposit funds are usually paid an effective rate of interest that is lower than short-to-intermediate-term market rates. Time depositors are competitively paid as little as possible based on the term and size of their commitment of funds. Most banks are able to borrow overnight funds at short-term market rates and longer-term funds at relatively economical AA or A ratings. Equity holders, however, have historically received (and typically expect) substantially more in the way of return on investment. Their total returns, including dividends, buybacks and enhanced market value, are usually double to triple the cost of other intermediate-to-long-term sources of funds. From a cost perspective, equity capital is the dearest funding the bank will ever obtain. Risk factor This brings us to the third reason for measuring and monitoring capital: the risk factor. A very large portion of banking regulation focuses on capital sufficiency because it directly affects a bank’s (and the banking industry’s) continued solvency. Equity capital is the last element of cushion that protects the bank from insolvency. Although it is relatively expensive, sufficient equity capital is absolutely required to start a bank and necessary to keep the bank in good stead with regulators, customers and others. Equity holders are usually conscious of the fact that they are last in line in the event of liquidation. There is no Federal Deposit Insurance Corporation (FDIC) for them, no specific assets earmarked to back their funding and no seniority associated with their invested money. We all know what “last in line” means for most shareholders if a failure occurs -- 100 percent loss.   There is a clear and direct relationship between equity risk and cost—and between equity risk and expected return.  It is now more important for bank executives to monitor and measure their organization’s activities based on the relative risk of those activities and based on the equity capital required to support those risks. This means using return on equity (ROE) a lot more and return on assets (ROA) a lot less. Because of the critical need and high cost of risk-based equity and the various risks associated with the business of banking, decisions about the effective deployment of capital always have been the primary responsibility of bank leaders. Now, the rest of the world is focusing more on how well, or poorly, management of risk has been done. I’ll comment on using ROE more in later posts.    

For those of us that have been following the Red Flag Rules adoption for more than a year now, the recent arrival and passing of the November 1 compliance deadline allows us to pause to assess where we are -- and where we are heading.  One question seems to surface regularly these days: How ready or compliant is the market today? Well, I think it’s safe to say that the market is certainly not 100% home when it comes to compliance readiness.  Experian surveys registrants on our Red Flags online resource site.  As of October 31 -- a.k.a. ‘Compliance Eve’ -- nearly half of the registrants (48%) fell into the category of ‘just starting to review the rules and determine a compliance plan’.  Other industry surveys, interviews, and analyst reports suggest an even lower rate of compliance (closer to only one-third of covered institutions) in the market.  The Federal Trade Commission seemed to sense this market condition, and granted a six-month reprieve from Red Flags compliance enforcement – to May 1, 2009.  While this extension is welcome news for those institutions falling under the FTC’s jurisdictional umbrella, other institutions are arguably out of compliance today, and face pending examinations in the coming months.  So, is the market ready today?  The broad answer is a resounding ‘no.’  Much of the market’s effort has gone into the creation of written Identity Theft Prevention Programs as part of the Red Flag Rule requirements.  How well will these written procedures be received by the examining agencies?  How will these written programs translate into effective and (as importantly) manageable operational processes?  The first wave of examinations will help answer some of these questions and concerns….and ongoing cost analysis (associated with: referral volumes; application acceptance rates; manual or automated processes; and, of course, fraud losses) will help paint a clearer picture in the months to come.

We know that financial institutions are tightening their credit standards for lending.  But we don’t necessarily know exactly how financial institutions are addressing portfolio risk management -- how they are going about tightening those standards. As a commercial lender, when the economy was performing well, I found it much easier to get a loan request approved even if it did not meet typical standards.  I just needed to provide an explanation as to why a company’s financial performance was sub-par and what changes the company had made to address that performance -- and my deal was approved. When the economy started to decline, standards were suddenly elevated and it became much more difficult to get deals approved.  For example, in good times, credits with a 1.1:1 debt service coverage could be approved; when times got tough – and that 1.1:1 was no longer acceptable – the coverage had to be 1.25:1 or higher. Let’s consider this logic.  When times are good, we loosen our standards and allow poorer performing businesses’ loan requests to be approved…and when times are bad we require our clients perform at much higher standards.  Does this make sense?  Obviously not.  The reality is that when the economy is performing well, we should hold our borrowers to higher standards.  When times are worse, more leniency in standards may be appropriate, keeping in mind, of course, appropriate risk management measures. As we tighten our credit belts, let’s not choke out our potentially good customers.  In the same respect, once times are good, let’s not get so loose regarding our standards that we let in weak credits that we know will be a problem when the economy goes south.

Experian Experian® is a global leader in providing information, analytical and marketing services to organizations and consumers to help manage the risk and reward of commercial and financial decisions. Combining its unique information tools and deep understanding of individuals, markets and economies, Experian partners with organizations around the world to establish and strengthen customer relationships and provide their businesses with competitive advantage. Experian Decision Analytics assists high-performing organizations all over the world by leveraging information to find, target and acquire new customers and to build, nurture and maximize lasting profitable customer relationships. We provide scoring, analytics, fraud detection, decision support software and consulting at every stage of the Customer Life Cycle to markets such as: Traditional and nontraditional lenders - including banks (from de novo to money center banks), finance companies, credit unions, first-party collections, retail credit, third-party processors and auto finance - from consumer and small-business lending to commercial lendingTelecommunicationsUtilitiesCable and satellite companies