Has your Bank Defined its Risk Appetite?
In their analysis of the root causes of the financial crisis, banking regulators determined that one of the main problems was the fact that many banks had not appropriately defined their risk appetite. As a result, regulators are placing an increased emphasis today on portfolio credit risk management.
Specifically, they expect community banks to create a risk appetite framework that sets a forward-looking view of the bank’s desired risk profile in different scenarios while establishing processes for achieving this profile. The framework should clearly define roles and responsibilities in the areas of monitoring and appraisal while setting forth the practices that link the board’s objectives with management actions to ensure that the risk profile remains within the defined parameters.
In addition, community banks should draft a risk appetite statement that defines the aggregate level and types of risk the bank is willing to assume within its risk capacity. This statement should include both qualitative and quantitative measures expressed relative to earnings, regulatory capital, risk measures and liquidity needs, among other factors.
A Robust Risk Management Program
The risk appetite framework and statement form the foundation of a robust risk management program that should be closely integrated with your bank’s overall strategy. They will become the basis for establishing a risk culture that should permeate the entire bank — sensitizing all employees to their role in managing credit risk while holding them accountable for the results.
According to Enhancements to the Basel II Framework, “it is the responsibility of the board of directors and senior management to define the institution’s risk appetite and to ensure that the bank’s risk management framework includes detailed policies that set specific firm-wide prudential limits on the bank’s activities which are consistent with its risk taking appetite and capacity.”
More specifically, the board of directors should be familiar with all material risks, have an understanding of the business lines and capital markets, and make sure that accountability and lines of authority are clearly delineated for identifying, measuring and managing risk.
Your risk appetite statement should drive strategic and day-to-day business decisions and be consulted whenever you’re considering introducing a new product or service, expanding existing product or service lines, or entering new markets. To be effective, the statement should:
- Clearly state the amount and types of risk your bank is comfortable with.
- Specify the limits and variability in relative parameters (both quantitative and qualitative) based on shareholder expectations, risk and capital constraints, and the bank’s strategic objectives.
- Address material risks under normal and stressed conditions.
- Enforce the risk culture established by the bank while setting clear boundaries and expectations.
- Enable management to take action so the statement has a real effect on the bank’s business strategy and risk profile.
Questions to Ask
In determining your bank’s appetite for risk and level of risk tolerance, you should ask yourself several important questions:
- “How important is growth and expansion in the current market environment?
- In what areas (e.g., industries, markets, types of borrowers) does growth and expansion make the most sense for us?
- How will we know when we should slow down growth to avoid overextension?
- What is our pain threshold, or the dollar amount of a material transaction?
- What are our acceptable bands of volatility as measured by earnings, capital and credit quality?
Once you’ve answered these questions, you can adjust your strategies to reflect current market conditions. For example, in an expanding economy, you could employ a more aggressive risk strategy by implementing lower debt service requirements, higher loan-to-value ratios, longer terms and slower amortizations. In a slowing economy, meanwhile, you might lessen your risk appetite by raising debt service requirements, lowering loan-to-value ratios, shortening terms and speeding up amortizations.
All of this eventually ties back to your bank’s risk and credit culture. These are defined by your unique approach to underwriting, managing and monitoring credit risk. In its 2013 release Guidance on Supervisory Interaction with Financial Institutions on Risk Culture, the Financial Accounting Standards Board (FASB) specified the following indicators of a sound risk culture:
- It starts at the top.The bank’s risk culture and core values must be set by management and the board of directors.
- All employees are held accountable. Employees at all levels of the bank understand the risk culture, as well as the fact that they are personally accountable for how their actions impact the culture.
- >Challenges and feedback are welcome.A range of views and feedback from all levels of the bank are encouraged as part of the decision-making process.
- There are incentives for the desired risk behaviors.Employee behaviors that reinforce the bank’s risk and credit culture are compensated financially.
- Line of business growth is managed prudently.In addition, policy and portfolio limits are followed while the risk and credit culture and message are reinforced continually and consistently.
Share Your Statement Organization Wide
It’s critical that your risk appetite framework and statement be shared throughout the organization, but especially with your line lenders. Otherwise, lenders may simply default to behaviors that result in the highest compensation for themselves — regardless of whether or not these behaviors correspond with your risk and credit culture.
To talk further about managing portfolio credit risk, please give us a call.
Source: New Horizons Financial Group
Risk Types, Management Tools and Lines of Defense
There are six main types of risk assumed by community banks and four main tools for managing these risks.
Types of risk:
- Credit risk
- Liquidity risk
- Market risk (i.e., interest rate, price and foreign currency translation)
- Operations risk (i.e., transaction and strategic)
- Compliance risk
- Reputation risk
Risk management tools:
Meanwhile, community banks can utilize three main lines of defense in their risk management efforts:
- Front-line departments (i.e., management controls and internal control measures)
- Risk and compliance management (i.e., financial controls, security, risk management, inspection, compliance)
- Audit and the board of directors