Best Practices in Strategic Credit Risk Management October 2004 Sponsored by Contents Contents ............................................................................................................................................2 Introduction.......................................................................................................................................3 Management Summary...................................................................................................................4 Effective Credit Risk Management ................................................................................................6 Enterprise View of Credit Risk..................................................................................................... 11 Strategy, Policy and Business Processes Alignment ............................................................... 19 Active Management of Credit Risk.............................................................................................. 23 Conclusion....................................................................................................................................... 26 12/10/04 2 Introduction Effective credit risk management has gained an increased focus in recent years, largely due to the fact that inadequate credit risk policies are still the main source of serious problems within the banking industry. For example, according to ZNet, the consequences of the Parmalat collapse were severe, with major institutions suffering heavy losses. Bank of America lost a total of $274 million, Citigroup $242 million and UBS €420 million. Managing credit risk thus remains an essential and challenging corporate function. The chief goal of an effective credit risk management policy must be to maximize a bank’s risk-adjusted rate of return by maintaining credit exposure within acceptable limits. Moreover, banks need to manage credit risk in the entire portfolio as well as the risk in individual credits or transactions. This executive summary seeks to investigate how much progress banks are making in the development and deployment of a successful credit risk management strategy. The specific areas to be looked at are as follows: • Effective Credit Risk Management • Enterprise View of Credit Risk • Strategy, Policy and Business Processes Alignment • Active Management of Credit Risk The infor mation presented in this paper has been compiled from interviews with eight senior risk managers at leading global banks and from Lepus’ extensive industry experience. 12/10/04 3 Management Summary Effective credit risk management Key components of effective Credit Risk management - Robust technology, defined business processes, detailed policies, and sophisticated analytics are the main ingredients of effective credit risk management. Role of technology in credit risk management – Technology plays a significant role in enabling active portfolio management, data transparency, growth in the organization, elimination of manual processes and efficient management of information. Drivers of effective credit risk management – Basel II is the key driver in shaping the banks’ approach to credit risk management. Other drivers include centralization, standardization, consolidation and timeliness of credit risk management along with active portfolio management and efficient tools. Effective credit risk management as a value enhancing activity - Consolidating credit lines for customers along with efficient use of capital risk adjusted return through Basel II implementation and ISDA’s Credit Support Annex (CSA) contribute to a value enhancing activity. Enterprise View of Credit Risk Achieving enterprise-wide credit risk management - Banks achieve enterprise credit risk management through deploying a global credit risk management system, regular meetings of Risk Oversight Committees and efficient use of technology. Challenges of achieving enterprise view of risk – The major challenges faced by banks include reporting, analytics and data quality issues. Integration and standardization - Many banks have yet to integrate the disparate components of their credit risk systems, for a consistent framework. The key solution is to implement a centralized reporting system. Methodologies used for credit risk – Banks are using current and potential exposure calculations, KMV’s Portfolio Management, credit VaR, expected and unexpected losses and survival analysis to measure credit risk. Technology used for enterprise credit risk: buy versus build – Banks manage their enterprise credit risk using only in-house solutions (25%) or a combination of both third party vendor/consulting and home-gr o w n solutions (62%). The remaining banks refrained from comment. Early warning systems - Examples include Moody’s credit ratings, periodic surveillance program, and stress testing. 12/10/04 4 Strategy, Policy and Business Processes Alignment Current state of alignment - Aligning strategic vision, policy objectives and business processes is apparent in 50% of the interviewed banks, whilst 38% of the banks are still in the process of achieving this goal. Existing gaps in alignment – Some of the existing problems with alignment include transparency in technology, conflicting ideas, the need to migrate from a volume-based to a value-based business, and setting common procedures and policies. Adherence to Credit Policy - Banks use a variety of methods to design and monitor adherence to credit policy, which include limit checking, credit inspection, pre- deal checking, global system, education and training. Active Management of Credit Risk Risk concentrations and credit portfolio management – Banks monitor risk concentration and credit portfolio management by using a global reporting system, economic capital model and exposure risk systems. Credit hedging - Credit hedging decisions are exercised using value on default, potential and current exposure methodologies, and ad hoc case by case analysis. Conclusion Currently, the focus for many banks is to adopt an enterprise-wide credit risk management approach, since it gives an integrated view of risk. The findings of the research suggested that best practice in credit risk management should demonstrate centralization, standardization and timeliness of risk management. 12/10/04 5 Effective Credit Risk Management Key components of effective Credit Risk management Effective credit risk management is a critical component of a bank’s overall risk management strategy and is essential to the long-term success of any banking organization. Overall, the components of effective credit risk comprise active Board and Senior Management oversight; sufficient policies, procedures and limits; adequate risk measurement, monitoring and management information systems; and comprehensive internal controls. Lepus sought the opinions of industry participants on the key components of effective Credit Risk management. The responses of the eight banks interviewed are summarized in the graph below: Figure 1: Key components of effective Credit Risk management Robust technology 38% Business processes 25% Policies 25% Exposures 25% Robust analytics 13% 0% 5% 10% 15% 20% 25% 30% 35% 40% Source: Lepus • Robust technology and business processes Robust technology w as mentioned as a critical component of effective credit risk management by 38% of the interviewees. It is thought to help banks identify, measure, manage and validate counterparty risk, although it is of little value without effective credit risk policies and business processes in place. • Policies In 25% of the banks, having a comprehensive and strategic vision for credit policy is vital as it sets guidelines for businesses, giving rise to effective credit risk management. These guidelines include a set of general principles that apply to all 12/10/04 6 credit risk situations, as well as specific principles applicable to some countries and types of counterparties and/or transactions. • Exposures In 25% of the interviewed banks, the ability to measure, monitor and forecast potential credit risk exposures across the entire firm on both counterparty level and portfolio level is vital. • Robust analytics A key component of an effective credit risk management strategy suggested by 13% of the banks is having robust risk analytics. Efficient and accurate credit analytics enable risk managers in banks to make better and more informed decisions. The availability of better information, combined with timeliness in its delivery, leads to more effective balancing of risk and reward, and the possibility of higher long-term profitability. • Other The other ingredients of effective credit risk management were thought to include credit risk transparency, defined credit decision process, sophistic ated risk measurement methodologies , stress testing, timeliness and accuracy of risk calculations as well as efficient credit risk reporting. Role of technology in credit risk management As mentioned, technology is widely acknowledged to be a key component of effective credit risk management. Lepus thus sought industry opinions on how important IT is for achieving best practice in credit risk management. 38% of the interviewees stated that technology plays a significant role in enabling active portfolio management and assessment. This is followed by data transparency (25%) and facilitation of global credit risk function (25%). Subsequently, technology facilitates elimination of manual processes and allows information to be managed in an efficient and effective way. Figure 2: Role of technology in credit risk management Active portfolio management 38% Facilitates global credit risk function 25% Data transparency 25% Eliminates manual process 13% Manages information efficiently and effectively 13% 13% Just a tool 0% 12/10/04 5% 10% 15% 20% 25% 30% 35% 40% 7 Source: Lepus Furthermore, one bank stated that while technology can help banks to facilitate innovative credit risk management procedures, it is simply a tool and is useless if misused. Another opinion expressed by one of the interviewees is that technology plays a bigger role in the trading book than in the lending book as it enables key questions to be answered such as the cost of credit risk. Drivers of effective credit risk management Regulatory requirements Basel II was highlighted as one of the main drivers in shaping the banks’ approach to credit risk management. This is primarily because it imposes disciplinary capital charges for procedural errors, limit violations and other operational risks. It also creates new pressures to ensure that effective credit risk management controls are in place. A leading investment bank, for example, commented that regulations drive their credit risk management procedures. The bank is forced to provide more detailed disclosures in their annual reports. These may include information on its strategies, nature of credit risk in its activities and how credit risk arises in those activities as well as information on how they manage credit risk. Basel II will affect a number of key elements in another European bank, including a more rigorous assessment of the bank’s credit risk appetite, more technical approach towards their counterparties and better portfolio risk management. Another bank mentioned that the impact of Basel II is largely dependent on the environment they are regulated under, as it is different for each region. In one US bank regulatory pressure has raised the status of the Risk Group, whilst in another it is viewed as distracting from the bank’s strategic business projects. Best practices in credit risk management While regulatory compliance is indeed a significant driver, most banks’ credit risk management aspirations span beyond this. Key players also seek to gain competitive advantage through effective credit risk management. The objective of best practices in credit risk management is to provide comprehensive guidance to better address credit risk management. The findings from Lepus’s survey illustrate that credit risk management practices differ among banks, as it is dependent upon the nature and complexity of individual bank’s credit activities. Sound practices should generally address the following areas: (i) establishing an appropriate credit risk environment (ii) operating under a sound credit-granting process (iii) maintaining an appropriate credit administration, measurement and monitoring process; and (iv) ensuring adequate controls over credit risk. The feedback from banks demonstrates that centralization, standardization, consolidation, timeliness, active portfolio management and efficient tools for exposures are the key best practice in credit risk management. A tier - 1 American bank is considering having more efficient tools for “what if” analysis and tools to provide transparency to the business. This is particularly important for counterparty exposure at a firm-wide level. Another US institution is focusing on stress testing, concentration risk, macro-hedges and capital 12/10/04 8 markets risk management. Moreover, the firm has consolidated market risk and credit risk. In 25% of the interviewed banks, achieving best practice involves having an active portfolio management in the lending book along with real- time credit risk management. A leading investment bank identifies best practice as having good quality data, for example, identifying processes that induce data errors. Timeliness is another contributing factor. Real time pre- deal checking, effective credit limits management and country risk management are key to good credit risk practice in another bank. However, this is largely dependent on the market the bank is targeting. Effective credit risk enhancing activity management as a value If deployed correctly and effectively, credit risk management can be a value enhancing activity that goes beyond regulatory compliance and can provide a competitive advantage to institutions that execute it appropriately. Some of the examples demonstrating the statement above include consolidating credit lines for customers in order to achieve greater business activity, efficient use of capital risk adjusted return through Basel II implementation and International Swap Derivatives Association’s (ISDA) Credit Support Annex (CSA) allowing banks to deal with lower rated entities. • Consolidating credit lines Consolidating credit line allows one bank to manage capital adequacy more efficiently. For instance, all of the bank’s global customers such as Ford Motor Company , have consolidated global credit lines across multiple countries such as the UK, Germany and Singapore. By deploying global credit lines, total credit is reduced thus allowing for more business activity. • Efficient use of economic and regulatory capital Having consistent, comprehensive risk architecture will make it easier for banks to calculate and manage capital. Banks mainly in the USA and Europe use economic capital for the following reasons: § to ensure that the bank has a safe level of capital to guard against risks and to meet regulatory requirements. § to price loans to earn attractive risk adjusted profits. § to apply economic capital’s trio of core decision making criteria (risk, capital requirements and returns) in strategic business planning and to measure Return on Equity (ROE) by line of business, product or customer to ensure that capital is effectively allocated among different activities in a bank to maximize shareholders’ value. Once the economic capital is computed across the bank, the bank’s actual equity capital is allocated to individual business units on the basis of risks so that shareholders’ wealth can be maximized. There are two ways to ensure that the amount of capital is appropriate to the risks it faces. The first is to ensure that the risks are not excessive, given the capital. The second is to ensure that capital is adequate, given the risks . If the economic capital exceeds the regulatory capital, there is no 12/10/04 9 problem. If the regulatory capital exceeds economic capital, the excess can be treated as a cost (regulatory overhead), leading to increase in the hurdle rate of the bank. This cost can be allocated on a pro-rata basis to all elements of economic capital so that every unit of the bank is equally sharing the burden of regulatory requirements. • CSA ISDA‘s CSAs are used extensively in several of the interviewed banks (with mos t of their counterparties) as they add significant value to the firms. These banks have signed CSAs with a large majority of their counterparties in order to call for daily cash collateral cover of all outstanding positions. The major benefits gained from daily collateralization are the reduction in risk amounts and capital usage, and the significant shortening of the potential future exposure risk window. Many of the banks monitor the number of overdue master agreements and overdue trade confirmations, as they could affect the banks’ ability to net collateral against the gross exposure. Late payments or disputed calls are other potential indicators of operational problems, which could impact on the effectiveness of credit management. • Use of derivatives to reshape credit profile Credit portfolio management is a value enhancing activity as some of the interviewed banks use credit derivatives to reshape their credit profiles. The use of credit derivatives, in one tier-1 bank has significantly reduced its financial markets’ credit risk from between 70% and 75% to between 40% and 45%. Credit derivatives create new possibilities for risk transformation through innovative structures such as credit default swaps, basket swaps and debt obligations. Further derivative structures may involve the indexing or reinsuring of illiquid middle market and the creation of short positions in credit risk. This will greatly increase the power and flexibility of portfolio strategies. Hedging decisions are largely made by banks’ separate portfolio management groups and senior management teams. Some of the interviewed banks use credit derivatives for active portfolio management, to offset exposures such as inventory and loans, to examine the industry’s portfolio and concentration portfolio across the institutions, and to mitigate exposures. The benef its gained from using this activity typically lead to reduced regulatory capital, freeing up credit lines and allowing firms to effectively manage credit exposures. • Technology Along with credit derivatives, technology can also contribute to reshaping banks’ credit profile by allowing banks to know the type of exposures and price transactions they are dealing with. These elements are required to hedge exposures. 12/10/04 10 Enterprise View of Credit Risk Achieving enterprise -wide credit risk management Many leading banks have abandoned the traditional approach of managing risk by silos . Instead, banks are adopting an enterprise credit risk management approach that gives an integrated view of the risks faced by the organization. A tier-1 investment bank regards enter prise cr edit risk management as the entire banking infrastructure that excludes IT. This includes credit risk, market risk, financial control, telecommunications and data centers in the corporate bank. Technology is excluded, as it is cons idered to be an external entity. Implementing a scalable and consistent enterprise risk management framework is a challenging task for many banks. To measure price and manage credit risk effectively at the enterprise level, banks have to integrate a variety of disparate systems. These systems should be able to collect substantial quantities of data on credit ratings, credit transitions, loss experiences, rating and default histories in addition to a variety of other relevant credit information. Banks achieve enterprise credit risk management through various strategies . One American bank mentioned that their global credit risk management is mainly facilitated by technology, whereas, another leading American bank has a risk officer to manage all the risk groups within the firm. One of the banks mentioned that their Risk Oversight Committee including the Head of Credit Policy meet on a regular basis to discuss the bank’s risk appetite. A third investment bank uses a technology solution to achieve enterprise-wide credit risk management. This system provides accurate global limits and credit exposure information in real-time for increased transparency across the bank and greater operational efficiency. Challenges of achieving enterprise view of risk Issues with data management Consistent, accurate and reliable data is the foundation of effective credit risk management. Inaccurate or inconsistent data may hinder the banks’ ability to understand its current and future business problems. All the banks interviewed clarified that there are always some problems with data management. Some of the major issues experienced by banks with regard to data management include data quality and standardization, assembling accurate data sets with minimum reconsolidation and back-testing of ratings. A tier - 2 American bank approaches data problems by having monthly and quarterly reviews to discuss and provide solutions to these problems. For example, the bank constantly strives to enhance their exposure numbers at an enterprise level by making them more accurate and delivering them in a timely manner. A European bank explained that Basel II encourages the firm to adopt a standardized format for all their information, so that data issues can be mitigated. One investment bank is constantly refining the coverage and accuracy of their new technology or products as there are always some gaps. Furthermore, to reduce credit exposure, the bank is migrating to a cross netting environment. 12/10/04 11 A tier-2 bank has similarly recognized the need for a centralized customer database. They are also currently in the middle of several large-scale projects aiming to rational ize their multiple credit risk systems. This is driven by their belief that multiple systems produce multiple data sources, which inevitably causes data management problems. Issues with analytics Issues with analytics are a concern for many banks, with 74% of the interviewees indicating that they have some problems in this area. In comparison, only 13% of banks do not have any problems with analytics. Figure 3: Are there any issues with analytics? 13% 13% Yes No No comment 74% Source: Lepus Some of the issues raised by the banks include analytics for portfolio analysis and for complex derivatives, back testing of these analytics, adopting a standard approach to analytics and the ability to keep up with new products. Adopting a standardized approach for analytics is deemed quite challenging in one European bank. Some of the obstacles the bank has to overcome include dissimilar systems, decentralized model approval process, challenges associated with the global scale of their operations and different levels of maturity and size of individual businesses. While the bank has admitted that at the enterprise level there should be a standardized approach, it is challenging to roll it out in individual areas, where individual requirements are far too specific . The bank gave an example of the lending book, saying that it is virtually impossible to summar ize decisions for the whole of the lending book. Furthermore, the bank stated that it is hard to categor ize things in a wider context. They are currently doing some analysis of broad economic capital implications, however they still believe that a single credit measure will never give them a full picture. One tier-2 bank has some home grown credit risk management solutions to address some of the problems stated above. Another bank resolves their issues with analytics by applying more potential exposure simulations to their products. A leading investment bank’s main challenge with analytics is the ability to efficiently manage the products, accurately measure credit risk and achieve good quality data. Consequently, the bank has a team of mathematicians and programmers to enhance these areas. 12/10/04 12 Issues with reporting Figure 4: Are banks experiencing any issues with reporting? 25% 38% Yes No Do not know 38% Source: Lepus * Note: the figures do not total to 100% as they have been rounded up to the nearest whole number . It is important to ensure accurate and transparent reporting. However, many banks find this to be challenging. 38% of the interviewed banks, all of which were tier -2 institutions, are experiencing some problems with reporting, mainly relating to timeliness and consistency of terminology across the board. One of the banks has too many reports , which results in pr oblems with identifying common trends. The bank is overcoming this issue by consolidating their existing reporting systems so that an enterprise-wide reporting tool can be obtained. A further bank stated that if there were any existing issues with data, it would ultimately have a knock on effect on the coverage of the report. For that reason, the bank constantly tries to address this problem by enhancing their current reporting tools. In contrast, according to our interviewees 38% of the banks generally do not experience major problems with their reporting. This is mainly due to banks having good reporting infrastructure and global reporting systems in place. This said, one needs to keep in mind that from our extensive industry experience, no bank has so far achieved adequate ability to report aggregate credit exposures across the whole enterprise. Integration and standardization Ensuring credit risk reporting and modeling consistency As banks are becoming increasingly aware of the heightened importance of effective credit risk management throughout their organizations, they are increasingly focusing on consistency in credit risk reporting and modeling. This is achieved in a number of different ways. The key for half of the banks is to set up a centralized reporting system. One of the banks, for instance, has a global Credit Risk system that covers most regions with the exception of Latin America and East Asia, which are still in the process of moving onto this firm-wide system. 12/10/04 13 In 38% of the interviewed banks, a special ized risk group has been set up to ensure consistency between reporting and modeling. One bank, for example, has a central model approval group that focuses mainly on market risk. A second bank has a risk review process, which is undertaken by the risk group. A number of people within this group collate the required information and analyze the data to see if it is consistent with the method. The source from this bank further added that the process of ensuring modeling consistency is not yet up to standard. A further bank stated that from a capital markets perspective, the bank does try to ensure consistency across all lines of business and there are many ways of achieving this. There is always some inconsistency between finance and risk reports. However, the bank has a steering committee that validates the models to make sure they are consistent. Integrating market and credit risk The integration of market and credit risk measurement requires the ability to interweave the concept of VaR with a cr edit risk model. Basel II, for instance prompts banks to consider the correlation between the different risk types and the most appropriate way to mitigate the banks’ exposure. Essentially the risk types inter-relate, for example market volatility impacts the value of collateral, which has an impact on banks’ credit risk. Managing the relation between these risks and mitigating exposure to them through a single, highly integrated risk management technology framework ensures banks meet the demands of the accord. Furthermore, integrating market and credit risk into a single risk management system will ultimately be cheaper and more productive than maintaining separate market and credit risk systems. It also enhances the decision- making process and allows banks to better adhere to current “best practice” guidelines and emerging regulations thus making regulatory reporting a far simpler task. Banks’ perspectives on the value of integrating market and credit risk were varied, remaining mainly positive. A tier-2 investment bank explained that by integrating credit and market risk, the components of trade prices could be distilled as well as improving market trading measurements and pricing reserves. Another tier - 1 bank mentioned that from a risk appetite point of view, duplication of data would be reduced or eliminated altogether. From an infrastructure point of view, aligning the information required to manage market and credit risk would result in cost savings and consistent data. A third bank commented that the insight of the overall risk return decisions would be gained instead of individual risk silos. Having acknowledged all the benefits of integrating credit and market risk outlined above, some of the banks have already launched IT projects in this area. By w ay of example, one tier 2 bank has integrated their market, credit, operations and liquidity risk systems into one data architecture and one risk engine. This draws information from across the bank’s activities and feeds it into a network of unified engines. It powers the front, middle and back offices, providing decision support to trading desks, risk control, the back office and senior management. The main purpose for this integration was for the bank to move away from silo model because it creates an ex cessive strain on the bank’s systems. Fewer systems, and the simplification of a bank’s overall technology infrastructure, will reduce IT costs. 12/10/04 14 Another bank gave two examples illustrating that integrating market and credit risk can enhance the ability to manage credit risk more efficiently. The first example is pricing corporate bonds for which time series properties of credit spreads are looked at. The second example is capital calculations , where stress- testing, a traditionally market risk measurement methodology, is increasingly more often used for credit risk in the form of Credit VaR. Similarly, in a third bank the techniques used to evaluate market risk are also applied to credit risk. Consequently, the distinction between traded (market) risk and non-traded (counterparty) risk is now becoming blurred. A fourth bank explained that there would be serious organizational hurdles to overcome if they were to integrate market and credit risk. These two areas have traditionally been separate, due to the fact that 90% of the bank’s credit risk is concentrated in the banking book and only 10% in the trading book. Thus, the focus of the risk group on the investment banking side has been on market risk, with most credit risk done on the commercial banking side. However, with the arrival of credit derivatives, these two types of risk have become a lot closer, leading to a greater scope for integration. An investment bank believes that although credit and market risk measure different things, they are similar , since they look at the same data but from two different perspectives. It is due to this sharing of data that some aspects of credit and market risk can be integrated. In contrast, another two banks stated that there is limited value in integrating market and credit risk. One of them claimed that although adopting a single framework in the form of an overall economic capital model is an attractive idea, it would only show the bank’s overall risk exposure and is not going to provide the necessary level of de tail. Integrating disparate parts of the system Disparate systems produce inconsistent data that often gets re-conditioned into other calculations. Many banks have yet to integrate the disparate components of their credit risk systems, for a consistent framework to manage all sources of credit risk. Some of the benefits of integrating disparate systems include easy comparison, aggregation and analysis of information across many different business areas. The findings indicate that only 38% of banks surveyed have actually integrated the disparate parts of their systems. One of the banks has an application framework that brings together all the risk management functions types (such as reporting, limits, real time snapshots and what-if scenario analysis). Consistent information is required so that the bank’s workflow tool can provide a bridge between these components. The most challenging element for the bank when integrating the disparate parts was to have a unified communication so that everyone can understand it. Another bank stated that they integrated all their disparate parts (such as OTC derivatives, security trading and repo trading components) of their credit risk system using a web-based technology. Whilst incorporating the risk systems the bank encountered some barriers such as getting the systems to have a common ground so that they can communicate with each other. A further tier- 1 bank uses client –server technology to integrate their disparate parts. Currently, the bank is in the process of replacing their retired systems with a global centralized system. The bank experienced many obstacles with this integration, such as 12/10/04 15 meeting performance requirements in third-world countries as well as overcoming reluctance to retire and replace legacy systems. Figure 5: Integrating disparate parts of the systems Integrated disparate systems 38% Looking into integrating 50% Separate systems 13% Source: Lepus * Note: the figures do not total to 100% as they have been rounded up to the nearest whole number . Although the percentage of integrating disparate systems is currently relatively small, it is believed that this percentile will increase in years to come. At present, one leading bank mentioned that there are already consultants in the US working towards achieving this goal. The disparate parts that need to be integrated include fixed income risk, foreign exchange and rates risk as well as integrating issuer/counterparty risk and market risk. Some of the key issues that are delaying/preventing the disparate components to be integrated are timing, different reporting requirements/procedures and costs. Methodologies used for credit risk Calculating counterparty credit risk enhances credit risk management capabilities but poses a variety of challenges. Current practice in credit risk management consists of expected and unexpected loss measures, and portfolio management measures, which require current and potential exposure calculations. Each type of measure serves a different purpose in credit risk management. Figure 6: Methods used to measure credit risk Current and potential exposure 63% KMV's Portfolio Management 50% Credit VaR 63% Expected and unexpected losses 13% Survival analysis 13% 0% 10% 20% 30% 40% 50% 60% 70% Source: Lepus 12/10/04 16 The majority of banks (63%) use current and potential future exposure calculations to measure credit risk. The purpose of exposure calculation is to support the assessment of portfolio and firm compliance with policies and guidelines, and to assess credit concentrations. To measure the current and potential future exposure of portfolio positions, banks need appropriate valuations of positions, as well as the ability to aggregate positions by counterparty, simulate future market values, net exposure where netting agreements allow and incorporate collateral to mitigate exposures. Subsequently, 63% of the interviewed banks employed Monte Carlo VaR and Moody’s KMV model. The other methods used to measure credit risk include survival analysis, and expected and unexpected loss. The benefit of calculating expected credit loss is to establish expected net returns to the portfolio. Unexpected credit losses are used to determine extreme potential credit losses to the portfolio. With regard to future plans, most of the interviewed banks are planning to either implement or further improve their Monte Carlo VaR. Other methodologies that banks want to implement in the future are daily stress- testing and migrating from single factor analysis to multi-factor analysis. 25% of the banks anticipate adopting Credit VaR. Additionally, one bank would like to employ more sophisticated exposures across margining and netting. One bank will focus its efforts purely on enhancing and extending their existing methodologies such as their capital model, Credit VaR, probability of default and stress testing. Technology used for enterprise credit risk: buy versus build Figure 7: Vendor versus in- house 13% 25% All in-house Both in-house and vendor No comment 62% Source: Lepus Only a quarter of the banks interviewed managed their enterprise credit risk entirely inhouse. The banks who have adopted this approach believe that home grown solutions are customizable to meet specific requirements. In contrast, 62% of the banks used some form of third party vendor/consulting coupled with their own home grown solutions for enterprise credit risk management. Three of the interviewed banks further clarified the ratio of their in-house versus vendor technology. Figure 8: In-house versus vendor technology split % of in- house technology 12/10/04 % of vendor technology Bank 1 20% 80% Bank 2 40% 60% Bank 3 70% 30% 17 Source: Lepus As seen from the table above, in two of the banks vendor technology prevails and only a smaller share of in-house technology is used for enterprise-wide credit risk. The benefits of using vendor solutions include vendor expertise, variable costs and superior technology. A European bank, for instance explained that the firm uses more vendor solutions than in- house. This is primarily due to lack of internal capacity required to carry out regulatory projects in the risk IT space. One of the banks interviewed uses a comprehensive vendor credit risk management solution for measuring, controlling and managing global credit exposures, as well as for economic regulatory capital. Another tier - 2 bank also uses a vendor solution (delivered via an application service provider (ASP) framework coupled with some home-grown systems. The vendor software enables the bank to control their risk exposures through the implementation of global risk policies and to manage their risks through the adoption of modern portfolio risk management practices. A further tier-2 investment bank has outsourced their website front- end reporting to an Indian vendor. The bank also uses a vendor solution to integrate their data. Early warning systems Some of the interviewed banks have adopted early warning systems in order to strengthen the process of proactive risk management. The type of early warning systems to monitor asset quality and risk exposures varies amongst banks. One type would be daily warning reports on credit that illustrate unmatched credit lines, trends, incorrect areas and solutions to address the problems. However, the bank using this warning report is considering migrating to an intra-day solution for monitoring risk exposures. Another type of early warning system w ould be reports such as Moody’s credit ratings to monitor asset quality and risk exposures. An active periodic surveillance program is evident in one bank. This program examines trends and price movements. Nevertheless, the bank anticipates moving towards a more proactive market approach. Daily stress testing is exercised in one leading investment bank. It has seven historical scenarios to monitor asset quality and risk exposures. The skill sets, experience and judgement of employees are also exploited to raise key issues. A further bank has a prototype system called “Early Warning” to monitor their risk exposures and asset quality. This system, which is currently in development, examines share prices, market movements, credit default spread and ratings. 12/10/04 18 Strategy, Policy and Business Processes Alignment Current state of alignment Figure 9: Alignment of strategic vision, policy objectives and business processes within the banks Yes 38% No comment 50% Working towards alignment 13% Source: Lepus * Note: the figures do not total to 100% as they have been rounded up to the nearest whole number . Aligning strategic vision, policy objectives and business processes is apparent in 50% of the interviewed banks. This requires close interaction between team members from IT divisions and user-groups. According to one bank, it took them three years to achieve this alignment. As it is such a long process, 38% of the interviewed banks are still in the process of achieving this goal. Some banks have revealed that they have encounter ed some problems with communication, changing culture and legacy set- up on the way to aligning their strategies, policies and business processes. In terms of cultural change, a substantial amount of time is required for people to get used to the newidea. Existing gaps in alignment • Technology issues The opinions of the interviewed banks w ere equally split between those who believe that technology helps to facilitate alignment of strategy, policies and business processes and those who feel that technology is an enabler of this alignment driven by business management. The latter half stated that technology supports and empowers businesses to align to the business strategy. One tier - 2 bank clarified that the “Credit Risk Group” manage all credit systems and projects. Consequently, banks are driven by business and supported by technology. In terms of technology gaps, transparency is a key issue in one leading American bank. If the bank has more transparency in their technology, alignment can be optimized. 12/10/04 19 • Business issues Half of the banks are currently experiencing some business issues with the alignment of their strategies, policies and business processes. These include conflicting ideas, the need to migrate from a volume- based to a value-based business, setting common procedures and policies and achieving comprehensive methodologies. Figure 10 : Business gaps 25% Yes 50% No Do not know 25% Source: Lepus Some conflicting ideas between risk management and the front office are evident in one tier-2 bank. The bank explained that this is a natur al process driven by the different nature of the two functions. While the front office are aiming to achieve financial expertise and a high level of specialization in order to generate higher profits, the credit risk function are striving to achieve a balanced portfolio which mitigates the possibility of losses. For instance, this bank gave an example of their front office wanting to specialize in certain areas of financing but credit risk staff are not equally supportive of this idea as this may cause concentration risk. The strategy of the front office in this case is to move away from volume to value through specialising in certain products, which makes their credit risk function weary of potential risk concentration implications. This conflict of interests can be resolved with the help of good credit risk technology as well as astute risk management strategies. The latter can help banks to find a perfect balance between risk and reward, and stop front office from being too precarious and credit risk from being too conservative. Sophisticated credit risk management technology, on the other hand, can allow banks to find the bridge between the two drivers using stateof-the-art scientific methods. Only 25% of the interviewed banks are not experiencing any significant business issues with regards to aligning processes and policies. However, one of the banks mentioned that they have encountered some minor gaps with regulatory requirements. Adherence to Credit Policy Monitoring adherence to credit policies Ban ks use a variety of methods to design and monitor adherence to credit policy. Some of the methods mentioned by investment banks include limit checking, credit inspection, predeal checking, global system, education and training. 12/10/04 20 Figure 11 : Design and monitor adherence to Credit Policy Limit checking 38% Credit inspection 25% Pre-deal checking 13% Global system 13% Education and training 13% 0% 5% 10% 15% 20% 25% 30% 35% 40% Source: Lepus 38% of the banks mentioned that credit limit checking was used to meet their credit policy requirements. The credit risk limit specifies the maximum exposure a firm is willing to take to a counterparty. Similarly, another bank use a combination of both automated (limit checking) and manual controls checks to adhere to the credit policy. In terms of credit inspection, one bank has an internal audit group that inspects the quality of their credit. As for training to educate employees on credit policy, one American bank has online training tests that help people to understand the requirements of credit policy. Recently, the bank has adopted a “workflow” training application, which highlights more effectiv ely the new changes made to the credit policy. As a result, it enables employees to learn more about current policies. Keeping policies up-to-date Half of the interviewed banks have regular meetings to review their credit policy to ensure that it is up to date. The review process typically takes place on an annual basis. This is vital to ensure that policies are aligned with the economic climate. One of the banks is in the process of revamping their hedge fund policies with particular focus on what peers are doing and on staff turnovers. The level at which credit policy is discussed varies from one bank to another, for example it can range from a business level to group risk level to Board level. At the Board level, the topics discussed tend to be about rating grades, set style and thresholds. At the business level, topics discussed include what types of opportunities are available and policies are written in alignment with these availabilities. One leading American bank stated that their Credit policy manager writes all the policies without IT involvement. This gives the bank more flexibility as modification can be made without discussing this with the technology group. Other elements to ensure that credit policy does not come out of date include commissioning industry studies and constant liaison with the regulators. Peer pressure was mentioned as a factor that encourages banks to be more efficient in managing risk policies. 12/10/04 21 Only one of the eight banks expressed an opinion that their main driver is not to keep credit risk policies up-to- date and in alignment with the current economic climate but to ensure that their policies support their business strategies. Anticipated developments Banks have a variety of anticipated developments in the area of credit policy. Some of the suggestions from banks include meeting regulatory requirements of International A ccounting Standards , Sarbanes Oxley Act and Basel II, adopting an active portfolio management approach, adherence to the written policies, and enhancing credit policy to be more efficient, more frequently updated and accurate. Enhancing existing technologies is also important, as its main purpose is to reflect and enforce risk policies. 12/10/04 22 Active Management of Credit Risk One of the hardest challenges faced by banks in the risk area is active credit risk management. It requires banks to have consistent risk-based credit limits, rational riskbased capital allocations and consistent credit decisions. Active credit risk management can also mitigate future crisis events thus bringing considerable financial benefits. As one of the interviewed investment banks stated, active credit risk management is a fundamental process of proactively measuring, monitoring and managing risk. Furthermore, by utilising risk management technology, which has been transformed over the last decade, the speed of information flow and the sophistication of the international financial markets enables banks to identify, assess and manage risk in a way that was just not possible ten years ago. This section will highlight the two elements that contribute to an active management of credit risk, namely risk concentrations/credit portfolio management and credit hedging . Risk concentrations and credit portfolio management Portfolio management has allowed significant growth in credit risk management sophistication which has moved from an exposure limitation and loss avoidance process to a process of active management and fine-tuning of credit risks taken in the portfolio. Active portfolio management results in measuring and limiting credit risks taken as well as optimising the return gained for a given level of credit risk. Hence, the main objectives of active portfolio credit risk management are improving risk- adjusted returns, managing concentration risk, meeting regulatory requirements and enhancing revenues. A ctive portfolio management allows banks to be more profitable, specialized and risk- efficient businesses. In addition, banks can also attend to their clients’ needs while reducing the risk of concentration and continuously evaluating transactions and portfolios against regulatory guidelines. One tier- 2 bank has mov ed towards credit portfolio management in the European marketplace. This practice has allowed the firm to enhance its risk/return ratio through greater liquidity of its credit portfolio, while enabling it to provide additional support to its clients. The “Portfolio Management Group” invests in and manages all assets and credit exposures, originated for the bank’s book. Its key function is active management of credit portfolio to optimize its performance against return on economic capital and value-added profit targets. To achieve performance and concentration targets, the bank has adopted many techniques, both individually and in combination, which are available to portfolio managers, including credit derivatives, securitization and physical trading. The sophisticated use of these instruments has enabled the organization to support its client base to a far greater extent than would be possible using “traditional” credit management practices. It has also allowed the bank greater flexibility in developing and executing proprietary structured debt products. In terms of monitoring risk concentrations and credit portfolio diversification, banks regard these as important factors. One of the main tools that help banks to monitor risk concentration and diversification is global reporting systems, which produce aggregated 12/10/04 23 credit risk reports and identify dangerous risk concentrations, which then can be eliminated through portfolio modifications. An economic capital model is used to monitor one tier-1 American bank’s risk concentrations and credit portfolio risk profile. Risk equity is assigned on a regular basis, which is the behavior driver for traders. In other words, economic capital provides an incentive for traders not to put on large concentrations in a given area, as ultimately it will be expensive due to the equity charges. Hence, large concentrations will drive down bonuses for traders, as it will be more difficult for trading to be profitable. Decisions on risk charges are made by senior management, namely the Head of Credit. The CEO is also briefed on the current concentrations on a quarterly basis. Furthermore, technology also plays a critical role in this process as it allows computing complex calculations providing numbers on which credit decisions are made. One tier- 2 bank suggested using exposure risk systems as a way to monitor both concentrations and credit portfolio risk profile. They are currently in the process of replacing the system in order to stay up to date. Another key methodology is stress tes ting which gives visibility as to where the issues may lie. In terms of monitoring risk concentration, one tier -2 bank reports the concentration by ratings, sector and location to the Board on a quarterly basis. Another bank has a credit reporting group that manages the system, generating reports on concentrations for senior managers. These reports are formulated on a daily basis especially for top client lists. Credit hedging Credit risk hedging is a means by which banks control credit risks they have already acquired and make acceptable the credit risks that they are about to acquire. Credit risk hedging allows banks to reduce or remove credit risks by having offsetting positions, or by selling or terminating risk contributing positions. The ultimate goal is to optimize the use of banks’ capital, so that risk is minimized for a given return. Hedging is commonly viewed as a risk mitigation mechanism. However, if used strategically, it can also enhance value, which comes down to making good business decisions. These include the following: • expected losses – understand whether the deal will be profitable • reserve methodology – allows the bank to make better economic decisions • risk return – allows better trades to occur if the right decisions are made Additionally, credit hedging can replace high counterparty risk weightings with low counterparty risk weights. This can effectively optimize return on capital in a loan portfolio, especially if the reduction in regulatory capital is greater than the cost of hedging using derivatives. Lepus asked the interviewed banks about how active and effective they are in hedging their positions. In 38% of the banks interviewed, credit hedging decisions are exercised using value on default and potential and current exposure methodologies. Moreover, credit hedging is increasingly based on portfolio analysis, with one of the banks making hedging decisions at the portfolio level. Sophisticated portfolio models usually support hedging decisions. For instance, economic capital and expected loss modeling to identify opportunities for loan trading, single- name/basket credit default swaps; and also counterparty exposure and expected loss modeling to identify opportunities for single- 12/10/04 24 name credit default trades, risk-reducing trades, assignments, and optimal counterparty selection. The hedging decisions are typically made by a combination of trading desk and credit risk management. They act on this on a dynamic basis and not periodically as exposures are involved. The bank defines portfolio parameters or guidelines based on ratings, e.g. industry and country. Another leading investment bank previously used ad hoc case by case analysis to make credit hedging decisions. However, it is now moving forward, in the sense that if they are not comfortable with the exposures, there is a requirement to have default protections. Some of the firms have also adopted internal credit risk hedging via desks whose purpose is to provide credit protection, at a transfer price, to other desks within the firm. Then they have the ability to choose how much of the firm’s net exposure to each counterparty is to be traded to outside counterparties. The more decentralized organizations have desk-bydesks hedging of credit risks. These developments will have an impact in the asset and liability management of banks that deal in derivatives. A large part of the counterparty risk of these banks will be transferred via dynamic hedging, hopefully increasing market efficiency. Alarmingly, the rest of the institutions mentioned that hedging is not their strong point. This is an obvious indicator of the fact that “active risk management” remains a challenge to a number of investment banks. 12/10/04 25 Conclusion Today, the focus for many banks is to adopt an enterprise credit risk management approach as it gives an integrated view of risk. Best practice in credit risk management should demonstrate centralization, standardization, timeliness, active portfolio management and efficient tools for managing exposures. This is encouraged by the pressure from regulatory requirements such as Basel II. By constantly enhancing existing tools and methods, banks are able to work towards achieving best practice. Furthermore, consistent, accurate and reliable data is required in order to achieve best practicein credit risk management. The methodologies used to measure credit risk are typically current and potential future exposure, KMV’s Portfolio Management and Monte Carlo VaR. The anticipated developments in the credit risk management space include meeting regulatory requirements, adopting an active portfolio management approach, and adhering to detailed, frequently updated and accurate credit policies. 12/10/04 26