Home > Deposit Insurance > The Deposit Insurance Funds > Strengthening Financial Risk Management at the FDIC
Strengthening Financial Risk Management at the FDIC
Building Best-Practice Financial Risk Management – Horizon 2
Fully integrated risk management allows an organization to optimize risk mitigation with focused effort, clear accountabilities, and an appropriate division of labor. All parts of the organization work together systematically to detect, understand, and mitigate every risk. The organization quickly adapts to its changing environment and continuously improves by regularly measuring performance and implementing targeted changes.
This kind of integrated risk management is an appropriate aspiration for the FDIC. Indeed, risk management is at the heart of the FDIC’s self-stated mission:
Meeting these objectives will require coordinated and systematic efforts from across the FDIC’s divisions.
The FDIC recently has taken important steps in the direction of integrated risk management. With the creation of the National Risk Committee and Risk Analysis Center in 2003, along with the formalization of the Financial Risk Committee in 1998, the FDIC has set up an organizational structure that is capable of meeting its risk-management objectives.
The stated mission of the NRC21 is:
The NRC meets once per month, or more often as necessary, and is chaired by the Deputy to the Chairman and Chief Operating Officer. The other members of the NRC are the Directors of DIR, DSC, and DRR; the CFO; the Deputy to the Chairman; and the Special Advisor to the Chairman. The General Counsel is an advisory member. This group represents almost all of the most senior leadership at the FDIC.
The FDIC’s Risk Analysis Center was created as "an interdivisional forum charged with coordinating risk identification and prioritization processes of the three operating divisions,"23 i.e., DSC, DIR, and DRR. The RAC has rotating representatives from each of these divisions. It meets every morning for a 30-minute risk briefing and every afternoon for one hour to discuss new research or risk-management findings.
In their brief tenures, the NRC and RAC have had some notable successes. The NRC deliberated what the FDIC’s public position should be on derivatives during a recent controversy on that topic. The RAC has substantially increased the readiness of the FDIC to respond to emerging crises and recently stimulated new research on interest-rate risk. During the somewhat longer existence of the FRC, it has helped to break down interdivisional barriers, developed new techniques for predicting failures of depository institutions, and successfully executed its reporting obligation to estimate the FDIC’s reserve needs in accordance with GAO and GAAP requirements.
The FDIC is in an excellent position to build on these successes and further develop its risk-management organization. To help identify specific opportunities for improvement, the following section outlines four general characteristics of worldclass, fully integrated, risk-management organizations and discusses where the FDIC stands today.
A fully integrated risk-management organization has clearly allocated risk management responsibilities, uses best information and latest thinking to understand and communicate the nature of risks, consistent and coordinated follow-through to respond to risks, and strong feedback mechanisms to ensure continuous improvement. The FDIC has made commendable strides on all four of these dimensions, but there are additional opportunities for improvement.
1. Clearly allocated responsibilities. The newly formed RAC has a clear purview to monitor short-term developments in risk, while the FRC has a mandate to report on overall losses and longer-term risks. At that level, the division of labor seems clear. On the other hand, the current NRC charter seems to charge both the RAC and the FRC with risk identification, while off-site models – key risk-management tools – lack a single, structured forum for collecting input from the divisions involved in their creation, use, and maintenance.
2. Risk identification. As discussed in above, DIR and the FRC are starting to build world-class models that will yield a better understanding of short- and longterm risks, but there are still tangible improvements that can be made. The RAC has embraced its mission to monitor short-term risks and has cast a very wide net for information on risks, but to date it has done little to synthesize and distill information and to assess implications for the FDIC. The RAC could add even more value by going the additional step of recommending actions for FDIC to mitigate emerging risks.
3. Follow-through. The NRC, RAC, and FRC do not have explicit line authority within FDIC. Rather, their primary duty is to provide information and make recommendations to the operating divisions (DSC, DIR, and DRR). The ongoing challenge for the NRC, RAC, and FRC will be to ensure that FDIC responds appropriately to the information and recommendations that they individually and jointly convey.
4. Feedback mechanisms. The FDIC has formal feedback mechanisms for individual personnel, but it is less systematic about evaluating and improving organizational performance. For example, on an ad hoc basis the FDIC has shown how its various models differ, but it has generally not performed systematic, head to- head comparisons on the merits (e.g., by measuring accuracy). While individual models have been improved continuously, such efforts have been only loosely coordinated and have not always been targeted to the ultimate objectives of end users. The recent creation of the NRC and the RAC provide an opportunity to institute formal feedback processes to put the FDIC on a path of continuous improvement.
To realize the full potential benefits of its system of risk committees (NRC, RAC, and FRC), the FDIC needs to clearly and formally define the mission, responsibilities, and especially outputs of each. To ensure continuous progress toward integrated risk management, these committees need strong feedback mechanisms, to focus more deliberately on measuring and improving their performance against the FDIC’s risk-management objectives. (See Exhibit 2-3.)Exhibit 2-3
STRUCTURING TO DELIVER ON FDIC’S OVERALL OBJECTIVES
The newly created NRC is well positioned to develop a holistic understanding of the risks faced by the FDIC and to coordinate the efforts of the operating divisions to redress those risks. For the NRC fully to meet this potential, it will need to clarify its role, improve its operations and outputs, and develop formal feedback mechanisms to monitor the FDIC’s progress toward fully integrated risk management. Several concrete actions will help the NRC achieve these objectives.
2.2.a. The NRC should forge a consensus across divisions and provide policy advice on cross-cutting issues. When a potential risk emerges, there is often uncertainty about its severity and what, if anything, could be done to redress it. For example, when subprime lending became more prominent in the late 1990s, there was debate within the FDIC, across other bank regulatory agencies, and within the banking industry about the magnitude of the risk and how to address it. When faced with such situations, the FDIC should bring all its knowledge and expertise to bear to assess the situation, and the NRC would be an ideal forum to do so. Having come to a mutual understanding, the NRC could then make recommendations to coordinate the responses of the Corporation. For example, it might recommend that DSC could gather additional data on subprime exposure, DIR add subprime lending to offsite models and scenarios, and DRR develop expertise in managing and disposing of subprime assets. This kind of policy role for NRC is most important in areas that involve more than one division of FDIC.
2.2.b. The NRC should oversee the RAC and the FRC to assess whether they are meeting the needs of the FDIC. The holistic, interdivisional perspective of the NRC puts it in a unique position to judge how well the RAC and the FRC are fulfilling their missions and serving the Corporation as a whole. This perspective would be valuable to the division managers ultimately responsible for the RAC and the FRC. Furthermore, the prospect of having to defend decisions and performance to NRC would impel the RAC and the FRC to provide thorough, well-reasoned analysis on a consistent basis.
2.2.c. The NRC should provide guidance to DIR and the RAC about needed research. The NRC is a forum for senior managers to share their perspectives and concerns about risk, so it is in an excellent position to identify the FDIC’s blind spots, to recommend areas that warrant additional attention, and to coordinate research needs that cut across divisional boundaries. For example, the NRC might conclude that payday lending represents only a minimal threat to the FDIC and advise the RAC to focus elsewhere. On the other hand, the NRC might believe that payday lending could threaten the solvency of particular institutions and suggest that DIR pursue targeted research into offsite models that would help DSC identify at-risk institutions.
2.2.d. The NRC should produce and circulate a monthly risk-guidance report. At each of its meetings, the NRC should keep a record of what issues it considered and what, if anything, it recommended to do about them. For example, the NRC might recommend that DSC gather additional data on a particular type of risky asset held by depository institutions. This will focus the NRC’s attention on considering the right set of issues and on making recommendations to proactively manage and mitigate the risks faced by the Corporation. The risk-guidance report should be submitted to the Chairman’s office monthly, and to the Board quarterly.
2.2.e. The NRC should create a risk management dashboard and request that the RAC update it in advance of each NRC meeting. To set the stage for each NRC meeting and foster a common understanding of the holistic risk environment, the NRC should create a short, standardized set of briefing materials, to be updated by the RAC and distributed in advance of each NRC meeting. This “NRC dashboard” would likely include information on the probability of exhausting the FDIC funds, the current status of the deposit-to-reserve ratio, and recent market developments that affect the banking sector. Exhibit 2-4 depicts an example. The exercise of determining what belongs on such a dashboard would prompt valuable discussions about where the NRC should focus its attention. Additionally, revisiting the design of the dashboard at each meeting would appropriately draw the NRC’s attention to generating better risk estimates (e.g., continuously improved models).Exhibit 2-4
2.2.f. The NRC should enlist two mid-level executives to support the NRC part time to ensure execution against its decisions. Most of the NRC’s decisions will be recommendations to the RAC, the FRC, or the operating divisions. The NRC will need experienced executives to convey such recommendations, encourage action, monitor progress, and report back the NRC. The appropriate resources would probably be one Deputy Director from DSC and one from DIR, each working with the NRC 1 or 2 days per month.
2.2.g. The NRC should adopt feedback mechanisms to assess its progress and drive continuous performance improvements. The NRC dashboard would be an effective feedback mechanism. With each emerging risk or crisis, the NRC should ask to what extent it had sufficient information and knowledge to foresee that risk. If there were no specific warning signs on the NRC dashboard for the newly emerging risks, then that dashboard could and should be improved. More generally, the NRC should request that the RAC and the FRC periodically report on the performance of the indicators on the NRC dashboard and plans to improve those indicators on a continuing basis. This would ensure that all three committees remained engaged in generating better intelligence about risks.
Other, broader feedback mechanisms are equally important. For example, the NRC should follow up on its recommendations to determine their impact on the Corporation. For example, suppose the NRC recommended a new policy (e.g., use an enhanced offsite model to target deeper exams at a new set of at-risk institutions). If that policy has mixed results or is followed only sporadically, then the NRC should revisit its how its policy recommendations are formed or conveyed.
The RAC promises to add considerable value as the FDIC’s clearinghouse for risk related information. Indeed, this was one of the main reasons for the RAC’s formation. In its first few months, the RAC has made substantial progress on this front, but it has room to improve. In particular, the RAC will need to clarify its role, improve its operations, and develop the formal feedback mechanisms to measure its progress and guide continuous improvement. The remainder of this section spells out a variety of proposals that would help the RAC fulfill its potential along those lines.
2.2.h. The RAC should produce a weekly risk-guidance report for the NRC. The RAC currently sends a daily internal email summarizing the newly released economic indicators and news items related to the banking industry. Many find this service to be useful, so it should be continued, but the RAC could do more to synthesize information and help the Corporation to act on it. Specifically, the RAC should send the NRC a weekly “risk-guidance report” listing emerging issues and crises, along with a recommended response. The RAC might also convey key insights from its deeper investigations into thematic issues (“theme weeks”), with particular emphasis on implications for the FDIC – the “so whats” that emerge from the analysis. The framework of this new risk-guidance report would help the RAC focus more effectively on determining the relevance of each risk issue to the FDIC and how the FDIC might measure, monitor, and ultimately mitigate such risks over time.
2.2.i. The RAC should regularly assess FDIC’s offsite models and recommend to DIR and DSC how they could be improved. Offsite monitoring is by nature a joint effort of DIR and DSC. DIR builds the models, while DSC interprets them and puts them to use in the field. The interdivisional structure of RAC and its purview to assess risk make the RAC an ideal forum to discuss the performance of offsite models and how to improve them. The RAC should regularly (e.g., every 6 months) use its afternoon sessions to assess how well the various offsite models have flagged at-risk institutions, paying particular attention to identifying particular types of failures that are not being identified in advance. As new risks emerge, the RAC should proactively work with DSC and DIR to develop recommendations for model enhancements that will identify risks before they result in failures.
2.2.j. The RAC should organize occasional briefing sessions for interested parties. In the RAC’s role as the interdivisional clearinghouse for information, it should occasionally schedule briefing sessions to share key findings with the relevant parties who would find them useful. Such briefings might be based on new results from off-site modeling (e.g., a new scenario that suggests that particular institutions are at risk), analysis of market data or news (e.g., a legal development that could affect a group of institutions), or lessons from recent or ongoing resolutions (e.g., the lack of a particular supervisory control function or data point was a contributory factor in a failure).
2.2.k. The RAC should develop a “dashboard” of key indicators that it will track regularly. As with the proposed NRC dashboard, described above, the RAC could benefit from deliberate thinking about what variables are the best indicators of the risks faced by the FDIC, how they should be measured, and how often they should be tracked. Creating an “RAC dashboard” would be an excellent way to codify that thinking and focus RAC’s day-to-day attention on fewer, more relevant pieces of information. Exhibit 2-5 shows an example of such a dashboard. It would likely include some measures that change rarely (e.g., the probability of exhausting the BIF would be based on Call Report data that would change quarterly). Other measures would change daily (e.g., bank failure probabilities implied by equity volatility). The RAC should update this dashboard daily or weekly and use it to guide the RAC’s morning call. This would help to keep the briefing short and on point and would allow time during the call to discuss any unusual developments.Exhibit 2-5
SAMPLE RAC DASHBOARD AT HORIZON 2
2.2.l. The RAC should reduce its afternoon meetings to one or two sessions per week. The RAC currently meets every afternoon for a longer session to share new research or interesting findings. These meetings are an effective forum for disseminating knowledge between divisions and driving the Corporation’s thinking in particular areas. While these meetings are constructive, the RAC should schedule fewer of them. RAC participants are now stretched in their dual roles as divisional employees and RAC members, so limiting the number of RAC meetings would give them more time to prepare research. It would also enable the RAC to focus on those risk topics that were most relevant to the FDIC, and to synthesize and draw out implications and recommendations in its weekly risk-guidance report to the NRC.
2.2.m. The RAC should adopt feedback mechanisms to assess its progress and drive continuous performance. The RAC dashboard and offsite models are two vehicles for RAC to create feedback mechanisms to improve performance. The RAC should regularly schedule assessments of these sorts of risk-assessment capabilities and use the results of those assessments to determine how to improve. For the dashboard, the feedback would likely involve seeking the best set of leading indicators to include on the dashboard and the most accurate ways to measure them. As with FDIC’s offsite models, the RAC should regularly (e.g., every 6 months) review the RAC dashboard and challenge itself to improve the dashboard’s content and accuracy.
The FRC has had a notably positive impact on the FDIC as it has evolved from an informal working group to a well-established forum for setting the FDIC’s reserves. Along the way, the FRC has fostered interdivisional information sharing and advanced the Corporation’s understanding of failures of depository institutions. The proposals regarding FRC that were outlined for Horizon 1 would help to solidify and extend these achievements, but there are additional opportunities for the FRC in the medium and long term. Specifically, the FRC could add more value to the FDIC by developing broader and more-accurate measures of the financial risks faced by the Corporation.
2.2.n. The FRC should broaden its mission to include estimating the long-term financial health of the FDIC, for dissemination in public forums such as FDIC’s annual report. If the FRC undertakes the recommendations outlined for Horizon 1, then the FDIC’s annual report will include an estimate of the FDIC’s losses from depository institutions that are expected to fail in the coming year (i.e., the CLR), as well as a confidence interval around this estimate. Reporting these estimates is essential, but the FRC can and should go further. In particular, the FRC should aspire to report estimates of the probability that failures would cause the FDIC to exhaust its funds (i.e., the BIF or SAIF, or a newly combined fund) at any time in the coming 1 to 50 years. Such longer-term measures of capital adequacy would enrich public discussion about the performance of the FDIC, the fair cost of deposit insurance, and the general health of the deposit insurance system.
|Last Updated firstname.lastname@example.org|