Strengthening Financial Risk Management at the FDIC
Anticipating Future Needs – Horizon 3
As the FDIC moves over the next 18 months to implement the recommendations for
Horizons 1 and 2, it also will need to consider the impact and implications of a
possible future move to Horizon 3 – an environment in which risk to the deposit
insurance system is not only monitored and measured in near real-time, but also
managed in a more interactive, more fully-automated manner throughout the
organization. The decision to move to such an environment will depend on the
FDIC’s assessment of its future needs, and whether the benefits of an upgrade in
risk management practices outweigh the costs to the Corporation and the deposit
The kinds of potential benefits – individually or collectively – that the FDIC will
need to consider include: enhanced institutional risk analysis; better knowledge
management; enhanced public policy knowledge and positions; fuller understanding
of risk-based pricing; better documentation; and a greater ability potentially to
offload or hedge risks. The likely costs include substantial information technology
(IT) expenses as well as organizational realignment considerations.
RECOMMENDATION 3.1 – ANNUALLY ASSESS WHETHER TO
MOVE TO HORIZON 3
While the recommendations from Horizons 1 and 2 are being implemented, the
FDIC will need to anticipate and assess its future risk management needs implied
by an evolving deposit insurance environment. Specifically, the NRC, based on the
advice of a cross-divisional team of managers and starting during Horizon 2, should
annually assess the advisability and implications of moving to Horizon 3.
The Horizon 3 environment
Horizon 3 differs from Horizon 2 on three principal dimensions: the degree of
system access and availability; the timeliness of underlying data; and the size and
importance of the risk group in the organization. At Horizon 3:
Risk systems are broadly accessible to individuals throughout the
Corporation through a user-friendly interface – at desktops, in the field, on the road – and all risk models and inputs run on a single, fast
Data is available real-time or near real-time through automated links
to market and other information, producing more current risk analyses
Risk analysis is the province of a dedicated risk management group
comprised of half a dozen or more professionals and headed,
potentially, by a Chief Risk Officer.
The potential benefits of Horizon 3
The potential benefits of moving to an integrated IT environment and investing in
organizational and other changes contemplated in Horizon 3 are manifold. They
Enhanced institutional risk analysis. In practice, Horizon 3 means
an ability to deliver a broader set of customized reports in an
interactive environment. A DSC professional, for example, could
create customized dashboards for automated delivery by e-mail at any
desired time frequency (e.g., daily, weekly, monthly). Or a DSC
supervisor interested in targeting institutions for greater scrutiny could
use the FDIC’s intranet to produce a list institutions satisfying a
particular query, e.g., all institutions rated below CAMELS 2 in the
North East that have been downgraded in the past 3 years and have
expected probabilities of failure exceeding 5 percent. The ability to
do “what if” scenario analysis would become more interactive and
available on-demand (e.g., if a question were to arise at the RAC
about the impact on the BIF of increased failure rates among
institutions rated CAMELS 4 or higher, the analysis could be run in
real time and presented at the meeting).
Better knowledge management. The reduced barriers to information
distribution24 and the rapid, customized reports in an integrated
Horizon 3 environment are likely to yield new insights into risk that
will aid in the prevention potential problems before they occur.
Improved insights will allow FDIC and other regulators to intervene
in troubled institutions earlier, propose new and innovative solutions,
and become more efficient in resource allocation and planning. Improved abilities in risk management will also better equip the FDIC
to detect and respond to poor risk management practices at insured
banks.Enhanced public policy advocacy. Arguably, at this stage the
FDIC would understand risks in the domestic banking system in a
unique and superior way relative to other industry participants and
observers. Distinctive expertise would enhance the FDIC’s leadership
in public policy discussions directly affecting risk management in the
banking sector in general and insured institutions in particular.
Fuller understanding of risk-based pricing. With a Horizon 3
infrastructure, the FDIC could not only allocate reserves internally on
an individual institution basis – a distinct advantage as the FDIC
moves to more targeted risk-based pricing in the future – but also
measure the impact of emerging risks on these reserves (e.g.,
expressed as changes in the correlation structures). As a result, the
new capability would allow true risk-based underwriting and pricing
on an institution-by-institution basis; e.g., a bank could be charged its
marginal contribution to the FDIC’s expected loss.25
Better documentation. The substantial IT investments required of
Horizon 3 offer an important ancillary benefit favored by financial
regulators: a well-documented audit trail. If the FDIC or an outside
auditor wishes to understand, for whatever reason, the FDIC’s risk
profile as of a particular date in the past, that day can be easily
“recreated” in a virtual setting.
Potential ability to offload risk. An advanced risk management
structure will put the FDIC in a position to consider potential
strategies to offload risk, including through hedging or reinsurance.
To that end, Horizon 3 provides the requisite ability to measure and
report risk in hedgeable components (e.g., interest rate risk, credit
risk), with additional detail down to the individual institution level
(e.g., exposure on a per bank and tenor basis with estimated costs of
hedging). Any decision of the FDIC regarding hedging should be
considered carefully, as all hedges include some element of risk.
Additionally, since the FDIC’s credit exposure relates in some cases
to institutions it oversees as the primary federal regulator, great care
would need to be taken in setting hedging policy to avoid compromising FDIC’s statutory duties as insurer and regulator.26
While these and other substantial obstacles must be overcome to
develop a legitimate hedging capability, an investment in Horizon 3
will at a minimum provide an option value in this respect.
The likely costs of Horizon 3
The current information technology (IT) infrastructure, and the likely infrastructure
over the next 12 to 18 months, is characterized by a patchwork of computer
programs, desktop spreadsheets, and individual analyses prepared by different
researchers. This environment is conducive to exploring research issues and
developing prototypes quickly, but it is neither automated nor user friendly, and it is
not sufficiently flexible to support a Horizon 3 capability, even with the Horizon 2
A move to Horizon 3 will require a substantial investment in IT infrastructure.
Specifically, FDIC would be well advised to migrate all operational risk models
from DIR onto an integrated IT platform accessible throughout the organization.
Models under development would continue to be built and tested separately.
Exhibit 3-1 provides an illustration of a sample well-functioning IT architecture in
Horizon 3, including the manner in which data inputs might feed into the models on
an automated basis to produce reports and analyses. In this type of environment, a
single programming language standard (e.g., C++) should be employed, perhaps
using a commercial risk management platform (e.g., Risk Vision, Summit, Sungard)
as a core.27 Input and output data should be stored in a relational database (e.g.,
Oracle, Sybase) that continuously tracks inputs and outputs and creates an audit
trail. Any of the potential hedging strategies described above will require further
investments in systems and procedures to properly track and monitor performance.
RISK MODEL ARCHITECTURE AND METHODOLOGY AT HORIZON 3
* Asset and Liability Management
Source: Team analysis
The transition to Horizon 3 may additionally require a substantial reorientation or
reorganization of the existing risk management organization. Typically a dedicated
risk group of perhaps a half dozen professionals headed by a Chief Risk Officer
would be assembled to handle the increased workload, which would include not
only cutting edge analyses and ongoing synthesis, but also an orchestration of
efforts to instill a risk management culture within the organization. If a hedging
capability were developed, an individual with capital markets experience would be
necessary to assist with evaluation and execution.
24 For example, in a recent interview with a large private sector financial guarantee company, the chief risk officer noted
that making risk reports and supporting data available over the firm intranet resulted in substantially increased usage,
positive feedback from users, correction of errors in the database, and vastly improved risk monitoring.
25 See, e.g., materials from the Deposit Insurance Pricing Conference (September 2001).
26 For example, many credit hedges on publicly traded banks involve, directly or indirectly, shorting the underlying
bank’s stock. This activity, even if conducted only indirectly on the FDIC’s behalf, raises difficult questions for a
bank regulator. For an analysis of reinsurance options available to the FDIC, see Reinsurance Feasibility Study,
Marsh & McLennan (December 2001).
27 Once the basic models are prototyped, the FDIC might decide to migrate to an IT environment developed and
maintained in-house, or to an outsourcing arrangement of some kind, or to an application service provider (ASP)