is subject to a variety of regulations imposed by the FRB, which will also conduct periodic examinations. After the crisis, one of the more significant requirements imposed on SifiBank was compliance with regular stress tests on its capital, a program known as the Comprehensive Capital Analysis and Review (CCAR). The process requires Sifibank to provide detailed data and analysis on its various positions under a set of FRB established stress scenarios. The FRB conducts this on bank holding companies with assets of $50 billion and greater, although it has added an additional 12 financial institutions to this list of 18 BHCs. This is just one of many regulations imposed by the FRB on SifiBank. In addition, SifiBank enjoys access to the Fed discount window, which provides backup low-cost, short-term funding to the bank.
Another important regulator for SifiBank is the Federal Deposit Insurance Corporation (FDIC) that is charged with overseeing the federally insured deposit insurance fund and resolving institutional failures in addition to its examination of state chartered banking institutions. The FDIC sets deposit insurance premiums for the banking system based on a variety of factors including bank ratings and size, among others. As a result, deposit premiums have a risk-based component to incent the right behavior from institutions. Since the financial crisis the FDIC has an increasing oversight of banks due to changes in legislation known as the Dodd-Frank Wall Street Reform and Consumer Protection Act (DFA).
Following the financial crisis, Congress and the Administration came together to pass the most comprehensive legislation to affect the banking industry since the Great Depression: the DFA. The Act touches virtually every aspect of banking and even sets out guidance for regulating nonbank SIFIs. Among key provisions of the Act are regulations regarding derivatives trading such as over-the-counter (OTC) transactions, which includes CDS; securities that experienced significant losses during the crisis; a ban on proprietary trading by banks also known as the Volcker Rule; creation of a new Consumer Financial Protection Bureau (CFPB) and associated regulations on the mortgage industry; establishment of the Financial Stability Oversight Council (FSOC) and its analytics agency, the Office of Financial Research (OFR) charged with overseeing the buildup of systemic risk across the entire financial sector; and establishes an orderly liquidation facility for banks, requiring them to create their own “living wills” for how they would liquidate their operations under an insolvency, among other reasons.
The DFA also put the largest financial institutions – that is, those most likely to be too-big-to-fail – under a new set of regulations known as SIFI designation criteria that expose those firms to heightened supervision and other more stringent reporting and capital requirements.
The CFPB has been quick in setting up many new consumer-friendly regulations such as defining what a quality mortgage is, and regulations on fees and interest rates charged to bank and other financial institution customers. In addition to these mandates, the Federal Reserve established a new set of rules on limits on interchange fees that banks could charge for debit transactions. The CFPB in conjunction with the U.S. Justice Department and Housing and Urban Development (HUD) have elevated their focus on fair lending practices. This increased scrutiny has required banks to redouble their efforts on making sure their lending practices are compliant with various regulations regarding fair lending.
SifiBank is also subject to a set of capital, stress testing, and liquidity requirements (referred to as Basel III standards) established by the Basel Committee on Banking Supervision (BCSB) and implemented by the Federal Reserve Board. Large, complex banking institutions such as Sifibank are subject to a number of capital requirements, some of which are risk-based and require considerable data management and analytics to be performed by such banks. Banks that do not meet certain thresholds for well capitalized institutions as determined by the regulatory authorities may be subject to certain limitations on their activities and/or face other regulatory actions such as establishment of capital plans for a bank to raise capital to designated target levels.
Bank regulation requires a substantial commitment of resources and staff by SifiBank. Within the Corporate Division, a unit known as Regulatory Affairs operating under the Legal Department is charged with staying abreast of the various regulations, examination schedules, and other regulatory developments and works with the business units and risk management functions to coordinate responses and analysis to regulatory inquiries and activities. Clearly, SifiBank faces substantial regulatory risk from noncompliance with various local, state and federal regulations. This risk poses yet another important consideration in SifiBank’s strategic planning and risk assessment exercises each year. Some banks have taken adversarial positions with bank regulatory agencies that they believe provides an effective check against unnecessary intrusion into bank activities. At times, however, this strategy may backfire against the bank in the event that it needs the regulator to support a particular initiative or temper a regulatory response to an uncovered deficiency. The best course of action is to cultivate a respectful relationship with the regulators that is based on credibility, trust and sound expertise.
SUMMARY
SifiBank’s fortunes have ebbed and flowed over time with different management, regulatory, market and economic conditions. The financial crisis of 2008 exposed deficiencies in risk management governance and infrastructure that nearly led to its demise. The company enjoys a second chance at remaking itself into a world class institution known for its risk management expertise by virtue of a government bailout. The bank still faces a dizzying array of financial and regulatory challenges in the post-crisis environment.
Most notably, the regulatory environment is taking a heavy toll on the bank’s ability to increase operating revenues while managing expenses. Fees associated with various bank services and products such as debit cards and consumer loans have dampened important income sources for SifiBank. This has incented the bank to look for other products that boost profitability without running afoul of regulatory requirements. Mortgages that lie just outside the CFPB Qualified Mortgage criteria could provide the bank with better spreads than conventional mortgages while exposing the firm to minimal legal risk in the future. However, a product development and design framework that vets the collection of bank risks against each other in a way that meets the bank’s objectives would offer the most effective protection. This is where strong risk management practices can make the difference between a sustainable business model and one that experiences a major risk event that puts the entire firm at jeopardy.
Financial risk management is not an exact science despite a revolution over the past two decades to leverage quantitative approaches in measuring and managing risks. A key to successful risk management is knowing the right combination of qualitative controls and quantitative tools to use. The remainder of this book introduces the reader to a complement of key risks faced by SifiBank. While individual risks are examined within specific operating units of SifiBank, it should be understood that these risks span most divisions with variations in exposures based upon the nature of the transactions, and services in place, among other considerations. Further, while most chapters that follow focus on a particular type of risk, as discussed earlier, SifiBank’s risk managers must think about risk holistically. Even within an operating unit such as the mortgage group, business risk managers must evaluate tradeoffs between the credit exposure of putting a mortgage on the balance sheet and the interest rate risk exposure and operational risk it creates. Moreover, potential reputation, regulatory and legal risks must be factored in before implementing a product strategy. Some of these risks do not lend themselves to quantification but still expose the firm to lost business, regulatory actions and penalties, and large legal tabs if not carefully accounted for in product development.
QUESTIONS
1. What is a SIFI and how does that relate to the concept of too-big-to-fail?
2. Describe the four elements of the risk management feedback loop.
3. What differentiates banks from nonfinancial corporations?
4. Describe SifiBank’s profit-maximizing function.
5.
