Home > Deposit Insurance > The Deposit Insurance Funds > Strengthening Financial Risk Management at the FDIC
Strengthening Financial Risk Management at the FDIC
Strengthening Financial Risk Management at the FDIC – Executive Summary
Since 1933, the FDIC’s mission has been to protect depositors and promote the "safety and soundness of insured depository institutions and the U.S. financial system by identifying, monitoring, and addressing risks to the deposit insurance funds."1 While the specifics risks to the insurance funds have changed over time – overextension in the 1980s, consolidation in the 1990s, subprime lending today – the need for an effective risk management capability has not. The rapid pace of change in both the banking system and domestic and global capital markets presents special challenges to this mission and demands that the FDIC constantly and continually upgrade its risk management metrics, policies, systems, and organization to remain effective.
The economic climate in the United States has put mounting pressure on banks, their customers, and the FDIC. In 2002, more banks failed than in any year since 1994. The number of "problem institutions" on the FDIC’s reserve list, one of many indicators of financial strain in the banking system, rose significantly in each of the last 3 years, with aggregate assets at these institutions quadrupling since 1998 to $39 billion at year end 2002. The FDIC’s Bank Insurance Fund (BIF) reserve ratio, meanwhile, has dropped markedly over the last 4 years to a current level of 1.28 percent – slightly above the legal minimum.
At the same time, deposit insurance reform legislation now under consideration may present new challenges and opportunities for the FDIC. While the final form of any new regulatory scheme remains to be determined, the general outlines are becoming clearer. The FDIC is likely to obtain greater latitude to manage a combined deposit insurance fund2 within a range of reserve ratios (e.g., 1.15 to 1.50) rather than to a specific target number (i.e., 1.25). Moreover, the FDIC is likely to have increased authority to charge risk-based premiums to financial institutions that it insures. In a post-reform era, a heightened understanding of risk – both financial risk to the FDIC as well as economic risk to the banking system – will be especially critical, not only for the effective and efficient management of the deposit insurance system but also for fair and accurate premium assessments on the banking industry.
Amid these developments, the FDIC has started to think more proactively about risk, initiating several major reforms over the last 18 months. In early 2003, it created the National Risk Committee (NRC), a cross-divisional body of senior managers established to identify and evaluate major business risks facing the banking industry and the insurance funds. The NRC provides coordinated policy guidance to the operating units, including on the development of appropriate strategies and operating policies. A network of similar committees in the FDIC regions delivers regular regional risk reports to the NRC. In addition, a state-of-theart Risk Analysis Center (RAC) was created earlier this year to monitor emerging macro and micro risks on a daily basis and to recommend responses to the NRC. The NRC and the RAC complement a third cross-divisional risk committee, the Financial Risk Committee (FRC), whose broad mission is to quantify risks to the deposit insurance system for financial reporting and fund management purposes. In particular, the FRC sets a contingent loss reserve (CLR) to satisfy GAO accounting rules and estimates the total assets of banks that may fail within the subsequent eight quarters (the "2-year Projection") for deposit insurance pricing and internal budgetary purposes.
Consistent with the growing importance of risk and risk management to the banking industry and the insurance funds, the FDIC has commissioned an independent evaluation of the processes and methodologies used to establish the CLR and the 2-year Projection. McKinsey & Company was selected to provide this assessment. Based on an in-depth analysis of financial models used by FRC, observations of the FRC decision-making process, and extensive internal and external interviews, we have developed recommendations to modify, supplement, and in some cases replace parts of the existing FRC processes. As part of our review, we have also had the opportunity to assess the risk management processes and procedures of the NRC and the RAC, and we similarly provide recommendations to strengthen these two risk management initiatives.
Our recommendations for improving the FDIC’s financial risk management practices span three overlapping time horizons. Beginning now and continuing over the next 3 to 6 months, a set of clear improvements to the existing financial risk reporting should be quickly and methodically implemented (Horizon 1) to address any industry uncertainty regarding the process’s accuracy, robustness, and transparency. Beginning now and continuing over the next 18 months, a new generation of financial risk management models under development should be finalized and a set of supporting organizational processes should be established (Horizon 2). Beginning after the new risk models are in place and other organizational improvements are well underway and continuing indefinitely, the FDIC should regularly and systematically review its emerging risk management needs to determine whether an investment in a more substantial risk infrastructure is warranted (Horizon 3).
To improve financial reporting and quickly strengthen the FRC estimates and processes, the FDIC should pursue three recommended sets of actions in Horizon 1: refine the CLR methodology; replace the 2-year Projection with a confidence interval around the CLR and a 2-year loss estimate; and adopt a set of new organizational practices for the FRC.
Recommendation 1.1: Refine the CLR methodology. The FRC can enhance the accuracy, robustness, and transparency of the CLR process by:
These proposed changes would have improved the accuracy of the CLR over the most recent 5-year period for which data is available by more than 20 percent, and they are likely to yield similar results going forward.3 Other potential enhancements to the CLR, such as reserving for institutions with CAMELS ratings 1-3, do not offer material benefits in accuracy and are not recommended.
Recommendation 1.2: Replace the 2-year Projection with a confidence interval around the CLR and a 2-year loss estimate. To better meet the FDIC’s riskreporting needs, the 2-year Projection should be replaced with a confidence interval around the CLR and a new 2-year loss estimate:
Recommendation 1.3: Adopt a set of new FRC organizational practices. To create a more effective and efficient process for financial reporting, the FRC should adopt and implement:
The FRC should pursue these recommendations aggressively over the next 90 days, to enhance the FDIC’s financial risk reporting as soon as possible. Collectively, the adoption of these recommendations will give the FDIC and its external stakeholders a significantly improved understanding of the risks it faces, while building important organizational momentum to move toward the modeling and organizational improvements envisioned for Horizon 2.
While efforts are underway to improve financial reporting in Horizon 1, the FDIC should expand and enhance two current initiatives to move toward best-practice financial risk management at Horizon 2. First, it should accelerate ongoing efforts to improve and integrate its risk models; and second, it should continue the integration of its risk management groups into a high-performing risk organization.
Recommendation 2.1: Accelerate development of the new integrated model for financial risk management. With respect to risk models, the FDIC should move aggressively to develop an integrated model for financial risk management in the near- to mid-term. By combining and synthesizing models of bank failures, investment income, deposit growth, and premium income, such an integrated model will enable the FDIC to monitor and manage its overall financial risks (e.g., likelihood of exhausting the BIF over a given time horizon, likelihood of falling below the reserve ratio over a given time horizon). The outputs of this integrated model should be captured in user-friendly “dashboard” formats with appropriate detail for the NRC, RAC, and FRC to help focus the organization on a timely basis on risk metrics that are significant, relevant, and actionable within its current risk management environment. The benefits of an integrated model can be realized in as little as 12 to 18 months with adequate project planning.
Recommendation 2.2: Build a more integrated risk management organization. An integrated financial risk model is an important step toward best practices in risk management, but it is not sufficient. It must be complemented with an effective risk management organizational environment to ensure that its full potential is realized. The FDIC recently has taken important steps toward creating such an environment. With the creation of the National Risk Committee and Risk Analysis Center in 2003, along with the FRC in 1998, it has established the necessary units to meet its risk management objectives. Now, for each unit to play its appropriate role effectively, the FDIC needs to clearly and formally define the mission, responsibilities, and outputs of each. To ensure continuous progress toward integrated risk management, these committees need strong feedback mechanisms, to focus more deliberately on measuring and improving their performance against the FDIC’s risk-management objectives. Improvements can be made within each committee:
Strengthening the NRC. The NRC should clarify its role, enhance its outputs and operations, and build feedback mechanisms to drive continuous improvements:
Strengthening the RAC. The RAC should clarify its role, enhance its operations, and adopt formal feedback mechanisms:
Expanding the FRC’s long-term mandate. The FRC should broaden its mission to include estimating the long-term financial health of the FDIC, for dissemination in public forums such as FDIC’s Annual Report.
The improvements of Horizons 1 and 2 will deliver substantial value to the FDIC and external stakeholders, but the FDIC will have the option to go even further. After achieving Horizon 2, the FDIC may want to implement Horizon 3 capabilities like real-time risk management, programs for hedging or reinsurance, and the ability to carry out rapid scenario analyses. While none of these Horizon 3 capabilities is necessary now, each is likely to become more attractive over time. Accordingly, the FDIC should actively monitor its risk profile to determine whether or when to move to Horizon 3 tools and approaches. In addition, as integrated risk approaches become more common at the FDIC, it may eventually make sense to create a Chief Risk Officer position to support the NRC, RAC, and FRC.
* * *
The three chapters that follow provide a detailed discussion of each recommendation.
|Last Updated firstname.lastname@example.org|