DeMasi, Jim
Managing the consolidated risks associated with all major facets of a banks operations, including investment activities, is known as enterprise risk management. Evaluating the quality of a bank's enterprise risk management program is one of the primary objectives of the regulatory examination process. As discussed in the FDICs Risk Management Manual of Examination Policies, "The most effective and efficient examination approach focuses examiner resources on validating bank managements ability to identify, measure, monitor, and control risks."
Regulatory guidelines for sound risk management practices in the investment portfolio are set forth in the "Supervisory Policy Statement on Investment Securities and End-User Derivative Activities," published by the Federal Financial Institutions Examination Council in the Federal Register on April 23, 1998. These guidelines are divided into four major areas:
* board and management oversight;
* policies, procedures, and limits;
* risk identification, measurement, and reporting; and
* internal controls.
In its oversight role, the boards primary responsibilities include approving policies, establishing risk limits, and appointing qualified management. To provide effective supervision, it is important for board members to have a general understanding of the risks of investment activities and to receive periodic reports that accurately depict the risk/reward profile of the portfolio. For management's part, they are charged with implementing a risk management program that is consistent with the boards policies, handling the day-to-day portfolio activity, and ensuring that risk exposures are maintained within policy limits. Management is expected to demonstrate in-depth knowledge regarding the risks of the bank's investment activities.
The banks investment policy should provide the foundation for portfolio risk management. Within the policy, the bank's objectives, constraints, and risk tolerances should be clearly communicated. The policy should specify the types and characteristics of permissible investments and delineate reporting lines and investment authority. Risk limits that cover the credit, liquidity, and interest rate risk of the portfolio should be established and may be linked to the overall limits set for asset/liability management. Guidelines for analyzing new investments prior to purchase should also be included.
Analytical systems capable of identifying, measuring, and reporting risk are central to a robust risk management program. There are a broad array of applications for analytics in the risk management process, including prepurchase analysis, risk/reward assessments, management reporting, and independent reviews. Whether developed in-houseor provided by an outside vendor, a bond analytic system should have the following basic capabilities:
* Calculation of base-case risk/reward indicators, including tax-equivalent book yield, effective duration, and convexity.
* Portfolio composition analysis, where individual holdings are categorized into sectors and risk/reward indicators are provided for each sector.
* Stress tests at the bond-level and portfolio-level that reveal interest rate sensitivity across a range of scenarios. At a minimum, the stress tests should calculate average life, effective duration, and market value in each scenario.
* "What If" simulations that show the impact of proposed strategies on key portfolio statistics prior to implementation.
* Detailed cash flow projections that account for potentials calls and prepayments under various interest rate scenarios.
Ideally, the analytic system should be capable of performing these functions at various levels of data aggregation, offering risk insight for individual instruments, for the portfolio as a whole, and for the overall institution. The systems reporting features should provide the board and management with a summary of investment activity, the portfolios risk exposures, and compliance with policy limits.
The internal control process for the investment portfolio should be integrated into the overall control program for the institution. These controls should be designed to enforce lines of authority, maintain separation of duties, and provide for independent reviews of investment activities. Independent reviews should assess compliance with policies, the adequacy of analytical systems, and the quality of reports.
Examination findings in relation to the risk profile of the investment portfolio are incorporated into the bank's "sensitivity to market risk" or "S" rating. The regulatory definition of market risk, from the FFIEC Uniform Financial Institutions Rating System, December 19, 1996, is "the degree to which changes in interest rates, foreign exchange rates, commodity prices, or equity prices can adversely affect a financial institution's earnings or economic capital." Among the components underlying this definition, the factor that is universal to all institutions is interest rates. While some institutions may have indirect exposure to foreign exchange rates, commodity prices, and equity prices through their lending activity, few community banks have material, direct exposure to these variables. For the vast majority of community banks, the broad concept of market risk can be reduced to the more manageable concept of interest rate risk. Unless a bank has significant exposure to one of the other variables in the definition, the "S" rating will generally focus on interest rate sensitivity.
Sensitivity to market risk is one of six component ratings that determine a bank's composite CAMHLS rating. In assigning the "S" component, examiners evaluate the level of market risk exposure, the quality of the bank's risk management program, and the financial protection provided by earnings and capital. In general, banks with moderate levels of interest rate risk exposure, robust risk management programs, and healthy financial conditions will likely receive a 1 or 2 "S" component rating,
Since interest rate risk is the primary source of market risk for community banks, regulatory guidance on interest rate risk is also relevant for this discussion.
The Joint Agency Policy Statement on Interest Rate Risk, issued in 1996, serves as the backbone of regulatory policy on this subject. The policy statement sets forth regulatory expectations for board and management oversight, risk controls and limits, risk identification and measurement, monitoring and reporting, and internal controls and independent review.
In addition to the joint policy statement, each regulatory body has issued agencyspecific guidance on interest rate risk. For OTS-regulated institutions. Thrift Bulletin Ba explains the framework used by examiners to evaluate interest rate risk exposure and to assign the "S" component rating.
Jim DeMasi is a principal and first vice president with Stifel. Nicolaus & Company, Inc.
Copyright America's Community Bankers Apr 2007
Provided by ProQuest Information and Learning Company. All rights Reserved
No comments:
Post a Comment