australieen
Have we built better banks since the crisis?

Have we built better banks since the crisis?

27-02-2017 | Insight

Since the global financial crisis, we see clear improvement in risk management and oversight at banks. Capital levels have been boosted and leverage has come down. However, there are still many banks that do not incorporate any risk management metric into remuneration and incentive plans. Investors should therefore continue the dialogue with banks on this topic.

  • Johan  van der Lugt
    Johan
    van der Lugt
    Investment Analyst Global Equities
  • Taeke  Wiersma
    Taeke
    Wiersma
    Co-head Credit Research

Speed read

  • The global banking system has shown a substantial increase in capitalization
  • Expertise in risk management committees still needs to increase
  • Risk management metrics should become part of Long-Term Incentive Plans

In its 2009 report on the lessons learned from the financial crisis, the OECD stated: “Perhaps one of the greatest shocks from the financial crisis has been the widespread failure of risk management. […] Boards were in a number of cases ignorant of the risk facing the company. […]”

Without proper risk management there cannot be proper banking. It is imperative that investors feel comfortable with a bank’s risk management track record and framework. Senior executives need to communicate to the capital market how risk categories impact capital allocation. The Board is the ultimate body that has to monitor risk management and investors need to have enough reassurance about the level of Board expertise and the strength of risk management committees.

Stay informed on Sustainability Investing with monthly mail updates
Stay informed on Sustainability Investing with monthly mail updates
Subscribe

A top-down perspective on risk management

To assess the development of risk management we have analyzed the RobecoSAM dataset for global developed markets banks on their risk management scores. We have done this for 28 European banks, 23 North American banks and 17 Asia-Pacific banks over 2011-2016. We draw the following conclusions:

  • European banks consistently have the highest risk management scores over 2011-2016.
  • North American banks have shown some strong momentum, particularly over 2014-2016.
  • Asia-Pacific banks lag behind, as many Japanese banks are underperformers. The major Australian banks are part of the risk management ‘super league’.

We have also looked at the risk-weighting of bank assets. Our analysis shows that European banks started deleveraging in 2008-2009, whereas it took Asia-Pacific banks another three years. North American banks actually increased their risk-weighted assets from 2012 onwards.

Risk management from a governance perspective

Robust risk management ideally goes hand in hand with strong corporate governance. The three-lines-of-defense model is widely known, capturing three levels:

  1. The business operations: business risks that are taken need to be in line with the bank’s risk policy.
  2. The oversight function: This comprises various functions such as finance, compliance and risk control. Banks have strongly increased investments in this area, partly driven by regulatory demands. It is important that the second line of defense is independent from the first line. There should be controls on an ongoing basis. The bank needs to have a clearly defined oversight structure in terms of roles, responsibilities and accountability.
  3. Independent assurance: the third line of defense has to do with risk assurance, both within the internal audit function and from independent assurance providers (think of the large accounting firms). Excessive tenure of the auditors would raise a flag in the sense that they might be too comfortable.

Executive Committee and Chief Risk Officer function

Sufficient risk management expertise has to be available on the Executive Committee and the Chief Risk Officer (CRO) needs to be sufficiently senior. We have analyzed a collection of 12 international banks. Our research shows that most banks have appointed a new generation of CROs since the global financial crisis. Half of the CROs in our sample have prior internal experience in risk management. In only two out of our twelve banks the CRO has experience in risk management outside the current organization. We would like to see this number increase.

The average experience in risk management is about nine years, which just includes the global financial crisis experience. In most cases shorter risk management tenure tends to coincide with no or limited prior risk management experience in the own organization. This is a potential red flag. Ideally, we would like to see a range of diversity in terms of experience, market and perspective. In terms of gender diversity, there is only one female CRO in our sample.

Board of Directors

Many Boards recognize the importance of risk management and have set up committees to focus on this. Elements we find important are that bank boards use dedicated and standalone risk committees, or a hybrid form. The risk committees should be independent and comprise enough risk management and general financial expertise in and outside the current organization.

We find that a stand-alone risk committee is the dominant model. The committee is fully independent in seven out of twelve banks. The least desirable situation is where a former CEO is Chairman of the Board and also Chair of the risk committee. In two cases the former CEO is member of the risk committee. We would strongly advise against this.

Only 15% of the cases, the members of the risk committee have relevant expertise. In five out of twelve cases no one on the risk committee had relevant expertise.

Another important issue is the degree to which risk management metrics are part of the bank executives’ scorecard. With the exception of HSBC, none of the banks in our sample have some sort of risk management metric as part of their Long-Term Incentive Plan (LTIP). The balance between S(hort)TIP and LTIP should receive more attention as it can be seen as a good proxy for risk management. For example, large STI awards relative to LTI encourage gaming and short-term risk taking.

Towards a continuous dialogue

Have we built better banks? Yes, in the sense that banks have built better risk management and oversight structures. Capital levels have been boosted and leverage in the system has declined. No, in the sense that many banks still do not incorporate any risk management metric into their incentive plan. Investors should continue the dialogue with banks, asking the right questions about risk management and risk oversight. Let’s build better banks together!

Leave your details and download the report

This report is not available for users from countries where the offering of foreign financial services is not permitted, such as US citizens and residents.

Disclaimer:

I agree to the Robeco Disclaimer and the collection and use of my personal data by Robeco, for the purposes for which such data is collected and used as set out in the Privacy Policy, including for the purpose of direct marketing of Robeco products or services. Your data will be treated with utmost care and will not be passed on to third parties.

Disclaimer

BY CLICKING ON “I AGREE”, I DECLARE I AM A WHOLESALE CLIENT AS DEFINED IN THE CORPORATIONS ACT 2001.

What is a Wholesale Client?
A person or entity is a “wholesale client” if they satisfy the requirements of section 761G of the Corporations Act.
This commonly includes a person or entity:

  • who holds an Australian Financial Services License
  • who has or controls at least $10 million (and may include funds held by an associate or under a trust that the person manages)
  • that is a body regulated by APRA other than a trustee of:
    (i) a superannuation fund;
    (ii) an approved deposit fund;
    (iii) a pooled superannuation trust; or
    (iv) a public sector superannuation scheme.
    within the meaning of the Superannuation Industry (Supervision) Act 1993
  • that is a body registered under the Financial Corporations Act 1974.
  • that is a trustee of:
    (i) a superannuation fund; or
    (ii) an approved deposit fund; or
    (iii) a pooled superannuation trust; or
    (iv) a public sector superannuation scheme
    within the meaning of the Superannuation Industry (Supervision) Act 1993 and the fund, trust or scheme has net assets of at least $10 million.
  • that is a listed entity or a related body corporate of a listed entity
  • that is an exempt public authority
  • that is a body corporate, or an unincorporated body, that:
    (i) carries on a business of investment in financial products, interests in land or other investments; and
    (ii) for those purposes, invests funds received (directly or indirectly) following an offer or invitation to the public, within the meaning of section 82 of the Corporations Act 2001, the terms of which provided for the funds subscribed to be invested for those purposes.
  • that is a foreign entity which, if established or incorporated in Australia, would be covered by one of the preceding paragraphs.
I Disagree