The global financial crisis represents the ultimate stress test in risk management. In its aftermath, banks and other companies should review the performance of their risk management programs to determine what worked and what needs improvement.
In a previous article, I discussed the main lessons and fundamental requirements for enterprise risk management. (1) However, credit risk management has been--and will continue to be--the core competency for banking institutions. This article discusses the key lessons and requirements for sound credit risk management. As shown in Figure 1, the fundamental requirements for ERM can be applied to any risk function, including credit risk management.
Many observers have recently highlighted the Canadian banking system as the best-practice model. And indeed, Canadian banks demonstrated how sound credit risk management practices can withstand even the most challenging financial crisis. In its annual Global Competiveness Report, the World Economic Forum ranked Canada's financial system the soundest in the world (with a rating of 6.8 out of 7). And on his first trip to Ottawa as U.S. president, Barack Obama said, "Canada has shown itself to be a pretty good manager of the financial system and the economy in ways that we haven't always been."
The numbers support the accolades. While U.S. taxpayers have provided hundreds of billions of dollars in bailout money to 450 financial institutions, not one penny of bailout money has been given to Canada's 21 banks. Between early 2007 and early 2009, U.S. bank stocks dropped 80%, compared to a 40% decline in Canadian bank stocks. Clearly, Canadian banks have outperformed global banks over the longer term. Since 1999, the market value of Canada's major chartered banks increased about 85%, while the aggregate market capitalization of the top 50 international banks declined 26%.
[FIGURE 1 OMITTED]
Key Lessons Learned
Based on its research and client experiences with U.S. and Canadian banks, James Lam & Associates (JLA) has identified four key lessons learned with respect to credit risk management practices at commercial banks:
1. Governance structure and policies. Banks must establish an effective governance structure, including credit risk policies with explicit risk-tolerance levels. The fundamental issues include:
* Who (among the board and management committees, corporate and business units, and individuals) is responsible for making credit risk management decisions?
* Who is responsible for providing independent risk oversight?
* What are the policies and limits that provide guidelines and constraints for those decision makers?
2. Credit Analyses. Banks must develop credit analyses from the bottom up--by borrower and transaction, by industry and geographic region, and by country and portfolio segment. In addition, banks should ensure that their liquidity positions, credit reserves, and capital base can withstand severe market conditions by conducting rigorous stress testing.
Key issues include:
* How transaction-level and portfolio-level credit decisions are made with respect to analytical input.
* How data integrity is maintained with respect to borrower financial statements, covenant requirements, and other key documents.
* How reserve and capital adequacy should be assessed over an economic cycle.
3. Credit Risk Management. Banks must integrate their credit analyses into business decisions. Moreover, they should consider change management requirements when planning for major risk management initiatives. Key issues include:
* Which specific business decisions (for example, credit granting, pricing, risk transfer) will optimize the risk/ return profile of the credit portfolio?
* Which change management requirements (for example, training, communication, incentives) must be addressed to ensure organizational alignment? …