There are many ways a bank can lose money. Top of the list are credit and financial market losses but beneath, there’s a whole taxonomy of issues that industry insiders brand “operational risk.” These result from bad internal processes, people and systems or from external events.
Banks aren’t alone here, but because they look after the money, they are particularly exposed. The largest such loss so far this year happened at Saigon Commercial Joint Stock Bank in Vietnam, where a majority shareholder embezzled $12.5 billion, aided by board members and executives. Elsewhere, Canada’s Toronto-Dominion Bank paid $1.2 billion to resolve claims it enabled a Ponzi scheme perpetrated by Allen Stanford over 10 years ago, and Canadian Imperial Bank of Commerce paid $848 million following a contract dispute over loan repayments.
So prolific are these mishaps that Swiss research firm ORX keeps a database of them. Since it started compiling records 20 years ago, it has registered over a million such events across 105 banks, with total losses amounting to €592 billion ($640 billion). To date, 2023 has been relatively mild, although settlements often ramp up towards year end. In December last year, Wells Fargo & Co. and Danske Bank A/S each incurred penalties in excess of $1 billion following instances of consumer abuse and money laundering, respectively.
To mitigate against the risk, regulators insist banks maintain a capital cushion – one they are currently recalibrating. The idea emerged following a series of trading scandals in the 1990s, the biggest of which led to the downfall of Barings Bank. In 1998, the Basel Committee on Banking Supervision introduced the concept of operational risk while working on a new framework (Basel II) and proposed developing an explicit capital charge to cover it.
The problem is that it’s extremely difficult to measure, much less anticipate. Unlike credit and market risk, it’s hard to distill governance and control practices into a quantitative framework. Regulators outlined a crude model tied to gross income but allowed banks to fashion their own models as an alternative. JPMorgan Chase & Co. deployed a fancy tool called a Loss Distribution Approach, which simulates the frequency and severity of future operational risk loss projections based on historical data to estimate an aggregate one-year loss at a 99.9% confidence level. At the end of September, the model directed the group to allocate just over a quarter of its regulatory capital to operational risk, in addition to the 70% being allocated to credit risk and 5% to market risk.
Yet policymakers harbor reservations over internal models and new rules propose replacing them. “These models can present substantial uncertainty and volatility,” said Federal Reserve Vice Chair for Supervision Michael Barr in October. “In the agencies' proposal, the operational risk capital requirements would be standardized rather than modeled.”
The standardized version resurrects the Basel Committee’s original crude approach. It scales the capital charge by revenue, so the bigger you are, the higher the charge. Which makes some sense – higher volumes tend to be associated with higher operational losses. Yet while the rules cap the charge linked to net interest revenue, no such cap is afforded to fee income. So banks, such as Morgan Stanley, that derive a substantial share of revenue from fees are at a disadvantage.
“It makes no sense. I mean, that’s the bottom line," outgoing Morgan Stanley Chief Executive Officer James Gorman said at a Senate Banking Committee hearing earlier this month. “I've been at this a long time, I was on the New York Fed board for years, I’ve seen a lot of rules, some that make sense and it’s a question of how far you turn the dial. This doesn’t make sense.”
Nor do the new rules take into account diversification benefits across revenue streams. “Operational risk is…asinine,” JPMorgan CEO Jamie Dimon said at an investor conference in September. “Do you like diversification? I think diversification is a wonderful thing, but…operational risk is anti-diversification. In operational risk, are all revenues equally bad? Really? Honestly, I look at that, I think, who did that? What person, in what ivory tower, thinks that that is a rational thing to do?”
JPMorgan estimates that the rules will impose an incremental $30 billion capital surcharge on his bank. The industry-backed Bank Policy Institute estimates that overall, $172 billion of additional capital will have to be put aside. It observes that even during the global financial crisis, when operational risk blew out, losses remained less than 30% of the capital required under the new standardized approach.
US banks are especially hard hit not just because of their higher weighting to fee income, but because the Fed has gold-plated its rules. European bank ABN Amro Bank NV recently migrated to the standardized approach and its operational risk capital requirement jumped by just 3%. But in the US, the rules multiply the impact of a poor track record of operational-risk management without giving benefit for a good track record.
Not all policymakers agree that the shift makes sense. Dissenting from his colleagues, Fed governor Christopher Waller questions whether a separate bucket for operational losses is useful at all, arguing that, slower to manifest, they’re unlikely to emerge at the same time as credit and market losses. Indeed, this year’s Canadian bank penalties stem from failings that occurred in 2008 and 2009.
Bankers have until January 16 to comment on the Fed’s new approach, so they have the holiday period to sharpen their pencils. They will admit that operational risk is very real, but finding a model that captures potential embezzlement, consumer abuse and money laundering losses is no easy task.
A message from Advisor Perspectives and VettaFi: To learn more about this and other topics, check out our most recent white papers.
Bloomberg News provided this article. For more articles like this please visit
bloomberg.com.
Read more articles by Marc Rubinstein