Monday, March 23, 2009
An excerpt from remarks by Richard G. Ketchum, Chairman & Chief Executive Officer, Remarks From the SIFMA Compliance & Legal Division's Annual Seminar:
Let's talk about risk management.
Several months ago on CNBC, John Gutfreund was asked about the leverage ratios employed by Solomon Brothers under his watch as the head of that organization. He replied that leverage ratios of eight to one gave him heart palpitations. Whatever the accuracy of that assertion, there is no question that leverage ratios rose to unsustainable heights and were rationalized under the banner of the more efficient use of capital. When the system is so leveraged and that leverage begins to unwind, then credit freezes, contract settlements cease, and no institution of any size in terms of revenue, cash flow or capital is safe—especially if that institution is dependent upon external sources of funding, which is the very nature of financial service institutions.
And, of course, it wasn't only leverage itself, but also the nature of the assets being leveraged. A certain amount of financial hubris set into the belief that modeling risk essentially crowded out, what people now term in various ways—as "black swans," "idiosyncratic risk" or "fat tails." Whatever term you may use, it is the consideration of what happens when that portion of risk at the tail end of the curve happens to manifest. We also now understand correlational risk as perhaps never before—the risk that if there is a two percent modeled risk of default in an asset, the occurrence of that event substantially causes the market in that entire asset class to cease to exist. It is ongoing in an ever more complex financial world.
In my short time in the industry, I participated in risk management exercises, and let me emphasize that I understand just how difficult that process is. But the painful lessons learned from the last 18 months cannot be forgotten. I will leave to the SEC and Fed to determine how leverage and capital requirements must be adjusted, but changes in the risk management process is equally important. First, scenario analyses need to be performed by independent risk managers that are not in love with the positions or the strategies. Second, scenarios must always evaluate cross-asset contagion risk. Third, the firm must react immediately when there are dramatic market and economic changes to reevaluate the exposures and maximum potential losses, with a careful appreciation of funding implications resulting from holding company exposures and careful concern as to how customers are being advised. And finally, this must be a task that is not delegated by the CEO and senior management of the broker-dealer no matter what the press of other business. Beyond each of these points, compliance must be an active participant in this process. The artificial border between risk management and compliance must end. No, you can't run the numbers, but your instincts and natural concerns regarding impacts on your customers are critical to effective risk management oversight.
Similar to risk management, there are critical lessons learned for the compliance function rising from the market collapse and credit crisis. The classic example of this, of course, is the auction rate securities market. Investors didn't lose money simply because of a compliance failure on the part of firms, but the impending scarcity of new buyers at auction was, at some point, not a real secret.
What is clear from the recent experience with auction rate securities is that every broker-dealer must understand the risk-reward quotient of products and that understanding must extend from the product originator to the furthest down-line firm marketing the product. Product review cannot be a static process and firms must understand when market forces render a change in the risks of a product at the earliest reasonable time.
If we've learned anything from the ARS episode, it's that senior management at firms must be involved in compliance. Compliance officers need to have access to senior leaders and there needs to be a genuine demonstration in responding to potential problems, investing in technology solutions and, most important, providing adequate staffing in the area of compliance.