by Clifford Rossi, Source Media

Despite thousands of pages of legislation and regulation aimed at addressing weaknesses in the banking industry that contributed to the financial crisis, there is no effective mechanism to ensure banks will adopt a strong risk management culture, governance and infrastructure consistent with their risk-taking.

The pricing of deposit insurance and the supervisory rating process known as Camels have missed the mark by focusing on metrics that mask underlying deficiencies in risk management, particularly during benign economic conditions. Tying deposit insurance premiums directly to the quality of a bank's risk management processes and controls would provide a strong financial incentive to banks to correct deficiencies in risk practices.

While we can debate the impact of such issues as "too big to fail" on the financial meltdown, at its core the industry and its regulators generally suffered from a lack of foresight in understanding the importance of risk management processes and controls to bank solvency. For example, a report by the Federal Deposit Insurance Corp.'s Inspector General in the aftermath of the Washington Mutual failure, noted that the Office of Thrift Supervision (merged now under the Office of the Comptroller of the Currency) gave WaMu the second highest Camels rating as late as December 2007 and its deposit insurance risk rating likewise remained relatively high during this period.

Since that time the FDIC overhauled its deposit insurance assessment process, issuing a final rulemaking in 2011. Although it expanded the use of risk-based deposit insurance pricing, it missed an opportunity to strengthen the linkage between premium levels and quality of risk management. Moreover, in determining how much a bank will be assessed for deposit insurance, it focuses on conventional, easy-to-quantify financial and risk performance metrics but fails to flag the quality of a bank's risk management processes other than via the "M," or management component of the Camels supervisory rating. (The acronym stands for capital adequacy; assets; management capability; earnings; liquidity; and sensitivity to market and interest rate risk.) Assessments for large banks (over $10 billion in assets) follow a scorecard exercise that takes into consideration such factors as Camels and Tier 1 capital ratios along with a host of other standard asset and credit quality metrics. The problem with this approach is that significant risk concentrations on the balance sheet in later years reflect a poor risk culture, a weak risk governance structure and/or underinvestment in risk infrastructure for the risks taken during the asset acquisition period. The deposit insurance scorecard used by FDIC at best underestimates the impact the quality of risk management has on a bank's condition. It perpetuates historically weak processes to evaluate the way risks are managed (which is different from focusing on outcomes).

The Federal Reserve Board and Office of the Comptroller of the Currency have undertaken various risk management assessment initiatives including the OCC's evaluation of risk practices at the largest national banks. However, these assessment processes, so far as can be understood, remain highly subjective and unable to consistently compare institutions across a set of risk-management quality indicators over time.