Sunday, June 15, 2014

Risk Appetite: The pathway for profit.


INTRODUCTION

This fiscal, the whole nation started off with a bang. Election euphoria ended with the grand announcement of single largest party in majority ascending to power after a gap of over two decades. A cultural transformation started off with Narendra Modi bowing before the Parliamentary stairs in reverence. Then there was historical swearing in of the Prime Minister, the first ever in independent India with all the invited SARC countries representing their nations for that ceremony. Minimum government and maximum governance, bringing down inflation, policy stability and clean government are all promises held out. All the Secretaries to the Government have been asked to make a presentation to the Prime Minister the status of various projects, in case of delays causes for the delays, when and how they are likely to be completed and for such closure what plan of action is with them and what supports are needed. To me, it looked as though a new tough CEO is assuming charge of GoI Inc. The risks at the moment would appear to have been addressed up front: first, a change in the culture; second, outlook and third, outspokenness and fourth, firm on implementation agenda. Objectives would be set; strategies would be discussed by the various ministries; tracking and tracing mechanism would be put in place; stress tests would be applied; and accountability and visibility with real time monitors and reports would follow eventually. The PMO website appeared within minutes of the swearing in ceremony beamed by all the TV channels. The whole world watched the biggest democracy in full strength determined to change the destiny of India into a formidable political and economic power. Why am I starting my paper with all this known stuff? The reason: a weak financial sector and strong economy can hardly co-exist; and the biggest deficits of all, the TRUST DEFICIT is fast eroding.



GROWTH CONCERNS
Indian economy has clocked just 4.5-4.6 percent growth during 2013-14 with the projection of 6 percent for the next fiscal. IMF and the World Bank predicted a GDP growth of 3.2 percent in the current fiscal. The shadow of recession is still on. The quantitative easing impacting the emerging economies is bound to affect adversely. The solace is that even QE is receding if we were to go by the latest reports. Morgan Stanley in its latest assessment stresses the imperative of growth of healthy banking sector as a precondition for growth of the economy:
India can clock a growth of over 6.75 percent over the next ten years, meaning a $5trillion economy by 2025 if financial services can be an integral contributor, says Morgan Stanley.


"However, to fix the banking system and therefore to give economic growth the greatest chance of success, the new government will need to use that mandate to act decisively in the next few months and years. These are not going to be easy steps, but with the right policy choices from the government and prudent financial management from the banks, earnings growth averaging in the high teens is possible," the report says.

Still, there are concerns and concerns; Basel III demands on liquidity, stability and capital in the backdrop of not so encouraging enterprise risk culture among the corporate entities and SMEs and the banks still riding on short term resources’ basket to finance long term assets like infrastructure and housing, the rising NPA curve just to highlight the most essentials. Strange but true: for a month since the 15th General Elections were announced, markets were on ascendency. Sentiments prevailed over sensitivities. “Corporate boards and senior leaders face unprecedented challenges, including geopolitical threats, new laws, and increasing shareholder demands. To meet these challenges, organisations must successfully manage risk – including strategic risk, process-level risk, and regulatory risk.”


APPETITE AND GROWTH
Two reports of Deepak Kurup published in the Hindu on May 26, 2014 caught my eye. Mr Sachin Bansal, of the Flipkart acquiring the e-tailer Myntra.com for $330mn is all about the risk appetite and the way he worked for it. His appetite does not end: he is eyeing at Alibaba Group of China. Most Indian entrepreneurs are ‘focused and not obsessed, with eliminating risks.’ And as long as you do this, you will remain yet another small company. What made Sachin Bansal big? “Taking big decisions with little information at hand” made all the difference. Similarly, Snapdeal.com grew at a pace that surprised competition. Kunal Bahl, the CEO of the Company attributes the six-time growth of the company in the twelve month period that preceded, to the ’zero inventory model’ while e-commerce in India grew at 88 percent correspondingly (according to ASSOCHAM). The pure market place strategy is not regulator driven. According to him, “ a pure market place is not a regulatory structure. It is a philosophy that you want to offer equal opportunity to any business that wants to supply locally and sell nationally.” …”Market is ahead of us and not behind us.” He concludes his interview telling that technology, scale, size and ambition and the kind of growth trajectory are all driven by the Board.

Backed by FIIs, the rupee started on its ride although the forex balances are yet to gain that comfort level. Complacence has no place. The new Finance Minister made no bones while talking shop to the public sector banks on the rise in NPAs and the need to contain them. National Asset Management Company to silo the NPAs may be a beginning but does not really take off the risks nor would it create new appetite. Radical out of the box thinking may be necessary to move to profit curve on risk map.

RISK CULTURE
Banking basically is about people – whether customers, clients or staff. Money spills through these three categories with systems connecting them. Products are created to take money and give money.
Risk perceptions underwent a thorough change with the onset of recession in 2008 and its shadow is still hanging. While Banks in India and emerging economies in general have embraced the precautions set against the west-led recession in the financial sector, they did not indulge in the luxuries that enveloped those developed nations. The known unknowns – credit risk, and the unknown unknowns – market risk, are on the increase despite technology inroads reflected in core banking solutions, centralized processing platforms, video conferencing with clients, improved risk ‘governance’ claims on the part of banks and financing institutions. It is well known that financial sector is a haven of risk. Further to the acceptance and introduction of Basel Committee norms, risk management departments have been set up. RBI issued detailed guidelines. General Managers/Executive Directors have been kept in charge of the Risk Management Departments in Head Office. Risk Management Committees are part of the Board Management. But, ask any employee of the Branch of a Bank about Risk Management: you will still get a stock reply: “Oh! Risk Management is looked after by the Head Office. We submit whatever returns are required in this regard.” Here and there, some younger generation is attempting to pursue professional certification courses in risk management from IIBF, PRMIA or GARP. All the globally placed banks have moved to Advanced Approach to Risk management under Basel II and claim to be ready for Basel III. Yet, bulging NPAs, increasing cyber frauds, interest rate risks, forex risks, inflation risks, and retarding economic growth have been causes of great worry in 2011-14.

It is important that every employee in a bank understands that he is working in an institution that is exposed to risk everywhere. He or she has to be conscious that his or her neighbor is also a potential risk to the same degree as provider of a kinetic energy. In several branches of the banks or insurance companies, transfers take place periodically. Even within the branch, staff would keep changing the desks. Such shifts and transfers have potential to expose the lapses and reduce risks in the organization. If any employee does not apply for leave for a full year, he needs to be keenly watched for transactions handled by him and his personal accounts. Every employee’s personal accounts would need scrutiny to make sure that there are no abnormal credits or debits in his or her account. All these acts of vigilance contribute to developing risk culture.

Therefore, superior risk management demands that organizations must embrace risk culture in the first place. In a typical risk culture, people will do right things when risk policies and controls are in place. In good risk culture, people will do right things even when risk policies and controls are not in place. In a bad risk culture, people will not do right things regardless of risk policies and controls.
How do we foster risk culture? It can be done by encouraging open discussion on key risk areas identified by different business heads among their own teams and across the teams. It is not enough if the risk culture is promoted within the four walls of the financing institution. It also calls for encouraging Enterprise Risk Management in the client bases. The FI-client interface on ERM platform makes lot of sense for risky businesses churning profits at both ends on a win-win platform.
One would still ask: how do we ensure that risks turn healthier to result in profits? The first step is to understand risk/return in normal and abnormal markets. Second, profiling risk in all its facets and dimensions. Third, the banks should have clarity and deep understanding of the authorities and escalation processes. The whole objective should be not to eliminate risk but to manage it. “Our purpose should be not to eliminate risk, but to manage it, which we must do if want to prosper.” Madeleine Albright, Former US Secretary of State said. Banks must switch from defense-selling to offence-selling business strategies. Mere cost reduction through head count reduction may turn out to be counterproductive. Instead, focusing on customers to achieve competitive advantage with cloud computing and high tech tools could help optimizing returns. In January 2014, Sarah Todd a KPMG study put out in American Banking Journal highlighted this aspect.

Even according to BIS quarterly assessments, Indian financial sector gets good rating on compliance – regulatory compliance. Compliance is more a make-believe effort than intrinsic to integration with business growth. Every Bank has a Risk Management Department with a General Manager or even a Chief General Manager in charge, whose basic responsibility is to ensure compliance. Whether each product of the bank, in deposits or credit bears the stamp of risk analysis and review, is left to the concerned department. This simply brings us to the discussion of governance, risk and compliance as integral aspects of organizational enablement and empowerment in the risk assessment for product for earning profit.

GOVERNANCE, RISK AND COMPLIANCE (GRC)
GRC mapping deals with relationships between risks, controls, policies, requirements, assets, processes and other objects. Compliance basically deals not just with regulatory compliance but with corporate compliance, environmental compliance and social responsibility. Analysis of vast information is necessary for business decision makers, auditors, regulators and board of directors. This analysis in a way should track material risks, quantify risk costs and impacts. It also emphasizes the necessity to streamline documentation and process automation with a flexible risk framework. The Chief Risk Officer should in a way drive accountability and visibility with real-time monitors and reports in a non-threatening fashion.

CYBER SECURITY
Technology risks have been overwhelming and the discussion of operational risk mapping centering round people moved to technology with increase in cyber security dilemmas. The clients and the institutions dealing with those clients, payment and settlement platforms, private, public and civil institutions have all become digital. Security has become the choke point of business innovation. Large institutions lack facts and processes to make effective decisions on cyber security. Security controls actually reduce frontline productivity by slowing employees’ ability to share information.

CONCLUSION
The critical question: how does an institution generate risk appetite under such circumstances to generate profit? The seven tenets of McKinsey come in handy:
1. Provide information assets based on business risks;
2. Provide differentiated protection based on importance of assets;
3. Deeply integrate security into the technology environment to drive scalability;
4. Deploy active defenses to uncover attacks proactively;
5. Test continuously to improve incident response;
6. Enlist frontline personnel to help them understand the value of information assets and
7. Integrate cyber resistance into enterprise-wide risk management and governance process.
Adopting a granular approach would help. It is therefore necessary that the banks’ risk departments are helped to construct an assessment tool that assigned ratings to each component of the risk management process, starting with risk culture down to data quality and everything in between.
However, institutional reforms and governance reforms hold the key for creating the right appetite for risk. As long as Government of India, who acts both as owner and regulator calls the shots as to what the business the banks should do and how they should do – and this constitutes over 80 percent of total banking industry – profits thin down. Efficiency takes toll. P.J. Nayak committee Report on Governance reforms provides a road map for ushering in banking reforms to ensure growth with profit. Hopefully, the Government and the RBI would ere long take decisions in this regard.

*Text of the Address at the TACtics Conference of Tata Consultancy Services, Pune on 13.06.2014.