Re-evaluating risk appetite, a process to manage risk in times of stability or turmoil (page 1 of 2)

By David Samuels, Managing Director, S&P Valuation and Risk Strategies

Regulatory compliance is an important consideration for any financial institution - and with new leadership comes new oversight as we can see in Egypt. Indeed, land and agricultural deals worth several billions of dollars enacted under Hosni Mubarak's regime are being re-examined according to new criteria.

The lack of stability itself can have serious consequences for both banks and sovereigns. This is evident in Bahrain, where protests around the financial centre led to downgrades of Bahraini banks by credit rating agencies. Financial institutions continue to wait before reassessing the political and economic environment in the wake of the protests.

For these reasons, it is a good time for banks in the MENA region to re-examine their risk management practices. The financial crises beginning in 2007 prompted a similar response around the world. One risk management framework being re-evaluated within banks is 'risk appetite' - that is, how much risk banks are willing to assume in the course of doing everyday business. It is an approach to risk management that can ultimately quantify all types of risk to aid decision making at all levels and prepare banks for the kind of stress events witnessed in parts of the region recently.

Many would define risk appetite as a process to increase board oversight and provide stakeholders with risk transparency. These are reasonable goals, but linking a risk appetite program's goals to practical business decisions can be problematic in such a system - as can setting risk budgets.

In order to make the most of a strategy encompassing risk appetite, banks need to balance top-down and bottom-up planning and communication. This involves tackling a handful of challenges, but banks that are successful in this respect will be more effective at identifying business opportunities and potential pit falls.

Risk management, not risk control

The emphasis in any good risk management process is on anticipation and dialogue. However, setting risk appetite from the top down can often promote risk control and command instead.

This is problematic as risk and reward occupy a constantly shifting landscape - resulting in numerous downfalls for the unprepared as well as profitable opportunities for those who are. An example of overly rigid risk control can be found in a common current banking practice following crises, where business opportunities deemed too risky are written off. However, the risk/reward balance in areas that have recently suffered a crisis can be very healthy as the risks generally become more transparent.

Furthermore, this kind of approach may not effectively shield banks from problem areas arising from future crises, as their unpredictable nature ensures that the next crisis manifests itself in another business area and evades the risk management frameworks designed to limit it - for example, through a growth in contingent risks or risk contagion across markets. This kind of cyclicality should be avoided - not reinforced - by a well functioning risk appetite program.

Heterogeneity of metrics is key

The difficulties of comparing risk types, measuring enterprise-wide risk concentrations and estimating key risk correlations and interactions can cause problems for banks as they endeavour to define limits for each business and risk type - and make these limits add up to the board-approved risk appetite.

An answer to these problems can be found by expressing risk appetites through a carefully selected group of risk metrics designed to capture the multidimensional nature of risk and uncertainty in each of the bank's businesses.