Most banks have Asset/Liability Committees (ALCOs). Most banks that have ALCOs have had them for many years—decades in some cases. Regulators look with favor on ALCOs.
But it is time to ask a heretical question: Are ALCO’s really necessary or even desirable in today’s environment? My answer is NO.
Why have ALCOs?
ALCOs come in many variations. But their main justification has been to have a place in the bank where all the risks on the consolidated balance sheet are viewed as one portfolio. ALCO is a place where the right people can exchange views on what the structure and risk profile of that portfolio should be.
Some ALCOs go further and make formal risk policies. Some go even further and make portfolio decisions. The people sitting on ALCOs varies but typically include the CEO, heads of major business lines, and other relevant C-Suite executives such as the CFO and CRO.
Sounds like a sensible thing to do, doesn’t it?
In the early years of ALCOs, it was a sensible thing to do. There was no other place where the portfolio risk view was being taken and because risk measurement methodologies and information systems were rudimentary at best. Because no one else was doing it or even knew how to do it, it made sense for senior management, sitting as group, to grapple with these highly ambiguous issues and hash things out as best they could.
Why ALCO is passé, but its mission isn’t
The problem with today’s ALCO is not the mission. It is that the mission should be assigned elsewhere. And that is to the people best equipped to make portfolio risk/return tradeoffs and who are held accountable for the results of their decisions.
Despite some successes along the way, ALCOs have been plagued with serious flaws that are inherent in a committee structure:
• Lack of accountability. Individual members are rarely held accountable for the actions (or the inaction) of the committee. There may be some mild collective embarrassment if things go wrong. But that’s about it.
• Lack of priority. Everyone on the committee has a real job elsewhere that demands their full attention. Even the most diligent members may spend no more than an hour or so going through the briefing materials before a meeting.
Once the meeting is over, follow-up is leisurely or non-existent—unless a member’s real job is in play.
• Lack of perspective. Risk-focused committees miss one half of the equation—which is prospective return. Successful risk management considers risk and return simultaneously and tries to find the best balance between them. In banks, prospective return is usually considered outside of ALCO—in the business lines, by the CFO, and in the corporate strategy process.
• Lack of agility. A committee that meets once a month cannot react quickly to events. Nettlesome issues have a way of being deferred to next month and then the next. Studies are commissioned that stall action and diffuse responsibility.
If a major crisis erupts, the legacy of past inaction and neglect is revealed, but too late.
• Lack of collective intelligence. Groupthink is the bane of committees everywhere. Smart people can make dumb committees. Perhaps the most spectacular example is the 1986 explosion of the space shuttle Challenger that killed all aboard. The post mortem made clear that a group of extremely smart people made a very bad decision to launch despite the well-founded warnings of some engineers that it was too dangerous to do so.
Groupthink is insidious because it may be invisible to those involved.
The warning signs include a reluctance to rock the boat by challenging company dogma or the preferences of a forceful leader; a lack of interest in the views of qualified outsiders; and a complacency that underplays or ignores emerging dangers—to name just a few.
Given these fatal flaws, we should not be surprised that there are so few stories singing the praises of ALCO’s that steered their banks clear of disaster in the financial crisis. The ALCO model has been tried for years and has come up short.
Time to move on.
Move on, then, to … what?
Banks no longer have to endure the serious flaws that beset the ALCO model because best practice risk management processes make ALCO unnecessary and undesirable.
Banks must move from a bureaucratic process to a business-driven process.
Today, enterprise risk management systems can gauge the nature and magnitude of risks at the consolidated level. Risks and P&L can be measured and tracked by business unit. Managers can be assigned direct authority and responsibility for managing the risks and returns of their business on a day-to-day basis. Those managers will have a direct and vital stake in the quality of their risk/return tradeoffs—they can’t pass the buck to someone else. The CFO and CRO can be watchdogs over the process and can be policy advisors to the business heads, the CEO, and the board.
In other words, ALCO’s former mission becomes the full-time, high-priority job of people:
• Skilled in managing the specific risks of their businesses.
• Able to act quickly to respond to events.
• Whose compensation and promotion depends on the risk-adjusted results they achieve.
We can now achieve accountability, priority, perspective, agility, and focused intelligence. A business-driven process can now replace a bureaucratic process.
But Dan, what about …
At this point, one might claim that the business-driven process outlined in the previous paragraphs did not work any better than the old ALCO model during the financial crisis.
It is true that many banks got into trouble despite the outward display of the trappings of “sophisticated” risk management systems.
However, I would argue that those banks did not even come close to implementing the business-driven process I am describing. Their presumed risk management prowess was an illusion. They had not, in fact, done the hard work necessary to harmonize the risk management process with the business management process.
Ultimately, I suggest that you forget ALCOs.
The burning question is how banks can do a better job of implementing an effective business-driven risk management discipline.
For some answers, see my prior blogs on the critical role of a strong risk culture.