How do we teach younger bankers about risk and performance issues today? I find that a longstanding management tool also helps accomplish this educational purpose. And it also points up a lesson that many bankers of all levels of experience still need to learn about risk.
UBPR—an underutilized essential
For the last several years I’ve led an on-line class on the analysis of bank performance. The principal source document of our efforts is each participant’s Uniform Bank Performance Report, a product of Call Report data published on a quarterly basis by the Federal Financial Institutions Examination Council.
The “UBPR” forms the basis for analysis of an internal nature (my bank this year compared to my bank last year, etc.) and of an external nature (my bank compared to a large group of peer banks).
Each performance metric is compared to a peer grouping’s metrics and a ranking against peer of percentile of ranking is calculated. So the analyst or reader knows how his bank is doing for up to five discrete periods (annually or quarterly). This facilitates trend analysis. But UBPRs also show how the bank performs compared to other banks with broadly similar market characteristics (size, number of branches, and the like).
I’ve been surprised over the years that the UBPR is not a more widely used tool. It has considerable analytical value. Yet some boards and managements rarely—if ever—explore it.
Performance as a facet of risk management
Participants in my classes have largely come from community banks, with a smattering of participants from among bank vendors. This activity over time has given me an insight into the thinking and attitudes of hundreds of community bankers.
As a consequence, I believe that the performance record of a bank can be understood as a measurement of risk present in key performance areas over time.
Understand, now, that the UBPR is not a window on all categories of risk.
Reputation risk, compliance risk, legal risk, and strategic risk are not showcased in the numbers. But credit risk, liquidity risk, capital risk and, to a degree, operational risk, are all on display in terms of the record of financial performance they have left behind.
My definition of a “high performance” bank is one that consistently performs among the upper risk performance percentiles, say, within the top quartiles, on a consistent basis. One doesn’t achieve a consistently strong ROE record with a high appetite for risk. Prudent risk taking diligently managed across a wide variety of activity and over a multi-year period of time is a necessary precondition to a high performance result.
My many years in banking have taught me that too many banks seem to operate with business models that periodically demand of them in a down year to give back all or most of the earnings of the pervious several years of the business cycle. Hopefully, there’s a better way.
Most all participants in my classes start out at least with a superficial understanding of how the various activities of a bank integrate into a story that is told in financial terms. Before long, though, they begin to see how such linkages exist and can be measured and analyzed on a cause-and-effect basis.
How risk arises
Sometimes risk is exacerbated by “small” thinking. Many smaller banks struggle with the necessary expenditures in systems to keep the bank on the competitive cutting edge. It’s a “poor boy” attitude and it tends to constrict horizons as well as long-term viability.
But there are often events that occur with disastrous consequences where the source may be traced back to the absence or failure of internal controls.
The crash of the Lufthansa airliner last month gave all managers a jolting reminder about less obvious risks in all of our businesses. The exposure arose from an unanticipated source. Perhaps one could argue that the cause was something that someone might have identified in advance, but it was not a “top of mind” concern.
How do bankers make the various risks we face (and undertake) more visible and imaginable in our own businesses?
Banking risks, and similarly risks for most businesses, generally present themselves in two basic ways.
First, they may arise from a performance lapse in one or more of the bank’s product lines or systems.
Second, they may arise from “Black Swan” events, those rare but extremely consequential events over which management has little or no control.
How many remember back several years when Southwest Airlines discovered that certain safety inspections were not being completed on the fuselages of their aircraft but a few rogue employees certified that they had been done?
The news was embarrassing for Southwest. But the fix was quickly accomplished and the incident all but forgotten since. Yet what if one of those planes had crashed and the investigation had discovered after the fact that records had been falsified, inspections not done, and the related omission had caused or contributed to the crash?
Something like that could have literally killed the company.
Controlling risks isn’t rocket science—but it is a science
There are two appropriate responses for today’s challenges. One is an aggressive commitment to internal controls and systems. Dodd-Frank can be understood, in part, this way. The other is a back-to-basics response to the training and proficiency of our staffs.
Credit people understand and appreciate the analytical discipline in the underwriting and management of credit. Probably most all-after-the-fact investigations into credit problems produce a single “blinding flash of the obvious.” Most of us work incessantly to anticipate and minimize such lapses.
We need to attend to the basics and pay close attention to all the little things that roll up into the numbers of revenue and expense. If we’re consistently doing that, then most areas of day-to-day risk are being taken care of on a real time basis.
Much of our risk management efforts will then have a solid basis of analytics to support and justify our activities to our boards and supervisory agencies. The trail leading us directly to these issues and their abatement or solution may be more evident than we are conditioned to think.
We can’t control the weather or the actions of our customers or competitors.
But we can manage our affairs in a sound and responsible way.
And we have the tools.