Bank of the year: US Bank

Operational Risk Awards 2017: Commitment to op risk management has paid off with solid financial results and balance sheet strength

OpRisk Awards 2017
Jodi Richard, US Bank

Operational Risk Awards 2017: Commitment to op risk management has paid off with solid financial results and balance sheet strength

More often than not, banks singled out for making strides in operational risk management practices – be it overhauling governance, shoring up frameworks or bolstering controls – are doing so after recovering from an all-too-public exposure of previous failings. That certainly doesn’t apply to this year’s winner, US Bank.

Best-in-class op risk management is key to the Minneapolis-based bank’s proud record of strong financial results, including multi-year double-digit returns on equity – a gauge of financial strength many of its larger peers can only dream of. The op risk management team is treated by the bank’s board as an integral contributor to its sound balance sheet – not least thanks to its ability to avoid costly missteps which have befallen so many of its rivals, and its ability to deliver consistent financial returns, says Jodi Richard, chief operational risk officer.

“In order to deliver consistent financial results, you have to have sound risk management programmes, in order to prevent surprises and one-off hits to the balance sheet. We’ve delivered that through the crisis not just in terms of credit risk, but also op risk too. We have some of the lowest op risk losses in our peer group, and that’s driven by lower regulatory legal fines and settlements. We’ve never had the billion-dollar loss events that some other large US-based banks have. Because of that, we’ve kept our losses down, which contributes to our earnings, but it also helps support our capital position,” says Richard.

US Bank is unlikely to shed any tears if the Basel Committee proceeds with its ultimate aim of scrapping the advanced measurement approach (AMA) to modelling op risk capital requirements. Again, this is a function of its relatively unique loss profile, which is not skewed by the need to set aside large amounts of capital to cover large historical losses such as whopping fines for foreign exchange or interest rate benchmark rigging, or frauds such as the so-called ‘ghost account’ scandal which saw rival Wells Fargo penalised late last year.

OpRisk Awards 2017
The US Bank team

But the fact that many of its peers do have such events in their loss history means that, under the current calibration of the AMA, US Bank is obliged to set aside capital to cover the sins of others, lest they befall it too. If the latest draft of the current standardised measurement approach (SMA) is translated into final policy and implemented by national regulators, supervisors will have the discretion to allow banks to ignore historical losses – a function many in the industry, Jamie Dimon among them, are strongly in favour of.

“We’re obviously interested in where Basel is going on op risk capital reform. The AMA can be somewhat confusing and backward looking as it relies on historical data; it’s often hard to explain to management why capital is changing when nothing changed within the company, as losses in our model incorporate external data. So we are often saying, ‘well, our capital went up this month because Bank X suffered a large loss that is new to the dataset’. External events are often indicators of potential risk; things that could happen in your own institution. We understand the concept, but we’re very much looking forward to seeing what changes Basel has planned.”

Despite the quirks of the AMA, many in the industry believe the practice of op risk modelling has brought increased rigour to other facets of the risk management framework, such as completing in-house risk and control self-assessment (RCSA) exercises, as well as informing responses to the Federal Reserve’s annual Comprehensive Capital Analysis and Review process.

Richard – who joined the bank in 2014 after spending more than a decade at HSBC, latterly as the bank’s North America head of op risk – sees many of these processes evolving and informing one another as part of a broader evolution of the op risk discipline.

“Over the last three years, we’ve worked to build our op risk function into a holistic management programme – our risk taxonomy, RCSAs, scenario analysis, risk appetite key indicators – and linking all of that to the business. This was the first year we used our scenario analysis process to drive a large portion of our operational risk loss stress estimate. So, for example, if we identified material risks through the RCSA framework, we used our scenarios tied to those risks in the stress-testing process. We have also leveraged our stress-testing results to help set our risk appetite thresholds for operational risk losses. If we experience losses above that stress amount, it tells us that we’re operating outside our risk appetite. Our entire op risk framework is integrated in how we identify and manage risk.”

Going forward, Richard cites the importance of applying what has proved a highly successful formula to emerging risks – as well as remaining vigilant against known ones.

“Our core framework is sound; going forward, it’s about transferring those programmes and tools and aligning them to all of our programmes across the bank. We’re very focused on building out our second line technology risk oversight processes; for cyber risk, data protection, data governance and disaster recovery – as well as adapting our programme to take account of the fast pace of digital change. For instance, how can we come up with fast-track processes for new vendors or new products that still allows us to manage and mitigate the risk and respond to these needs?”

Only users who have a paid subscription or are part of a corporate subscription are able to print or copy content.

To access these options, along with all other subscription benefits, please contact info@risk.net or view our subscription options here: http://subscriptions.risk.net/subscribe

You are currently unable to copy this content. Please contact info@risk.net to find out more.

You need to sign in to use this feature. If you don’t have a Risk.net account, please register for a trial.

Sign in
You are currently on corporate access.

To use this feature you will need an individual account. If you have one already please sign in.

Sign in.

Alternatively you can request an individual account here