Memo to bank CEOs: treat op risk with more respect

High-profile critics of op risk capital rules are misguided, say Ariane Chapelle and Evan Sekeris

Roof framework
A framework for the future: op risk capital must be preserved

This article is the first in a series of two. The second, to be published next week, will focus on operational risk modelling.

Recent criticism of the operational risk capital framework by two senior figures in the banking industry – Peter Sands, the former chief executive of Standard Chartered, and Jamie Dimon, chief executive and chairman of JP Morgan – has sparked much debate in the banking and regulatory community in recent weeks.

The comments were made at a watershed moment for the industry, with the revised op risk capital framework stymied by transatlantic regulatory (or perhaps, de-regulatory) politics, and seemingly increasingly unlikely to be agreed upon, let alone implemented. Dimon’s comments were even picked up by the wider financial press – a rare instance of operational risk being mentioned in mainstream media.

While some of the criticisms certainly have merit and deserve further debate, we fundamentally disagree with many of the arguments made by Sands and Dimon. Both critiques contain fallacies which are regularly made in arguments against op risk capital, and we believe both, as such, are fundamentally flawed.

Both Dimon and Sands expressed their strong reservations against, if not outright opposition to, the idea of holding dedicated operational risk regulatory capital. Dimon, in his annual letter to shareholders, took a more aggressive stance against the need for op risk capital, arguing it should be “significantly modified if not eliminated”. Sands and his co-authors offered a more nuanced criticism, but still called for the current risk-weighted assets approach to be scrapped, and alternatives explored.

Definitions of risk

In our opinion, there are two core misunderstandings about operational risk capital behind Dimon and Sands’ positions: that operational risk is a different class of risk, with no risk/return trade-offs, and thus doesn’t require dedicated capital; and that operational risk capital and sound risk management are substitutes for each other, rather than complementary.

Taking the first of those, Sands and co-authors state: “The regulatory approach to operational risk must recognise that banks do not approach operational risk in the same way as credit and market risk. Banks willingly take on credit and market risks to generate a return.”

It is true that the risk/return trade-off for op risk is not as strong as it is in credit and market risk – but it undeniably exists. Certain activities banks engage in are inherently riskier than others, and their choice of activities exposes banks to different levels of risk. Arguably, the fee-based revenues generated by banks can be seen, in part, as the remuneration for operational risk exposure, since these revenues are not exclusively driven by credit or market risk activities; they are also remunerating banking processes and operations.

Sands and his fellow authors argue that credit and market risk are choices, while operational risk is something that is endured. This hard-lived conceptual flaw about operational risk is one of the fundamental reasons why the operational risk discipline is misunderstood and mistreated by the financial industry.

Only banks and insurance companies make a distinction between financial risk and non-financial risk – with a not-so-subtle contempt for non-financial risks

The belief that op risk is not subject to a risk/return trade-off gives rise to statements such as the following from Dimon: “Operational risk capital should be significantly modified, if not eliminated. No one could credibly argue that there is no such thing as operational risk, separate and distinct from credit and market risk. All businesses have operational risk […] but almost all businesses successfully manage it through their operating earnings and general resources.”

The core message in Dimon’s statement is that operational risk is not really a risk, but a cost of doing business which can be controlled and budgeted for. If this were true, then the collapse of Barings Bank would never have happened. Operational risk can result in catastrophic losses that cannot necessarily be absorbed by operating earnings and general resources – hence the need for a buffer in the form of capital.

Dimon’s reference to “all businesses” is interesting; industrial corporates typically hold more capital than banks, with an equity/debt ratio of 66% compared to 40% in US financial companies. Non-financial companies do retain capital to cover for operational risk, even though they are not typically required by regulators to do so; it is often, indeed, their entire capital base.

Drawing a distinction

There is certainly no rationale for a reduction of op risk capital, let alone its elimination. In industrial companies, operational risk management is simply called risk management. Only banks and insurance companies make a distinction between financial risk and non-financial risk – with a not-so-subtle contempt for non-financial risks. This artificial distinction in the financial sector between risk categories is increasingly detrimental to the risk management discipline.

We argue that it is time to stop relegating op risk to a side discipline, a regulatory annoyance or an operational burden. Disney and McDonald’s do not neglect operational risk; arguably, this is a core part of their success and longevity. Banks could stand to learn from this.

Furthermore, Dimon’s argument could be made about credit or market risk. In normal times, losses in these portfolios are absorbed through operating earnings and general resources – but in rare instances, the economic environment deteriorates to the point of jeopardising the viability of certain banks. Capital exists to protect banks in these situations.

Just like market and credit risk, operational risk can be increased, for instance by relaxing internal controls; it can be reduced through automation and better planning; or avoided, at least in part, by buying insurance. Just like market and credit risk, it cannot be completely eliminated, and this is why all firms, not only banks, need capital to protect from unexpected outcomes, just as households need precautionary savings.

Ultimately, this debate is about the optimal level of risk-taking by banks, and the negative externalities that result from a bank failure – what some would call the domino effect. These are not taken into account by individual managers within banks when they choose their level of risk. Regulatory capital exists to mitigate risk-taking by banks that could negatively impact the economy, and is unique to the financial industry because of its critical role in an economy and the potential repercussions on growth stemming from a bank failure.

Ariane Chapelle is honorary reader in operational risk at University College London and the director of Chapelle Consulting, a UK-based risk management advisory firm.

Evan Sekeris is a partner in the financial services practice of Oliver Wyman, based in Washington, DC. His areas of focus are operational risk, stress testing and model risk management.

  • LinkedIn  
  • Save this article
  • Print this page