Interview: US Treasury CRO on credit risk, Tarp and cyber threats

Ken Phelan stresses importance of credit risk management in key Treasury role

phelan-treasury-web
Ken Phelan works out of US Treasury offices in Washington, DC

Ken Phelan stresses importance of credit risk management in key Treasury role

Eight years ago, the aftermath of the financial crisis saw the US Treasury Department thrust into the role of America's 'bad bank'. The Troubled Asset Relief Program (Tarp) left the government with over $450 billion of investments in distressed financial institutions, auto companies and mortgage loans. The Housing and Economic Recovery Act (Hera) added another $340 billion of loans and financial support to the housing sector on to the balance sheet.

As senior government officials analysed these exposures, they realised the Treasury – like any other bank, good or bad – needed a chief risk officer. It took five years to fill the position. Ken Phelan, a veteran risk manager with a track record as a problem-solver at troubled lenders, joined the US Department of the Treasury in November 2014 as its first CRO.

Phelan understands the post-crisis relationship between government and the financial sector better than most. After cutting his teeth at First Boston and Swiss Bank, he worked with Jamie Dimon at Bank One and JP Morgan, where he held various risk roles over eight years.

When the financial system began to unravel in 2008, Phelan embarked on a tour of crisis-hit organisations. He was appointed CRO of Wachovia after former US Treasury undersecretary Bob Steel was brought in to run the troubled bank in mid-2008. A few months later, Wachovia was sold to Wells Fargo, and Phelan moved on to Fannie Mae, which was already in conservatorship. After two years as CRO of Fannie, he spent three years as CRO for the Americas at Royal Bank of Scotland – which was itself bailed out by the UK government in 2008 – before taking on his current role in 2014.

By that point, the US Treasury had already recouped the vast majority of its Tarp expenditures, with interest.

"Tarp is down to less than $700 million from over $450 billion," says Phelan. "That being said, it is important that we manage the remainder of this programme well as it winds down."

With the Treasury's credit exposure to the private sector at manageable levels, Phelan's focus shifted to operational and enterprise risks. Although many at the Treasury had banking experience and were familiar with enterprise risk management, it was a new concept for others.

Tarp has returned more than was lent but the real value is a more stable financial sector
Ken Phelan, US Treasury

Phelan spent his first month at the Treasury meeting with colleagues at all levels of the organisation to set out a vision for his Office of Risk Management. Working in collaboration with other officials at other federal agencies, he led the development of an enterprise risk management 'playbook' for the US government, which was formally adopted in July 2016. "This effort is helping to build a government-wide community of practice," says Phelan.

Tackling operational risk within government is another priority for Phelan. The spectre of operational failure reared its head in February of this year, when a Treasury bond auction was postponed due to a systems issue.

"We take this incredibly seriously, and [we will] get to the root cause of any problems that arise so we can learn and prevent future issues," says Phelan. "Payments, collections and auctions are critical systems for the government, and we need to make sure they work properly."

Though enterprise and operational risk management are important concerns, Phelan has not forgotten why the Treasury felt the need to appoint a CRO in the first place. Phelan is using his position – which he stresses is non-political – as a bully pulpit to advocate for better credit risk management both within and outside government.

"It is important to understand the benefits and pitfalls of credit risk," he says. "One thing we learned during the crisis is that although credit can be economically empowering for an individual or family, too much debt is economically debilitating to them. Trying to better understand and define that line is crucial in credit programmes."

In an interview with Risk.net at his office at the Treasury building in Washington, DC, in halls once stalked by Alexander Hamilton and Walt Whitman, Phelan discusses how he came to be the US Treasury's first CRO, his formative experiences as a risk officer in commercial banking, and the challenges of managing risk at the sprawling array of bureaus and programmes that comprise the Department of the Treasury.

How did you end up becoming the Treasury Department's first chief risk officer?

Ken Phelan: During the financial crisis, Treasury was asked to administer a number of high profile and high dollar programmes including the Troubled Asset Relief Program, or Tarp, which infused more than $450 billion into financial institutions, and the Housing and Economic Recovery Act, or Hera, which brought Fannie Mae and Freddie Mac into conservatorship and provided $340 billion in loans and other financing to support the government-sponsored enterprises (GSEs) and housing sector.

The Small Business Jobs Act and the American Recovery and Reinvestment Act further expanded Treasury's credit footprint. Given these large exposures, senior Treasury officials decided to establish a more formal credit risk management effort. From those early discussions, it became clear that the role should be larger than credit and include an enterprise-wide view of risk headed by a CRO.

Treasury held a roundtable of risk professionals from banking, insurance, consulting and academia to get their views of a Treasury enterprise risk management (ERM) programme and the role of the CRO. I attended that meeting where we were told that an open [recruitment process] would be starting shortly. I threw my hat in the ring and got the role.

In what ways is risk management in the private sector different from the public sector?

KP: Perhaps the biggest difference is with respect to risk appetite. When you talk about risk appetite on the private side, it typically has a dollar sign associated with it. 'This is how much I'm willing to lose in the quarter.' On the public side, risk appetite is not so straightforward. Instead of a short-term risk of loss for the shareholder, it has to be viewed as the long-term risk and benefit to the taxpayer. Tarp is a great example. We made those investments in a dislocated market to protect the broader economy from the fallout of the potential failure of those institutions. From an investment perspective, Tarp has returned more than was lent but the real value is a more stable financial sector that then supports economic growth.

Although there are some differences in risk management in the public versus the private sector, the principles of risk management are similar. On the private side, the business owns the risk. You might have a risk management area, but the business still owns, articulates and manages the risk. That translates well to a public-side programme manager, where the manager needs to similarly understand, articulate and manage the risks in their programmes. Transparency, being open about your risks, is another principle of risk management important on both the private and public side.

Another principle that I always mention is the importance of diversity. In risk management, you want to have different people with different experiences sitting around a table looking at an issue from different angles. Having diversity of thought is enhanced by having diversity of people.

Can you give me some examples of the credit risks the Treasury faces?

KP: While strengthening the management of credit risk was one of the main goals of creating the CRO role at Treasury, the current exposure is nothing compared to what it was at the height of the crisis. For example, Tarp is down to less than $700 million from over $450 billion. That being said, it is important that we manage the remainder of this programme well as it winds down.

Another example of a credit program at Treasury is the Community Development Financial Institutions Fund (CDFI Fund) Bond Guarantee Program, which as of last month, has made available long-term loans in excess of $1 billion to institutions serving low income populations. Like the private side, we set up a credit review board which I serve on, to approve these extensions of credit.

To what extent is credit risk a factor in public policy discussions, such as government-backed mortgages?

KP: A number of government agencies are involved in housing policy and government-backed mortgages. The Department of Housing and Urban Development is the lead government agency for housing policy and Federal Housing Finance Agency serves as the conservator for the GSEs. Under the Tarp programme, Treasury is very involved in mortgage modification and other issues related to the crisis.

From my own perspective, I think it is important to understand the benefits and pitfalls of credit risk. One thing we learned during the crisis is that although credit can be economically empowering for an individual or family, too much debt is economically debilitating to them. Trying to better understand and define that line is crucial in credit programmes.

The new Current Expected Credit Loss accounting standard requires banks to book expected credit losses from day one. Is there a comparable standard for the Federal government?

KP: The Federal government already does that. Since 1990, under the Federal Credit Reform Act, the expected lifetime loss of a credit exposure hits the budget in the year the loan or guarantee is made. It's a fairly sophisticated methodology overseen by the Office of Management and Budget (OMB) that calculates expected loss over the lifetime of the loan, assuming cycles and stresses.

What operational risks does Treasury encounter in carrying out its mission?

KP: Treasury has a broad and diverse mission that includes managing the government's finances – making payments, collecting taxes, and running bond auctions – producing currency, combatting money laundering and financial crimes, using financial tools in the fight against terrorism in addition to supporting economic development and increased opportunity. All of these have significant operational risk.

Payments, collections and auctions are critical systems for the government, and we need to make sure they work properly. The Treasury's Bureau of the Fiscal Service manages a daily cashflow of $89 billion and accounts for the federal government's debt of more than $19.5 trillion. It produces daily and monthly Treasury statements, the monthly statement of the public debt, and the financial report of the US government.

In fiscal year 2015, we disbursed over $3.2 trillion in federal payments, such as social security, veterans payments and income tax refunds. We have the largest government funds collection with more than 10,000 financial institutions and almost $4 trillion collected in fiscal 2015. We do the accounting to determine the debt ceiling, so we keep track of the general ledger. We have systems for all of those.

Is it realistic to expect zero-defect systems?

KP: No system is perfect. When someone says all risks are covered, red flags should go up. What you need to do is to build as many backups as possible into the process so that if one system fails, there is an ability to switch over and, if necessary, have a delay and not a fail. As an example, we had one instance in February where, due to a system issue, we needed to postpone a Treasury bond auction by one day. We take this incredibly seriously, and [we will] get to the root cause of any problems that arise so we can learn and prevent future issues.

What's your view of cyber risk, and what steps are you taking to manage it?

KP: Cyber is a huge and growing risk. Treasury serves as the day-to-day federal interface and co-ordinating agency for cyber security in the financial services industry. We know the financial services sector, its operations and interconnectedness, and its cyber-related risks to the homeland security, law enforcement, and intelligence communities.

In my previous risk management experience, cyber was something for the IT department. More and more, for CROs, cyber is what makes you lose sleep at night. On our own and as part of a larger White House effort, we have spent a great deal of time and effort reviewing and updating our systems, and the administration has put forth the National Action Plan on Cybersecurity to increase awareness and protections.

How are you working with your peers at other federal agencies to develop enterprise risk management?

KP: I probably spend a quarter of my time helping other agencies build out risk management functions. If you think of OMB as the CFO/COO of government, it sets the financial and management ground rules for government agencies. They do this via Circulars. The government's equivalent of Sarbanes-Oxley requiring internal controls is OMB Circular A-123. This year, OMB revised A-123 to require enterprise risk management. I helped lead a multi-agency effort of over 20 agencies, to write an ERM 'playbook' of how government agencies should do that. This effort is helping to build a government-wide community of practice.

How did you get into risk management?

KP: I came to Treasury after 25 years on the private side. I trained as a lawyer but went right into sales and trading. I was doing asset-backed securities and mortgages for First Boston, now Credit Suisse, and after 10 years, I switched to Swiss Bank, now UBS, to help run a bond portfolio. They brought a loan book down to the trading floor and I was asked to help manage it. Because it involved loans rather than bonds, that became risk management. I've been doing risk management ever since.

I joined Bank One a year after Jamie Dimon arrived. I was in a number of different risk roles there and at JP Morgan after the merger for a total of about eight years. Then, in the middle of the crisis, I became CRO under Bob Steele at Wachovia. It was a difficult time for the institution and we ended up being sold to Wells Fargo after an earlier potential sale to Citi.

At that time, Fannie Mae was put into conservatorship and I joined as their new CRO, where I stayed for two years. Prior to coming here I spent three years at RBS as the CRO for the Americas.

How would you assess your experience at the Treasury from a personal and professional standpoint?

KP: In designing this role, Treasury made this a non-political position to provide continuity as administrations change. When I became CRO, I promised to stay at least a year into the new administration. This has been a fabulous experience. Treasury is a special place. My colleagues are incredible – as smart and hardworking as anyone I've worked with on Wall Street. I feel honoured to come to work each day. I can see myself staying longer.

Only users who have a paid subscription or are part of a corporate subscription are able to print or copy content.

To access these options, along with all other subscription benefits, please contact info@risk.net or view our subscription options here: http://subscriptions.risk.net/subscribe

You are currently unable to copy this content. Please contact info@risk.net to find out more.

Credit risk & modelling – Special report 2021

This Risk special report provides an insight on the challenges facing banks in measuring and mitigating credit risk in the current environment, and the strategies they are deploying to adapt to a more stringent regulatory approach.

The wild world of credit models

The Covid-19 pandemic has induced a kind of schizophrenia in loan-loss models. When the pandemic hit, banks overprovisioned for credit losses on the assumption that the economy would head south. But when government stimulus packages put wads of cash in…

You need to sign in to use this feature. If you don’t have a Risk.net account, please register for a trial.

Sign in
You are currently on corporate access.

To use this feature you will need an individual account. If you have one already please sign in.

Sign in.

Alternatively you can request an individual account here