Anticipating Future Needs – Horizon 3

As the FDIC moves over the next 18 months to implement the recommendations for Horizons 1 and 2, it also will need to consider the impact and implications of a possible future move to Horizon 3 – an environment in which risk to the deposit insurance system is not only monitored and measured in near real-time, but also managed in a more interactive, more fully-automated manner throughout the organization. The decision to move to such an environment will depend on the FDIC’s assessment of its future needs, and whether the benefits of an upgrade in risk management practices outweigh the costs to the Corporation and the deposit insurance system.

The kinds of potential benefits – individually or collectively – that the FDIC will need to consider include: enhanced institutional risk analysis; better knowledge management; enhanced public policy knowledge and positions; fuller understanding of risk-based pricing; better documentation; and a greater ability potentially to offload or hedge risks. The likely costs include substantial information technology (IT) expenses as well as organizational realignment considerations.

RECOMMENDATION 3.1 – ANNUALLY ASSESS WHETHER TO MOVE TO HORIZON 3

While the recommendations from Horizons 1 and 2 are being implemented, the FDIC will need to anticipate and assess its future risk management needs implied by an evolving deposit insurance environment. Specifically, the NRC, based on the advice of a cross-divisional team of managers and starting during Horizon 2, should annually assess the advisability and implications of moving to Horizon 3.

The Horizon 3 environment

Horizon 3 differs from Horizon 2 on three principal dimensions: the degree of system access and availability; the timeliness of underlying data; and the size and importance of the risk group in the organization. At Horizon 3:

• Risk systems are broadly accessible to individuals throughout the Corporation through a user-friendly interface – at desktops, in the field, on the road – and all risk models and inputs run on a single, fast IT platform

• Data is available real-time or near real-time through automated links to market and other information, producing more current risk analyses

• Risk analysis is the province of a dedicated risk management group comprised of half a dozen or more professionals and headed, potentially, by a Chief Risk Officer.

The potential benefits of moving to an integrated IT environment and investing in organizational and other changes contemplated in Horizon 3 are manifold. They include:

• Enhanced institutional risk analysis. In practice, Horizon 3 means an ability to deliver a broader set of customized reports in an interactive environment. A DSC professional, for example, could create customized dashboards for automated delivery by e-mail at any desired time frequency (e.g., daily, weekly, monthly). Or a DSC supervisor interested in targeting institutions for greater scrutiny could use the FDIC’s intranet to produce a list institutions satisfying a particular query, e.g., all institutions rated below CAMELS 2 in the North East that have been downgraded in the past 3 years and have expected probabilities of failure exceeding 5 percent. The ability to do “what if” scenario analysis would become more interactive and available on-demand (e.g., if a question were to arise at the RAC about the impact on the BIF of increased failure rates among institutions rated CAMELS 4 or higher, the analysis could be run in real time and presented at the meeting).

• Better knowledge management. The reduced barriers to information distribution²⁴ and the rapid, customized reports in an integrated Horizon 3 environment are likely to yield new insights into risk that will aid in the prevention potential problems before they occur. Improved insights will allow FDIC and other regulators to intervene in troubled institutions earlier, propose new and innovative solutions, and become more efficient in resource allocation and planning. Improved abilities in risk management will also better equip the FDIC to detect and respond to poor risk management practices at insured banks.Enhanced public policy advocacy. Arguably, at this stage the FDIC would understand risks in the domestic banking system in a unique and superior way relative to other industry participants and observers. Distinctive expertise would enhance the FDIC’s leadership in public policy discussions directly affecting risk management in the banking sector in general and insured institutions in particular.

• Fuller understanding of risk-based pricing. With a Horizon 3 infrastructure, the FDIC could not only allocate reserves internally on an individual institution basis – a distinct advantage as the FDIC moves to more targeted risk-based pricing in the future – but also measure the impact of emerging risks on these reserves (e.g., expressed as changes in the correlation structures). As a result, the new capability would allow true risk-based underwriting and pricing on an institution-by-institution basis; e.g., a bank could be charged its marginal contribution to the FDIC’s expected loss.²⁵

• Better documentation. The substantial IT investments required of Horizon 3 offer an important ancillary benefit favored by financial regulators: a well-documented audit trail. If the FDIC or an outside auditor wishes to understand, for whatever reason, the FDIC’s risk profile as of a particular date in the past, that day can be easily “recreated” in a virtual setting.

• Potential ability to offload risk. An advanced risk management structure will put the FDIC in a position to consider potential strategies to offload risk, including through hedging or reinsurance. To that end, Horizon 3 provides the requisite ability to measure and report risk in hedgeable components (e.g., interest rate risk, credit risk), with additional detail down to the individual institution level (e.g., exposure on a per bank and tenor basis with estimated costs of hedging). Any decision of the FDIC regarding hedging should be considered carefully, as all hedges include some element of risk. Additionally, since the FDIC’s credit exposure relates in some cases to institutions it oversees as the primary federal regulator, great care would need to be taken in setting hedging policy to avoid compromising FDIC’s statutory duties as insurer and regulator.²⁶ While these and other substantial obstacles must be overcome to develop a legitimate hedging capability, an investment in Horizon 3 will at a minimum provide an option value in this respect.

The current information technology (IT) infrastructure, and the likely infrastructure over the next 12 to 18 months, is characterized by a patchwork of computer programs, desktop spreadsheets, and individual analyses prepared by different researchers. This environment is conducive to exploring research issues and developing prototypes quickly, but it is neither automated nor user friendly, and it is not sufficiently flexible to support a Horizon 3 capability, even with the Horizon 2 modifications.

A move to Horizon 3 will require a substantial investment in IT infrastructure. Specifically, FDIC would be well advised to migrate all operational risk models from DIR onto an integrated IT platform accessible throughout the organization. Models under development would continue to be built and tested separately. Exhibit 3-1 provides an illustration of a sample well-functioning IT architecture in Horizon 3, including the manner in which data inputs might feed into the models on an automated basis to produce reports and analyses. In this type of environment, a single programming language standard (e.g., C++) should be employed, perhaps using a commercial risk management platform (e.g., Risk Vision, Summit, Sungard) as a core.²⁷ Input and output data should be stored in a relational database (e.g., Oracle, Sybase) that continuously tracks inputs and outputs and creates an audit trail. Any of the potential hedging strategies described above will require further investments in systems and procedures to properly track and monitor performance.

Exhibit 3-1

RISK MODEL ARCHITECTURE AND METHODOLOGY AT HORIZON 3

D * Asset and Liability Management Source: Team analysis

The transition to Horizon 3 may additionally require a substantial reorientation or reorganization of the existing risk management organization. Typically a dedicated risk group of perhaps a half dozen professionals headed by a Chief Risk Officer would be assembled to handle the increased workload, which would include not only cutting edge analyses and ongoing synthesis, but also an orchestration of efforts to instill a risk management culture within the organization. If a hedging capability were developed, an individual with capital markets experience would be necessary to assist with evaluation and execution.