The German bank, giving a profit warning ahead of its annual results on August 2, said that it had a lower capital ratio, because of “new external events factored in by external databases representing industry-wide damage claims of banks”.
In other words, Commerzbank’s operational risk measurements, done in scrupulous, objective fashion, actually reflect the background risk that other banks have damages claims. Commerzbank, however well-managed it may be, can do nothing about this.
From an actuary’s perspective (operational risk and insurance share a common set of assumptions and methodologies) this probably makes some sort of sense, but a bank’s capital ratios are meant, in theory, to reflect its own choices and business model.
Just as a young driver passing their 26th birthday does not automatically become safer (though their insurance premium goes down) having a capital ratio dependent on the actions of other institutions leads to the strangest of effects.
The damage claims of other banks may limit payments to Commerzbank’s shareholders and employees. They weaken Commerzbank for future stress tests, and may affect its suitability as a counterparty.
This is how we got into this mess.
Basel II, the sophisticated, multi-level, model-heavy update to Basel I, split a bank’s assets into three types: credit risk (will assets default?), market risk (will assets change in value?), and operational risk (will the bank screw anything else up?).
Add them up, divide by the amount of capital, and you have the capital ratio — the single, deceptively simple number that purports to tell investors about the health of a bank.
Of course, only the first two categories relate to actual assets that show up in a bank’s accounts. Operational risk assets are a total fiction. Even more so than bank accounts.
Because Basel II was designed around using risk-weighted assets to measure bank risk, operational risk was fed into the formula by creating an imaginary set of risk-weighted assets, usually around 10% of a bank’s total.
Having created imaginary assets, you then have to measure them, and in line with the other elements of Basel II, the basic idea was to use modelling and formulae. Some operational risks would be weighted using standard formulae, others would be measured by banks themselves. Which allows certain innovative structurers to try selling the risk on.
Pause a moment to ponder this. The risk of a bank’s systems being hacked, of its servers going down, of its cash machines glitching, of a rogue trader losing billions, or of mis-selling, is expressed as imaginary assets.
From the point of view of the all-important CET1 ratio, these risks are no different than, say, the risk that a leveraged loan will default. RWAs are RWAs.
Since the crisis, the basic ideas of risk-weights and ratios have been tweaked a little. A leverage ratio has been added, and so have different ways to calculate the capital. Wise investors now look at CET1, Tier 1, and total capital, as well as considering the combined buffer, SREP capital (in the EU), Pillar 2A and 2B (in the UK), TLAC, PLAC and ALAC. Banks are facing limits on their flexibility in calculating operational risk.
But the basic idea of operational risk has not. It still generates imaginary assets, according to formulae. Hence Commerzbank’s difficulty. There must be a sensible and conservative formula to calculate operational risk.This must be tied to the actuarial risk of insuring a bank against its own errors, and so the bank’s capital ratios are beholden to screw-ups at other institutions.
It’s too late to change it, but far better would be to recognise that operational risk is a genuinely different class of problem. The US Federal Reserve’s stress tests, the CCAR process, do this successfully in that banks can fail for quantitative and qualitative reasons.
Deutsche Bank’s US subsidiary, for example, is now bomb-proof. Under the Fed’s stressed scenario, it comes out with more than 30% CET1. But it failed the tests, because it could not satisfy the Fed over its risk management, control, processes and data.
Now that supervisors are so much more intrusive, and have far more access to a bank’s systems and decision making than before the crisis, surely a dual-track system would work better. Supervisors could score a bank for the quality of its operational management, and banks could reserve their capital for the real credit or market risk of their books.
Investors would downgrade a bank with high reported ratios but low quality of operational management accordingly, while banks would fall over themselves to prove to their supervisors that their systems were up to scratch, instead of having to suck up the cost of failures at other institutions.