What did the regulators know and when did they know it?

GAO knows. In a report released today, GAO reviews the quality of the methods used by financial regulators and the actions taken when problems were found. It. is. not. a. pretty. picture.

The report is Financial Regulation: Review of Regulators’ Oversight of Risk Management Systems at a Limited Number of Large, Complex Financial Institutions GAO-09-499T, March 19, 2009

Here are GAO’s summary results.

In the examination materials GAO reviewed for a limited number of institutions, GAO found that regulators had identified numerous weaknesses in the institutions’ risk management systems before the financial crisis began. For example, regulators identified inadequate oversight of institutions’ risks by senior management. However, the regulators said that they did not take forceful actions to address these weaknesses, such as changing their assessments, until the crisis occurred because the institutions had strong financial positions and senior management had presented the regulators with plans for change. Regulators also identified weaknesses in models used to measure and manage risk but may not have taken action to resolve these weaknesses. Finally, regulators identified numerous stress testing weaknesses at several large institutions, but GAO’s limited review did not identify any instances in which weaknesses prompted regulators to take aggressive steps to push institutions to better understand and manage risks.

Some aspects of the regulatory system may have hindered regulators’ oversight of risk management.

First, no regulator systematically looks across institutions to identify factors that could affect the overall financial system. While regulators periodically conducted horizontal examinations on stress testing, credit risk practices, and risk management for securitized mortgage products, they did not consistently use the results to identify potential systemic risks.

Second, primary bank and functional regulators’ oversee risk management at the level of the legal entity within a holding company while large entities manage risk on an enterprisewide basis or by business lines that cut across legal entities.

As a result, these regulators may have only a limited view of institutions’ risk management or their responsibilities and activities may overlap with those of holding company regulators.

Here are a few examples from the report.

Regulators found problems long before the news broke. However, they failed to take action for a number of reasons. One was that their judgment of the condition of the institutions was overwhelmed by the views of the managers of the institutions. In other words, “who am I as just a regulator to second guess a manager?”

In the years leading up the financial crisis, some regulators identified weaknesses in the risk management systems of large, complex financial institutions. Regulators told us that despite these identified weaknesses, they did not take forceful action—such as changing their assessments—until the crisis occurred because the institutions reported a strong financial position and senior management had presented the regulators with plans for change. Moreover, regulators acknowledged that in some cases they had not fully appreciated the extent of these weaknesses until the financial crisis occurred and risk management systems were tested by events. Regulators also acknowledged they had relied heavily on management representations of risks.

Other regulators failed to act, because they lacked the ability to consider how a weak situation would fare under bad economic conditions.

At one institution, a regulator noted in a 2005 examination report that management had addressed previously identified issues for one type of risk and that the institution had taken steps to improve various processes, such as clarifying the roles and responsibilities of risk assessment staff, and shortening internal audit cycles of high-risk entities in this area. Later in 2007, the regulator identified additional weaknesses related to credit and market risk management. Regulatory officials told us that weaknesses in oversight of credit and market risk management were not of the same magnitude prior to the crisis as they were in late 2007 and 2008. Moreover, examiners told us that it was difficult to identify all of the potential weaknesses in risk management oversight until the system was stressed by the financial crisis.

Others relied to heavily on management’s views in areas where new and very risky instruments were involved, for example, subprime mortgages.

Some regulators told us that they had relied on management representation of risk, especially in emerging areas. For example, one regulator’s targeted review risk relied heavily on management’s representations about the risk related to subprime mortgages—representations that had been based on the lack of historical losses and the geographic diversification of the complex product issuers. However, once the credit markets started tightening in late 2007, the examiners reported that they were less comfortable with management’s representations about the level of risk related to certain complex investments. Examiners said that, in hindsight, the risks posed by parts of an institution do not necessarily correspond with their size on the balance sheet and that relatively small parts of the institution had taken on risks that the regulator had not fully understood. Another regulator conducted a horizontal examination of securitized mortgage products in 2006 but relied on information provided by the institutions. While the report noted that these products were experiencing rapid growth and that underwriting standards were important, it focused on the major risks identified by the firms and their actions to manage those risks as well as on how institutions were calculating their capital requirements.

Other problems included over-reliance on economic models that, it turned out, were flawed.

No one tested for bad economic situations, because that was just unimaginable. Rather, claims that a Dow of 36,000 were seen as out there but plausible.

Some of the problems involve the way the regulation process is structured and what is examined.

Beginning in 2005 until the summer of 2007, the Federal Reserve made efforts to implement a systematic review of financial stability issues for certain large financial institutions it oversees and issued internal reports called Large Financial Institutions’ Perspectives on Risk. With the advent of the financial crisis in the summer of 2007, the report was suspended; however, at a later time the Federal Reserve began to issue risk committee reports that addressed risks across more institutions. While we commend the Federal Reserve for making an effort to look systematically across a group of institutions to evaluate risks to the broader financial system, the Perspectives of Risk report for the second half of 2006 issued in April 2007 illustrates some of the shortcomings in the process. The report reviewed risk areas including credit, market, operational, and legal and compliance risk but did not provide an integrated risk analysis that looked across these risk areas—a shortcoming of risk management systems identified in reviews of the current crisis. In addition, with hindsight, we can see that the report did not identify effectively the severity and importance of a number of factors. For example, it stated that:

• There are no substantial issues of supervisory concern for these large financial institutions.

• Asset quality across the systemically important institutions remains strong.

• In spite of predictions of a market crash, the housing market correction has been relatively mild, and while price appreciation and home sales have slowed and inventories remain high, most analysts expect the housing market to bottom out in mid-2007. The overall impact on a national level will likely be moderate; however, in certain areas housing prices have dropped significantly.

• The volume of mortgages being held by institutions—warehouse pipelines—has grown rapidly to support collateralized mortgage-backed securities and CDOs.

• Surging investor demand for high-yield bonds and leveraged loans, largely through structured products such as CDOs, provided continuing strong liquidity that resulted in continued access to funding for lower-rated firms at relatively modest borrowing costs.

• Counterparty exposures, particularly to hedge funds, continue to expand rapidly.

With regard to the last point, a Federal Reserve examiner stated that the Federal Reserve had taken action to limit bank holding company exposures to hedge funds. The examiner noted that although in hindsight it was possible to see some risks that the regulators had not addressed, it was difficult to see the impact of issues they had worked to resolve.

This relatively brief report packs a lot of information in an easy to read and understand format.

Comments are closed.