Does capital do any good when the lights go out? As Sandy demonstrated to awesome effect, storms can wreak devastating harm on financial infrastructure. Resilience to operational risk of systemic magnitude like Sandy’s results not from having capital on hand, but rather from robust recovery planning, dedicated and sometimes heroic staff and – most important – readiness. All of this comes at a cost that conflicts with the single-minded focus on amassing tangible common equity now dominating regulatory discourse. It’s hard to find capital in the dark and it doesn’t do diddly to turn the lights back on. Real safety and soundness requires balancing higher capital – needed to be sure – with the costly infrastructure improvements essential to offset all the other risks to which banks are heir.
In the regulatory landscape released last week, we highlighted an array of well-intentioned rules with possible perverse consequences. Among these is the contradiction between effective operational-risk management and all the initiatives focused solely on hiking capital. Since Dodd-Frank and the regulators can take away a bank’s breathing rights if it fails to stump up the capital, hard trade-offs are so far made solely in favor of adding all the capital. The OCC has worried aloud that this might create new operational deficiencies, but no one has provided supervisory comfort or clear guidance as to how this critical conflict in fact should be settled.
Some may soon be coming, but I fear it will err too much on the side of demanding still more capital, not better operational-risk management. The Basel II rules include an operational risk-based capital (ORBC) charge carried over to the Basel III rules. The simple version of this is particularly counter-productive – capital for operational risk is based on a percentage of assets regardless of how risky they are. This approach exacerbates the conflict between capital and conscientious risk management, a failing so egregious the U.S. decided to impose only the advanced ORBC charge in its Basel II rules. This, though, still includes numerous perverse incentives – for example, banks are penalized for taking out lots of insurance to mitigate operational risk and the overall methodology on which the capital requirement is based is, at best, untested.
So, what’s Basel going to do – push for better risk management or double-down on the capital call? The Financial Stability Board yesterday announced that global banking regulators plans to rewrite ORBC, issuing new rules in 2014. Given the direction of policy to date, my guess is that the rewrite won’t fix the fundamental flaws of the ORBC charge, just decide to hike the requirement higher to make the rule seem still tougher. This will not only undermine effective operational risk management, but also create still stronger incentives for businesses like asset management – especially pummeled by the ORBC requirement – to move outside regulated banking. Nice work from a safety-and-soundness perspective.
Increasingly, capital is seen as the supervisory cure-all. As evidenced by the FSB action Thursday to finalize the G-SIB surcharges, regulators around the world argue that the more of it systemic banks have, the better their risk-taking impulses will be curbed. This is true to some degree – if investors have their own money at stake, they will be less likely to wager based on moral hazard. But, not all of the risks banks take are the speculative ones hopefully constrained by investor cash on the barrel-head. Many risks with systemic consequences arise from causes outside the control of any single bank, no matter how seemingly safe the capital bulwark.
Even big banks can be innocent victims. To minimize harm to them and – still more vital – broader markets, full-horizon risk management cannot be subordinated to a single-minded quest to hike capital to ever more stratospheric levels. In reviewing the Basel II ORBC requirements, global regulators would do well to scuttle the simple, perverse standardized approach and rewrite the advanced one to align it with desired – indeed, essential – improvements in risk management. Where operational risk poses solvency concerns, capital is needed; where it doesn’t or – most critically – where solvency risk can best be averted by operational resilience – rules should reward risk mitigation, not set up an artificial conflict with it.