If you want a preview of what the upcoming 2009 S&S exams will be like, you have only to read this article from the March 18, 2009 AMBANKER (included below). Each regulator is going to be working hard to show they are “remediating” their alleged lack of oversight to the quality of an institution’s risk assessments.
This is a clear case of “forewarned is forearmed”. More than ever, it’s all about Risk Assessment and Risk Testing.
In everything you do, be thinking how you can demonstrate the quality of your Risk Assessments, and what you are doing to deal with identified risks. (If you are into Remote Deposit Capture, be sure your RA is for real, not just boilerplate.)
GAO: Regulators Knew of Risks, But Failed to Act Before Crisis
American Banker | Wednesday, March 18, 2009
By Stephen Sloan
WASHINGTON – Well before the financial crisis materialized, federal regulators identified risk management weaknesses at financial institutions but did not demand improvements, the Government Accountability Office will tell a Senate panel today.
While regulators recognized that bank executives were underestimating risks and relying on weak models and stress tests, GAO said they were blinded by a belief that banks were well capitalized.
“Regulators told us that despite these identified weaknesses, they did not take forceful action – such as changing their assessments – until the crisis occurred because the institutions reported a strong financial position and senior management had presented the regulators with plans for change,” Orice Williams, the GAO’s director of financial markets and community investment, said in prepared testimony. “Regulators acknowledged that in some cases they had not fully appreciated the extent of these weaknesses until the financial crisis occurred and risk management systems were tested by events.”
Williams will testify this afternoon at a Senate Banking subcommittee hearing on regulators’ oversight of risk management. She will be joined by regulators from the Office of Thrift Supervision, Federal Reserve Board, Office of the Comptroller of the Currency and the Securities and Exchange Commission.
The GAO’s report does not name the institutions involved in their review or the agencies that conducted the examinations in question. But several examples included in the report symbolize fundamental weaknesses in risk management.
In one case, a regulator told an institution’s board of directors in 2006 that an examination found senior management was not adequately overseeing risk management, financial reporting and internal audits.
“We found that the regulator continued to find some of the same weaknesses in subsequent examination reports, yet examiners did not take forceful action to require the institution to address these shortcomings,” Williams said in her testimony. “When asked about the regulator’s assessment of the holding company in general and risk management in particular given the identified weaknesses, examiners told us that they had concluded that the institution’s conditions were adequate, in part because it was deemed to have sufficient capital and the ability to raise more.”
That assumption, of course, later proved false for many financial institutions when credit markets began to freeze in mid-2007.
In another example, regulators wrote a letter to senior management of an institution in 2005 seeking resolution to a number of problems, including lax enterprise-wide risk management, scant definitions of risk types and weak policies on handling new products. The GAO noted the institution still received a satisfactory exam rating “because senior management reported that they planned to address these weaknesses.”
Regulators also admitted to relying too heavily on an institution’s assessment of its own risk. One examiner relied on a manager’s review of risk from subprime mortgages which, the GAO said were based on a “lack of historical losses.”