Enterprise Risk Management in the US Banking Sector Following the Financial Crisis

DOI: 10.4236/me.2016.74055   PDF   HTML   XML   2,594 Downloads   4,242 Views   Citations

Abstract

Purpose: The purpose of this paper is to investigate the effect of the financial crisis on the management of risk in the largest US banks. Design/Methodology/Approach: Levels of risk exposure, risk consequences and risk management were examined using a content analysis of the 10-K annual reports form of a sample of 59 largest U.S. banks. Paired-t-test, along with frequency analysis of the disclosures of 15 banking risks was used to test our research hypotheses. Findings: We found that the subprime financial crisis had significantly affected the levels of risk exposure and its consequences after the crisis (risks more probable and certain with major consequences). We also found minor but significant changes in the ERM strategies after the crisis for the three major categories of risk investigated in this study (financial, business, strategic). We found that the changes in ERM strategies were not significant for risks examined individually with the exception of credit risk. Finally, the number of banks disclosing their levels of ERM increased after the crisis especially for systemic risk. Practical implications: Our study is particularly relevant for standards setters and regulatory bodies for it sheds light on the vulnerability of banks to certain types of risks (such as systemic risk) and helps them orient their analysis and find comprehensive and innovative solutions for future reform. Originality/Value: This research enriches the literature on ERM disclosures and presents the first study examining the effect of the crisis on ERM levels in the US banking sector.

Share and Cite:

Zéghal, D. and El Aoun, M. (2016) Enterprise Risk Management in the US Banking Sector Following the Financial Crisis. Modern Economy, 7, 494-513. doi: 10.4236/me.2016.74055.

Received 6 March 2016; accepted 26 April 2016; published 29 April 2016

1. Introduction

The bank is at the heart of the financial system and plays a crucial role in the injection of liquidity into the market. Acute dysfunction of a bank will have negative consequences for the entire financial system causing a financial crisis.

Indeed, the intermediation role that banks play makes them dependent on the state of their stakeholders and they can be subject to the issue of moral hazard. On the one hand, banks are dependent on the financial position of their debtors and, after the granting of credit, cannot control the risk related to the use of the funds they delivered. On the other hand, banks depend on the behavior of their depositors who may make massive withdrawals because of a loss of confidence. This creates a dysfunction which may spread and become a systemic risk.

Nevertheless, the last decades have witnessed an ongoing trend toward disintermediation. The switch from a traditional model to a market funding model has turned attention to the secondary market.

Systemic risk arises because of the interconnection between the various economic agents. This interconnection is the axis through which shocks are transmitted from one agent to another.

In this context of fragile financial systems and procyclicality of finance, the establishment of a macro-pru- dential regulatory framework constitutes a radical innovation.

While micro-prudential regulation helps institutions to deal with their specific risks limiting the risk of their default, macro-prudential regulation aims at addressing the procyclicality of the financial system in its entirety.

This article aims at analyzing the effect of the crisis on the Enterprise Risk Management approach of the largest US banks. ERM can be defined as an integrated process implemented by the management aiming at evaluating business uncertainties through examining the risk exposure of the enterprise and its impact on the value creation objective. After examining the risk consequences, the management sets the appropriate strategy dealing with the risks or opportunities arising from these uncertainties. The ERM approach is examined through three dimensions: risk exposure, risk consequences and risk management strategy.

The article is organized as follows. In the next section an overview of the literature on ERM studies is presented. In the third section we try to give a popularized explanation for the causes of the financial crisis. In the fourth section, we present the necessity of the transition from a micro-prudential regulation to a macro-pruden- tial regulation. In the rest of the document, we present our research objective and hypotheses to be tested (section 5), our research methodology and risk analysis map (sections 6 and 7) and the results of our empirical study (sections 8-11). We then present our conclusions and discuss our results in section 12.

2. Previous Research on Enterprise Risk Management (ERM)

Enterprise risk management has become a research area of primary importance during the last two decades. The topic has been approached from a number of distinct perspectives.

Some studies were conducted to highlight the benefits of ERM and its importance as it creates value for shareholders. According to Schroeck ( [1] , p. 29) “Risk management, …, appears to be one of the most likely sources of value creation in banks”. Nocco and Stulz [2] stressed the advantage of having an integrated risk management process and outlined its micro and macro-level benefits.

Similarly, Drzik [3] shows that the engagement of banks in risk management reduced the earnings and loss volatility during the 2001 recession.

Other researchers investigated the relation between ERM and bank performance. Aebi et al. [4] analyzed the influence of “risk governance” characteristics on bank performance during the financial crisis. They focused on only one risk management mechanism related to corporate governance, the role of the chief risk officer (CRO). They found that banks perform better if the CRO reports directly to the board of director rather than to the chief executive officer (CEO) since there may be some conflict of interest between the CRO and the CEO. In other studies, researchers found that ERM information does not have any effect on business performance (Maingot et al. [5] ). Pagach and Warr [6] investigated the factors that might influence the decision to implement ERM by hiring a CRO. Using a hazard model approach, they found that firms initiating an ERM program are more leveraged with more volatile earnings. Elsewhere, debate has been held concerning the use of derivatives as a method of ERM in the banking industry. Despite its usefulness in hedging and transferring different bank specific risks and increasing bank efficiency [7] , the excessive use of these financial instruments leads to greater systematic risk. By examining the effect of derivative transactions on the interest rate and exchange rate risk exposures of banking firms, Choi and Elyasiani [8] find that the use of derivative contracts creates a significant additional potential systematic risk. Rodríguez-Moreno et al. [9] find that the bank’s use of foreign exchange and credit derivatives increases the bank’s contribution to systemic risk.

Although a number of recent scholarly articles have addressed the topic from different perspectives, very few have focused on the effect of the crisis on the ERM components themselves, namely risk exposure, consequences and management strategy, in the banking sector during the financial crisis. Among these studies we can find Maingot et al. [5] [10] - [12] ) who have investigated the effect of the crisis on the level of risk exposure, consequences and risk management strategy in the Canadian and U.S. context. Maingot et al. [10] investigated the effect of the crisis on risk management disclosures by non-financial Canadian companies listed on the S&P TSX composite index using a content analysis of the annual reports for the years 2007/2008. According to their findings, very few changes have been registered regarding the assessment of risk exposure, consequences and ERM strategies. Maingot et al. [11] analyzed the effect of the crisis on ERM disclosures by Canadian companies from the financial sector. They found very few changes in the disclosure of the level of risk exposure, consequences and management which confirmed the results of the prior study. Maingot et al. [12] conducted a comparative study of the disclosed level of risk between Canadian and US companies. The same findings were reported for a sample of non-financial US and Canadian companies. These studies have shown a weak strategy of risk disclosure adopted by Canadian and US companies concerning the level of ERM before and after the crisis. Nevertheless, these studies were mainly concentrated on companies from the non-financial sector. To fill this gap and providing the crisis originated from the US financial sector, our study investigates the effect of the crisis on the levels of ERM disclosure in the annual reports of the largest US banks.

3. Enterprise Risk Management in the Banking Sector: Macro-Prudential Regulation Incentives

It is important to define risk before addressing the issue of risk management. For this we classified risk in three main categories according to their origin and impact: specific risks, systematic risks and systemic risks as shown in Figure 1. Specific risks are risks that we can diversify. The specific business risks, also called diversifiable risks, are the risks associated with the business of the company or the specificity of the industry. These risks can be managed by the risk management process established by the company. The major risks faced by the banks in this category include, but are not limited, to the following: credit risk, liquidity risk, operational risk and compliance risk.

Unlike specific risks, systematic risk, or also known as market risk, is not diversifiable and is the vulnerability of a bank to events that occur in the financial market and that affect its aggregate results. Although systematic risk cannot be diversifiable, management can hedge against it. The third category is systemic risk that is placed on the top of the pyramid (Figure 1) because it is the one whose impact is the most harmful on an interconnected business system. It can be defined as “an event that has an effect on the entire banking, financial and economic system, rather than just one or a few institutions” (Bartholomew and Whalen [13] , p. 4).

The subprime financial crisis presents a concrete example of the disastrous consequences of the occurrence of systemic risk in the banking business. It reflects the seriousness of emerging risks and the need for an integrated risk management system in the banking business as a first necessary step. The evolution of the risks and the excessive use of financial instruments require banks to change their internal system of risk management and adopt

Figure 1. Banking risks classification.

a holistic risk management approach. According to Deloach ( [14] , p. 30). “ERM is a structured and disciplined approach: it aligns strategy, processes, people, technology and knowledge with the purpose of evaluating and managing the uncertainties the enterprise faces as it creates value… it means a truly holistic, integrated, forward-looking and process oriented approach is taken to manage all key business risks and opportunities, with the intent of maximizing shareholder values as a whole.”

In the banking industry, ERM is a real opportunity that goes beyond the prudential regulation requirements and that allows banks to integrate risk management in the value creation process [15] .

Nocco and Stulz [2] suggest that an effective ERM creates a competitive advantage over the traditional risk management process (SILO) and unleashes the potential of businesses to carry out a strategic plan.

Micro-prudential regulation plays an important role in limiting risk-taking essentially linked to credit through capital adequacy requirements. It can also enhance market discipline that aims to strengthen financial stability and improve the financial communication policy of the banks.

Nevertheless, following the financial crisis, Basel II has been significantly criticized for it contributes to the banking industry’s procyclicality [16] . Procyclical behavior of a bank is correlated with economic cycles. During a phase of expansion and economic boom, risks are underestimated and institutions tend to take more risks, giving more credits against poor guarantees. In the case of an economic recession, capital requirement leads banks to aggravate the situation by constraining their supply of loans [17] [18] .

The procyclical behavior of the banks reflects the intensification of risks through time and business cycles. Some studies [19] - [20] find that the degree of leverage increases during prosperous economic phases and substantially decreases during recessions.

These facts have highlighted the importance of dealing with banking risks under a macro-prudential prospect. The structural characteristics of banks make them a breeding ground for the initiation and propagation of systemic risk and the acceleration of business cycles.

In this context, the macro-prudential regulation aims at completing the micro-prudential regulation and thus limits the occurrence of systemic risks by introducing a countercyclical capital buffer. Basel III came to enhance the quality and level of capital in the banking system and to improve risk coverage by introducing counter cyclical capital [21] .

4. The Causes and Consequences of the Financial Crisis on the US Banking Sector

The financial crisis resulted from the accumulation of many factors. In Figure 2 we have summarized the factors that contributed to the development of the financial crisis. Systemic risk occurs when a counterparty defaults driving the financial system as a whole to collapse because of a domino effect [22] .

Indeed, the financial system is a network of interconnected balance sheets and financial statements. This generates a growing complexity in the trading network, which means that a shock to one institution can spread to other institutions connected to it and become systemic. This is called the transversal dimension that suggests how a shock can be propagated and transformed into a systemic one.

The other dimension of systemic risk is illustrated by the procyclicality of financial systems. It tends to amplify booms and economic slowdowns. Borio et al. [23] have defined a systemic event as a stress in financial institutions on a scale sufficient to cause notable macroeconomic damage.

A joint report by the International Monetary Fund (IMF), the Bank for International Settlement (BIS) and the Financial Stability Board (FSB) [24] , stipulates that an institution is defined as systemic “if its failure causes widespread distress, either as a direct impact or as a trigger for broader contagion”. Given these definitions, we can conclude that a crisis can occur if a systematically important institution faces systemic events that materialized by a systemic risk. The fragility of the financial system makes banks more vulnerable to these events [25] .

The classic example of systemic risk in this context is the bank run in which the failure of a bank to meet withdrawal requests causes its bankruptcy that leads to the failure of other banks [26] . This phenomenon was behind the great depression of 1929, where panicked depositors attempted to withdraw their deposits. Many banks were unable to meet the massive demand for liquidity which caused their failure. It spread to other banks and companies that suffered from a lack of liquidity and were forced into bankruptcy. However, the current trend toward disintermediation leaves these failures less critical and allows attention to return to the capital markets that become the center of any discussion concerning systemic risks.

The use of financial products and the fluctuation of asset prices results in more powerful financial instability.

Figure 2. Main steps in the formation of the subprime crisis.

Gorton and Metrick [27] have defined the run of the 2007/2008 financial crisis, as a run in the shadow banking system. Banks liabilities are composed of repurchase agreements to borrow liquidities by selling securities using mortgage-backed securities as collateral. At maturity, the borrower buys securities plus interest. As the value of the assets serving as collateral declined, uncertainty about their future value increased, which resulted in the increase of the interest rate linked to repurchase agreements. Guarantees no longer supported the loans which led banks to a massive sale of assets. The value of these assets continued to fall, increasing the uncertainty and subsequently the interest rate linked to loans. Banks and financial institutions were forced to sell more assets and thus entered into a vicious circle. This led to the collapse of the entire financial system.

From Figure 2, it is possible to summarize the theoretical and the real causes of the subprime crisis of 2007/2008. It shows how a systemic risk (real estate price fluctuation, interest rate rise, regulatory restrictions) has led to systemic events (losses in subprime mortgage securities). These events have caused a systemic shock resulting in a bank panic materializing through a banking run centered on repurchase agreements. The collapse of Lehman Brothers, the fourth largest investment bank in the USA (a systematically important institution), has led to the collapse of other institutions because of the domino effect of the financial interconnections. The link between the procyclicality dimension and the contagion effect caused the inevitable crisis of 2007/2008.

5. Research Objectives and Hypothesis to Be Tested

Through our research, we aim to examine the effect of the crisis on banks’ risk management expressed in three dimensions: the exposure of banks to risks, the consequences and the management of these risks. For this, we try to answer the following questions:

Has the crisis affected the banks risks management analyzed according to the risk map? In other words:

1) Did the crisis affect the level of exposure of the US banks to a variety of risks?

2) Did the crisis affect the consequences of these risks?

3) Did the crisis affect the risk management strategy?

The crisis is mainly characterized by a high level of uncertainty. In such a context, banks are more exposed to risks than at any other period of time. Since the crisis has caused many banks to declare bankruptcy starting from September 2008, it is anticipated that the consequences of these risks will be dramatic. We then are expecting that the 2008/2009 annual reports of the US largest banks will contain information affirming that they are highly exposed to risks leading to detrimental consequences.

But whether managers will disclose this negative picture or not, is subject to a contradictory theoretical and academic debate. Indeed, under signal theory, managers are encouraged to disclose positive forecasts, in order to signal their managerial talent (Patell [28] ; Penman [29] ; and Lev and Penman [30] ), while they are also constrained to disclose all relevant information, even if it consists of bad news, so as to avoid litigation costs (Skinner [31] ). Another argument by Ajiinkya and Gift [32] proposes that the managers are led to disclose both bad and good news because they don’t like big surprises in their income.

In periods such as the financial crisis, banks would be subject to stiff penalties and managers will be forced to reveal their real exposure to risks and their consequences. We then develop the following hypotheses.

Hypothesis 1. The financial crisis has a significant impact on the exposure of the largest US banks to risks.

Hypothesis 2. The financial crisis has a significant impact on the consequences of the risks of the largest US banks.

As far as ERM is concerned we can expect that banks will change their risk management strategy.

Indeed, risk management strategies adopted before the crisis, did not prevent the occurrence of the crisis norits impact on banks. It is likely the banks would tend to change these strategies after the crisis.

Hypothesis 3. The financial crisis has a significant impact on the ERM strategy of the largest US banks.

6. Methodology

1) Sample and data collection

Our sampling procedure started with the 100 largest US banks according to the Federal Deposit Insurance Corporation (FDIC) 2010 classification. We collected our data using a content analysis of the annual report of the 59 largest banks for the years 2006, 2007, 2008 and 20091 downloaded from the websites of banks and the EDGAR database on the website of the American Stock Exchange (SEC). Our sample results from the elimination of cross-listed banks, merged institutions, banks’ branches, banks with missing data and banks that belong to a nonfinancial parent company, from an initially selected 100 banks (Table 1). Our final sample consists of 59 of the biggest US banks with a total number of 236 observations of the10-K annual reports forms from December 31, 2006 to December 31, 2009.

In order to measure our main variables consisting of the levels of ERM exposures, consequences and management, we use the content analysis methodology for three sections of the annual reports: Item 1A. Risk factors,

Table 1. Sample selection procedure.

management discussion and analysis (MD&A) and finally the notes to the financial statement. This methodology has been used in previous research examining ERM disclosures [5] [10] - [12] [33] .

2) Some characteristics of the banks in the sample

Our sample is composed of the largest U. S. banks with assets varying from $1.262 million in 2006 ($1.347 million in 2009) to $1196.124 million in 2006 ($1627.684 million in 2009).

Table 2 presents some financial characteristics of our sample of banks during the 4 years of study. Data were collected from the Federal Deposit Insurance Corporation (FDIC) database.

Assets of the largest US banks grew from $96.558 million in 2006 to $133 million in 2009 (37.74%) while profits and market capitalization declined from $1.144 million to $0.334 million and $28,824 million to $19,199 million respectively during the same period of time. Table 2 shows also that the crisis didn’t affect debt ratio that has undergone slight changes from 2006 to 2009.

3) List of risks and categories in the banking sector

After examining ERM information disclosed in the annual reports of the US largest banks through the 4 year period of investigation, we identified a list of 15 types of banking risks and classified them according to three categories [12] - [35] :

Financial risks: credit, liquidity, interest rate, exchange rate, equity.

Business risks: operational, compliance, risks related to risk management process, competitive, legal.

Strategic risks: systemic, market, real estate, reputation, economic.

7. Risk Analysis Using the Risk Map

We then adopted the same approach used in the articles of Lajiliand Zéghal [33] and Maingot et al. [5] [10] [11] , [12] who developed a risk map useful for evaluating the level of risk exposure, consequences and management. This approach is presented in Table 3.

- Risk exposure

Risk exposure is the amount subject to loss of value. In other words, it is the probability of the realization of the risky event. It measures the risks to which the bank is subject and is used to rank risks in order of priority.

Table 2. Financial characteristics of banks for the years 2006, 2007, 2008 and 2009.

Notes: *The total number of observations does not add up to the total number of disclosing firms (59 per year in the sample) in the above tests because some companies have missing observations on these variables in the database used (FDIC). **Debt is the ratio of total liabilities to total assets.

Table 3. Categorization of risk exposure, consequence and management.

We measure the exposure to risk based on Maingot et al. [5] [10] . Thus we assign the value 1 if the exposure is rare, 2 if the exposure is improbable, 3 if the exposure is possible, 4 if the exposure is probable and 5 if the exposure is certain.

- Risk consequences

Risk assessment measures the magnitude of the consequences of the loss in case of the realization of the uncertain event. We measure this variable using a measuring scale from 1 to 5. We attribute code 1 if the consequences of different risks are insignificant, code 2, when the consequences are minor, code 3 when the consequences are moderate, code 4 when the consequences are significant, and the code 5 when the consequences are catastrophic.

- Enterprise risk management strategy

In managing its risks, the bank has the option to accept the risk in question, to reduce, transfer or try to avoid it. To measure this variable we also use a measuring scale, ranging from 1 to 4. We attribute code 1 when the bank chooses to accept the risks, 2 if the bank reduces the risks, 3 if the bank transfers such risks and 4 if the bank avoids its risks.

8. Analysis of Risk Exposure in the Banking Sector

1) Frequency analysis of the US banks’ risk exposure by types and categories of risks

Table 4 presents the exposure of the US banks to risk for the four years of the study, distinguishing between the period before the crisis (2006-2007) and the period after the crisis (2008-2009). The banks seem to be more exposed to risk during the period after the crisis. Indeed, the prevailing assessment of the probability of risks occurring before the crisis is “possible” with 53.58% of the banks in 2006 and 44.99% of the banks in 2007, followed by “probable” with 37.01% of the banks in 2006 and 40.41% of the banks in 2007, while the prevailing assessment of the probability of occurrence of the risks after the crisis is “probable” with 57.36% of the banks in 2008 and 57.59% of the banks in 2009, followed by “certain” with 21.87% in 2008 and 22.90% in 2009. However, risk exposure is possible for only 16.37% and 15.45% during the years 2008 and 2009 respectively.

The categories of risk that have been affected by the crisis are the financial and the strategic risks. Among the risks that have undergone remarkable changes during the four years of study, regarding their level of exposure (registering an increase in the probability of occurrence), we can find credit risk, liquidity risk, interest rate risk, market risk, real estate risk, systemic risk and economic risk. Exposure to such risk was rated at between possible and probable before the crisis. After the crisis, the exposure is more certain and probable. Moreover, the exposure to systemic risk was identified by 1 and 2 banks during 2006 and 2007 respectively and estimated to be probable for them. After the crisis, the exposure to systemic risk was mentioned by 31 and 32 banks during 2008 and 2009 respectively, and is estimated to be probable if not certain for 47.45% of the banks in 2008 and 54.23% of the banks in 2009.

These findings are consistent with our Hypothesis 1that stipulates that the financial crisis has an impact on the exposure of the largest US banks to risk. The significance of this impact will be tested in the following paragraph.

2) Descriptive analysis for risk exposure before and after the crisis in the largest US banks

The descriptive analysis of risk exposure by risk type shows that for all types of risk, banks are more exposed to risk during the years 2008-2009 than during 2006-2007 (Table 5). During the years 2006-2007 the banks’ exposure to risk varies from 2.747 (for exchange rate risk) to 4 (for systemic risk).

This shows that the banks’ exposure to risk is between improbable and probable before the crisis. However,

Table 4. Distribution of how American banks assess their risk exposure during the financial crisis.

Notes: cdt: credit risk; liqt: liquidity risk; intretrt: interest rate risk; exchg: exchange rate risk; equity: equity risk; opert: operational risk; complc: compliance risk; risk managmt: risk related to risk management process; comptve: competitive risk; legal: legal risk; systmc: systemic risk; markt: market risk; rlest: real estate risk; reput: reputation risk; eco: economic risk.

during the years 2008-2009 risk exposure varies on average from 2.941 (for exchange rate risk) to 4.675 (for real estate risk). This shows that, for most of the banks, the exposure to risk is between possible and certain after the crisis.

Table 5. Analysis of banks’ risk exposure before and after the crisis and paired-t-test for the significance of mean changes.

*The paired-t-test cannot be performed because the number of observation before the crisis is significantly below the number of observation after the crisis.

We also note that the number of banks that disclose information about some types of risk increased after the crisis (1348 in 2006-07 and 1462 in 2008-09). We note that only 3 banks disclosed information on their exposure to systemic risk before the crisis, against 60 banks after the crisis.

When conducting the analysis of exposure by risk category, the results show that for the three categories of risk, the exposure of banks to risks increased after the crisis. We can also note that, throughout the study period, the banks are more exposed to strategic risks, followed by financial risks and then business risks. For financial risks, banks’ exposure to risk is 3.235 (improbable for most of the banks) before the crisis and 3.879 (probable for most of the banks) after the crisis, with standard deviations of 0.519 and 0.377 respectively.

For business risk, banks' exposure to risk is 3.413 before the crisis and 3.652 after the crisis with a standard deviation of 0.345 and 0.335, respectively. For strategic risk, banks’ exposure to risk is 3.467 before the crisis and 4.337 after the crisis, with a standard deviation of 0.502 and 0.379, respectively.

The significance test shows that changes in the banks’ exposure to all risk types and categories are significant (P-value < 0.05) except for systemic risk and the risk related to ERM process.

All these findings confirm our first hypothesis that stipulates that the financial crisis has a significant impact on the exposure of the largest US banks to risk.

9. Analysis of Risks’ Consequences in the Banking Sector

1) Frequency analysis of US banks’ risk consequences by types and category of risk

Table 6 presents the consequences of the risks for the US largest banks for the four years of the study, distinguishing between the period before the crisis (2006-2007) and the period after the crisis (2008-2009). The assessment of risk map shows that the consequences of the risks for the largest US banks were moderate for

Table 6. Distribution of how American banks assess the consequences of their risks during the financial crisis.

Notes: cdt: credit risk; liqt: liquidity risk; intretrt: interest rate risk; exchg: exchange rate risk; equity: equity risk; opert: operational risk; complc: compliance risk; risk managmt: risk related to risk management process; comptve: competitive risk; legal: legal risk; systmc: systemic risk; markt: market risk; rlest: real estate risk; reput: reputation risk; eco: economic risk.

57.93% of the banks in 2006. This percentage decreased in 2007 and continued to decline during the period after the crisis to fall from 50.96% in 2007 to 22.93% in 2009.

The same trend was found for minor consequence assessment to risk. In fact, 11.68% of the banks assessed the consequences of their risks as minor in 2006 against only 4.88% of the banks in 2009. The evaluation of the consequences of risk by the banks as moderate and minor decreased in the favor of the evaluation of consequences as major. In effect, before the crisis, only 28.14% and 40.77% of the banks assessed their risk as having major consequences during the years 2006 and 2007 respectively. This evaluation has risen to 70.36% and 70.69% of banks during 2008 and 2009 respectively.

No bank has evaluated its risk consequences as catastrophic in the years 2006 and 2007, and very few banks evaluated them as catastrophic after the crisis with only one bank in 2008 (for compliance risk) and 2 banks in 2009 (for economic and compliance risk).

On the other hand, the change in the risk assessment by banks by risk category is important especially for strategic risk, followed by financial risk. Indeed, the risks that have been most affected by the crisis are credit risk, liquidity risk, interest rate risk (financial risk), systemic risk, market risk, real estate risk, reputational risk and economic risk (strategic risk).

The results of the frequency analysis are consistent with our second hypothesis stipulating that the financial crisis has an impact on the consequences of risks for the largest US banks.

The significance of this impact will be tested in the next paragraph.

2) Descriptive analysis for the risk consequences before and after the crisis in the largest US banks

The descriptive analysis of the consequences of risks established for each type during the four years of investigation shows that for all the types of risk, the consequences are more severe in the years 2008-2009 than in the years 2006-2007 (Table 7).

During the years 2006-2007 the consequences of risks range from 2.649 (for exchange rate risk) to 3.733 (for the risk related to the risk management process).

However, during the years 2008-2009 risk consequences vary between 2.783 (for exchange rate risk) and

Table 7. Analysis of banks risk consequences before and after the crisis and paired-t-test for the significance of mean changes.

*The paired-t-test cannot be performed because the number of observation before the crisis is significantly below the number of observation after the crisis.

3.974 (for economic risk).

Moreover, we note that the number of banks that disclose information about the consequences of their risk increased after the crisis. Indeed, the number increased from 1345 before the crisis to 1459 after the crisis. For systemic risk, only three banks disclose information on the consequences of such risk before the crisis. This number increased to 59 after the crisis. The analysis by risk category of risk consequences shows that the consequences for the three risk categories have worsened after the crisis: First, the consequences of financial risk rose from 3.086 (moderate for most of the banks) before the crisis to 3.6 (major for most of the banks) after the crisis. Second, for business risk, the consequences increased from 3.239 before the crisis to 3.444 after the crisis. Finally for strategic risk, the consequences increased from 3.315 before the crisis to 3.848 after the crisis. This shows that the consequences of strategic risks are the most serious. The significance test analysis shows that the changes in risk consequences are significant (P-value < 0.05) with the exception of systemic risk and the risk related to the risk management process. For these risks the consequences have not changed following the crisis.

The findings for the analysis by risk categories show that for the three categories of risk, changes in risk consequences are highly significant at the level of 1‰.

All these findings corroborate our hypothesis 2, arguing that the financial crisis has a significant impact on the consequences of the risks of the largest US banks.

10. Joint Analysis of the Effect of the Crisis on Banks’ Risk Exposures and Consequences

We conducted a joint diagnostic for the exposure and risk consequences of the largest US banks by multiplying the variable exposure by the variable consequences for all the types of risks which will give us values from 1 (rare exposure with insignificant consequences) to 25 (certain exposure with catastrophic consequences) as shown in Table 8.

This diagnostic will allow us to combine the two analyses of risk exposure and the consequences of such risks.

1) The effect of the crisis on the exposure and consequences of risks by frequency analysis

Table 9 presents the frequency analysis of the risk exposure and consequences in the largest US banks for the four years of the study. For financial risks, most banks recorded the value 9 in both 2006 and 2007. Indeed, 120/223 (53.81%) and 99/224 (44.2%) of the banks expect their exposures to risks to be “possible” and that the consequences of those risks are “moderate”, for the years 2006 and 2007 respectively.

After the crisis, the number of banks that rated their risk exposure as “possible” with “moderate” consequences, decreased to 35/226 (15.48%) in 2008 and 14/230 (06.09%) in 2009.

This decline is due to the increase in the probability of occurrence of risks (exposure) and the severity of their consequences. Indeed, the number of banks that registered the value 16 was 28/223 (12.55%) in 2006 and 58/224 (25.89%) in 2007. The number increased to 114/226 (50.44%) in 2008 and 114/230 (49.56%) in 2009.

We conclude that the number of banks expecting that their exposure to financial risks is “probable” with “major” consequences has increased after the crisis.

The value 20 reflects certain risk exposure with major consequences. The number of banks that record this value increased after the crisis. Indeed, no bank has recorded this value in 2006, and only 10/224 (4.46%) of the banks did so in 2007. This number increased to 38/226 (16.81%) and 47/230 (20.43) in the years 2008 and 2009 respectively.

Table 8. Combination of risk exposure and consequences.

(a) (b) (c)

Table 9. Distribution of how American banks assess the exposure and consequences of their risks during the financial crisis.

Note. Since no bank has disclosed risks with certain (5) exposure and insignificant (1) consequences for all the years of study, nor rare (1) exposure with catastrophic (5) consequences, we decided to eliminate the value representing the product of this combination (that corresponds to the value of (5). Similarly, we eliminate the combination corresponding to the value 10 [improbable exposure (2) with catastrophic (5) consequences/ certain (5) exposure with minor (2) consequences]. With: cdt: credit risk; liqt: liquidty risk; intretrt: interest rate risk; exchg: exchange rate risk; equity: equity risk; opert: operational risk; complc: compliance risk; risk managmt: risks related to risk management process; comptve: competitive risk; Legal: legal risk; systmc: systemic risk; markt: market risk; rlest: real estate risk; reput: reputational risk; eco: economic risk.

For business risks, most of the banks recorded the value 9, 12 and 16 for the 4 years of study, with an increase in the number of banks recording the value 16 after the crisis. This shows that the number of banks rating their risk exposure as “probable” and the consequence of those risks as “major” has increased after the crisis.

Finally for strategic risk, most banks recorded the value 9 in both 2006 and 2007. Indeed, 110/215 (51.16%) and 88/220 (40%) of banks in the years 2006 and 2007 respectively, rated their risk exposure as “possible” and the consequences as “moderate”.

After the crisis, the number of banks rating their risk exposure as “possible” with “moderate” consequences is 24/258 (9.30%) in 2008 and 23/264 (8.71%) in 2009.

This decrease is in the favor of the values 16 and 20. Indeed, the number of banks that registered the value 16 in 2006 were 42/215 (19.53%) and 62/220 (28.18%) in 2007. The number increased to 100/258 (38.76%) and 100/264 (37.88%) in 2008 and in 2009. As regards the value 20, no bank records this value in 2006 and only 24/220 (10.91%) of banks do so in 2007. This number increased to 112/258 (43.41%) and 119/264 (45.07%) in the years 2008 and 2009 respectively.

This joint analysis confirms the findings of the analysis of the exposure and the consequences for the banks to risks shown separately in the previous sections, and for our first and second hypotheses.

2) Descriptive analysis for the exposures and consequences of the risks before and after the crisis in the largest US banks

Descriptive statistics by type of risk for this analysis are presented in Table 10. As already found in the analysis of exposure and consequences performed separately, the results show that the mean of exposure and consequences of risks has increased following the crisis for all the types of risk. Indeed, the mean ranges between 7.91 and 13.33 for the period before the crisis and between 8.93 and 18.42 for the period after the crisis.

The number of banks that disclose information about exposures to risks and risk consequences increased following the crisis rising from 1349 before the crisis to 1461 after the crisis. The analysis by risk categories shows

Table 10. Analysis of banks risk exposure and consequences before and after the crisis and paired-t-test for the significance of mean changes.

*The paired-t-test cannot be performed because the number of observation before the crisis is significantly below the number of observation after the crisis.

that for the three risk categories, exposures and risk consequences have increased. In effect, for the financial risks, the mean rises from 10.347 before the crisis to 14.517 after the crisis, for business risk, the mean rises from 11.330 before the crisis to 12.838 after the crisis, and finally for strategic risks, the mean rises from 11.707 before the crisis to 16.793.

The risks to which banks are the most exposed and those having the most serious consequences are the strategic risks. The paired t-test shows that the mean changes in the risk exposure and consequences are significant for all types of risks with P < 0.05. Indeed, the mean of risk exposures and consequences recorded for all banks ranged from 7.91 to 13.33 before the crisis. After the crisis, those means increased to 9.08 and 18.34. We conclude that the means of risk exposure were quite possible, with moderate consequences before the crisis. However after the crisis, risk exposure is rather probable, with major consequences. Moreover, the significance test shows that for the three risk categories, changes in risk exposure and the consequences are significant at the level of 1‰.

The results of the descriptive analysis of the exposure to risks and consequences of such risks confirms our hypotheses numbers 1 and 2 that stipulate that the financial crisis has a significant impact on the exposure and the consequences of the risks for the largest US banks.

11. Analysis of Risk Management after the Financial Crisis in the Banking Sector

Table 11 presents an analysis of the risk management of the 59 largest US banks for the four years of the study. According to this table, we see that the crisis has a very poor effect on the risk management strategies for banks, where the changes are very small.

Table 11. Distribution of how American banks manage their risks during the financial crisis.

Notes: cdt: credit risk; liqt: liquidty risk; intretrt: interest rate risk; exchg: exchange rate risk; equity: equity risk; opert: operational risk; complc: compliance risk; risk managmt: risks related to risk management process; comptve: competitive risk; Legal: legal risk; systmc: systemic risk; markt: market risk; rlest: real estate risk; reput: reputational risk; eco: economic risk.

In 2006, 61.56% of the banks choose to reduce their risks against 28.18% of banks that choose to transfer their risks. These percentages have not changed during the study period. Indeed, the choice of reducing their risk was found in 62.16%, 62.31% and 61.95% of the banks during 2007, 2008 and 2009 respectively. The choice of the banks to transfer their risk was found in 28.18% and 27.66% of the banks in 2006 and 2007 respectively.

These percentages have not changed significantly after the crisis (27.66% and 28.28% in 2008 and 2009 respectively).

So the crisis has had no effect on banks’ risk management strategies for any of the risks except for credit risk which has undergone a slight change.

Indeed, before the crisis, 39 of the 59 banks (or 66.10%) chose to reduce their risks in 2006 and 35 (or 59.32%) in 2007 against 29 (or 49.15%) in 2008 and 26 (or 44.06%) in 2009. So the percentage of banks that chose to reduce their risk decreased from 66.10% in 2006 to 44.06% in 2009. Some banks chose to transfer their credit risk after the crisis rather than to reduce it. Indeed, 20 of the 59 banks (or 33.90%) have chosen to transfer their credit risk in 2006, 24 (or 40.67%) in 2007, against 30 (or 50.84%) in 2008 and 33 (or 55.94%) in 2009. So from 10 to 13 banks changed their risk management strategy after the crisis from reducing to transferring.

We can also note that for the whole of the period of study, the banks choose to reduce their credit risk, liquidity risk, real estate risk, operational risk, reputation risk, competitive risk and economic risk. Statistics show that in 2006 the number of banks that chose this strategy varies between 47 banks (or 79.66%) and 57 banks (or 96.61%). On the other hand, they tend to transfer other risks such as interest rate risk (from 57 to 58 banks over the four years of study), market risk (56 banks over the four years of study) and the exchange rate risk (from 31 to 34 banks on a sample of 32 to 35 banks that face the exchange rate risk). Finally, for legal and compliance risk, the decision about which strategy to adopt by the banks is somewhat mixed. In effect, for legal risk, our sample is split into banks that reduce such risk (from 30 to 32 banks during the four years of study), banks that accept it (16 banks during the four years of study) and to a lesser extent banks that avoid it (8 banks during the four years of study).

As for compliance risk, some banks chose to avoid such risk (35 banks over the four years of study), others to reduce it (20 banks over the four years of study) and only 3 banks to accept it.

These findings do not confirm our third hypothesis stipulating that the financial crisis has a significant impact on the ERM strategy of the largest US banks.

However, if we concentrate on categories of risk we find that the number of banks that chose to transfer their financial risks increased after the crisis. For the other categories of risk we find that the number of banks that chose to reduce their business and strategic risks increased after the crisis. These results partly confirm our third hypothesis.

12. Analysis of the Results and Conclusion

We conducted a content analysis study of the qualitative risk information for 15 different types of identified banking risks in the annual report of the largest US banks in order to find out if the financial crisis had affected their exposure to risks, the consequences of such risks and the risk management strategy.

The main result that we can infer from our analysis is that banks are most exposed to risk during the years 2008-2009 (after the crisis) rather than during the years 2006-2007 (before the crisis). Notably, the number of banks that disclosed information about their risk exposure increased, especially for systemic risks where only 3 banks published information about their exposure to such risk before the crisis, against 60 banks after the crisis. On the other hand, the results show that the assessment of risk consequences has significantly changed after the crisis from moderate and minor to major. In addition, the number of banks that disclosed information about the consequences of their risks increased following the crisis especially for systemic risk where only 3 banks disclosed information about the consequences of such risk before the crisis against 59 after the crisis.

Finally, it seems that the crisis didn’t affect the risk management strategies for individual risks of the largest US banks with the exception of credit risk. However, when analyzing the ERM by risks category we found that the number of banks that chose to transfer (reduce) their financial risks (business risks, strategic risks) increased after the crisis.

The first and second hypotheses argue that the financial crisis has a significant impact on the exposure to risk and the consequences of these risks for the largest US banks. Our third hypothesis, stipulating that the financial crisis has a significant impact on the ERM strategy of the largest US banks, is confirmed only when we analyze risk management by risk categories.

Our results are consistent with a litigation cost hypothesis suggesting that managers are pushed to disclose all relevant information related to their levels of risk to avoid the possible damage of litigation, and especially the costs associated with potential disputes.

Our finding are not consistent with the findings of Maingot et al. [10] - [12] who reported very few changes in the assessment of risk exposure, consequences and ERM strategies in the Canadian financial and non-financial corporations and in the US non-financial corporations. While these research studies reflect the poor communication strategies concerning ERM for their particular samples, our findings show significant changes in the assessment of ERM after the crisis, and this may reflect the efficiency and the credibility of the ERM disclosure strategies utilized by the largest US banks. Another explanation may be that our study examines all the sections where ERM information can be disclosed and covered Item 1A. Risk factors, MD&A, and the notes to the financial statement sections. By exploring the annual reports of the largest US banks, we notice that risk exposure and its consequences are mainly reported in the Item 1A. Risk factors section of the annual report. This has implications for future research which should incorporate all the sections of the annual report while analyzing ERM information disclosures.

Furthermore our study points to the emergence of new risks after the financial crisis. For example, systemic risk that is almost absent in the annual reports before the crisis, suggests the need to place this risk as a priority in any future regulation and emphasizes the deficiencies in the micro-prudential regulation.

Our findings demonstrate that the US largest banks didn’t change their risk management strategies and showed either a passive reaction to the risks they faced during the financial crisis or a delay in reaction. For this, it is essential for future research to extend the period of investigation to cover the period after 2009 in order to see if the banks have changed their risk management strategies. In this context, our study is particularly important for managers as it triggers the need to revise their risk management strategies and figure out what goes wrong during the financial crisis in order to avoid any future losses if such a situation is to arise again.

NOTES

1The financial crisis started in 2007 primarily affecting the subprime residential mortgages, and then extended to the entire financial system after hitting the banks in 2008 [34] .

Conflicts of Interest

The authors declare no conflicts of interest.

References

[1] Schroeck, G. (2002) Risk Management and Value Creation in Financial Institutions. John Wiley & Sons, Inc., Hoboken.
[2] Nocco Brian, W. and Stulz Rene, M. (2006) Enterprise Risk Management: Theory and Practice. Journal of Applied Corporate Finance, 18, 8-20.
[3] Drzik, J.P. (2005) New Directions in Risk Management. Journal of Financial Econometrics, 3, 26-36.
[4] Aebi, V., Sabato, G. and Schmid, M. (2012) Risk Management, Corporate Governance, and Bank Performance in the Financial Crisis. Journal of Banking & Finance, 36, 3213-3226.
http://dx.doi.org/10.1016/j.jbankfin.2011.10.020
[5] Maingot, M., Quon, T.K. and Zéghal, D. (2012) Enterprise Risk Management and Business Performance during the Financial and Economic Crises. Problems and Perspectives in Management, 10, 95-103.
[6] Pagach, D.P. and Warr, R.S. (2007) An Empirical Investigation of the Characteristics of Firms Adopting Enterprise Risk Management.
https://mgt.ncsu.edu/documents/Risk_officer_hazard_JBF.pdf
[7] Rivas, A., Ozuna, T. and Policastro, F. (2006) Does the Use of Derivatives Increase Bank Efficiency? Evidence from Latin American Banks. International Business & Economics, 19, 143-172.
[8] Choi, J.J. and Elyasiani, E. (1997) Derivative Exposure and the Interest Rate and Exchange Rate Risks of US Banks. Journal of Financial Services Research, 12, 267-286.
http://dx.doi.org/10.1023/A:1007982921374
[9] Rodríguez, M.M., Mayordomo, S. and Pena, J.I. (2012) Derivatives Holdings and Systemic Risk in the U.S. Banking Sector. Working Paper No. 21/12.
[10] Maingot, M., Quon, T.K. and Zéghal, D. (2012) The Effect of the Financial Crisis on Enterprise Risk Management Disclosures. International Journal of Risk Assessment and Management, 16, 227-247.
http://dx.doi.org/10.1504/IJRAM.2012.051261
[11] Maingot, M., Quon, T.K. and Zéghal, D. (2014) An Analysis of the Effects of the Financial Crisis on Enterprise Risk Management in the Canadian financial Sector. ACRN Journal of Finance and Risk Perspectives, 3, 10-26.
[12] Maingot, M., Quon, T.K. and Zéghal, D. (2014) The Effect of the Financial Crisis on Risk Disclosures: A Comparative Study of U.S. and Canadian Corporations. Corporate Ownership and Control, 11, 322-328.
[13] Bartholomew, P.F and Whalen, G.W. (1995) Fundamentals of Systemic Risk, in Banking, Financial Markets and Systemic Risk. In: Kaufman, G.G., Ed., Research in Financial Services: Private and Public Policy, Vol. 7, JAI Press, Greenwich, 3-17.
[14] Deloach, J.W. (2000) Enterprise-Wide Risk Management: Strategies for Linking Risk and Opportunity. Financial Times/Prentice Hall, London.
[15] McShane, M.K., Nair, A. and Rustambekov, E. (2011) Does Enterprise Risk Management Increase Firm Value? Journal of Accounting, Auditing & Finance, 26, 641-658.
[16] Larosière, J., Balcerowicz, L., Issing, O., Masera, R., Mc Carthy, C., Nyberg, L., Pérez, F. and Ruding, O. (2009) The High-Level Group on Financial Supervision in the EU Report. Brussels, Available on the Website of the European Commission.
[17] Kashyap, A.K. and Stein, J.C. (2004) Cyclical Implications of the Basel II Capital Standards. Economic Perspectives, 28, 18-31.
[18] Jokipii, T. and Milne, A. (2008) The Cyclical Behavior of European Bank Capital Buffers. Journal of Banking and Finance, 32, 1440-1451.
[19] Adrian, T. and Shin, H.S. (2008) Liquidity and Leverage. Federal Reserve Bank of New York.
http://www.newyorkfed.org/research/staff_reports/sr328.html
[20] Adrian, T. and Shin, H.S. (2009) The Shadow Banking System: Implications for Financial Regulation. Financial Stability Review, 19, 1-10.
http://dx.doi.org/10.2139/ssrn.1441324
[21] Basel Committee on Banking Supervision (2010) Countercyclical Capital Buffer Proposal—Consultative Document.
http://www.bis.org/publ/bcbs172.htm
[22] Jouini, E. (1996) Produits Derivés, Controle des Risques et Réglementation. Revue d’Economie Financière, 37, 203-220.
[23] Borio, C., Furfine, C. and Lowe, P. (2000) Pro-Cyclicality of the Financial System and Financial Stability: Issues and Policy Options. BIS Paper 01, Bank of International Settlements.
[24] International Monetary Fund, the Bank for International Settlements, and the Secretariat of the Financial Stability Board (2009) Guidance to Assess the Systemic Importance of Financial Institutions, Markets and Instruments: Initial Considerations, Report to the G-20 Finance Ministers and Central Bank Governors.
[25] Aglietta, M. (2001) Instabilité Financière et Régulation Monétaire: L’Europe Est-Elle Bien Protégée du Risque Systémique? Pour la Troisième Conférence du Centre Saint-Gobain Pour la Recherche en Economie sur Les Transformations de la Finance en Europe, Paris, 8-9 Novembre 2001.
[26] Diamond, D.W. and Dybvig, P.H. (1983) Bank Runs, Deposit Insurance, and Liquidity. The Journal of Political Economy, 91, 401-419.
[27] Gorton, G.B. and Metrick, A. (2009) Securitized Lending and the Run on Repo. NBER Working Paper No. 15223.
[28] Patell, J.A. (1976) Corporate Forecasts of Earnings per Share and Stock Price Behavior: Empirical Test. Journal of Accounting Research, 14, 246-276.
http://dx.doi.org/10.2307/2490543
[29] Penman, S.H. (1980) An Empirical Investigation of Voluntary Disclosure of Corporate Earnings Forecasts. Journal of Accounting Research, 18, 132-160.
http://dx.doi.org/10.2307/2490396
[30] Lev, B. and Penman, S.H. (1990) Voluntary Forecast Disclosure, Nondisclosure, and Stock Prices. Journal of Accounting Research, 28, 49-76.
http://dx.doi.org/10.2307/2491217
[31] Skinner, D.J. (1994) Why Firms Voluntarily Disclose Bad News. Journal of Accounting Research, 32, 38-60.
[32] Ajinkya, B. and Gift, M. (1984) Corporate Managers’ Earnings Forecasts and Symmetrical Adjustments of Market Expectations. Journal of Accounting Research, 22, 425-444.
[33] Lajili, K. and Zéghal, D. (2005) A Content Analysis of Risk Management Disclosures in Canadian Annual Reports. Canadian Journal of Administrative sciences, 22, 125-142.
[34] Mishkin, F.S. (2010) Over the Cliff: from the Subprime to the Global Financial Crisis. Working Paper No. 16609.
http://www.nber.org/papers/w16609
[35] Dia, M. and Zeghal, D. (2012) Analysis of the Impact of the Quality of Governance on Integrated Risk Management in Canadian Enterprises. Business Management Dynamics, 1, 93-110.

  
comments powered by Disqus

Copyright © 2020 by authors and Scientific Research Publishing Inc.

Creative Commons License

This work and the related PDF file are licensed under a Creative Commons Attribution 4.0 International License.