01 April 2008 Comments

 

Lessons learned from Northern Rock

Bob McDowall, TowerGroup

The story of the first run on a UK bank – Northern Rock – in 130 years has reached the stage of nationalisation. Now is a good time to examine the lessons in risk management to be learned from the story so far.

Ironically, few technology lessons can be learned from the run on Northern Rock. The major lessons must be learned from the two causes. The first is Northern Rock’s business model, which relied, for most of the bank’s funding, on wholesale money markets and securitisation of the majority of mortgages instead of customer deposits. The second is the manner of risk management within Northern Rock and externally by institutions responsible for oversight of the bank and of the UK financial system.

Reputational risk is a key risk for a financial institution. Northern Rock’s story illustrates how quickly and irreparably a corporate reputation and brand can be damaged if a crisis is not managed swiftly and deftly. Reputations are hard won over a long period of time but can be lost in an instant. Trust and confidence are fundamental qualities for financial institutions, but they erode very quickly and the institution’s brand devalues. A brand may be damaged beyond repair even when the business remains a going concern financially. In a crisis, immediate risk management action is necessary to limit reputational damage.

Central systemic risk management within a financial jurisdiction has to be lead-managed by one institution in consultation with relevant parties. In the “Tripartite Agreement” among HM Treasury, the Bank of England and the UK regulator, the Financial Services Authority, the roles and responsibilities were not defined. The result in Northern Rock’s case was indecision and delay in responding to a liquidity crisis in the form of a rush by depositors to withdraw funds. Following a hearing over the Northern Rock crisis, the UK Parliamentary Treasury Select Committee has recommended that the Bank of England is the most appropriate and, for that matter, most experienced institution to manage such crises. Of course, the UK Government has to effect such changes. While the Government considers these recommendations, the Banking Special Provisions Act 2008, which provides the legislation to nationalise Northern Rock, allows a breathing space. The legislation contains a power lasting 12 months whereby, under certain circumstances, the UK Government may “acquire shares in or assets and liabilities of certain financial institutions enabling them to be run under temporary ownership and subsequently transferred back into the private sector.”

Financial regulators as well as financial institutions have to manage regulatory risk. When they fail to handle a crisis effectively, firmly and promptly, the regulatory reputation of the financial jurisdiction suffers. It has to be rebuilt, which takes time.

Transparency is accepted as a key principle for the conduct of financial services, but it exacerbates systemic risk and may lead to loss of confidence and trust in financial institutions and the financial systems in which they operate. Transparency requires openness, publication of information and independent scrutiny, but systemic risk management demands immediate action and agreement for resolution of a crisis before knowledge and publicity encourage an emotional reaction and loss of trust in the financial institution and a resulting run on the institution by depositors and shareholders.

Liquidity risk management is an area in which technology can contribute to learning from the lessons of Northern Rock. Liquidity risk models need to be revisited. They have ignored the risk that liquidity may dry up completely or decline rapidly in certain market and trading conditions. Risk management models take a simplistic approach to liquidity, assuming complete market illiquidity for a stated holding period. Quantification and modeling of market liquidity have been neglected in an era of cheap money and strong liquidity. Refinement of risk management models is called for. Financial institutions must be capable of measuring the performance of their liquidity risk management in a liquidity crisis such as the current one.

Northern Rock is another in a long list of financial crises in which effective deployment of intrinsically capable technology could have provided a clearer alert to the crisis to which bank’s business model exposed it. Although technology may have provided a tool to handle the immediate liquidity issues, however, it would not have prevented the crisis caused by the business model deployed by Northern Rock.

Bob McDowall, senior analyst, TowerGroup