Opening Remarks at the GARP Global Risk Forum
November 2, 2016
Kevin Stiroh, Executive Vice President
Remarks at the Federal Reserve Bank of New York | GARP Global Risk Forum As prepared for delivery

Good Morning. I'm Kevin Stiroh, the head of the Supervision Group at the Federal Reserve Bank of New York. I'd like to extend a warm welcome from the Federal Reserve Bank of New York, which is co-hosting the Global Risk Forum with the Global Association of Risk Professionals. I'd like to thank the many organizers of this meeting—as you can imagine, considerable time and resources went into planning this conference and that is what makes it so valuable for the participants and the risk management profession.

First, let me state that my comments today are my own and do not necessarily represent those of the Federal Reserve Bank of New York or the Federal Reserve System.

Looking Back at the Global Risk Forum
When I was asked to speak at today's session, I realized that it's been five years since I served on the planning committee that developed the Global Risk Forum program in 2011. I wondered how our risk priorities and risk management issues have evolved over those five years as the world has changed around us.

Over the period since 2011, we've witnessed a number of fundamental changes in the banking sector:

  • The regulatory and supervisory framework has substantially raised requirements and expectations around capital, liquidity and risk management including, for example, more rigorous stress testing and capital surcharges for systemically important firms;
  • The macro/finance environment of sluggish growth and low rates is putting pressure on bank business models. We are now in the eighth year of interest rates near zero in the U.S., which has hurt bank profits and affected risk-taking and business model choices.
  • Ongoing technological innovations have altered both the opportunities and the threats facing financial institutions. Marketplace lending, distributed ledger, and robo-advisers promise great opportunity, while cyber threats, data privacy issues, and IT-related vendor management issues are legitimate concerns.

With that idea in mind, I thought it would be useful to look at the last five years of this Forum's program in order to identify key themes and common topics. I'd like to discuss three specific issues: systemic risk, governance, and regulatory reform.

First, systemic risk has been a central topic of discussion at each Global Risk Forum over the past five years. Given the acute trauma of the financial crisis and its systemic nature, that is not surprising. I did find it interesting to see how the discussions of systemic risk have shifted over these five years. Initially, the discussions were primarily focused on defining systemic risk, including the underlying shocks and propagation channels. During these initial conversations, the concept of macroprudential supervision was introduced as a means of mitigating systemic risk, but the discussion largely centered on defining what macroprudential supervision might entail, and how it differs from more traditional microprudential supervision. More recently, the systemic risk discussions have become increasingly technical and practical in nature—focusing on the details of the resolution regime, monitoring shadow banking and considering implications of shifting activity, and on actual approaches for conducting macroprudential supervision.

Second, governance has been a frequent topic. Again, this is understandable given its central importance for private sector risk management and the official sector reform agenda. It is interesting that the assortment of discussion topics under the governance agenda item has been remarkably stable over the years. The agendas examined the appropriate roles of the board of directors and senior managers, the degree to which the official sector should prescribe risk management practices and principles, and the need to tailor such expectations depending on an institution's business models and risk profiles. We should also think beyond the traditional governance topics to determine if other key risk types should be covered within these frameworks. I'll return to this latter point.

The third theme is the changing nature of the discussions around regulatory reform. In 2011 and 2012, much of the agenda focused on the "what" and the "how" of the reform package—what should be included in the reforms and how would these mechanisms work in practice. Discussion questions were geared toward concerns about the feasibility of these new policies and regulations, and the need for global coordination and cooperation. In recent years, as you know, the global regulatory community has made significant progress on finalizing the post-crisis reforms and the conversation has naturally shifted to the impact of these regulatory reforms; for example, a desire for consistency across firms, business models and jurisdictions and an assessment of factors driving changes in market liquidity.

In raising these three frequently discussed topics – systemic risk, governance, and regulatory reform—I also wonder what topics have emerged that we are not discussing, but perhaps should be. Since the financial crisis, I think we are all more aware of the importance of actively looking for our blind spots. Gillian Tett, writer for the Financial Times and author of The Silo Effect recently visited the NY Fed, and reminded us to look broadly. In her case, when trying to understand social dynamics, it is important to look not just in the middle of the dance floor, but also at the "non-dancers" outside of the spotlight. In our case, it is what other factors might create either idiosyncratic or systemic distress.

So, with that perspective in mind, I noticed two surprising omissions from prior Global Risk Forum agendas. The first is cybersecurity. Over this time period, there has been an increasing awareness among risk professionals about the constant and present danger that cyber-threats pose to the financial sector. Cyber-threats are a vital concern for the supervisors responsible for the safety and soundness of the financial system and for individual risk managers. In the U.S., the Department of Treasury, our intelligence agencies, financial regulators and supervisors, and risk professionals across the financial sector are working to defend against cyber-attacks and to minimize the potential disruption resulting from a successful attack. U.S. authorities are working to finalize objectives-based supervisory expectations for risk management around cyber threats. I'm encouraged that this year's Forum includes an expert panel on "Technology Risks" that will explore the cyber-threat landscape and approaches to mitigate the associated risks.

A second noteworthy omission relates to a specific component of governance. While some governance topics have been remarkably stable, in my view, risks associated with business misconduct at financial institutions have not received adequate attention in these Forums. Through initiatives like the annual conference on "Reforming Culture in the Financial Services Industry," the New York Fed has been challenging the financial industry to consider the many factors that have contributed to recent, widespread instances of misconduct.

In concert with the industry, I believe that supervisors can help the industry improve governance, culture and behavioral outcomes through supporting the development of effective internal governance regimes, prudent risk management policies, incentives, and strong compliance and control structures, all within a framework of effective oversight from the board of directors. In today's Forum and in the future, I welcome other participants' thoughts on approaches for developing, measuring, and maintaining a strong, ethical culture within the industry.

As risk professionals, it's important to be forward-looking and to continually ask ourselves: are all risks being captured, measured, and monitored? What is missing? Are we focused on the right areas?

So, here is another question: When we look back at this conference five years from now, what will we view as a major blind spot? I expect there will be issues that we will be surprised we missed, and part of the purpose of discussions like this is to lower the likelihood and impact of those inevitable blind spots.

Thanks for your attention, and I'm looking forward to hearing the discussion throughout the day.