In early 2007, believing that troubles in the subprime-mortgage industry would worsen, Morgan Stanley’s fixed-income traders built a $2 billion short position on the sector. As protection, they bought $14 billion worth of triple-A mortgage-backed securities. Although there were troubling signs that the credit malaise was spreading to the higher-grade securities, the traders considered the triple-A’s an adequate hedge.
But by December, a perfect storm had gathered: with the credit markets in free fall, investors fled all forms of mortgage-backed securities, including investment-grade. Morgan Stanley’s hedge collapsed, triggering a $9.6 billion fourth-quarter write-down — nearly triple the $3.7 billion that Colm Kelleher, Morgan Stanley’s newly appointed CFO, had forecast a month earlier.
In many ways, Morgan Stanley’s predicament mirrors that of other banks caught in the subprime mess. Errors in judgment, the inability to properly manage risk, and the failure of stress tests have so far resulted in global bank losses of $265 billion. With a few notable exceptions, even bank CFOs seemed willfully ignorant of snowballing risk. “Everyone involved was caught unprepared, given the speed at which liquidity dried up,” says Jess Varughese, managing partner of Milestone Advisory Services.
The question now is how an industry so splendidly adept at making a buck out of risk could get it so wrong, and whether the ritual executive bloodbaths and subsequent reshufflings will help forestall the next meltdown.
One thing is clear: the hardest hit banks, from Merrill Lynch to Citigroup, shared a siloed approach to risk, with insufficient communication among risk, finance, and operations. Unlike other businesses, where the CFO is typically the ultimate risk manager, banks tend to view risk as an advisory role.
But as this crisis demonstrates, such separation is logical only up to a point. Among those banks that have, so far, dodged the bullet, such as Goldman Sachs, Lehman Brothers, and Deutsche Bank, risk has a high profile and the CFO, if not directly in charge, is still closely involved in monitoring and managing risk.
Attaching a high profile to risk management, of course, has not been the trend. Instead of managing risk, banks have been shedding it for years, passing it on to investors through securitizations and syndications. Former Federal Reserve chairman Alan Greenspan praised the resulting dispersion of risk. He claimed it bolstered the safety and soundness of his banking charges. In fact, it may have made them more careless.
After all, bankers are only human. Even when they are not playing with investor money, individuals in large banks don’t have much skin in the game. “Bankers bet with their bank’s capital, not their own,” wrote Council on Foreign Relations scholar Sebastian Mallaby, in a Washington Post editorial. “If the bet goes right, they get a huge bonus; if it misfires, that’s the shareholders’ problem.” It’s no surprise, says Mallaby, “that rational bank employees take as much risk as they can.”
Sidelining caution in favor of potential profit is not particularly difficult in a culture built on producer worship. Traders looking for capital often get their business-unit head to intervene on their behalf. In many of today’s large banks, risk officers and CFOs are cost centers. Morgan Stanley’s new chief risk officer (CRO) is only now answerable to the CFO instead of the co-president. At Citigroup, risk reported to the chief administrative officer before its new CEO Vikram Pandit changed the structure to report to him.