What’s Luck Got to Do with It?
Still, not every bank CFO considers 2007 a disastrous year. JP Morgan Chase, Credit Suisse, and Deutsche Bank all emerged relatively unscathed from the crisis. Lehman Brothers, a big player in mortgages, with an estimated inventory of $80 billion in mortgage-related securities, also avoided major pain, returning 16.6 percent on capital in 2007 — largely thanks to revamping its risk-management system after the 1998 Asian crisis.
It was Goldman, however, that got Wall Street’s attention. In December 2006, the bank’s controller group alerted CFO David Viniar to mortgage-related losses that had occurred for 10 days on the firm’s P&L. (Goldman has not disclosed the exact amount, but says it was “in the millions.”) In response, Viniar called a meeting that included the controller division, the mortgage traders, and the senior risk managers. Discussions revolved around the firm’s long subprime holdings and ended with the conclusion that “we’d rather be short than long,” says a person close to Goldman.
Goldman began to hedge its long mortgage position in first-quarter 2007. In the second quarter, it reduced some of its long positions and wrote down the positions it retained. By fall, as other banks were stuck holding billions in subprime-related securities, it had already unloaded most of its investments. Defying the Street, it reported an 80 percent third-quarter hike in its profits, to $2.8 billion. “Viniar is an example of an empowered CFO looking at the situation and saying, ‘I’m uncomfortable; let’s fix this,’” says Milestone’s Varughese.
Goldman’s call was made in the context of solid corporate governance as well as a culture that encourages dialogue. The structure gives the CFO power as the overseer of all forms of risk. Rules and hierarchy seem to be respected, as seen by Viniar’s ability to gather the troops and get them to opt out of a lucrative area at the height of the market. In addition, Goldman’s controllers have the authority to prevent traders from making risky bets, providing an early intervention before problems escalate.
Goldman suffered some relatively minor pain — a $1.5 billion hit on loans to private-equity firms in the third quarter, and earlier it had to rescue two of its hedge funds. And it remains to be seen whether Goldman will completely dodge the fallout, which includes lawsuits as well as regulatory probes into the subprime business practices. Already, some have accused it of protecting itself while continuing to peddle risky securities to investors. (Goldman says it sold only high-grade securities once it began to unwind its position.)
A Changed Landscape
As more and more banks evaluate and strengthen their risk-reporting structures, two main patterns are emerging. Some banks that have not had risk report to the CFO are now putting the CFO in charge. Others, like Citigroup, are keeping risk as a separate function but elevating it to the C-suite, making the CRO a peer of the CFO’s, with both reporting to the CEO. These also make sure that the CRO oversees all forms of risk, thereby fixing a problem that affected both Citigroup and Merrill — keeping credit-risk and market-risk separate.