Regulatory investigations into the banking industry have cost Citigroup dearly over the past year. Earlier this week, Citi announced that its earnings had been hit by charges of $1.3 billion resulting from its out-of-court settlement of lawsuits related to the investment research and Enron scandals. 

Citi’s not the only bank to have been hit hard by legal settlements recently. In November, Household International (recently acquired by HSBC) agreed to pay $484 million to settle a drawn-out investigation by the Federal Trade Commission over allegations that Household had engaged in predatory lending. And for each of these headline-grabbing payouts, there are hundreds of smaller cases that nonetheless drag banks into the courts or into settlement negotiations, as well as draining money from the coffers.

The Basle Committee, whose regulatory proposals are likely to set the agenda for bank capital management for the next decade, says such cases should be considered operational risks. That means banks which want to calculate their own capital requirements under the incoming Basle rules will have to find a way to realistically anticipate the costs of legal claims. But is that feasible?

Maybe not, according to a paper authored by Andrew Kuritzkes, vice-chairman of consulting firm Oliver, Wyman & Co, and Hal Scott, the Nomura Professor of International Financial Systems at Harvard Law School. Kuritzkes and Scott raise doubts about banks’ ability to measure legal losses in recent paper on operational risk, arguing that it is “far from clear” how a bank’s internal model could predict exposure to legal claims.

Part of the problem, they argue, is the incredible range of potential legal complaints that banks face. A twelve-month period starting in October 2000 saw banks face claims relating to antitrust complaints, consumer protection, discrimination, fraud, Holocaust compensation and patent infringement, among other things. “How would one predict the likelihood of low frequency, high severity events like the Holocaust?” the paper asks.

The incidence of legal claims also varies from one state to the next – and Kuritzkes and Scott argue that similar variation would likely occur between countries, making it difficult for a bank to apply a standardised methodology across its offices. The natural result of the wide variety of legal claims and the large local variation in risk is a high degree of uncertainty about losses, the paper argues, noting that 21% of US banks were forced to make “material impact” disclosures during 2000 as a result of legal action. The very existence of such disclosures suggests banks cannot accurately anticipate the losses arising from their legal exposure.

Not everyone is so sceptical. A member of the Basle Committee Secretariat maintains that initial concerns that operational risks, including legal risk, were not susceptible to quantitative analysis have begun to melt away. “The growing consensus in the industry is that measurement is possible,” he says. The new Basle Accord specifies only very simple methods for quantifying operational risk, however. While the regulators have made it known they are open to banks' suggestions on advanced methodologies, they haven't specified any themselves, opting instead for a series of broader requirements.

Systems must use internal and external data, according to Basle, and banks should also make use of scenario analysis and qualitative factors – but it doesn’t get much more specific than that. “We don’t want to stifle innovation, or favour one particular method over another at this stage,” says the spokesman. So banks are largely being left to investigate operational risk for themselves. Some have “made good progress,” he claims.

So, given the difficulties highlighted by commentators such as Kuritzkes and Scott, how are banks incorporating legal risk into systems that will meet the Basle criteria? For a start, says Duncan Wilson, global head of operational risk at BNP Paribas in London, they have largely stopped thinking of “legal risk” as a useful term. “It’s just too confusing. When people talk about legal risk, they are actually talking about the legal work-out of operating failures.”

BNP Paribas – and several other large banks – are trying to think of all operational risk in the same terms, he says: there is a cause, an event and an effect. In this view of the world, a legal claim is an effect of something that happened much earlier, so focusing on court cases is putting the cart before the horse. Instead, the bank is trying to catalogue operational failure events, with the help of a network of “correspondents” assigned to each business line, and then to assess the resulting effects – whether that is an interruption to business, employee fraud, or a lawsuit.

Nevertheless, BNP Paribas and others who aim to qualify for the sophisticated measurement option left open by Basle will still need to have some forward-looking assessment of the capital required to ensure that their risks can be borne safely. However risk managers think about legal claims, they still have to show that they can reliably assess how much money to keep against them.

The Basle Committee spokesman accepts that this is a real challenge; he contends that “the key issue with measuring operational risk is capturing the tail of the distribution – the infrequent and hence unpredictable events that will drive any capital charge.”

Wilson says that even smaller and more frequent losses can be difficult to capture – despite the extra data that is typically available. “The bank may have a history of legal claims, which is good data for the legal department to use, but it doesn’t reflect risk management needs. What you really need is a history of all the incidents that resulted in claims.”

He does agree, however, that unexpected legal losses pose a particular problem for banks trying to measure their operational risk – simply because there is no data to allow the industry to judge how often it will face claims like those filed by Holocaust victims, or those stemming from regulatory investigations into analyst bias.

As an example of the problems waiting for risk managers in this field, an analyst at Sanford Bernstein this week estimated that banks who've become embroiled in the investment research scandal may now be looking at $10 billion worth of lawsuits from investors who feel they suffered as a result of skewed research. Could any bank anticipate that kind of exposure – and what is the likelihood of similar problems recurring?

Banks are expected to use scenario analysis to capture these tail events under the Basle Accord, says Wilson – but he admits that he can’t think of an “exact scenario” that Wall Street firms could use to replicate the kind of exposures they are now facing as a result of the alleged failings in their research efforts.

Instead, he suggests that banks could learn from the experiences of other industries, by inviting risk managers from the nuclear or pharmaceuticals sector to help look for “proxy events” that could shed light on banks’ own exposures.

©2010 Sungard. All rights reserved. Legal Information

Home | About Ambit ERisk | Solutions | Collateral | Contact Us | Search
Risk Reports Case Studies RMA Ambit ERisk Whitepaper Economic Capital Training And Workshop Events	About Ambit ERisk Solutions Collateral