Giving credit where credit receives its due: An Interview with Marco Suter

Nicholas Hayes

In real estate, it's "location, location, location." At UBS, it's "reputation, reputation, reputation." And effective risk management is a key contributor to maintaining this most valuable asset. UBS AG was created in 1998 following the merger of Union Bank of Switzerland and Swiss Bank Corporation. It is the world's leading provider of private banking services and asset management, globally prominent in investment banking and securities, and the Swiss market leader in corporate and retail banking. The various business lines operate as a group, drawing on one another's strengths to offer customers exceptional service.

As group chief credit officer and member of the Group Managing Board, Marco Suter is responsible for the functional management of the credit risk control departments globally and for formulating credit risk policies, determining methodologies to measure credit risk, and setting and monitoring aggregate portfolio ceilings in response to the Group's tolerance for risk. He exercises personal credit authority with respect to portfolio ceilings as well as for individual transactions and/or counterparties. In concert with the chief credit officers of the business groups, he ensures that the Group's credit risk strategy and policies are effectively communicated, supervised, and controlled throughout the organization.

Suter was in New York in January 2002, in part to participate as one of three chief credit officers serving as panelists at the RMA New York Chapter's most popular meeting each year. Nicholas Hayes, RMA's director of Global Relations, met with him to learn more about the credit risk management environment of UBS.

RMAJ: As Group chief credit officer, you provide policy and oversight to the credit transactions throughout the business lines. Can you give us a more detailed look at your responsibilities and how your background has helped ensure your ability to address them?

MS: My responsibilities cover essentially three areas. The first and most visible is my day-to-day involvement in credit decisions. At UBS, credit authority is delegated to individual, independent credit officers and not to committees. Based on our experience, committees tend to dilute rather than to foster responsibility and accountability. Our Group Executive Board has delegated its full credit authority to me, and I, in turn, have delegated a substantial part of my authority to our divisional chief credit officers. The riskiest and largest transactions, however, still come to my desk.

My second area of responsibility is to ensure that our various portfolios of credit risk are well controlled, that exposures and risks are properly identified and accurately measured, that our business activities are operating within the established risk parameters, and that our risk profile is regularly reported to our Group Executive Board as well as to our Board of Directors. We see risk and return as a pair, and during the budgeting and planning process, risk parameters are defined and approved by the Group Executive Board and the Board of Directors. We use expected loss, statistical risk, and stress loss as the currencies with which we define and control risk.

My third, and possibly most important, task is to manage, as the functional leader, the chief credit officers and their organizations in the business groups and to run efficient staff units at the Corporate Center. Through the Corporate Center units, I ensure that our framework of credit policies is continuously updated and that the business groups adhere to our policies and principles. These departments also focus on credit portfolio models in the widest sense, on risk reporting, and on credit risk data aggregation. We emphasize continuous risk education and reinforcing a firm-wide risk culture, which are particularly challenging and important responsibilities for any organization undergoing organic and acquisitive growth.

I see the key ingredients necessary for my position as experience--I've been in this business for about 25 years; personality--I must be able to do the unpopular thing and say no at times; and recognition that this is not a single person's job--I must be able to recognize my own limitations and know that true success comes from a team approach. The Credit Risk Control Team at UBS comes from a broad academic, business, and cultural background; is very strong; and is, therefore, very well respected. Working with this group of professionals is both highly stimulating and challenging.

RMAJ: Would you say that the UBS commercial banking business strategies are similar to those of large U.S.-based banks?

MS: Swiss banks, similar to most European banks, were never subject to Glass-Steagall, that is, restrictions separating commercial banking from investment banking. So they were never pure commercial banks in the first place. Unlike some of our peers, however, UBS is not positioned as an international commercial bank and has no ambition to become one. UBS really is a commercial and retail bank only in Switzerland, where we have a loan portfolio of approximately $96 billion--about 60% of this portfolio is low-risk home mortgage loans to private individuals. Contrary to the U.S., where a substantial share of home mortgage loans are securitized, the vast majority of home mortgage loans in Switzerland is held by banks, insurance companies, and pension funds.

On a global level, UBS has two core businesses: wealth management and investment banking. In these businesses, the Group serves clients ranging from affluent individuals to multinational institutions and corporations. Where needed and where we have the necessary infrastructure and expertise, we also provide these customers commercial banking services, including lending. Because we often find that the return on risk is not optimal in commercial lending we are very cautious and selective in the use of our balance sheet. In this sense, our strategy is not much different from our main competitors. If we grant loans for relationship reasons, we make sure that we manage our exposures and reduce concentrations through syndication and, increasingly, credit derivatives.

RMAJ: As risk management has steadily moved from avoiding credit risk to tactical risk-taking, what sorts of change--structurally and culturally--have taken place within your organization?

MS: Culturally this transformation has happened gradually and is an ongoing process. The first decisions were taken a long time ago by segregating origination from risk management and risk management from risk control. This has automatically led to an active management of our loan portfolio, first from a risk/reward perspective and second with respect to making use of the opportunities for loan sales, syndications, or credit derivatives. The move away from loss avoidance to ex post risk control stems from the fact that credit risks, which had been viewed as very sticky--once you owned a credit risk, you lived with it--are becoming increasingly liquid. The emerging approach therefore leaves more authority for individual risk taking with the business and requires that three conditions be met.

1. There must be a strong risk culture across the enterprise. Traders and loan officers must feel responsible for the outcome and actively manage their credit risk exposures. Credit risk management is, therefore, a business function.

2. Risks must be grouped by liquidity. Those that can be managed can go into the new paradigm; those that cannot be managed must be subject to a very strong pre-approval process. It goes without saying that a business model that grants significant authorities to the front line requires that individual positions be relatively liquid so that they can be changed if the resulting risk profile exceeds the institution's risk appetite.

3. A set of hard limits must be put in place within which the business is authorized to operate. A limit system must ensure that no one can "bet the bank" with a single decision and that risk concentrations (emerging markets, industries, and so forth) are well controlled.

Given the credit risk management tools and techniques we now have in place, we can meet our customers' demands and at the same time have the quality of risk that suits our risk appetite.

RMAJ: What can you tell us about the bank's internal risk-ratings system? And at the end of the day, who "owns" the rating?

MS: To answer the second part first, credit risk rating is at the sole discretion of the credit officer. In my opinion, the nucleus of our system is that we will never compromise the credit rating. As you know, credit rating is an extremely important element of risk control. It is used not only to classify our counterparty risk exposures for internal and external reporting, it also determines, for example, our credit approval authority and sets the hurdle rate for profitability. Obviously, we often are pressured by the originator to assign a better credit rating to allow more favorable pricing or longer maturities. If we started changing our ratings to allow that, we obviously would jeopardize the integrity of the system.

Many of our credit policies set out the types of risks we accept for a given rating category. They also determine the frequency of credit reviews. In our domestic lending business, pricing grids are based on internal ratings to ensure that our earnings profile is in line with the risks assumed. In our international lending business, we have set maximum concentration targets by ratings category. Most important, however, our ratings are a key and core element in establishing and quantifying our expected loss, economic capital, and stress loss exposures. They determine how much of the "scarce" risk resource every single transaction consumes and are taken into consideration for the purpose of performance measurement of our business groups.

Our ratings system has 12 grades for our unimpaired counterparties and two impaired classes. Each grade is assigned a fixed group of default probabilities. When designing the rating scale, we were careful to ensure that ratings classes can be differentiated meaningfully and that the increases in default probability from one grade to the next are reasonably steep.

Given the complexity of an organization such as UBS, we have more than one ratings system. All systems, however, are linked through a master scale. Ultimately, they are all translated into default probability and expected loss. For the most part, our credit ratings measure pure counterparty default risk. In these instances, collateral or loan structures or transfer risk are taken into account separately. Two exceptions are our real estate lending activities in Switzerland and our Regulation U and Regulation T type lending businesses, for which we use transaction ratings rather than counterparty ratings. In these instances, the collateral value is directly factored into the rating.

RMAJ: What do you see as some of the greatest lessons coming from 2001? And where do you see the greatest risks and the greatest rewards in 2002? In certain industries, geographies, business lines? In the face of the almost worldwide downturn, what are you doing differently now from, say, two years ago?

MS: This past year reinforced the importance of sticking to our fundamentals. For UBS, for example, we learned anew the importance of cash-flow-based lending as opposed to enterprise-value-based lending. The stock market obviously proved this right. The other key learning point is that there must always be an awareness that surprises can occur at any time. No model would have suspected the September 11 event. But when you have this kind of tail risk, there is only one way to protect against it: Do not put too many eggs in one basket.

For most banks, the biggest challenge for 2002 will be to find the optimal operating leverage and operating capacity. Given the rather difficult economic outlook, banks are faced with the task of adjusting their cost base (including risk cost) to hard top-line revenue estimations. Cutting too deeply into cost and capacity could potentially lead to substantial opportunity costs, whereas maintaining too high a cost base could seriously harm the bottom line.

On the credit side, I believe that 2002 will again prove and reinforce that the credit fundamentals of free cash flow and liquidity cannot be neglected. We might experience a rebound in some stock markets, including the technology sectors. I would hope, however, that banks have learned from their previous mistakes and that this time around they will refrain from enterprise value lending. I do not see 2002 as being as risky as 2001, keeping in mind that the worst risks come from the unexpected surprises. We do expect more defaults, but because they are expected, the risk element is much lower.

For many companies, liquidity and access to borrowed funds will be key. Total level of debt, leverage ratios, free cash flow, and bottom-line profitability will be the factors to influence liquidity. I know of very few companies that do not rely heavily on short-term borrowings. We very closely watch all companies that have high debt levels and are heavily exposed to short-term financing or that have substantial refinancing needs in the next one to two years.

We have identified 18 out of 56 industries to be vulnerable in the present recession scenario. The first vulnerable industries are those immediately affected by the September 11 events--air transportation, hotels and restaurants, travel, and the insurance sector. The second group of industries includes those already suffering from the significant slowdown of the economy--the chemicals industry, machinery and equipment manufacturers, and, particularly, technology and communications. In one of our stress scenarios we also model the impact that a sharp drop in consumer confidence would have on manufacturers, wholesalers, and retailers of consumer durable goods as well as real estate. We have also further reduced our exposures to the automotive sector, including their finance subsidiaries. The peak of the auto cycle three years ago means a lot of used cars are coming back to finance companies, and the resale values of these cars are under pressure.

With regard to your question of what we do that is different, I don't believe that we do things fundamentally different from what we did two or three years ago. We require an in-depth analysis of a client's business, its projected cash flow, and a sound structure of the credit itself. Our sources of repayment are not the "dream cash flows" of an ambitious management; it is the cash that can actually be earned under circumstances that are not always very beneficial for the enterprise. We use sustainable cash flow as a key driver in our decision making. While in some cases the rapid deterioration of corporate credits came as a real surprise, not all of these "fallen angels" we observed in recent months were so unexpected. The surprise element can best be taken out of the equation if any lack of transparency in a credit relationship is overcome. We have made great efforts at UBS to ensure that we really know our borrowers and the risks that they are exposed to, but there are obviously limits to due diligence an d to predicting the future. That is why--in addition to the high credit and due diligence standards--we place so much emphasis on risk diversification and are increasingly using credit derivatives to actively manage our portfolios of credit risk.

RMAJ: Tell us about the UBS approach to an enterprise-wide view of risk--encompassing credit, market, and operational risk. How is this managed?

MS: The president of the Group Executive Board manages all of our control functions. Our risk approach is established in our Group-wide Risk Management and Control Principles. These principles have been reviewed and approved by our board of directors, which is also actively involved in periodically reviewing the Group's risk profile and in reviewing and approving the Group's risk limits and risk-bearing capacity.

Our Group Executive Board acts as our Group Risk Council and is responsible for implementing the Risk Management and Control Principles, for approving the core risk policies, for allocating risk limits to the various business groups within the overall approved framework, and for appointing business group and divisional management that demonstrates both business and control competence.

My colleagues--the chief risk officer, the chief controller, the Group general counsel, and the Group treasurer--and I all report directly to the president of the Group Executive Board. He manages our functions on an integrated basis by chairing our bi-weekly Finance and Risk Committee meetings.

As to the various risk categories, we differentiate at the first level between business risk and inherent risk. Business risk refers to the environment within which we operate and includes our exposure to economic cycles, industry cycles and trends, technological change, and so forth. It is the responsibility of business management to systematically address these risks in the planning and budgeting cycle by measuring their impact on our earnings for a broad range of scenarios.

Inherent risks refer to those factors that are inherent to our business activities. Within inherent risks we differentiate between primary risks and consequential risks. The primary risk factors include credit risk, market risk, and funding and liquidity, whereas the consequential risk factors include transaction processing risk, compliance risk, legal risk, liability risk, security risk, and tax risk. All these risk factors are subject to an independent control process. The chief risk officer is responsible for market risk and all consequential risk factors, whereas I focus exclusively on credit risk. Our Group Risk Committee, which is chaired by my colleague and has representatives from the major risk control areas, is the forum within which we discuss all risk categories. Wherever possible, we use our measurements for expected, statistical, and stress loss to quantify our primary and consequential risks.

The important thing, however, is that we are managed as an integrated group and we communicate and cooperate very well institutionally and on a personal basis.

RMAJ: Whether or not institutions achieve good risk management information depends on the quality and quantity of their data, the consistency in their risk ratings, their stress-testing capabilities, and their use of tools in identifying, measuring, and forecasting risk. Where is UBS in this pursuit?

MS: Despite significant progress made over the last few years, the industry in general is, in many aspects, not very far advanced. In relative terms, I consider UBS to be a front-runner. Much more needs to be done; this is true more so for the credit and operational risk side than for market risk. The reason I can call us a front-runner, however, is that for two years in a row, a well-known risk management consulting firm and an number of journals have voted UBS thc institution offering the greatest transparency--that is, we have the best risk and financial disclosure. (1) What you disclose externally somehow matches your internal capabilities.

I would say that nobody could declare without blushing that data issues arc fully "under control," even if the database is large and well maintained. On the one hand, there is the issue of selecting data, which needs to be recorded and the quality maintained over a long time. Business organizations change, and company profiles change as well, which makes it difficult to maintain identical data standards for a longer period. On the other hand, we (fortunately) do not have so many defaults of clients within the span of one year that would allow us to develop rating models or back-test existing ones simply with one set of data. We depend on the information of several years, even in rather homogeneous sub-portfolios. Having said this, I believe that UBS is well on the way to fulfilling the requirements set out under the proposals for "Basel II," that is, an internal-ratings-based approach to capital requirements.

I consider stress testing to be one of the most important risk control processes, for it serves to quantify and limit losses that exceed the bank's risk-bearing capacity. UBS has a stress-test policy and a small Corporate Center staff unit that is responsible for determining Group-wide standards and reporting of the individual analyses. Stress loss analysis covers credit and market risks and a number of consequential risk categories. In the area of credit risk, we define scenarios as to the development of the various global and domestic sectors we are exposed to, as well as the property cycle in Switzerland. For UBS Warburg, we also have scenarios that reflect distressed events in emerging markets. Contrary to market risk, these scenario analyses are relatively new for credit portfolios, but our first experiences with the results and the corresponding actions--for example, setting of portfolio limits--have been encouraging.

RMAJ: Let's say you have two weeks to ready UBS A.G. for the challenges of the coming year What would you address first, second, and third? In other words, what are your principal concerns at this point in time?

MS: I have been in office for some time, and we have launched a number of initiatives that are either completed or under way to ensure that our day-today credit risk control tools are adequate, even in a period of uncertainty and economic downturn. This does not mean that we are completely insulated from what may happen in the "real world," but we can say that we have acted prudently to protect the bank against undue risks.

I would therefore focus most on strategic issues.

1. We must continuously align business and revenue ambitions with tolerance for risk. These can tend to move in different directions. Given our business and the nature of the risks, risk/return optimization is a concept that cannot very easily be employed. A number of interests have to be balanced, and we must make sure that our internal incentive schemes are designed and adjusted so that they always achieve the desired effects for the bank overall.

2. We are confronted with the problem of how to avoid risk concentrations in consolidating markets. More and more large transactions are shared among a small number of highly professional institutions. This leads to potentially increased systemic risk, and at the level of the individual institutions, we must make sure that such concentrations do not lead to undue exposures that could exceed the bank's risk-bearing capacity if they turned out to be problematic.

3. We have--together with other major institutions--advocated for the introduction of a more risk-based capital regime. The new Capital Accord is scheduled to take effect in 2005. It's essential to structure projects now that ensure e meet the high standards that we set for ourselves without losing sight of the costs that Basel II implementation will entail, not the least of which will be on the IT and data management sides. While 2005 seems far away, I believe this project will be much bigger than we originally anticipated.

RMAJ: There's always a good deal of speculation about the future of financial services. What kind of future do you see? How might this vary by institution size and niches? What will the global financial services industry look like in half a dozen years, and what will the role of risk management be?

MS: That's a difficult question to ask someone in risk control. We typically like to look at what we know, and we are not in the business of speculation--I leave that up to others. Our industry was subject to an unprecedented wave of consolidation in the past. While I believe that consolidation will continue, there is a limit to further "mega mergers." The world probably needs five to 10 truly global investment banks to fulfill clients' needs in complex corporate finance transactions.

A number of other significant changes in the banking landscape also are likely over the next few years.

* Pan-European retail banks may truly emerge, requiring further consolidation in the domestic market. Unless the domestic market has sufficiently strong players, local regulators will stand in the way of cross-border mergers, and a number of smaller regional commercial banks will be unable to survive in a more competitive environment.

* Wealth management is very fragmented and may see further consolidation over time.

* IT development and e-banking may have had a slower start than many of us anticipated, but these evolutions will certainly have an impact on the industry in the longer run.

* Bancassurance, as mentioned, is still in its infancy, and we will need to follow closely the success of these business models and whether we will see a further consolidation between insurance companies and banks.

What the future will bring to risk management is undoubtedly further growth of the derivatives markets. It's questionable whether the growth will be as significant as many believe, especially with nonbank counterparties that may shy away from credit risks once they realize the costs of being involved at the wrong time in a cycle. Nevertheless, I believe we shall have more and more possibilities of managing our counterparty risk exposures, first because of further improvements to data and credit risk models, and second because of the growing market. The more liquid traditional credits become, the more credit and market risk control will grow together.

Over time, we also will see changing accounting rules. Traditional credits will, sooner or later, be accounted for under a mark-to-model/market method. I personally believe that the discipline of mark-to-market will introduce price discipline and further enhance liquidity.

Despite the enormous development in modeling techniques and hedging possibilities for risks, I believe that credit officers will continue to be sought-after professionals. Credit control does not become less important simply because by then a larger part of its task constitutes an ax post monitoring of the portfolio rather than ax ante individual transaction approvals. Second, and I do not say this simply to protect my own position, models are subject to significant model risks, especially since credit default risk is so company specific and cannot easily he explained by a few factors. The role of the credit officer going forward will be much more risk focused. The knowledge of our counterparties, especially the larger risks that individually can affect the bank's performance in case of default, will remain as important as ever.

Hayes is director of Global Relations at RMA. Foster is editor of The RMA Journal.

(1.) Trema Management Consulting, a management consulting firm based in Helsinki, Finland, and specializing in strategic finance and risk management, conducts an annual survey on financial risk management information found in annual reports of major European banks.

RELATED ARTICLE: Birth of a Chief Credit Officer

Entire professional career (nearly 28 years) at UBS and its forerunners. Experience includes:

* Commercial banking in the U.S.

* Worked at the Corporate Center as a senior credit analyst.

* Head of European Merchant Banking activities.

* Chief credit officer for Europe; headquartered in London.

* Head of commercial banking relationships at a major branch in Zurich.

* Chief credit officer for UBS Group in 1999

I know what it means to acquire clients and banking business and how frustrating it can be nor to obtain a credit approval or to have conditions imposed that are difficult to negotiate with the client.

Marco Suter

COPYRIGHT 2002 The Risk Management Association
COPYRIGHT 2005 Gale Group