Managing Risk in Asia-Pacific

Managing risk in the Asia-Pacific region is appreciably different from the approach in Europe and the U.S.—and that’s not even taking into account the influence of China and the trade wars. In this RMA Journal Q&A, Chris Yip, RMA’s relationship manager for Asia, discusses the particular risk management challenges in the region.  

RMA JOURNAL: Looking at the big picture of risk in Asia-Pacific, what are some basics that people should understand?

YIP: Many in the U.S. and Europe underestimate the complexity of the Asia-Pacific region. It is not a homogenous region with one currency and a more or less coordinated regulatory framework as in Europe and the U.S.

In Asia-Pacific there are multiple regulatory regimes spread over multiple jurisdictions, each with its own currency and legal system. Applying the same standard in Singapore to South Korea and Taiwan is not possible. Every country has its own challenges and risk profile—from developed and mature economies to emerging countries at the early stage of economic development. Nevertheless, some issues are common—for example, fraud, corruption, and managed financial markets that create wrong-way risks, as well as a lack of transparency and reliability of financial information.

All these complexities have to be part of the approach to risk management. In Asia-Pacific, for example, credit analysis in some countries can’t rely as much on public financial statements or regulatory reports as in Europe and the U.S. You need a different or composite approach—not necessarily worse or better, but different. And you have to adjust. A credit risk officer from the U.S. or Europe may find it difficult to adjust. It will usually take a longer period of time to understand the way risk is managed in the region. 

RMA JOURNAL: The trade war between the U.S. and China—and its impact on regional countries’ economies—is complicating and magnifying that risk. How can risk managers prepare?

YIP: Global supply chains are forced to adjust, with a material effect on world trade and potentially growth. This affects supply chains throughout Asia-Pacific, but the most affected, clearly, are the U.S. and China. The adjustment mechanisms are very complex. It’s difficult for risk management to manage these risks and uncertainty.

However, risk management doesn’t change at the end of the day. You should only take on risk exposures that are clearly defined and understood, and which your organization has the capacity to manage on an ongoing basis. The uncertainty created by trade wars has many organizations thinking twice before taking a position or increasing investment exposure to a country. Yet despite the uncertainty, there are opportunities.

The art of risk management is to find opportunities where risks may not be as clearly identifiable and manageable. Going forward, I don’t think tariffs are the primary concern regarding China. If you look at the potential impact, even with a 25% tariff on all Chinese imports into the U.S., the direct impact on Chinese GDP growth would be 1 percentage point. From a headline reported perspective, there would be 5% growth versus 6% growth. For the U.S. economy, in a worst case, there would be an impact of 30 to 40 basis points on GDP growth.

Based on these factors, the economic impacts on the overall economies are manageable. However, the greater impact, and one more difficult to determine, is the second-order impact resulting from the uncertainty created by the trade dispute and its effect on business sentiment and consumer confidence—as these both drive private-sector investment and consumption.

RMA JOURNAL: So far, which countries have benefited from the trade war?

YIP: While there are always winners and losers in a trade war, the one between the U.S. and China is accelerating an existing trend. China’s position as a low-cost producer was already changing. Wages in China were already increasing without the trade war. And there was already a trend of moving production to lower-cost countries such as Vietnam, Malaysia, and India. Mexico, despite also being on the end of threatened actions by the Trump administration, has also benefited.

Many firms are beginning to build additional chains outside China to create a system that avoids existing tariff regimes and is more resilient and less vulnerable to trade wars. This action creates higher costs, but also provides more resilience.

But we can’t replace China overnight. It’s too big. In the short term we cannot move all production to Vietnam, which doesn’t have the capacity to do as much. Companies are leaving supply chains that serve the Chinese markets in place, and moving the ones that serve the U.S. That creates more resilience and a broader set of supply chains and production facilities. 

RMA JOURNAL: The situation in Hong Kong clearly has major implications for its residents, the Chinese government, and geopolitics. Might it also have an effect on the global economy?

YIP: Hong Kong is a top-three global financial center, a key financial gateway for foreign investors and companies seeking access to Mainland China, and the primary offshore funding market for Mainland Chinese companies seeking funding to expand overseas. As a consequence, any disruption to financial markets in Hong Kong will have a knock-on effect on other financial markets globally, resulting in heightened volatility.

In addition to increased volatility, a dramatic development such as direct military intervention by Mainland China could trigger major capital outflows, which would negatively impact local financial markets and spill over to others, which could negatively impact market liquidity, asset prices, and investors’ risk appetite. The resulting uncertainty would compound existing economic growth headwinds around the globe.

RMA JOURNAL: How might the political situation in Hong Kong affect the risk profile for financial institutions in Asia-Pacific? Is it mostly an operational concern, considering, as you noted, that Hong Kong is a critical financial center?

YIP: In many respects, the core reason for Hong Kong’s economic existence is to provide a business environment where international commerce involving China can be conducted in a consistent, predictable, reliable, and trusted manner. This emphasizes the importance of a robust rule of law, independent judiciary, free flow of information and people, and a well-functioning capital market.

If the political environment deteriorates to the extent that the above factors no longer hold true—specifically, the rule of law and the independence of the judiciary—the appeal of conducting business in Hong Kong would be adversely impacted.

RMA JOURNAL: It has been over a decade since the global financial crisis. With an eye toward Asia-Pacific, how would you rate the efficacy and necessity of the subsequent regulatory reforms?

YIP: Financial regulations have led to better resiliency of the global financial system. The major regulatory changes, to varying degrees, are on their way to completion: Basel III, Basel IV, FRTB [Fundamental Review of the Trading Book], and IFRS-9 [International Financial Reporting Standard]. The areas where there is still pressure for regulation are know-your-customer and anti-money laundering.

But generally what’s left is the implementation of rules and the necessary coordination among different jurisdictions. Implementation alone creates challenges for banks and for regulators. 

And while the regulatory reforms were clearly necessary, there remains the fact that misbehavior is still widespread. You can hardly open a newsfeed without coming across examples of misbehavior.

The Royal Commission report in Australia demonstrated that the culture of greed and short-term profit maximization is still very much intact.

RMA JOURNAL: Has the Australia report caused you to see anything differently?

YIP: The hearings on the report were gripping to watch, but on the other hand they just reinforced a trend that already exists. Many institutions in the region were already addressing conduct risk issues. In 2017 there was the Hong Kong Monetary Authority Bank Culture Reform circular. In Singapore you have the Guidelines on Managerial Behavior and Compensation. And the Financial Stability Board highlighted conduct risk back in 2013 in its Peer Review Report on Risk Governance.

It’s not a new subject. Regulators have become more focused on culture and conduct. New rules and guidelines aim to establish a framework. But misconduct just doesn’t seem to go away.

RMA JOURNAL: What is needed, then, besides regulations, to mitigate conduct risk?

YIP: We should focus more on how to change staff behavior with incentives and the tools, metrics, and approach of behavioral science or sociology. One useful reference for both practitioners and institutions is RMA’s Principles of Ethical Conduct, which practitioners can read—and pledge to follow—on RMA’s website. The principles are a reminder to act ethically at all times, and institutions can use them to supplement, or serve as a basis for, their own codes of conduct. 

RMA JOURNAL: How should firms measure culture?

YIP: Firms need tools to monitor the behavior of employees daily. Some organizations use a set of key performance indicators and then look at how they change over time. Indicators include the number of limit breaches. A large bank in Asia is using big data and machine learning to detect potential misbehavior by measuring keywords in emails or messages that could indicate trouble.

The industry is still in the early stages of such a process. But measuring culture cannot be a quantitative exercise only. Organizations can best understand culture through the stories being told. Listen to those stories. If you have traders who brag about how they circumvent rules, that is an indication of what behavioral scientists call a “moral calculus.” People who circumvent rules instead of breaking them are the cause of many conduct incidents in the industry. If you have stories of correct behavior, they should be touted and become part of the institutional tradition.

RMA JOURNAL: What are your views on the related topic of reputation risk? 

YIP: Like conduct risk, reputation risk is something more and more institutions are tuned in to. Ultimately, financial institutions are built on trust. That’s how the traditional theory on banking goes. You only give money to institutions you trust.

Since the crisis, this trust has been shaken. If you look at the reputation of financial institutions in surveys measuring public trust, banking ranks consistently last. There is a huge problem in terms of trust and reputation, so you look for ways to measure that risk. One approach is to gauge how positive and negative news about an organization develops and which types of news and information are in the public domain.  

RMA JOURNAL: What are your thoughts on financial institutions’ increasing reliance on risk management models? What are the benefits and pitfalls?

YIP: We have come a long way since Robert Merton, one of the developers of the Black-Scholes option pricing model, declared at his Nobel Prize acceptance speech in 1997 that hedging would eventually replace equity capital as a means of risk control. He was proven wrong in 1998 with the collapse of Long-Term Capital Management [LTCM]. That event demonstrated how modeling can go horribly wrong.

But the markets did not appreciate at the time the warning signals that came from the LTCM collapse. It was not until October 2008 that former Federal Reserve Chairman Alan Greenspan, in his testimony before the House Committee on Oversight and Government Reform, admitted that the whole theoretical framework had collapsed in the financial crisis. As a result, many regulators in general have since discouraged the use of internal risk models, potentially increasing the amount of capital to be held against the risk.

However, we still rely to a degree on theoretical risk models. We need them to get an estimate of the quantity of the risk we are actually facing. But it is important to understand the limitations of models, which are based on underlying assumptions. One assumption is that markets follow some kind of probability distribution, which is not the case. At the end of the day, when we look at risk, we start with the assumption that risk models are wrong and we work our way back. There are risk models that are better in certain situations than others, but we have to continually challenge the complexities of models and the assumptions on which they are based. We have to use them, but I would not rely entirely on them.

RMA JOURNAL: What are the current challenges regarding cybersecurity?

YIP: In any survey you see on operational risk priorities, cyber risk is one of the major concerns. Still, I’m not sure anyone has found the conclusive approach for how to include the cyber component in the risk strategy—for how to formalize the risk appetite for cyber risk.

To a large extent, cyber is left to the information technology people who know the cyber environment. From a technology perspective, there are still gaps between risk managers, senior managers, and the technology specialists in [the use of] terminology and definitions. Work is still required to find a common language and a common framework.

RMA JOURNAL: How can cyber be incorporated into the overall risk architecture?

YIP: Many institutions still need to work on this. Often, people say their appetite for cyber risk is zero. But in reality, that is not the case. If the appetite really were zero, institutions would have to spend an infinite amount of money to completely secure the cyber environment, which doesn’t work. You always have a vulnerability.

The key is, how do you measure and define the level? You need a metric that defines your risk appetite in terms of cyber. That is made even more important by the emergence of new technology: new developments in artificial intelligence, blockchain, and the Internet of Things that create new vulnerabilities.

It seems that many financial institutions still struggle to develop a comprehensive cyber risk framework. In many instances, IT departments try to run before they can walk. The people who promote these technologies are enthusiastic about new developments. But risk departments find themselves more defensive, [and they] slow development and the implementation of new strategies until they have a more robust cyber risk management framework in place and the appropriate tools to manage it.

Development of new technologies is clearly the future. But not enough attention is paid to new vulnerabilities.