The $122-billion asset Fifth Third Bancorp learned the hard way that risk management is important.
“As recently as 2000, when we were a $40 billion bank, we operated with a limited degree of sophistication in enterprise risk,’’ said Kevin Kabat, Fifth Third’s CEO and vice chairman, speaking at Bank Director’s Bank Audit Committee Conference June 6 in Chicago. “I guess you could say we didn’t really even have such a function. We learned the hard way, early in the last decade, that we needed to do something about that.”
After regulators including the Federal Reserve Bank of Cleveland came down on the bank in March of 2003 and ordered a review of risk management and internal control practices, Cincinnati-based Fifth Third got to work.
“Looking now in the rear-view mirror, it was a watershed event for the bank,’’ said Kabat, who was president of the Michigan operation at the time, and was promoted to CEO in 2007.
Regulatory compliance moved into the enterprise risk function. Fifth Third started a risk and compliance committee of the board, appointed a chief risk officer who reported directly to the board and also gave each business unit its own risk officer. The bank created a full risk dashboard in 2004 that enabled senior management and the board to assess its risk profile in different areas, years before many other banks. The code of conduct was revised to build a risk culture among the bank’s more than 21,000 employees. By 2006, Internet fraud threats such as phishing were identified as emerging threats and comprehensive training for employees was developed to address them.
Fifth Third avoided exposure to subprime mortgages. It started to do stress tests of its balance sheet before the government required it for other big banks.
Although no banks walked unscathed through the financial crisis of 2007-2008, Fifth Third already had a risk team in place when the crisis hit and was able to take action early, suspending lending to homebuilders and cutting off home equity lines created by brokers. The bank cut its dividend by two-thirds, conserving $665 million of common equity, and it raised $3 billion in capital in 2008, making itself the last bank to raise trust preferred securities that year.
“To our knowledge, we were the first large institution in the United States to get in front of the crisis by announcing our internal stress test, including our expectation for 2009 losses, and a capital plan to meet it,’’ Kabat said.
The bank made it through the financial crisis well capitalized. However, it has been extremely costly to have such a huge risk management function. In 2003, maybe a dozen people worked in risk management for the bank. Now, about 335 people work full time in risk management, not counting the credit staff, or about 1.5 percent of the workforce.
For Kabat, such a function has been absolutely necessary. And it hasn’t diminished profitability.
Last year, Fifth Third had its second most profitable year in its 155-year history, with profits of $1.5 billion. Return on assets was 1.3 percent and return on average common equity was 11.6 percent.
“While deficiencies in a bank’s financial statements, or poor oversight of them, can create major problems, you are at as much risk, arguably greater, due to poor management of the enterprise risk function,’’ he said.