Bank of America's new look at risk: An interview with Amy Brinkley

RMA Journal, The, Feb, 2002 by Pamela Martin, Beverly Foster

Risk. It's not for wimps. Nor is it for the foolhardy. At Bank of America Corporation, end-to-end management of risk is front and center in a new comprehensive plan whose bottom line is SVA--adding shareholder value.

Bank of America's enterprise-wide approach to risk management begins with risk partnerships between business risk managers and the bank's four major business lines, then employs a group of five functional risk executives, and then moves to Central Risk Analysis and Review. Increasingly sophisticated analytics and the introduction of Six Sigma provide a double shot of ensuring better risk predictions for the future.

Having served as chairman, Credit Policy, Amy Woods Brinkley soon will assume the role of chief risk officer for Bank of America. The 24-year veteran also serves on the bank's new Risk and Capital Committee, which oversees allocation of capital to business lines.

RMAJ: During Bank of America's November 28 Investor Day presentations, Bill Vandiver (Corporate Risk Management Executive, who is retiring) noted that risk is now "fully embedded front end to back end." He stressed a structure that provides "an independent view of risk," and spoke of "functional risk executives" who will ensure an enterprise-wide view of risk. What can you tell us about the changes that have come to risk management at Bank of America?

AWB: Some rather sweeping changes in Bank of America's approach to risk management is one piece in carrying out what our chairman, Ken Lewis, is trying to do in the company. The changes affect the way we approach management of risk, use of capital, and creating shareholder value.

Bank of America's primary focus on shareholder value added (SVA) has led to the concept of integrated business planning--we look holistically at strategic planning, financial planning, and risk management planning throughout the institution. In essence, then, we' re anticipating risk in advance, rather than doing our strategic planning, then doing financial planning around that, and planning for risk only at the end.

We are in the business of managing risk to achieve the best rewards for our shareholders. To do that, we need world-class risk management capabilities. We use a governance approach that allocates capital based on our strategic objectives and our appetite for taking risk We manage the variability of earnings from credit, market, and operational risk. The Risk and Capital Committee is chaired by Ken Lewis and includes Risk Management, our CFO, and the four top executives running our key business lines: Global Corporate and Investment Banking, Consumer/Commercial Banking, Consumer Products, and Asset Management.

No single risk should be viewed in isolation. Effective credit policy is not just about managing credit at the approval process and ongoing credit administration; it's strategies and planning around client selection, product selection, and structure selection. The end point, of course, is evaluating our outcomes and using what we learn to improve the process on the front end once again.

So integrated planning represents a cultural shift in several ways:

* Looking holistically at risk.

* Looking at end-to-end risk, rather than looking at the underwriting process in isolation; we consider how the business strategy, sales practices, or business development processes are affecting what is coming in to be underwritten.

* Using the evaluation process not only to improve the front end but to identify new business opportunities as well.

* Managing risk is clearly everyone's job--nor just that of a single unit. Our view is that the lines of business are our first line of defense and they are also ultimately responsible for our risk/reward results. The core risk management organization is considered the second line of defense. And the test functions (audit, compliance, and so forth) are our third line of defense.

The bank has initiated a three-pronged approach to Risk Management by creating business risk partnerships, five new positions called functional risk executives, and a Central Risk Analysis and Review function.

1. Risk management partnerships. Our risk management partnerships align with each of the four business areas mentioned earlier. Senior banking executives, who are independent of the business areas, participate day to day with the business executives in assessing, planning for, measuring, and managing all risk--credit, market, and operational.

Each partnership is responsible for understanding risk end to end, that is, understanding risk that takes place from the beginning to the end of any business process. We assess each step of the business process and identify the risks inherent in that process.

These are true partnerships, and we are literally "putting our money where our mouth is" through our compensation packages. Across the company, managing the volatility of earnings is a component of virtually all management compensation. It's not about compensating people purely on revenues or components of a P&L; it's looking at the comprehensive P&L, including the effectiveness of managing risk, and incenting actions that create SVA and disincenting those that do not.