Bob Graves represents lenders and borrowers in a wide variety of commercial financial transactions and has structured, negotiated and documented scores of senior debt financing arrangements of all types, including secured and unsecured single bank and syndicated credit agreements, multicurrency financing facilities and acquisition financings. A significant portion of his practice focuses on workouts and restructurings of troubled credits, with particular emphasis on debtor-in-possession and exit financings. He co-chairs Jones Day’s Banking & Finance Practice.
Most recently, Bob has been engaged in representing various market participants with respect to a variety of issues that arose from the 2008 financial crisis and the resulting and ongoing financial regulatory reform. He regularly advises clients on a broad spectrum of financing and financial regulatory issues and Uniform Commercial Code matters.
Christopher Skroupa: Enterprise Risk Management has become a hot topic recently. Why now, almost seven years after the 2008 financial crisis?
Bob Graves: In the immediate aftermath of the financial crisis, the reaction of Congress and the regulators was to impose new rules, regulations and other operating restrictions on financial institutions and other significant players in the financial markets with the object of preventing another financial crisis. And Dodd-Frank and other crisis-era legislation contained so many regulatory mandates that the regulators still have not finished sorting everything out. But as the dust has begun to settle, both financial firms and the regulators are realizing that rules alone won’t go all the way in changing individual or institutional behavior. Rather, something more fundamental, a change in organizational culture, seems to be necessary.
Skroupa: What are regulators, shareholders, and other stakeholders demanding in terms of changes/improvements to an organization’s risk managment policies and procedures?
Graves: Essentially, stakeholders and regulators are looking for two things: macroprudential risk management and transparency. There is a general feeling that, given the often-siloed nature of business units within financial institutions, too much of the institutions’ risk management emphasis and function was at the micro- or business unit level. One of the perceived causes of the financial crisis was the left hand not knowing what the right hand was doing. The current trend is to demand that institutions re-emphasize looking at risk at the macro- or institutional level and even, in some cases, at the systemic level. That is certainly how the regulators are looking at it—one of their principal challenges is to identify areas that present systemic risk. And of course everyone wants these policies and procedures to be open and transparent to ensure constant vigilance by the institution and scrutiny by stakeholders and regulators.
Skroupa: What roles have Congress and regulators played in demanding or enforcing enhanced risk management and vigilance?
Graves: Congress and the regulators have focused intently on systemic risk since the financial crisis. Dodd-Frank created, among other things, the Financial Stability Oversight Council for the express purpose of identifying and managing systemic risk. Obviously, systemic risk depends in large part on the behavior and risk profiles of the component members of the financial system, and the regulators generally have brought renewed zeal and vigor to their examinations of individual financial institutions. But the principal post-crisis innovation has been the FSOC and the heighted awareness of the regulators to the importance of analyzing system-wide risk. We are also seeing regulators becoming much more prescriptive in terms of what they expect from financial institutions regarding enterprise risk management. In many ways, the financial crisis rocked the confidence that some regulators had placed in financial institutions to effectively manage their own risks and, consequently, we are now seeing regulators trying to set the new standards.
Skroupa: How have the banks responded to this new body of regulatory requirements?
Graves: Generally speaking, banks have responded positively and aggressively to the revised regulatory regime. Although banks often find compliance to be time-consuming and challenging, they clearly understand the importance of understanding and managing the risks inherent in their business. And recently, we’ve seen a number of banks emphasizing, in a high profile way, changes to their “culture,” specifically to discourage imprudent risk taking and to inculcate a greater sense of institutional responsibility among their officers and employees. However, we also know that many smaller financial institutions are feeling the squeeze that all of these new requirements are imposing. We are seeing smaller institutions “push-back” against the “push down” of prescriptive regulatory requirements to such firms.
Skroupa: What you see in terms of likely future focus of organizations and regulators in the risk management area?
Graves: The individual and systemic risks that banks face change constantly, and any effective risk management system must necessarily be flexible and robust enough to adapt quickly to new or different challenges. For example, cybersecurity, while not a new challenge, has clearly emerged as a much more high-profile, often asymmetrical risk, and financial institutions, as well as merchants, payment processors, and other financial system participants, have invested huge amounts of money and effort to keep up with this ever-growing threat. New risks are undoubtedly just over the horizon, and a key challenge for both financial institutions and their regulators will be anticipating and responding to these risks.
Serhat Cicekoglu, Director of Loyola University Chicago, Quinlan School of Business, Center for Risk Management adds: “Following the passage of The Dodd-Frank Act, federal regulators have begun the process of implementing new mandates for the financial sector. Despite the efforts of regulators to create accountabilities and practices in managing risk, the financial sector is still vulnerable to many existing and rapidly emerging risks. Our ability to mitigate or respond effectively will depend largely on the resiliency of markets and institutions. Ethics is core to building resilience capacity. It is challenging to rewire the culture of multinational companies so that they build ethical practices. Nonetheless, meeting this challenge is essential to sustaining company value.”
On March 20th, 2015, Loyola University Chicago will host, “New Legal and Regulatory Terrain for ERM: Outlook for Companies and Risk Managers.” Continue the discussion with Bob Graves, Serhat Cicekoglu, Director of Quinlan’s Center for Risk Management and a select group of risk managers, risk consultants, academics and legal experts. To inquire about attending, contact email@example.com.