Looking Out and Looking In
Since their invention or evolution, banks have been designed for protection and security. Those who manage financial institutions are protectors. They protect the assets of their customers and they protect the assets of their institution. To do this, one looks inward, keeping steady watch on the assets being protected. The banker, like the king, is in his counting house. And counting is a fundamental of banking.
Enter risk management, stage right. Managing risk is all the rage. And, since bankers have traditionally looked inward to protect and secure assets, they tended to take the same approach to risk management. Managing risk meant protecting assets.
Thus, the first form of recognized risk management was insurance. Bankers insured against risk of loss. There is FDIC insurance, hazard insurance, liability insurance, and more. In fact, the first approach to risk management was to insure against risk. Ten years ago, a seminar session on risk management was really about how to shop for and maintain appropriate insurance coverage.
Now, risk management is about something much more expansive. Risk management now recognizes risks against which there is no insurance. The emphasis now is on management skills for which insurance cannot be purchased.
The greatest risk now is that management will continue to look within for sources of risk and for solutions. But consider the list of risk sources published by regulators. These include third party software providers, reputation risk and legal liability. These risks don't come from within. They come from outside.
Enter consumer protection, stage left. Consumer protection is fundamentally a requirement that the banker look out and see the needs and opportunities that customers bring to the institution. Each component of consumer protection is a directive to look outward from asset protection and take into account the needs or interests of the consumer.
The classic (oldest) consumer protection laws, such as Truth in Lending and Fair Credit Reporting, constitute a requirement to communicate information outward to the consumer about the cost of credit and to consider information about the consumer as something that merits protection, just as the banker protects monetary assets. In short, the laws require bankers to consider the interests of those to whom they provide services.
Then there are the real outreach requirements. Community Reinvestment is the most dramatic of these requirements to look outside the institution. CRA in the context of safety and soundness states that a financial institution is not really safe and sound unless it looks after the financial interests of the community in which it does business.
CRA and fair lending amount to regulatory requirements to look outside of the institution for opportunities and for risk. In fact, both of these laws make the failure to look outside for opportunities a significant risk.
On the one hand, these looking outward requirements can be seen as regulatory burden. However, that wasn't the idea in their conception. The idea behind these laws is that the business of banking is better when people and conditions outside of the institution are taken into account and become part of the decision factors.
If you have ever been involved in a theater production, you will know that what is stage right and what is stage left is really a matter of perspective. Looked at from one direction, stage left is on the left. Looked at from the other, stage left is on the right. In short, left is right and right is left.
Consumer protection and regulatory burden are like that. On the one hand, they can be counted as regulatory burden. But seen from another direction, the actions they require represent opportunity - an opportunity not to be missed.
Copyright © 2004 Compliance Action. Originally appeared in Compliance Action, Vol. 9, No. 14, 12/04
First published on 12/01/2004