Emerging Corporate Governance and Risk Management Issues in Banking – Aigboje Aig-Imoukhuede
Distinguished ladies and gentlemen. I am honoured to have been asked to deliver the Anniversary Lecture in celebration of the Nigerian Deposit Insurance Corporation’s 30th year of operations. It is fitting that on this occasion I will be opportune to share my perspectives on issues that are critical to the smooth running of Nigeria’s financial system and the overall economy.
Having spent several years in the Nigerian banking industry spanning key periods of financial crisis I have had a front row seat to observe closely the causes and effects of bank failure, With all confidence I posit that the root cause of bank failure lies either in failure of corporate governance and, or failure of risk management.
As the name Nigerian Deposit Insurance Corporation suggests, the NDIC was established to protect depositors of insured institutions and assist them in the event that their bank faces financial difficulties to the extent that it is unable to honor depositor’s obligations. It is therefore absolutely appropriate for us to put these issues in focus today even as we celebrate how well the Corporation has discharged its mandate to date.
My lecture will follow begin by A) Defining the role and duty of the regulators in ensuring that Nigerian Bank’s operate with appropriate corporate governance and risk management B) Having understood this, we will assess how well Nigerian Banks are faring in the areas of corporate governance and risk management C) Finally we will take a look at future industry developments and how Nigerian banks are evolving to enable us assess if our regulators are ready for Nigeria’s future challenges.
Who are the regulators and how do they ensure safety of depositors?
In very simple terms, the quality of Banking industry corporate governance and risk management boils down to effective bank supervision, if we get them right, then regulatory intervention to rescue banks should be minimal and or rare occurrence. The two main pieces of legislation that govern Bank supervision in Nigeria are the Central Bank of Nigeria Act, and the NDIC Act and it is enlightening to find that outside the CBN Governor and the NDIC Managing Director the most often mentioned officer in both Act is The Director of Banking Supervision and the NDIC Examiner. In classic bank regulation they are seen as the frontline guardians of the financial system and are empowered accordingly.
In the modern era, the Central Bank of Nigeria, has been the primary regulator and has taken the lead in the areas of corporate governance and risk management. This is because the CBN is responsible for licensing banks, macroprudential issues and financial system stability. It is the CBN that enables the establishment of risk-taking institutions by issuing licences and guidelines for operations logical therefore they act as the first line of defence. While the NDIC is the next and also the last line of defence, ever ready and watchful to deal with the fallout of any first and next line failures. In line with Section 53 of its Act the NDIC has collaborated closely with the CBN and it is to the credit of its current Managing Director, Umaru Ibrahim, that the CBN and NDIC today enjoy an effective and harmonious partnership.
Corporate Governance
Together, and in collaboration with a number of other regulators, the CBN and NDIC have superintended a remarkable improvement in the conduct of banking corporate governance over the last decade. They have been guided and supported by a range of legislative and regulatory tools and including the CBN Act, the NDIC Act, and other regulatory institutions such as the Financial Reporting Council, the Chartered Institute of Bankers, and if the Banks are public then the Securities & Exchange Commission and the Nigeria Stock Exchange.
Indeed, the Nigerian regulatory community must be commended for the way in which the approach to corporate governance has been refined and developed over time, ensuring coherence in oversight and managing any potential overlaps in jurisdiction and interpretation.
This process has helped us move from a time when bank’s board room discussions led to fisticuffs and broken bones to today when three of our five largest banks are chaired by women. A reflection of the gender diversity that we have embraced, amongst many other best practices.
With economic growth, deeper and more internationally exposed financial markets, both the regulators and the operators have recognised that they are goldfish in a very transparent bowl. The understanding that governance is mission critical has enabled a more seamless move towards best practice as the regulated willingly become much more adherent, as they see its value.
During the course of my career, there have been a number of notable milestones as our banking industry improved its governance and risk management practices and I would like to recognise two of them in particular, one the NDIC and the other from the CBN.
The role that John Ebodage, the pioneer MD of the NDIC, played during the 1993 banking crisis was a key signal to the market and established a benchmark for future NDIC actions. By initiating aggressive recovery actions, the NDIC demonstrated to people that there would be consequences for bad behaviour, and was the tone set by the regulator sent a clear signal that governance and risk management would have to be improved.
The second example I want to give, is that of the Central Bank policy under Sanusi Lamido Sanusi, who introduced several regulatory innovations including the controversial tenure limits for CEOs. While impacted myself, the truth of the matter is that this singular move affecting prominent individuals in the Nigerian political economy sent a powerful signal that there are no sacred cows in the Nigerian banking sector.
This type of regulatory action, or signalling, has a much wider effect than is initially appreciated It creates a culture that makes the entire system easier to manage. People start to self-regulate and follow best practice when the tone and intimation of the regulator are clear and constructive, and this is hugely helpful to the regulator as well. If you have a playground full of good students, it is much easier to spot the occasional rogue. When you have a classroom of naughty children, management is much harder and some of the bad behaviour is missed and so goes unpunished.
In addition to the culture that has been created; the supervisory capacity of the regulator on governance have been elevated to an almost intrusive level and I want to spend a little bit of time showing you quite how intrusive the process now is.
As a bank in Nigeria today, these are the regulatory assessments that you are subject to:
CBN/NDIC Joint Risk Based Supervisory Examination – Annual
This is designed to confirm the risk assets of a bank and ensure that appropriate provisioning has been done prior to the CBN’s approval of the end of year financials. It involves examiners in place for 4-6 weeks, with a further period of review of two weeks to allow for dispute resolution, or clarifications.
CBN/NDIC Joint Risk Asset Assessment Examination – Annual
This is to review the various risk areas of the bank and assign a composite risk rating. Once again, it involves 4-6 weeks of onsite examination and a further 2 weeks for review/clarification. This process is also the same as the process conducted by the SEC on listed banks. Once a risk rating is assigned, banks at low risk are reviewed every 2 years while those at moderate or high risk are reviewed annually.
Foreign Exchange Examination – Bi-annual
This is another onsite examination, with examiners in place for 4-5 weeks twice a year to review all forex transactions and processes. Once again there is a 2-week period post examination to resolve any disputes.
AML/CFT Examination – Annual
Another 4-5 week onsite examination which reviews the AML/CFT policies and procedures of the bank with a two week dispute resolution period and a similar requirement from the SEC for listed banks.
On-site or off-site spot checks – Ad hoc
These are generally unannounced and can last a day or two unless issues are uncovered in which case, they evolve into much deeper investigations that can take much longer.
When we add all of this up and layer the SEC examinations on top of the CBN and NDIC examinations, it is entirely possible for a bank to have examiners in the building almost constantly, every week of the year.
Given this; the regulators see, hear and feel everything. The knowledge and capacity within the Directorate of banking Supervision and NDIC Department of Bank examination matches that of the operators and indeed it can be argued that the training they get is better than the operators.
Neither the CBN nor the NDIC can cite limited capacity or resources when it comes to bank supervision at this time more than any, grievous corporate governance lapses, of the nature that could cause failure, will occur if the regulator chooses to look the other way. Today the regulator has the capacity and the power, and they have also demonstrated the will to act, when necessary. So, there is no excuse for any regulator who lacks the will to what is necessary to supervise our Banks effectively.
I believe that all of this puts us in a very good place today from a corporate governance perspective but the road to improved risk management has been a less successful and remains a work in progress.
Risk Management
The turbulence and systemic weaknesses that we have seen in the Nigerian bank sector over the last 15 years, can be linked very clearly, to failures of risk management and while we have had regulatory interventions to partially address the fall out of poor risk management , we still operate a system that is fragile from a risk quality perspective.
Let us examine some of the key risk issues that led to the 2008 banking crisis including:
The devaluation risk associated with forex lending;
Loans secured by capital market securities;
Huge concentrations in loan books, either by obligor or sector;
An oil price crash and its effect on oil and gas sector borrowers;
Poor liquidity management;
Strategic risk crystallisation associated with universal banking; and
Over-exuberant growth
These are the key contributors to the crisis. Some of them were outside our control, but nonetheless the failure of many banks to properly manage their operations ultimately led to their collapse resulting in a government bailout, through the AMCON vehicle. It is clear now that the validity and importance of Governor Sanusi’s stress tests and governance examinations, and subsequent decisions with respect to boards and CEO’s, were born out by circumstances. if you look at the banks that failed, it was the poor governance of the risk management process that was the culprit. Sanusi, as an ex risk manager, was perfectly positioned to see it and take action.
In response to the challenges at the time, the regulators determined to simplify the business model of banking by removing universal banking, introduce new rules to curb concentration risk and link governance to risk management by ensuring stronger, more robust processes and more aggressive oversight.
The regulators also improved their data gathering capabilities and as a matter of governance worked to ensure the sanctity of the data and consequences of false reporting. They can now aggregate vast amounts of data from source and have improved their capacity to interpret data accurately. The regulators must again be commended for all of this. Their capability and their powers today are hugely enhanced when compared to the pre-crisis period.
The state of play in Nigeria today
Despite all of the action that has been taken in recent years, it is a simple reality that the world does not sit still, and new issues and threats emerge. Nigeria officially went into recession in the first quarter of 2016 and emerged out of the recession in the second quarter of 2017 after five consecutive quarters of negative growth, but we still experience anaemic economic growth amidst several political, social and economic challenges.
The negative effects of capital controls and multiple exchange rates on Nigerian corporates has not been resolved and provides the backdrop for our current macro prudential challenges, and today having not put to bed several risk issues from 2008 today we face the carryover plus a number of new risks.
The invisible hand that has been used to bring around a semblance of stability in the foreign exchange markets, is not going to address the wider challenges. I define these as: huge forex related losses in the books of large and medium scale manufacturers 2008 issues still lingering and unresolved.
Slow economic growth and the potential for further recession.
Operational risks associated with scale and digital technology.
Talent scarcity
Monetary policy tightness.
Uncertainty around the value of the Naira
Uncertainly around Trump, Brexit and global trade
Too big to fail
One of the most significant impacts of the currency devaluation of 2015/16 is that in Naira terms the banking industry has doubled in size, when combined with inflation the industry will further double in size by 2022. With the effect that in 3 years’ time a small Nigerian deposit money bank is a ₦1 trillion bank and a big bank is a ₦10 trillion bank, these are not small sums. In fact, the biggest banks will be the same size as the national budget even despite the TSA policy!
Table 1
Sources: NDIC, NBS & CBN
AMCON today has liabilities of approximately ₦5 trillion, which represent what was about 30% of the size of the banking sector when it was created. We now have banks that are more than AMCON’s size so imagine what it would take to rescue the system today? Is it even within the capability of the nation to do so? I don’t think so, and that means the stakes are higher today, and so the level of risk management has to be commensurate.
It would not be wrong to draw the analogy of the giant Saudi Arabia Aramco crude oil processing facility that when decommissioned impacted 10% of the global crude oil market. Our banking system is a huge highly flammable asset which is unfortunately in close proximity to several challenges capable of igniting a fire and we must take proactive steps to insulate this asset from the risks around us.
I do not believe we that some of our policies are helping. We HAVE to ease monetary policy and proactively manage the uncertainty around foreign exchange risk. We cannot bury our heads in the sand. We must stress test and ensure effective contingency planning. We must be proactive not reactive.
Banking has not changed, but the scale has increased astronomically. At the same time bank operations have gone retail and some banks have over 20 million customers, which creates new avenues for operational risks. The volume of customers and transactions has gone up hugely.
My concern now is, what happens if there is bank operational failure? A run on a bank can no longer be controlled using traditional means if people can move money electronically or with USSD, what is our response to systemic risk of an electronic/digital dimension. The regulatory capacity to oversee our sector was built to address the risks of the sector as we saw them in 2008. We have to evolve that capacity to meet the needs of 2020 We need to bring in new risk management talent in the banks as an urgent imperative to suit the evolving nature of banking, the stakes have gone up and we must respond appropriately.
Future proofing regulation, are we prepared for the disruption that is coming?
While I have been clear that I believe the progress we have made over the last decade has been significant, I also know that we continue to face new risks every day and it is the risks of the future that I spend most of my time thinking about . I am confident that the industry and its regulators have evolved significantly and matured in the last decade, but if you ask me whether I consider the corporate governance and risk management that exists in the Nigerian banking sector today as fit for purpose for our future banking sector , then my answer is a loud NO.
Why is this? It’s because if the predominant model for financial services shifts to a digital model then the world we are entering is going to be very different from the one we are in today.
What does this mean for banking regulations, from a corporate governance or risk management perspective?
I have not yet met a digital banker who sees the banking world through a lens similar to an analogue banker and as a result, they also view the regulatory environment very differently as well.
Behavioural economics tell us a lot about the changing nature of the customer/consumer.
For example, the notion of concentrated power in a decision maker and best practice governance do not marry well. But tell a Steve Jobs or a Mark Zuckerburg that they have to observe tenure limits, or ownership limits? Are they going to play ball?
The concept of Libra, as a global alternative currency, is causing regulatory headaches globally. Bitcoin was just the test. The disruption that is coming is much bigger and the success or failure of concepts like Libra will be the true tests of regulatory and other government policy.
Our traditional understanding of M1/M2 is going to be thrown out of the window so how are we going to manage risk going forwards?
At the heart of the future of banking is the role that technology, and digital connectivity is playing in bringing information, and services more directly to the people and allowing them to make instant decisions and execute them in real time. That has incredible implications for risk. Serious investments need to be made to manage the issues of scale and volume, as new technologies become relevant. The capacity to manage this within the banking sector, AND in the regulatory system needs a huge revamp.
As a first step, I believe strongly that there is an urgent need for the establishment of a full department dedicated to operational risk in the Central Bank and a re-assessment of the actual assumptions behind the NDIC premium model. In the past, when there were only a limited number of bank accounts, 90% of depositors held balances that were greater than the insured sum. That meant that NDIC generated a significant surplus. Now if we have 30 million depositors, all under the NDIC threshold, how will NDIC adapt? How does it communicate with a hundred million retail depositors? How does it pay them in the event of a collapse? Is the traditional model one that works? What are the implications of the changes that have taken place?
Table 2
Sources: NDIC
At the same time, as sectors continue to converge, and the boundaries between them become more blurred, we are going to see much greater boundary disputes between regulators. We are going to need significant levels of intra-regulatory co-operation to overcome them. The NCC and the CBN in particular, are going to need to work much more closely if we are going to succeed.
We also need to work closely on a framework and capability that fully understands money laundering and financial crime. We cannot take a catch all traditional response and assume all young people with laptops are using the internet for fraud. The regulator needs to be as sophisticated about this, as the regulated. Traditional Central Bank staff simply won’t cut it. Looking to advanced economies may not provide the answer. We are moving faster than them in some aspects of financial technology so ultimately it may be us that leads them.
Conclusion
In conclusion, how confident are we that the structures, individuals and processes in place today are capable of adapting to suit the industry of the future. I am not confident, and I think it is imperative that we consider this as an urgent need because disruption happens quickly, it doesn’t announce itself with a warning.
It is imperative that the regulator of a systemically important sector like financial services, have a constantly evolving view of the future and understands the emerging trends, technologies and disruptive business models that it will bring. If a regulator does not, then the sector outpaces them and the level of confidence in governance, and risk management that we enjoy today, will be disappear.
While I have outlined some of my own initial thoughts about how to address this problem, I want to leave us all here with this thought. I do not know the answer to the regulatory or industry challenges of the future. But I am constantly educating myself to try and get closer to an answer. In this room today, we have the best of Nigeria, but I know for a fact, that you don’t know how to solve it either. All of us must go back to the classroom with a willingness to learn and evolve if we are to walk into the future confidently. Now is the time to do so.
