It was recently announced that the largest financial institutions in the U.S. all passed their regulatory stress tests, which gauges their financial soundness against a 2008-style crisis. This “clean bill of health” has also enabled large banks to release a wave of dividends to their shareholders, making for a euphoric day on Wall Street. Yet, as the term “systemic” implies, these types of complex, highly correlated financial risks are not only hard to detect, they are literally ingrained in the global financial system. This raises the question, is the U.S. economy now risk-free because the largest banks appear healthy? Or, has systemic financial risk migrated to another host or unwatched segment of the economy?
Regulatory stress tests, like many aspects of financial risk management, labor under some serious blindsides. The first being the fact that they were designed to respond to yesteryear’s financial crisis and are not geared to register the present threat landscape. For example, testing a bank’s capital adequacy (a backward-looking process), while a good measure of that banks’ ability to survive a run on liquidity, is not a good way to gauge risk-readiness for cyber threats or other emerging risks. Indeed, one regulators clean bill of health for large banks, is a cyber criminal’s “hit list.” This much was true of the SWIFT exploit in which more than $80 million was absconded from the New York Fed under the guise of legitimate transactions. Herein lies one of the most confounding aspects of the new threat landscape, which is not merely the ability to infiltrate data systems, but rather to profoundly change information at its source. Regulatory stress tests do not pick up the Trojan Horse of cyber threats. An additional challenge is that systemic financial risk tends to rear its ugly face in other seemingly uncorrelated areas of the economy. Now that our largest banks have received a clean bill of health, we must ask ourselves where will systemic financial risk reappear? And will regulators know which mallet in their limited tool box to reach for to put new risks in check?