ByJAMES STERNGOLD WSJ
June 25, 2014 10:38 p.m. ET
At Wells Fargo WFC +0.21%& Co., some executives pushed last year to relaunch a program letting homeowners get a line of credit secured by the equity in their house—and pay only the interest due on the loan. Such credit lines have been scarce since the financial crisis, but the executives saw them as a way to boost revenue as housing prices climb.
The bank’s chief risk officer, Michael Loughlin, said no. He proposed requiring regular payments that shrink the borrower’s debt over time and didn’t budge when told Wells Fargo might lose business to other lenders. The other bankers agreed to go along with his decision.
“Five years ago, if the risk group recommended against a strategy or product, it might just be one part of a debate,” he says. Now, “when we say no, it’s usually no.”
Mr. Loughlin is an example of the naysayers who are gaining power and multiplying in number across the U.S. banking industry as financial institutions bend to pressure from regulators to make their operations safer and simpler following the financial crisis that began in 2008.
The ultimate goal is to reduce the likelihood of another round of catastrophic losses that could shake the financial system. In a report released Wednesday, the Office of the Comptroller of the Currency warned that “credit risk is now building after a period of improving credit quality and problem loan cleanup.”
Wells Fargo now has 2,300 employees in its core risk-management department, up from 1,700 two years ago, and the department’s annual budget has doubled to $500 million in the same period. The company’s overall workforce has remained flat.
In February, Goldman Sachs Group Inc. GS +0.09% put its chief risk officer on the company’s management committee for the first time in Goldman’s 145-year history. The 34-person group oversees the entire firm and is traditionally dominated by executives who made their name as traders or investment bankers.
Regulators say they don’t track the total number of risk-management or risk-control employees at the nation’s roughly 6,700 banks, though officials believe that big and small institutions everywhere are turning jobs long seen as ho-hum into front-line commanders.
Senior risk officers earn as much as 40% more than they did a few years ago, says the OCC, a federal agency that regulates units of Bank of America Corp. BAC -0.13%, Citigroup Inc., C +0.02%J.P. Morgan Chase & Co. and about 1,700 smaller institutions.
The number of people who passed a risk-management exam often required for jobs in the field nearly tripled in the four years that ended last year compared with 2004 to 2007, according to the Global Association of Risk Professionals.
“These are the basic regulations and the norms now,” says Thomas Curry, head of the OCC.
The changes are hugely expensive amid sluggish loan growth and a steep decline in trading revenue. But banks have no choice. The OCC and Federal Reserve are using leverage they got through the Dodd-Frank financial-overhaul law and other postcrisis changes to restrain risk-taking.
Under rules issued in February, the biggest U.S. bank-holding companies are required to have a chief risk officer and a risk committee on the company’s board of directors. The chief risk officer must get direct access to the board committee and chief executive to make sure the risk officer’s opinions aren’t watered down or whitewashed. The companies have until 2016 to comply, but most have already made the changes.
In addition, large banks are being prodded to produce detailed statements specifying how much risk—and what kinds—the banks are willing to take to meet financial goals. Risk officers are being urged to investigate large losses and question bankers who make unusually big profits. Either one could be a sign of risk-taking run amok, regulators say.
“We look for patterns of behavior that reinforce a strong or weak risk-management culture both within and across lines of business,” says Martin Pfinsgraff, who is in charge of large-bank examinations at the OCC.
To keep a closer eye on banks, the Federal Reserve Bank of New York says it has about 45 examiners, about twice the precrisis level, who just assess risk management at each bank-holding company overseen by the regulator. Those companies include Goldman and Morgan Stanley. MS +0.62%
Regional bank KeyCorp, KEY +0.92%based in Cleveland, has rewritten its compensation guidelines so that loan officers can lose a chunk of their bonus if they fall short of new risk-management standards. Before the financial crisis, bonuses were determined largely by profit goals.
“Before, you threw something over the wall, and the risk managers said yes or no,” says William Hartmann, KeyCorp’s chief risk officer. “Now we’re more involved in the development of the strategy or the plan.”
Partly as a result, KeyCorp has sharply reduced its loan commitments for construction and real-estate development. Bankers there also work harder to judge the overall riskiness of a borrower, instead of one project at a time.
It is too soon to tell if any of the changes will make a difference in the long run. Regulators say banks still have a long way to go before complying fully with the toughened standards, known as “heightened expectations.”
Last year, none of the 21 largest banks subject to the requirements were deemed “strong” overall by the OCC in all categories. The number climbed to two earlier this year.
Another big challenge is the slippery nature of risk itself. Before the financial crisis, for example, many lenders believed they had properly weighed the dangers of subprime mortgages—and had set aside a financial cushion of reserves that was big enough to absorb losses on the loans. Those predictions were disastrously wrong.
“Our abilities to measure market risk are akin to where medicine was in the 1700s,” says Damian Handzy, chairman and chief executive of Investor Analytics, a New York firm that operates risk-control systems. “Everyone is honestly trying to get better at this, but we’re still in the laboratory. The old systems do not address systemic risk at all. Traditional banking tools are just not designed for that.”
Jeffrey Wallis, president of SunGard Consulting Services, a unit of SunGard Data Systems Inc. that sells risk-management software and systems to banks, says financial firms are “still developing the right technology, the processes and the right people to do this.”
“At the individual bank level, I think we’re safer,” Mr. Wallis adds. “I don’t know that on the macro level we really have a better handle on things. A lot of the risks that could hurt us are still not fully understood, or we don’t know how to detect them.”
Other bank-industry veterans are more optimistic. Donald Lamson, a partner at law firm Shearman & Sterling LLP who worked for 30 years at the OCC, predicts that the rise of risk managers “will change the world for banks because now they have to speak this language, they have to go through this process.” Under the new rules, “the point is you cannot have a system where an intermediary manager can block a recommendation by the risk manager.”
By some measurements, the banking industry has become less vulnerable. At the end of 2013, five of the largest bank-holding companies by assets had $792.83 billion in combined equity capital, a buffer against possible losses. The total is up 19% from $666.91 million in 2009, according to the OCC.
The same companies’ combined value at risk, an estimate of a securities firm’s exposure to losses in any given trading day, fell 64% to $381 million from $1.05 billion during the same period.
Part of the shift reflects regulatory cudgels like the Volcker rule, part of Dodd-Frank that curbs banks’ ability to bet with their own capital and led to an exodus of swing-for-the-fences traders. The 30 largest institutions also must pass annual “stress tests” by the Federal Reserve to raise dividends and buy back shares. Inside those companies, chief risk officers help lead the grueling, anxious process.
For decades, risk managers spent most of their time worrying about types of trouble seen as relatively easy to measure, such as vulnerability to interest-rate changes, stock-market swings or loan losses. Ambitious young executives often saw the risk-management department as a dead end.
At many banks, the number of employees responsible for steering clear of bad surprises is now climbing by more than 15% a year, recruiters say. “This is a real career path now, something people want to get into, not something they fall into,” says Jeanne Branthover, a financial-industry recruiter at Boyden Global Executive Search in New York.
Near the top of the corporate ladder, chief risk officers can earn roughly as much as a chief financial officer or general counsel. Before the financial crisis, chief risk officers got about one-third less, according to Ms. Branthover.
Federal regulators are tracking the pay figures as a gauge of how serious banks are about improving risk oversight. “Pay is how we can ensure these are people of stature and they’re competent,” says Mr. Curry, the OCC chief.
At Goldman, Chief Risk Officer Craig Broderick’s ascent to the management committee in February signaled the growing importance of the New York securities firm’s risk police since it became a bank-holding company during the crisis.
Officials won’t say how many employees work in risk management or compliance, but managers in that unit are known throughout Goldman as the “Federation,” a nod to the benevolent forces in “Star Trek” responsible for protecting members from intergalactic marauders.
The nickname was around before the crisis but seldom used outside the group. “If anyone ever wondered how important the Federation is to the firm, they don’t have to wonder anymore,” Lloyd Blankfein, Goldman’s chairman and chief executive, wrote in an email to The Wall Street Journal.
Mr. Broderick, a 55-year-old former assistant scoutmaster of his son’s troop, says his duties have grown far beyond quantitative risk management. They also include areas such as assessing and controlling exposure from Goldman’s digital infrastructure, derivatives-clearing operation, litigation and malfeasance by traders and other employees.
“People sometimes talk about building an airplane while it’s flying,” Mr. Broderick says. “To me, it feels like we’re turning a two-engine plane into a four-engine plane in flight.”
Wells Fargo’s Mr. Loughlin, 58, has had his office near John Stumpf, the fourth-largest U.S. bank’s chairman, president and CEO, since before the financial crisis. But Mr. Loughlin has gained even more authority.
After being promoted to chief risk officer in 2010, his duties expanded to include oversight of market-related risks and potential dangers that could hurt the entire company. “I’m afraid I brought the mood of the party down somewhat,” Mr. Loughlin told investors at a meeting in May. “That is my job.”
He also knows how to say yes. In February, Mr. Loughlin agreed to lower the minimum credit score for certain mortgages eligible for backing by the Federal Housing Administration, which helps first-time and low-income families buy homes. Wells Fargo said it would make loans to borrowers with credit scores as low as 600, down from its previous limit of 640. Borrowers with scores below 620 have traditionally been considered subprime.
Mr. Loughlin says the move doesn’t expose Wells Fargo to greater risk because the bank requires ample documentation of an applicant’s income and carefully scrutinizes the ability to make loan payments.
Write to James Sterngold at email@example.com