Business Complexity and Risk Management: Evidence from Operational Risk Events in U.S. Bank Holding Companies

Abstract

Recent regulatory proposals tie the systemic importance of a financial institution to its complexity. However, we know little about how complexity affects a bank's behavior, including its risk management. Using the gradual deregulation of banks' nonbank activities during 1996-1999 as a natural experiment, we show that the frequency and magnitude of operational risk events in U.S. bank holding companies have increased significantly with their business complexity. This trend is particularly strong for banks that were bound by regulations beforehand, especially for those with an existing Section 20 subsidiary, and weaker for the other banks that were not bound and for nonbank financial institutions that were not subject to the same regulations to begin with. These results reveal the darker side of post-deregulation diversification, which in earlier studies has been shown to lead to improved stock and earnings performance. We use operational risk events as a risk management measure because (i) the timing of the origin of each event is well identified, and can be years before it is materialized into a loss in the balance sheet, and (ii) the risk events can serve as a direct measure of materialized failures in risk management without being influenced by the confounding factors that drive asset prices, such as implicit government guarantees. Our findings have important implications for the regulation of financial institutions deemed 'systemically important,' a designation tied closely to their complexity by the Bank for International Settlements and the Federal Reserve.