Welcome to Scribd, the world's digital library. Read, publish, and share books and documents. See more
Standard view
Full view
of .
Look up keyword
Like this
0 of .
Results for:
No results containing your search query
P. 1
Auditing Derivatives: Risk Management

Auditing Derivatives: Risk Management

Ratings: (0)|Views: 54|Likes:
Published by Jasvinder Josen
Risk Management in investement banks dealing with derivatives can be very significant and complicated. Whatmore auditing such a function. This article suggests the perspective that an auditor should have so that he is not pulled in all directions.
Risk Management in investement banks dealing with derivatives can be very significant and complicated. Whatmore auditing such a function. This article suggests the perspective that an auditor should have so that he is not pulled in all directions.

More info:

Published by: Jasvinder Josen on Oct 25, 2010
Copyright:Attribution Non-commercial


Read on Scribd mobile: iPhone, iPad and Android.
download as PDF, TXT or read online from Scribd
See more
See less





This article appeared in The Malaysian Accountant journal,Sep-Oct 2010 issue 
Auditing Derivatives: Think of what can go wrong - RiskManagementBy Jasvin Josen
Being in the Risk Management unit of an Investment Bank can be very overwhelming, let aloneauditing this function. The term itself carries unpleasant reminders of past crisis; Barings, LTCM andOrange County of the 1990s; AIG, Bear Stearns and Lehman of 2008. All of these disasters seem todirectly implicate the Risk Management Group.The Risk Management group is quite different from the Trading Floor and Controlling Groupdiscussed in the last two issues. Some companies associate the function with recovery and disasterprocedures. However in an investment bank, risk management is far more encompassing.According to the International Financial Risk Institute(http://riskinstitute.ch/), risk managementprovide four important functions:
to protect the firm against market, credit, liquidity, operational, and legal risks;
to protect the financial industry from systemic risk;
to protect the firm's customers from large non-market related losses (e.g., firm failure,misappropriation, fraud, etc.); and
to protect the firm and its franchise from suffering adversely from reputational risk.In auditing this function, one should avoid the temptation to get pulled in all directions. It is alwaysuseful to start with thinking of what can go wrong by relating to past mishaps. The auditor shouldalso dare to imagine the improbable and occasionally, the impossible. After all, risk is aboutuncertainty in the happenings of extreme events.So what could go wrong? Below is a non-exhaustive risk of some lessons we can take from therecent past.
Taking excessive risk (knowingly or unknowingly)
Assuming complicated risks
In 2008, Lehman Brothers was taking unprecedented risk in subprime CDOs by assuming first lossdefault risk (or equity risk). AIG was the “dumping ground” for hedges of subprime CDOs. Defaultrisk and correlation risk, for the first time, was being taken at such a large scale.Default risk and correlated default risk are not straightforward to comprehend as they involve heavymathematical modelling that is frequently based on unrealistic assumptions. As a result, prices and
market risk computations (e.g. delta, gamma, vega, rho, theta) thrown out by models werequestionable. But how many practitioners in the bank knew this?
Assuming high negative gamma risk
In the business of derivatives, negative gamma risk can be a scary experience. Gamma is the rate of change in the delta of an option instrument. Delta is just the price change of the option compared tothe price of the underlying.When gamma is positive, this means that as the price of the underlying moves in your favour, therate at which you profit will accelerate, i.e. the delta is increasing. When the underlying movesagainst you, the rate at which you lose will decelerate. When gamma is negative, this means that therate at which you profit will DECELERATE as the stock price continues to move in your favour, but therate at which you lose will ACCELERATE as the stock price makes continued moves against you.Markets can turn the corner suddenly and become very volatile. Short positions tend to suffer hugenegative gamma in volatile markets. The problem is not with the computation or knowledge of thenegative gamma, but more that risk managers are unable to tell when negative gamma will shoot upin volatile markets. When the markets do turn suddenly and negative gamma rise suddenly, riskmanagers often end up instructing for positions to be liquidated at a major loss. To make mattersworse in volatile times, another risk, liquidity, makes getting rid of positions even more difficult.
So, what does the auditor do
Do not discourage such risks
It is a mistake to conclude that taking complicated risk and assuming negative gamma inpositions is bad and should be avoided at all costs. This is part and parcel of any growingfinancial market. The answer is in managing the risks around the positions, so that whenthings do falter (and they do), the safety net is ready. Regulators, especially in Asia (andMalaysia), who have been shying away from “complicated” derivatives, are slowly realisingthis and starting to liberalise their markets.
Understand the business well 
The auditor can start by taking a good look of the type of derivative business that the bankengages in. Questions in his mind would be like: what kind of risk is being taken; are all typesof risk being considered; does any ambiguity exist in computation of any risk (for example,there is still no market standard for correlated default risk); and the risk trends. A detailassessment of the IT environment for risk computations and reports is critical too as riskmanagers depend entirely on data processing and models.It is always useful to review off-balance sheet structures with risk management personnel toassess what risk they carry and if all the risks are captured and accounted for.
Review stress testing and scenario analysis
The auditor should also review for scenario analysis and stress testing. The focus is not theperformance of the tests but that right parameters are stressed and the scenarios are
extreme enough. Equally important is what is done with the results. A plan must exist toprovide for instances when results are not favourable - who do they get reported to andwhat action is required. The auditor must attain a comfortable level with this issue or else,take it up with management.
Identify gaps in risk expertise
The risk management function has to strike a fine balance in investing in capital (human andsystems) to protect the firm and yet being profitable in doing so. A report by the EconomicIntelligence Unit in Feb 2010, “Rebuilding Trust: Next Steps for Risk Management in FinancialServices” identified gaps in risk expertise as a serious issue, even in the West. The report alsoidentified an over-reliance on risk models, and data problems that is widely seen as keyfailures in financial risk management.
Ignoring Liquidity Risk
Liquidity risk is what killed Bear Stearns, the renowned hedge fund. The firm heavily invested inseemingly low-risk CDOs, graded AAA or AA. The fund was heavily leveraged by borrowing money inthe low cost short term repos to buy higher yielding long term CDO tranches. The differencebetween the borrowing interest rate and the yield on the CDOs generated the fund’s profits. As thesubprime credit market blew over, the dried up liquidity in the repo market caused interest rates toshoot up, leading to the unsustainable business and downfall of the hedge fund.Illiquid financial instruments are often priced off the parameters of other liquid instruments. Forexample, off-the-run bonds are priced off the curve of on-the-run bonds. Highly structured interestrate products are priced off interest rate volatility taken from a volatility surface built from liquidcaps, floors and swaptions. These practices are not unreasonable but it is dangerous to assume thatilliquid instruments like these will always trade close to its theoretical price. In times of financialshocks, there will always be a “flight to quality” and instruments like these will trade at a largediscount.
So, what does the auditor do?
Bearing in mind the above, the auditor should look if the bank’s stress testing results includesstretching liquidity in worst case scenario values.It is very challenging for the treasury department managers of a bank to maintain enough liquidity ina bank when the wider liquidity dries up in the market. The auditor should discuss with treasuryabout the extent of leverage taken by all the leveraged transactions in the bank and should becomfortable with what is being done to maintain enough liquidity.
Underestimating Counterparty Risk
Counterparty risk is basically the risk that the other party of a transaction will not be able to come upwith the payments due. These are mainly applicable in over-the-counter trades like swaps andoptions. Credit risk can be minimized by requiring counterparties to maintain some collateral. Veryoften AAA rated counterparties will not be required to put up any collateral.

You're Reading a Free Preview

/*********** DO NOT ALTER ANYTHING BELOW THIS LINE ! ************/ var s_code=s.t();if(s_code)document.write(s_code)//-->