Financial Risk M anager

EXAM PART I
Foundations of Risk Management
<S>GARP

2020

EXAM PART I
Foundations of Risk Management

Pearson
Copyright © 2020 by the Global Association of Risk Professionals
All rights reserved.

This copyright covers material written expressly for this volume by the editor/s as well as the com pilation itself.
It does not cover the individual selections herein that first appeared elsew here. Permission to reprint these has
been obtained by Pearson Education, Inc. for this edition only. Further reproduction by any means, electronic or
m echanical, including photocopying and recording, or by any information storage or retrieval system , must be
arranged with the individual copyright holders noted.

All tradem arks, service marks, registered tradem arks, and registered service marks are the property of their
respective owners and are used herein for identification purposes only.

Pearson Education, Inc., 330 Hudson Street, New York, New York 10013
A Pearson Education Com pany
w w w .pearsoned.com

Printed in the United States of Am erica

ScoutAutomatedPrintCode

000200010272205677

EEB /K W

Pearson ISBN 10: 013596816X

ISBN 13: 9780135968161
 1.6 Structural Change: From
Chapter 1 The Building Blocks Tail Risk to Systemic Crisis 11
of Risk Management 1
1.7 Human Agency and Conflicts
of Interest 12
1.1 Typology of Risks and Risk 1.8 Risk Aggregation 12
Interactions 2 1.9 Balancing Risk and Reward 13
Market Risk 4
1.10 Enterprise Risk Management
Credit Risk 5
(ERM): More Than Adding Up Risk? 14
Liquidity Risk 5
Operational Risk 5 Questions 16
Business and Strategic Risk 6 Answers 18
Reputation Risk 6
1.2 The Risk Management Process 7
1.3 Identifying Risk: Knowns Chapter 2 How Do Firms
and Unknowns 8 Manage Financial
1.4 Quantitative Risk Metrics 9 Risk? 21
Expect the Unexpected 9
From Unexpected to Extreme 10
2.1 Background: The Modern
Risky Relationships 10
Imperative to Manage Risk 22
Value-at-Risk 10
Risks From Using Risk Management
1.5 Risk Factor Breakdown and Instruments 23
Interactions Between Factors 10 Hedging Philosophy 23
 2.2 Risk Appetite—What Is It? 24 The Evolving Role of a Risk Advisory Director 50
The Special Role of the Board Risk
2.3 Risk Mapping— Here Be
Management Committee 50
Dragons! 26
3.5 Risk Appetite and Business
2.4 Strategy Selection: Accept, Strategy: The Role of Incentives 50
Avoid, Mitigate, Transfer 26
The Role of the CRO 50
2.5 Rightsizing Risk Management 27 Limits Policies 51
2.6 Risk Transfer Toolbox 28 Monitoring Risk 52
Beer and Metal 29 3.6 Incentives and Risk-Taking 52
Airline Risk Management: 3.7 The Interdependence of
Turbulence Ahead 30
Organizational Units in Risk
Interest Rate Risk and Foreign Governance 53
Exchange Risk Management 31
3.8 Assessing the Bank's Audit
2.7 What Can Go Wrong In
Function 54
Corporate Hedging? 32
Questions 56
Summary 33
True/False Questions 56
Questions 34 Short Concept Questions 56
Answers 36 Multiple Choice Questions 57
Answers 58

Chapter 3 The Governance of

Risk Management 39 Chapter 4 Credit Risk Transfer
Mechanisms 61
3.1 The Post-Crisis Regulatory
Response 42 4.1 Overview of Credit Risk
After the Crisis: Industry Restructuring Transfer Mechanisms 62
and the Dodd-Frank Act 44
4.2 How Credit Risk Transfer
The European Regulatory Response to
the GFC: SREP and EBA Stress Tests 45 Can Be Useful 62

3.2 Infrastructure of Risk 4.3 The Mechanics of

Governance 45 Securitization 64
The Board and Corporate Governance 45 4.4 From Buy-and-Hold to
From Corporate Governance to Originate-to-Distribute 65
Best-Practice Risk Management 46 Questions 68
3.3 Risk Appetite Statement 47 True/False Questions 68
3.4 Implementing Board-Level Multiple Choice Questions 68
Risk Governance 49 Short Concept Questions 68
The Board Audit Committee 49 Answers 69

iv ■ Contents
Chapter 5 Modern Portfolio Chapter 7 Principles for
Theory and Capital Effective Data
Asset Pricing Model 71 Aggregation and
Risk Reporting 91
5.1 Modern Portfolio Theory 72
5.2 The Capital Asset Pricing 7.1 Introduction 92
Model 73 7.2 Benefits of Effective Risk
5.3 Performance Measures 76 Data Aggregation and Reporting 93
Sharpe Performance Index 77 7.3 Key Governance Principles 93
Treynor Performance Index 77
7.4 Data Architecture and IT
Jensen's Performance Index 77
Infrastructure 94
Link Between the Treynor and
Jensen's Performance Measures 77 7.5 Characteristics of a Strong
Tracking Error, Information Ratio, Risk Data Aggregation Capability 95
and the Sortino Ratio 78 7.6 Characteristics of Effective
Tracking Error 78 Risk Reporting Practices 96
Information Ratio 78
Conclusion 97
Sortino Ratio 78
Appendix 1 98
Questions 79
Compliance Levels of 30 Banks 98
Answers 80
Questions 99
Answers 100
Chapter 6 The Arbitrage
Pricing Theory
and Multifactor Chapter 8 Enterprise Risk
Models of Risk Management and
and Return 83 Future Trends 101

6.1 The Arbitrage Pricing Theory 84 8.1 ERM: What Is It and Why
6.2 Multifactor Models of Risk Do Firms Need It? 102
and Return 85 8.2 ERM— A Brief History 103
6.3 Factor Analysis in Hedging 8.3 ERM: From Vision to Action 104
Exposure 87
8.4 Why Might Enterprise Risk
Questions 88 Demand ERM: Four Key Reasons 105
Answers 89 Top to Bottom—Vertical Vision 105

Contents ■ v
 Are There Potentially Dangerous 9.4 Model Risk 128
Concentrations of Risk within the Firm? 106 Wrong Assumptions—The Niederhoffer
Thinking Beyond Silos 106 Put Options 129
Don't Insure the Kettle 106 Long Term Capital Management
and Model Risk: When "Normal"
8.5 Risk Culture: Without This,
Relationships Breakdown 129
Nothing 107
Trading Models 130
Discussion—Five Culture Clashes 110
Risk Measurement Models and Stress
8.6 Scenario Analysis: ERM's Testing 130
Sharpest Blade? 111 Model Risk and Governance—
Scenario Analysis Before the Global The London Whale 131
Financial Crisis 112 Setting the Scene 131
Post-Crisis Trends in Scenario Building 112 The Risk Exposure Grows 131
Stress Testing in Europe: Future Directions 114 Operational Risk 131
8.7 ERM and Strategic Decisions 114 Corporate Governance: Poor
Risk Culture 132
8.8 Conclusion: Risk Management Model Risk: Fudging VaR Models 132
and the Future 115
9.5 Rogue Trading and
Questions 118 Misleading Reporting 132
Answers 119 Barings, 1995 132
9.6 Financial Engineering 134
The Risks of Complex Derivatives 134
Chapter 9 Learning from
The Case of Excess Leverage and
Financial Disasters 123 Complex Financial Instruments:
Orange County 134
The Case of Investing in AAA Tranches
9.1 Interest Rate Risk 124 of Subprime CDOs: Sachsen 135
The Savings and Loan Crisis 124 9.7 Reputation Risk 135
9.2 Funding Liquidity Risk 124 Volkswagen Emission Cheating Scandal 135
Liquidity Crisis at Lehman Brothers 124
9.8 Corporate Governance 135
Liquidity Crisis at Continental Illinois 125
Enron 136
Northern Rock—Liquidity and Business
Aftermath 137
Models 126
Lessons Learned 126 9.9 Cyber Risk 137
9.3 Constructing and Implementing The SWIFT Case 137
a Hedging Strategy 127 Conclusion 137
Metallgesellschaft—How a Dynamic
Hedging Strategy Can Go Wrong 127 Questions 138
Hedging Considerations 128 Answers 139

vi ■ Contents
 Questions 150
Chapter 10 Anatomy of the
Answers 151
Great Financial Crisis
of 2007-2009 141
Chapter 11 GARP Code of
Conduct 153
10.1 Introduction and Overview 142
10.2 How It All Started 143
I. Introductory Statement 154
10.3 The Role of Financial
Intermediaries 144 II. Code of Conduct 154
1. Principles 154
10.4 Issues with the Rating
2. Professional Standards 154
Agencies 145
10.5 A Primer on the Short-Term III. Rules of Conduct 155
Wholesale Debt Market 145 1. Professional Integrity and Ethical
Conduct 155
10.6 The Liquidity Crunch Hits 146 2. Conflict of Interest 155
10.7 Valuation Uncertainty and 3. Confidentiality 155
Transparency Issues 147 4. Fundamental Responsibilities 155
5. General Accepted Practices 155
10.8 Central Banks to the
Rescue 148 IV. Applicability and Enforcement 156
10.9 Systemic Risk in Action 149 Index 157

Contents ■ vii
 FRM
COMMITTEE

Chairman
Dr. Rene Stulz
Everett D. Reese Chair of Banking and M onetary Econom ics,
The Ohio State University

Members
Richard Apostolik Dr. Attilio Meucci, CFA
President and C E O , Global Association of Risk Professionals Founder, ARPM

Michelle McCarthy Beck, SMD Dr. Victor Ng, CFA, MD

C h ief Risk Officer, T IA A Financial Solutions C h ief Risk A rchitect, M arket Risk M anagem ent and Analysis,
Goldm an Sachs
Richard Brandt, MD
O perational Risk M anagem ent, Citigroup Dr. Matthew Pritsker
Senior Financial Econom ist and Policy Advisor / Supervision,
Julian Chen, FRM, SVP
Regulation, and C redit, Federal Reserve Bank of Boston
FRM Program Manager, Global Association of Risk Professionals
Dr. Samantha Roberts, FRM, SVP
Dr. Christopher Donohue, MD
Balance Sheet Analytics & M odeling, PN C Bank
G A R P Benchm arking Initiative, Global Association of Risk
Professionals Dr. Til Schuermann
Partner, O liver Wyman
Donald Edgar, FRM, MD
Risk & Q uantitative Analysis, BlackRock Nick Strange, FCA
Director, Supervisory Risk Specialists, Prudential Regulation
Herve Geny
Authority, Bank of England
Group Head of Internal A udit, London Stock Exchange Group
Dr. Sverrir Porvaldsson, FRM
Keith Isaac, FRM, VP
Senior Q uant, SEB
Capital M arkets Risk M anagem ent, TD Bank Group

William May, SVP

Global Head of Certifications and Educational Program s, Global
Association of Risk Professionals

viii ■ FRM® Committee

Contributors
Michel Crouhy, PhD, Head of Research and D evelopm ent,
N A TIXIS Corporate and Investm ent Bank

Robert Mark, PhD, Managing Partner, Black Diamond Risk

Enterprises

Dan Galai, PhD, A b e G ray Professor of Finance and Business

Adm inistration at the Hebrew University

Reviewers
Bernadette Minton, PhD, Arthur E. Shepard Endowed
Professorship in Insurance and Chair, Departm ent of Finance,
The Ohio State University
David W. Wiley, M BA, C FA , President, W H W Investm ents, LLC
Patrick Steiner, FRM , Large Institution Supervision Coordinating
Com m ittee, Federal Reserve Bank of New York
Dan Pugh, FRM , C h ief Legal and Risk Officer, Corporate
Secretary, and Global Risk Manager, G S E Systems

Luca Blasi, FRM , A C M A , Head of the Valuation and Trading Jesus Gonzalez, FRM , Vice President, Director of M arket Risk
Control Unit, Prudential Regulatory Authority— Bank of England Analytics, BB&T

Attributions ■ ix
The Building
Blocks of Risk
Management
Learning Objectives
A fter com pleting this reading you should be able to:

Explain the concept of risk and com pare risk m anagem ent
with risk taking.
D escribe elem ents, or building blocks, of the risk m anage­
ment process and identify problem s and challenges that
can arise in the risk m anagem ent process.
Evaluate and apply tools and procedures used to measure
and manage risk, including quantitative m easures, qualita­
tive assessm ent, and enterprise risk m anagem ent.
Distinguish between expected loss and unexpected loss,
and provide exam ples of each.
Interpret the relationship between risk and reward
and explain how conflicts of interest can im pact risk
m anagem ent.
D escribe and differentiate between the key classes
of risks, explain how each type of risk can arise, and
assess the potential im pact of each type of risk on an
organization.
Explain how risk factors can interact with each other and
describe challenges in aggregating risk exposures.

1
Risk, in the most basic sense, is the possibility that bad things
1. The risk m anagem ent process
might happen. Humans evolved to manage risks such as wild
animals and starvation. However, our risk aw areness is not 2 . Identifying risk: knowns and unknowns
always suited to the modern world (as anyone who has taught 3 . Expected loss, unexpected loss, and tail loss
a child to cross the road knows). Behavioral science shows that
4 . Risk factor breakdown
we rely too much on instinct and personal exp erience, as biases
skew our thought processes. Furtherm ore, even the way we 5 . Structural change: from tail risk to system ic crisis

fram e risk decisions irrationally influences our willingness to 6 . Human agency and conflicts of interest
take risk. 7 . Typology of risks and risk interactions
Even so, surprisingly sophisticated exam ples of risk m anage­ 8 . Risk aggregation
ment can be seen in early history. In ancient tim es, merchants
9 . Balancing risk and reward
and their lenders shared risk by tying loan repaym ents to the
safe arrival of shipm ents using maritime loans (i.e., combining 1 0 . Enterprise risk m anagem ent (ERM)
loans with a type of insurance). The insurance contract sepa­
Fiqure 1.1 Ten risk management building blocks.
rated from the loan contract as early as the fourteenth century
in northern Italy, creating the first standalone financial risk trans­
fer instrum ent. From the seventeenth century onward, a more
m ethodical approach to the m athem atics of risk can be traced. 1.1 TYPOLOGY OF RISKS AND RISK
This was followed by the developm ent of exchange-based risk INTERACTIONS
transfer in the form of agricultural futures contracts in the eigh­
teenth and nineteenth centuries (Figure 1.2). Risk is a wild animal, circling the camp fire in the dead of night.
But what kind of animal?
That m ethodical approach continued to evolve in the twentieth
century and beyond, with major advances in financial theory in Figure 1.3 sets out a typology of risks in the financial industry.1
2
the 1950s; an explosion in risk m anagem ent m arkets from the Given the variety of business models that firms pursue, corpo­
1970s onwards; and the em ergence of new instrum ents, such rate risks take many form s. However, most firms face risks that
as cyber risk insurance, in the early twenty-first century. Risk can be categorized within the risk typology discussed in this
m anagem ent is an old craft but a young science— and an even chapter.
younger profession. This kind of typology has many uses. It can help organizations
drill down into the risk-specific factors within each risk type,
How we think about risk is the biggest determ inant of whether
map risk m anagem ent processes to avoid gaps, and hold staff
we recognize risks, assess them properly, measure them using
accountable for specific risk domains.
appropriate risk m etrics, and succeed in managing them .
Indeed, Figure 1.3 relates quite closely to how risk functions are
This introductory chapter looks at the definitions of risk, the
organized at many banks and large corporations, where there
classic risk m anagem ent process, the principal types of risk, and
are often particular functions for m arket risk, credit risk, etc.
the tools used to track risk and make decisions. We isolate ten
Many of these risk functions worked quite independently of one
risk m anagem ent building blocks along the way (Figure 1 .1 ).1
another until an effort to build a more unified risk m anagem ent
Most risk m anagem ent disasters are caused by failures in these approach began in the mid-1990s.
fundam ental building blocks, rather than the failure of some
Each key risk type dem ands a specific set of skills and its own
sophisticated technique. Centuries-old financial institutions
philosophical approach. For exam ple, most banks treat market
have been bankrupted because their risk m anagem ent proce­
and credit risks as a natural part of their business. They recognize
dures ignored a certain type of risk, m isunderstood connections
that risk scales alongside reward and actively pursue risky assets
between risks, or did not follow the classic steps in the risk man­
(e.g ., particular credit segm ents). An increase in operational risks,
agem ent process.

1 Not every risk practitioner will agree with our choice. The building
blocks are not discussed in order of importance, and not every firm
needs to develop a sophisticated approach to each building block, but
we would argue that an awareness of each of our ten building blocks is a
good place to start thinking about risk management.
For a more detailed description of financial risks see M. Crouhy,
D. Galai, and R. Mark, The Essentials o f Risk Management, 2nd ed.
(Ch. 1, App.), McGraw Hill, 2014.

2 ■ Financial Risk Manager Exam Part I: Foundations of Risk Management

 c.1750 B C — Code of Hammurabi records Babylonian maritime
loan insurance.
Roman era— Burial societies cover funerary expenses with
regular premiums.
Early medieval period— Early guilds support m em bers who
suffer financial loss.
1300s— Shipping insurance matures in G enoa.
1583— First recorded life insurance policy in London
1650s— Blaise Pascal and Pierre de Ferm at lay foundation of
probability theory.
1666— G reat Fire of London inspires early fire insurance
com panies.
1688— Lloyds (of London) coffee house first mentioned
1690s-early 1700s— Developm ent of mortality tables in London
Late 1600s— early 1700s— Jako b Bernoulli describes law of
large num bers/statistical inference.
1730— Jap an ese rice futures traded in Osaka (world's first
futures).
1730— Normal distribution and standard deviation described
by Abraham de Moivre.
1762— First life insurer to calculate premiums in scientific
manner (forerunner of Equitable Life)
1764— Publication of Thom as Bayes' 1750s work (Bayesian
statistics)
1846— Cologne Re: first dedicated reinsurance company
1864— Chicago Board of Trade lists first US standardized
futures contracts (corn).
1875— Francis G alton, British statistician, describes regression
to the mean.
1900— Louis Bachelier m odels Brownian motion to investigate
financial assets.
Early 1900s— Lloyds underwriters collect catastrophe risk data
for pricing, for exam ple, hurricane records.
1921— Frank Knight explores 'Risk, Uncertainty and Profit'.
1950s-1960s— Large corporations self-insure; "risk m anager"
used for widened insurance purchaser role.
1952— Diversification and modern portfolio m anagem ent:
Harry M arkowitz
1961-1966— Capital A sset Pricing M odel: W illiam Sharpe and
John Lintner
1970s— D ecade of m arket liberalization and price and interest
rate volatility
Figure 1.2 Risk management timeline.3
on the other hand, does not lead to greater reward, so banks
avoid these risks when they can. Below we look at the key risk
3 Note that the dates in this timeline are sometimes an approximation;
in particular, the development date of various OTC risk transfer instru­
ments can be open to debate.
Chapter 1 The Building Blocks of Risk Management
1972 — C M E currency futures contracts
1973— Chicago Board of Trade (C B O T) options on stocks;
Chicago Board O ptions Exchange (C B O E) created
1973— Black-Scholes option pricing formula
Mid 1970s— Treasury bill and bond futures
1979-1980— O T C currency options and swaps
Early 1980s— Growth of early O T C m arkets; first interest rate
swaps
1983— Interest rate caps and floors
1987— Com m odity swaps; average options; and other path-
dependent options
1988— Basel Accord (Basel I) banking reform, focused on credit
risk
1990— Collateralized loan obligations
Early 1990s— C redit derivatives develop, for exam ple, credit
default swaps
1993— C B O E volatility index (VIX)
1994— J.P. Morgan publishes value-at-risk (VaR) m ethodology
(RiskM etrics)
1994-1995— Classic cases of derivative misuse, for exam ple,
O range County, Barings Bank
1996— M arket Risk Am endm ent for Basel I
1998— Russia financial crisis, LTCM near collapse
1998-1999— Synthetic C D O s (collateralized debt obligations);
C D O s of C D O s (C D O squared)
2001— Terrorist attacks on World Trade C enter (9/11); Enron
collapse, corporate scandals
2002— Sarbanes-O xley A ct (SOX) to prevent fraudulent
accounting
2004— Basel II (including operational risk capital)
2004-2006— VIX futures, options
2007-2009— Global Financial Crisis
2009— Contingent convertible bonds (CoCos)
2010— Basel III ongoing (including liquidity risk)
2010— D odd-Frank A ct
2011 onw ards— Fast d evelo p m en t of cyb er risk tran sfer
m arket
2016— Solvency II reform in effect for insurance industry
2017— Finalized Basel III reforms released
types in turn, but first a word of warning. Risk typologies must be
flexible because new risks are always em erging. A banking indus­
try risk typology made in the early 1990s may have not consid­
ered rogue trading risk or even the entire operational risk class.
As of 2020, "n ew " forms of operational risk are again climbing
■ 3
 r

Market
Risk
Trading Risk
Market Risk
IL
Gap Risk
Currency Risk
k —— — — _ — ——

Credit Risk r — — — — — — — — — — — — — — — —

I >| Commodity Risk

c

Corporate > Downgrade Risk

Risks I Portfolio
> Concentration
I Risk
> Bankruptcy Risk
Operational
Risk
I
L

I
r

Business,
Strategic &
*: Reputatuon Risks
I
L

> Model Risk

Figure 1.3 A typology of risks for the banking industry.

up the risk manager's watch list: cyber risk (particularly the risk of
hackers stealing and destroying data and compromising systems)
and data privacy risk.4*
Furtherm ore, the risk types interact with one another so that
risk flows. During a severe crisis, for exam ple, risk can flow from
credit risk to liquidity risk to m arket risk, (which was the case
during the global financial crisis of 2007-2009). The same can
occur within an individual firm : the "fat finger" of an unlucky
trader (operational risk) creates a dangerous m arket position
(m arket risk) and potentially ruins the standing of the firm (repu­
tational risk). That is why a sophisticated understanding of risk
types and their interactions is an essential building block of risk
m anagem ent.
M arket risk takes many forms depending on the underlying
asset. From a financial institution's perspective, the key forms
are equity risk, interest rate risk, currency risk, and com m odity
price risk.
Each of these m arkets has its own risk m anagem ent tools and
m ethodologies, and we give exam ples of corporate applications
and strategies in C hapter 2. However, across all these m arkets,
m arket risk is driven by the following.
• G eneral m arket risk: This is the risk that an asset class will fall
in value, leading to a fall in the value of an individual asset or
portfolio.
• S p e cific m arket risk: This is the risk that an individual asset
will fall in value more than the general asset class.

Market Risk M arket risk can be m anaged through the relationships

M arket prices and rates continually change, driving the value
of securities and other assets up and down. These movements
create the potential for loss, as price volatility is the engine of
m arket risk.
4 New risks tend to be born out of a fundamental change in market and
industry practice. Bank rogue trading risk rose out of the growth of the
derivatives industry and a rise in proprietary trading; bank liquidity risk
during the global financial crisis arose out of insidious changes in bank
funding strategies and leverage; legal risk in the period since the crisis
has been exacerbated by a new wave of class action lawsuits and claims
for compensation (not to forget some poor bank behavior); and cyber
risk is a product of the digital revolution.
betw een positions. The diversification benefits of a large
equity portfolio, for exam ple, form the bedrock of investm ent
risk m anagem ent.
However, market risk also arises from these relationships. For
exam ple, an equity portfolio designed to track the performance
of an equity market benchmark might fail to track it perfectly— a
special form of market risk. Likewise, a position intended to balance
out, or hedge, another position or market price behavior might do
so imperfectly— a form of market risk known as basis risk.
For risk m anagers, this mismatching of price m ovem ents is often
a bigger problem than any single m arket risk exposure. For
exam ple, a com m odity risk m anager might be using crude oil

4 ■ Financial Risk Manager Exam Part I: Foundations of Risk Management

futures to hedge jet fuel, only to find that the normal price dif­
ferential between the two has w idened.
Credit Risk
Credit risk arises from the failure of one party to fulfill its financial
obligations to another party. Some exam ples of credit risk include
• A debtor fails to pay interest or principal on a loan (bank­
ruptcy risk);
• An obligor or counterparty is dow ngraded (downgrade risk),
indicating an increase in risk that may lead to an im m ediate
loss in value of a credit-linked security; and
• A counterparty to a m arket trade fails to perform (counter­
party risk), including settlem ent or Herstatt risk.5
C red it risk is driven by the probability of default of the obligor
or counterparty, the exposure am ount at the tim e of default,
and the am ount that can be recovered in the event of a default.
These levers can all be altered by a firm's approach to risk m an­
agem ent through factors such as the quality of its borrowers,
the structure of the credit instrum ent (e .g ., w hether it is heavily
collateralized or not), and controls on exposure.
The exposure am ount is clear with most loans but can be volatile
with other kinds of transactions. For exam ple, a derivative trans­
action may have zero credit risk at the outset because it has no
im m ediate value in the m arket. However, it can quickly becom e
a major counterparty credit exposure as m arkets change and the
position gains in value.
Traditionally, the probability of default of an obligor is assessed
through identifying and evaluating a selection of key risk factors.
For exam ple, corporate credit risk analysis looks at key financial
ratios, industry sectors, etc. M eanwhile, the risk in whole port­
folios of credit risk exposures is driven by obligor concentration
as well as the relationship between risk factors. The portfolio will
be a lot riskier if:
• It has a small number of large loans rather than many sm aller
loans;
• The returns or default probabilities of the loans are positively
correlated (e.g., borrowers are in the same industry or region);
• The exposure am ount, probability of default, and loss given
default amounts are positively correlated (e.g ., when defaults
rise, recovery amounts fall).
Risk m anagers use sophisticated credit portfolio models to
uncover risk arising from these com binations of risk factors.
5 Named after the failure of Herstatt bank in Germany. The bank, a participant
in the foreign exchange markets, was closed by regulators in 1974. The timing
of the closure caused a settlement failure because Herstatt's counterparties
had already paid their leg of foreign currency transactions (in Deutsche Marks)
only to find the defunct Herstatt unable to pay its leg (in US dollars).
Chapter 1 The Building Blocks of Risk Management
Liquidity Risk
Liquidity risk is used to describe two quite separate kinds of risk:
funding liquidity risk and m arket liquidity risk.
Funding liquidity risk is the risk that covers the risk that a firm
cannot access enough liquid cash and assets to m eet its obli­
gations. Funding liquidity risk threatens all kinds of firms. For
exam ple, many small and fast-growing firms find it difficult to
pay their bills quickly enough while still having sufficient funds to
invest for the future.
Banks have a special form of funding liquidity risk because their
business involves creating maturity and funding mism atches.
O ne exam ple of a mismatch is that banks aim to take in short­
term deposits and lend the money out for the longer term at a
higher rate of interest. Sound asset/liability m anagem ent (ALM ),
therefore, lies at the heartening of the banking business to help
reduce the risk. There are various techniques involved in A LM ,
including gap and duration analyses.6
O f course, banks som etim es get it wrong, with disastrous con­
sequences. Many of the banks that failed during the 2007-2009
global financial crisis had built up large maturity mism atches and
were vulnerable to the wholesale funding market's perception of
their creditworthiness.
M arket liquidity risk, som etim es known as trading liquidity risk,
is the risk of a loss in asset value when m arkets tem porarily
seize up. If m arket participants cannot, or will not, take part in
the m arket, this may force a seller to accept an abnorm ally low
price, or take away the seller's ability to turn an asset into cash
and funding at any price. M arket liquidity risk can translate into
funding liquidity risk overnight in the case of banking institutions
too dependent on raising funds in fragile wholesale m arkets.
It can be very difficult to measure market liquidity risk. Measures
of market liquidity in a normal market, for exam ple, might look at
the number or volume of transactions and at the spread between
the bid-ask price. However, these are not necessarily good indi­
cators that a market will remain liquid during a time of crisis.
Operational Risk
O perational risk can be defined as the "risk of loss resulting
from inadequate or failed internal processes, people, and sys­
tem s or from external e ve n ts."7 It includes legal risk, but
excludes business, strategic, and reputational risk.
6 See M. Crouhy, D. Galai, and R. Mark, The Essentials o f Risk
Management, 2nd ed. (Ch. 8), McGraw Hill, 2014.
7 Basel Committee on Banking Supervision, Principles for the Sound
Management of Operational Risk, June 2011, https://www.bis.org/publ/
bcbs195.pdf, page 3, footnote 5.
■ 5
 BOX 1.1 BANK OPERATIONAL RISK: MEASURE OR M ANAGE?
No one doubts the im portance of operational risk, but its
m easurem ent remains challenging. The banking industry
em barked on the project in the late 1990s, mainly because
it seem ed logical to set capital aside for operational risk
alongside that set aside for credit and m arket risks. The
industry built extensive loss databases along with a set of
risk m easurem ent tools including statistical analysis, score-
card system s, sets of key risk indicators, and scenario analy­
sis approaches.
However, many banking regulators rem ained skeptical about
w hether these tools could support accurate risk capital allo­
cation. The Basel Com m ittee signaled a change of direction
in 2016.8 It would continue to encourage banks to
That is a deliberately broad definition, and it includes everything
from anti-money laundering risk and cyber risk to risks of terror­
ist attacks and rogue trading. The outbreaks of rogue trading
in the 1990s helped persuade regulators to include operational
risk in bank capital calculations.
Looking beyond the banking industry, we might include many
corporate disasters under the operational risk umbrella. These
include physical operational mishaps and corporate governance
scandals, such as the crisis at energy giant Enron in 2001. The
m anagem ent of operational risk is the primary day-to-day
concern for many risk m anagers outside the financial industry,
often through insurance strategies.
The definition and measurement of operational risk continues to be
problematic, however, especially in the financial industry (Box 1.1).
Business and Strategic Risk
Business risks lie at the heart of any business and includes all the
usual worries of firm s, such as custom er dem and, pricing deci­
sions, supplier negotiations, and managing product innovation.
Strategic risk is distinct from business risk. Strategic risk involves
making large, long-term decisions about the firm's direction,
often accom panied by major investm ents of capital, human
resources, and m anagem ent reputation.
Business and strategic risks consume much of the attention of
m anagem ent in non-financial firm s, and they are clearly also a
key concern in financial firms. However, it is not obvious how
they relate to the other risks that we discuss or fit within each
firm's risk m anagem ent fram ework.
8 Basel Committee, Standardised Measurement Approach for Opera­
tional Risk, March 2016: https://www.bis.org/bcbs/publ/d355.pdf. The
move built on earlier proposals in 2014.
6 ■ Financial Risk Manager Exam Part I: Foundations of Risk Management
understand their operational risk using a variety of tools, but
capital allocation would be based on a sim pler standardized
approach using w eighted bank size with a m ultiplier based
on a bank's record of larger operational risk losses.
However, this will not dampen bank efforts to manage opera­
tional risk. O perational risk includes the massive legal threats
and claims for com pensation that have plagued banks since
the 2007-2009 global financial crisis. It includes the growing
threat of cyber risk and the threat of penalties and lawsuits
over data privacy infringem ents. In all its guises, operational
risk remains one of the biggest threats to banks and other
large corporations, even if it is im possible to properly m ea­
sure its true cost.
A sudden fall in customer demand, the failure to launch the right
kind of new product, or a misplaced major capital investment can
threaten a firm's survival. Responsibility for these risks lies with the
firm's general management. So what is the role of the risk manager?
The answer lies in three observations.
1. First, the firm needs to define its appetite for risk in a holis­
tic manner that em braces the risk of significant business and
strategic decisions. Firms can be very conservative on credit
risk and very entrepreneurial on business risk, but the logic
for that divergence needs to be articulated.
2. Second, the chief risk officer and supporting team may have
specific skills they can bring to bear in terms of quantifying
aspects of business and strategic risk. Credit experts, for exam­
ple, often become involved in managing supply chain risk.
As we discuss in a later chapter, new techniques such
as m acroeconom ic scenario analysis can be adopted to
improve business and strategic decisions.
3. Third, business decisions generate large exposures in other risk
management areas, such as credit and commodity price risk.
As a result, financial risk managers must be involved at the start
of business planning. For example, it may be impossible to fund
the construction of a power station without having some form
of energy price risk management strategy in place. Meanwhile
in the financial industry, expanding a credit business will increase
credit exposures and may necessitate the deliberate lowering
of credit standards. Banks that fail to coordinate business, stra­
tegic, and risk management goals do not survive for long.
Reputation Risk
Reputation risk is the danger that a firm will suffer a sudden fall
in its m arket standing or brand with econom ic consequences
(e.g ., through losing custom ers or counterparties).
Reputation risk usually com es about through a failure in another
area of risk m anagem ent that dam ages confidence in the firm's
financial soundness or its reputation for fair dealing.
For exam ple, a large failure in credit risk m anagem ent can lead
to rumors about a bank's financial soundness. Rumors can be
fatal in them selves. Investors and depositors may begin to w ith­
draw support in the expectation that others will also withdraw
support. Banks need to have plans in place for how they can
reassure m arkets and shore up their reputations.
A reputation for fair dealing is also critical. Large firms are
expected to behave in certain ways. If a firm m isrepresents a
product's risks, it can lose im portant custom ers.
Reputation with regulators is particularly im portant to financial
institutions. Regulators wield considerable informal as well as
formal power. A bank that loses the trust of a regulator may find
its activities criticized and/or curtailed.
1.2 THE RISK MANAGEMENT
PROCESS
We take risks in pursuit of reward, w hether that reward is food,
shelter, or bitcoin. But the key questions are tw ofold: is the risk
com m ensurate with the reward, and could we lower the risk and
still get the reward? O ur attem pt to address these questions
gives rise to our first building block: the classic risk m anagem ent
process (Figure 1.4).
BOX 1.2 BRAINSTORMING AND TRIAGING RISKS
The first steps toward risk identification and triage take some
classic forms.
• Brainstorming: This could include discussions with repre­
sentatives from different business divisions to discuss the
risk exposures they face and scenarios that could negatively
impact their divisions. The most obvious approach is to put
the key professionals (e.g., business leaders, audit profession­
als, etc.) in a room and talk to them. What is your personal
professional nightmare? What else could go wrong, why
would it go wrong, and how badly could it go wrong? What
are the root causes and what are the consequences (e.g., in
terms of triggering further risks)? Who is accountable?
• Stru ctu red interview s, questionnaires, and surveys: These
are an attem pt to push that initial inquiry out to a w ider
group of professionals within the com pany or throughout
the industry. They should include open-ended questions.
• Industry reso u rces: Unless the activity is unique, there will
be industry resources available in the form of checklists,
professional and regulatory standards, industry surveys,
and expert opinions. These resources should be used to
enrich the brainstorming process.
Chapter 1 The Building Blocks of Risk Management
1. IDENTIFY 2. ANALYZE
Name, Categorize, Rank, Score, Measure,
Understand Quantify
/ F\/AI I IA T F
LVMl_UM 1E . Y
4. MANAGE 3. ASSESS IMPACT
Avoid, Retain, Mitigate Effects, Knock-Ons,
Transfer Repercussions
L _________________________ _________ _______________ A
Figure 1.4 The risk management process.
During this process, the risk m anager attem pts to: identify the
risk (e.g ., Box 1.2), analyze and measure the risk, assess the
effects of any risk event, and finally manage the risk.
The identity of the risk can be just as im portant as its size in
determ ining the appropriate risk m anagem ent strategy. Across
the corporate world, some risks are regarded as natural to a
business and others as quite foreign. M anufacturers, for exam ­
ple, often accept and manage the operational risks of com plex
factory processes but try to avoid or transfer large m arket or
credit risks. Investors often react badly to mishaps concern­
ing risk types they believe are unnatural to a firm (e.g ., a loss
from a speculative derivatives position held by a non-financial
corporation).
• Loss data analysis: Brainstorm ing often identifies many
potential risks. The analyst will next want to look at how
the w ider industry categorizes each risk and at any inter­
nal and external loss records available, to gauge the fre­
quency and severity of loss events and how they relate to
specific risk factors.
• Basic risk triage: Not every risk is quantifiable in an exact
way, but risk m anagers should be able to determ ine a
given risk's frequency and severity.
• H ypothetical what-if analysis: Initial research may suggest
worst-case scenarios that the brainstorming team can be
asked to consider.
• Front line o bservation : There is no substitute for going to
the business line or function and looking at how things are
done. Have front-line staff been included in the risk infor­
mation gathering process?
• Follow ing the trail: How are key processes conducted
and what are the risks associated with them ? Can we see
weaknesses or gaps in the process? Can we track our
worst nightmares backwards through the process?
■ 7
The risk m anagem ent process culm inates in a series of choices
that both manage risk and help to define the identity and pur­
pose of the firm.
• A v o id Risk: There are risks that can be sidestepped by dis­
continuing the business or pursuing it using a different strat­
egy. For exam ple, selling into certain m arkets, or off-shoring
production, might be avoided to minimize political or foreign
exchange risks.
• Retain Risk: There are risks that can be retained within the
firm's risk appetite. Large risks can be retained through
m echanisms such as risk capital allocation, self-insurance, and
captive insurance.
• M itigate Risk: There are risks that can be mitigated by reducing
exposure, frequency, and severity (e.g., improved operational
infrastructure can mitigate the frequency of some kinds of
operational risk, hedging unwanted foreign currency exposure
can mitigate market risk, and receiving collateral against a
credit exposure can mitigate the severity of a potential default).
• Transfer Risk: There are risks that can be transferred to a third
party using derivative products, structured products, or by
paying a premium (e.g ., to an insurer or derivatives provider).
As the risk taker improves its risk management strategy, it will
begin to avoid or mitigate non-essential or value-destroying risk
exposures, which in turn will allow it to assume more risk in areas
where it can pursue more value-creating opportunities for its
stakeholders. Investment in risk management thus allows farmers
to grow more food, metals producers to produce more metal, and
banks to lend more money. Risk management allows firms to excel.
In modern economies, risk management is therefore not only
about corporate survival. It is critically important to the broader
processes of specialization, scaling, efficiency, and wealth creation.
This explains why risk never really goes away. Risk m anagem ent
success is a platform for greater endeavors. The risk m anager is
constantly identifying, evaluating, and managing risks to achieve
the right balance between creating value and exposing the firm
to undue risk. However, identifying and analyzing risk in a fast­
changing world remains a major challenge.
1.3 IDENTIFYING RISK: KNOWNS
AND UNKNOWNS
O ne of the easiest m istakes to make is to focus on risks that are
known and m easurable while ignoring those that are unknown
or sets out.
Figure 1.5, our seco n d building block, sets out a fundamental classi­
fication of known versus unknown risk that considers a classic paper
8 ■ Financial Risk Manager Exam Part I: Foundations of Risk Management
Knightian
Uncertainty
"Known
Unknowns"
Fiaure 1.5 Risk managers face the unknown and
unexpected.
on risk by economist Frank Knight, and the much-quoted words of
Donald Rumsfeld, former United States Secretary of Defense:
"There are things we know that we know. There are known
unknowns . . . But there are also unknown unknow ns."9*
Rumsfeld said this when trying to encapsulate the danger of
terrorists using w eapons of mass destruction. His point was that
humans tend to focus on the risks for which they have data and
ignore potentially larger risks that are unknown or poorly under­
stood. Yet those risks exist and must be m anaged.
Some of the distinctions in Figure 1.5 are much older than
Rumsfeld's quote. In his fam ous 1921 paper, Knight distin­
guished between variability that cannot be quantified at all,
which he called uncertainty, and "tru e" risk that can be quanti­
fied in term s of statistical science.
Incalculable Knightian uncertainties can be very large and impor­
tant. Nuclear war is a major threat to the world, but its chances
of happening are im possible to estim ate.
Even so, Knightian uncertainties can be managed through avoid­
ance and other forms of risk management. Multilateral nuclear disar­
mament, whether wise or not, would remove the risk of nuclear war.
For difficult actions to be taken, however, there has to be agreement
that the Knightian uncertainty is plausible and extremely threatening
in terms of its severity (if unquantifiable in terms of frequency).
The boundary between Knightian uncertainty and m easurable,
statistical risk can be fluid. Before 1950, the size of the health
threat from smoking was uncertain and cigarette producers
9 Donald Rumsfeld, US Secretary of Defence, press conference, NATO HQ,
Brussels, 6 June 2002, responding to a question regarding terrorism and
weapons of mass destruction and the possible inadequacy of intelligence
information: https://www.nato.int/docu/speech/2002/s020606g.htm
 BOX 1.3 METEORS AND MOONWALKING, ICEBERGS AND ELEPHANTS
W hen is a risk truly unknown? Perhaps when it arrives out
of the blue like a meteor. But many risks are more unseen
than unknown. In a 2018 speech, the Bank of England's A lex
Brazier separated these risks into "m oonwalking bears" and
"underw ater icebergs."
M oonwalking bears are nam ed after a viral video that shows
how people avidly w atching a basketball gam e failed to
see a bear im personator on the screen. This kind of risk can
be seen during periods of com pressed yields in the debt
m arket: the evidence that risk is being bought too cheaply
is plain to see on every financial screen, but investors keep
on buying.
regularly advertised their brand as the one that doctors chose to
sm oke. By the m id-1970s, dedicated researchers had turned this
uncertainty into a quantified statistical health risk or "known
A
know n": one in two long-term sm okers die from the habit.
Do the distinctions between the risk classes in Figure 1.5 m atter
to financial risk m anagers? Yes. Risk managers take responsibil­
ity for all sorts of risk, not just those that can be m easured. They
must continuously search for Rumsfeld's "unknown unknowns,"
including risks that are hiding in plain sight (Box 1.3). They can­
not simply ignore Knightian uncertainties. In fact, they som e­
tim es need to make sure their firms avoid or transfer them .
W here they can, risk m anagers move poorly understood risks
from the periphery of Figure 1.5 to a position nearer to the cen­
ter. A s cigarettes have dem onstrated, Knightian uncertainties
can be more severe and prevalent than we initially suspect.
However, risk m anagers must never treat risks that cannot be
measured as if they are a known quantity. Uncertainty and am bi­
guity must be acknow ledged because they exist in much greater
amounts for some risky activities than for others. O ur confidence
in a risk measure shapes how the result should be applied in
decision-m aking.11
1.4 QUANTITATIVE RISK METRICS
Figure 1.5 makes an im portant distinction between expected
and unexpected loss. This distinction is our third building block.
10 This may be a conservative estimate, with the most recent research
suggesting that smoking eventually kills around two in three smokers.
See M. Roberts, "Tobacco Kills Two in Three Smokers,'" BBC News
online, 24 February 2015: http://www.bbc.co.uk/news/health-31600118
11
For further discussion of the role of uncertainty in economics, see
A. Lo and M. Mueller, "Warning: Physics Envy May Be Hazardous To Your
Wealth!," March 19, 2010.
Chapter 1 The Building Blocks of Risk Management
The underwater icebergs are more difficult to spot and
include the growth in leverage in some financial firm s in the
run up to the 2007-2009 global financial crisis. A fter the risk
event, these risks also seem obvious because they are usually
concerned with some fundam ental weakness.
To this ensem ble, we might add the age-old elephant in the
room. This is the risk that is easy to see, that everyone has
indeed spotted, but that it would be im polite to publicly
acknow ledge.
So u rce: A le x Brazier, Execu tive D irector fo r Financial Stability
Stra teg y and Risk, Bank o f England, "M oonw alking Bears and
U nderw ater Ic e b e rg s," 26 A p ril 2018.
Expected loss (EL) is the average loss a position taker might
exp ect to incur from a position or portfolio. In theory, some
portfolios attract losses that rarely depart far from this average.
The losses from this kind of portfolio may be am enable to sta­
tistical m easurem ent over a relatively short period of tim e with
a fair degree of confidence. They might vary, for exam ple, from
year to year, but not by too much.
The EL of a portfolio can be calculated by identifying and esti­
mating values for the key underlying risk factors. In general, EL
is a function of 1) the probability of the risk event occurring; 2)
the firm's exposure to the risk event; and 3) the severity of the
loss if the risk event occurs. In the case of the credit risk of a
loan, these becom e the borrower's probability of default (PD);
the bank's exposure at default (EA D ); and the severity of loss
given default (LG D ). Thus, EL is simply:
EL = EA D X LG D X PD
W here EL can be calculated with confidence, it can be treated
like a variable cost or predictable expense rather than a risk or
uncertainty. The bank can make a profit simply by adding a price
margin that covers the cost of the E L .*1
12*Here, the risk manager's
role is primarily to measure the amount of E L and to make sure
the portfolio does not lose its predictable quality.
Expect the Unexpected
That said, well-behaved portfolios inevitably offer surprises. EL
is created from good and bad days. On a bad day, losses can
12 Theoretically, therefore, banks should not need to set aside provisions
for expected losses where these are accurately priced into a product,
though they will need to allocate risk capital for unexpected loss levels.
For a discussion about why banks should, in the real world, provision for
expected losses as well see B. Cohen and G. Edwards, "The New Era of
Expected Credit Loss Provisioning," BIS Quarterly Review, March 2017:
https://www.bis.org/publ/qtrpdf/r_qt1703f.htm
■ 9
range above the expected level (e.g ., the result of an outbreak
of fraud in a credit card business or sim ply an unlucky sequence
of losses). The extent to which losses depart from the average is
called the unexpected loss level.
In a credit portfolio, the potential for unexpected loss might be
driven by som ething quite sim ple, such as the number and size
of the loans. W hen a portfolio is com posed of a large proportion
of small loans, there is little chance of one very im portant loan
defaulting. In addition, if the portfolio is well diversified, there
is little chance of multiple losses occurring together to generate
unexpected loss levels.
Also, consider that the am ount of EL (and unexpected loss) in
a credit portfolio is changing continuously. These fluctuations
are driven by factors such as changes in the m acroeconom ic
environm ent and size and constitution of the portfolio (e.g ., its
credit quality or correlations). Estim ating expected losses for
even a well-behaved portfolio involves a fair amount of art as
well as science— and som e big assumptions.
From Unexpected to Extreme
Some credit portfolios, however, exhibit a much more extreme vari­
ance in their losses over intervals of time (e.g., a decade). Here, the
expected losses over time are constructed from both long runs of
good years (when losses are much lower than average) and short
runs of bad years (when losses are much higher than average). In
the bad years, losses reach unexpected and even extreme levels.
These portfolios can be very deceptive from a risk m anagem ent
point of view. It is easy to be lulled into a com placent view of risk
exposure and then experience a sudden shock. For this kind of
risky position or portfolio, banks need to allocate large amounts
of risk capital to protect against large unexpected losses that
can trigger insolvency and default. This allocation of risk capital
is done in addition to pricing EL into the product directly.
Risky Relationships
A classic exam ple of this loss level variability can be seen in the
regular cycles of boom and bust in commercial real estate mar­
kets (CRE) around the w o rld .13
First, demand for commercial property strengthens, often in line
with general economic upswings. But C R E supply is inelastic: it
takes time to construct a property. Prices rise, attracting inves­
tors, banks, and other lenders, who may begin to relax loan-to-
value ratios and other safeguards to gain market share.
1 *3
This classic cycle is well documented in the literature, for example,
European Systemic Risk Board, Report on Commercial Real Estate and
Financial Stability in the EU, December 2015, available at: https://www
.esrb.europa.eu/pub/pdf/other/2015-12-28_ESRB_report_on_commer-
dal_real_estate_and_financiaLstability.pdf
10 ■ Financial Risk Manager Exam Part I: Foundations of Risk Management
Eventually, prices begin to weaken through a combination of
cyclical oversupply of property and deteriorating econom ic
conditions. Banks begin to w ithdraw credit from investors and
developers in the m arket, exacerbating the fall. O verextended
property developers experience cash flow problem s. Property
loses value as collateral. The financial condition of C R E lenders
deteriorates and lending dries up. O ne fire sale later— and the
m arket has entered a devastating cycle of feedback.
The result for lenders is that the probability of default by prop­
erty developers rises at the same tim e collateral values fall— a
bad combination referred to as w rong way risk. The global C R E
m arkets are one of the clearest exam ples of how risk factors act
together to produce waves of extrem e loss.
There are many other exam ples in the financial m arkets of risk
factors that can act together to generate risk. For exam ple, in
derivative m arkets, the value of a contract with a counterparty
may tend to rise sim ultaneously with the default risk of the coun­
terparty (another exam ple of wrong way risk).
Value-at-Risk
In January 1990, Dennis Weatherstone, newly appointed C E O of J.P.
Morgan, called for a report on the total risk of his firm to be deliv­
ered to his desk every day at 4:15 p.m. The request helped to drive
the development of a new global risk metric: Value-at-Risk (VaR).1
14*
VaR uses the loss distribution associated with a position or portfolio
to estimate losses at a given level of likelihood (or confidence). For
example, if we set our confidence level at 99%, the VaR analysis
might tell us that losses would be expected to exceed USD 1 million
on only one in every 100 trading days. The VaR number tells us noth­
ing about how large the loss might be on that unlucky day, however.
However, an important point is that for any given loss distribution,
the VaR number would tend to fall if we eased the confidence
level to 95%. The number would also rise or fall if the shape of
the loss distribution changed. For exam ple, a loss distribution
with a much fatter tail incurs more unexpected loss and a larger
VaR number.
1.5 RISK FACTOR BREAKDOWN AND
INTERACTIONS BETWEEN FACTORS
The exam ple of the C R E cycle dem onstrates how im portant it
is for risk analysts to break risk down into discrete risk factors-
in this case, PD, LG D , and E A D — and understand how these
14 Other firms such as Bankers Trust, a US merchant bank, had been
working to build global risk reports in the period, and many of the con­
cepts underlying VaR are older than the 1990s. J.R Morgan published
the methodology behind its VaR model in 1993/4.
 BOX 1.4 WILL Al REVOLUTIONIZE RISK ANALYSIS?
Artificial intelligence and machine learning may help risk
m anagers approach the identification of risk variables in a
new way. This should allow risk managers to isolate innu­
m erable risk factors and understand their relationships at a
greater level of com plexity.
In the insurance world, for exam ple, analysts are bringing
together public databases, social data, ratings data, and
quoting data to understand risk at the individual level— the
"segm ent of o ne," as the industry calls it.
risk factors m ight interact over tim e and under stress to gener­
ate lo sse s.15
In turn, each primary risk factor is driven by a more fundam ental
set of risk factors. For exam ple, the probability of default by a
firm may be driven by its strength or weakness in term s of key
financial indicators, industry sector, m anagem ent quality, etc.
Breaking risk down into its key risk factors and understanding
their im portance as loss drivers— and their relationships with
each other and the w ider business environm ent— is a key activity
for risk managers and is our fourth building block.
A key question concerns how granular each risk factor analysis
should be. Ideally, risk m anagers would like to understand every
significant risk factor and analyze each factor's im portance and
dynamics through the data available.
To score the risk factor, the risk m anager may want to look at
its sub-factors. For exam ple, what is it that drives the credit risk
variable of m anagem ent quality: m anagem ent's years of exp eri­
ence? O r what drives a firm's vulnerability to cyber risk: system s,
processes, or people?
Finding the answers to such questions is im portant, but practi­
calities often impose their own limits. Analytical resources may
not be available. The loss data that can be used to isolate and
statistically exam ine the power of each risk variable may be lim­
ited in quantity, quality, or descriptive detail.
That being said, new stream s of data offering an undream t level
of granularity, analyzed by means of machine learning and m as­
sive cloud-based com putational power, may prove revolutionary
in the identification of discrete risk factors (Box 1.4).
15 Understanding the dynamics of a loss record greatly increases its
predictive power. To prepare for a key banking reform, Basel II, some
years ago, banks had to spend millions of dollars re-engineering their
credit rating systems when the regulators asked them to improve their
risk modeling by recording probability of default, loss given default, and
credit exposure as separate risk factors.
Chapter 1 The Building Blocks of Risk Management
A cross the risk industries, m assive com puting power can
now help risk m anagers spot patterns and relationships in
data more quickly. Unsupervised m achine learning can help
the risk m anager identify the "unknown unknowns" through
identifying clusters and correlations w ithout specifying the
area of interest in advance. Risk m anagers are about to
enter an age of plenty in term s of data volum e and risk fa c­
tor analysis.
1.6 STRUCTURAL CHANGE: FROM
TAIL RISK TO SYSTEMIC CRISIS
Som e risk events have a diabolical side that seem s designed to
outwit the human mind. This may be because such events are
very rare and extrem e or they arise from unobserved structural
changes in a market.
In com plex system s, such as the global clim ate or financial mar­
kets, extrem ely rare events can happen over long tim e periods,
even if the system remains structurally stable. These risks, really
an extrem e version of unexpected loss, are difficult to find in the
data because (by definition) there are not a lot of them .
Tail risk events might be rare, but a long enough time series of
data should reveal evidence of their existence. W here data are
scarce, modern risk m anagem ent can som etim es apply statistical
tail risk techniques, utilizing a branch of statistics called Extrem e
Value Theory (EVT) to help make tails more visible and to extract
the most useful inform ation.16
W hen the structure underlying a system changes, risk
increases. Large loss events may suddenly increase in fre ­
quency or size. Risk factors m ight suddenly move in lock-
step. Entirely new sources of loss, in term s of risk typ e, may
appear. In this case, more historical data will not help and
"once-in-100-year" events m ight pop up once a decade until
the structural problem is fixed , or proper risk m anagem ent pro­
cesses are adopted.
A change in events does not only affect tail risk— the amounts
of EL and unexpected loss might change as w ell. Risk m anag­
ers are continuously trying to assess the risk in system s that are
changing in ways that might, or might not, matter.
16 For accessible reviews of the literature, see A. Pazarbasi, "Tail Risk
Literature Review," Alternative Investment Analyst Review; D. Levine,
"Modelling Tail Behavior with Extreme Value Theory," Risk Manage­
ment, September 2009, Issue 17.
■ 11
W hile this is a problem for all risk m anagers, there is a sp e­
cial tw ist for those working in the financial m arkets. Unlike
most mechanical and natural system s, human system s (such
as financial markets) are subject to constant structural change
from levers such as social behavior, industry trends, regulatory
reforms, and product innovations.
An im portant recent exam ple was the growth in subprim e lend­
ing by US banks starting in the early 2000s and its role in the
creation of the 2007-2009 global financial crisis. Unusual types
of m ortgages, such as interest-only m ortgages, rose quickly
from com prising a small fraction of total loans originated to
a substantial share of all new m ortgages. A t the same tim e,
the proportion of loans that were subprim e also increased.
Structural change— looking out for it and modeling its future
effects— is our fifth building block of risk m anagem ent.
1.7 HUMAN AGEN CY AND
CONFLICTS OF INTEREST *1
Structural change is not the only wild card in financial system s.
Unlike natural system s, human system s are run by intelligent
participants that can react to change in a self-reflective or even
a calculating manner.
For exam ple, consider a trader who carefully attem pts to pre­
dict the effects of a m arket reform. The trader's peers can try
to second guess his or her predictions. Perhaps a regulator that
helped draft the reform joins a financial consulting firm and
advises the industry on how to circum vent the safeguard.
This type of behavior is true inside the firm as w ell. Those that
understand how risk is generated and managed are in the best
position to game it. They also often have the least incentive to
make the risk transparent: W hy would they broadcast the poten­
tial for unexpected loss levels or tail risks? This is one reason
many financial firms em ploy three lines of defense:
1. First line: Business line that generates, owns, and manages risk;
2 . Second line: Risk m anagers that specialize in risk m anage­
ment and day-to-day oversight; and
3 . Third line: Periodic independent oversight and assurance,
such as an internal audit.
The safeguards do not always work. Risk management systems
always have loopholes and become obsolete quickly in the face of
industry innovations. For example, in a worrying number of rogue
trading cases in the banking industry, the trader had first worked
in the middle or back office and thus understood the loopholes
in the risk management infrastructure. Sometimes traders and
business leaders deliberately undermine the credibility of risk
management systems. Understanding the role of human agency,
12 ■ Financial Risk Manager Exam Part I: Foundations of Risk Management
self-interest, and conflict of interest, is the sixth building block of
risk management.
1.8 RISK AGGREGATION
Given the many different types of risk and risk m etrics, a key
problem in risk m anagem ent is the challenge of seeing the big­
ger picture. How can senior m anagers identify the riskiest busi­
nesses on their watch and tell when the firm's aggregate risk is
approaching intolerable levels?
M arket risk tends to be the most am enable risk type to quan­
tification and aggregation but controlling this risk factor is
challenging. Until recent decades, m arket risk exposures were
largely com pared in term s of the notional am ount held in each
asset (e.g ., USD 20 million of a blue-chip stock).
This was never satisfactory. Som e stocks and industry sectors
were historically more volatile in price than others. Making mat­
ters w orse, it made no sense to use notional amounts to com ­
pare the risks taken by, for exam ple, the US treasury trading
desk and a desk dealing in a volatile com m odity.
The advent of the derivatives m arkets in the 1970s made it
im perative to improve m arket risk m easures. Derivatives can be
highly volatile and are an easy way to build up large risk exp o ­
sures. Their value and their risk are driven by factors only tan­
gentially related to the notional value of the instrum ent.
Portfolios of derivatives are often designed so that the indi­
vidual instrum ents offset each other's m arket risk. It therefore
makes no sense to treat the aggregate notional amounts in the
portfolio as an indicator of portfolio risk.
O ptions trading specialists developed their own m easures of
risk, including delta (i.e., sensitivity of option value to a change
in the value of the underlying) and theta (i.e., the change in
option value as the option expiration date approaches). These
"G re e ks" w ere— and still are— invaluable risk measures on the
options trading desk.
The G reeks are of limited help at an enterprise level, however,
because they cannot be added together; nor do they imply the
same level of risk across m arkets (e.g ., delta in foreign exchange
versus com m odity m arkets). Large financial institutions needed a
risk measure that was much more com prehensive.
VaR was a popular risk aggregation measure in the years leading
up to the crisis. However, it was not calculated using a set m eth­
odology, and there were at least three principal m ethodologies
(and many ways to im plem ent them ). In fact, the concept of VaR
also involves many simplifying assum ptions.
Th e co ncep t proved alm ost too useful. It was quickly applied
to m anage risk across much longer tim e horizons, across many
 BOX 1.5 TAKING ACCOUNT OF TAIL RISK
VaR only looks at the largest loss at a given likelihood thresh­
old; it does not exam ine the size of losses beyond this thresh­
old. For that reason, it is often said to ignore tail risk (i.e., the
effect of very severe but rare events). A fter the global finan­
cial crisis of 2007-2009, various rem edies for this were put
forw ard. O ne of these was expected shortfall (ES), which is a
statistical measure designed to quantify the mean risk in the
tail of the distribution beyond the cut-off of the VaR measure.
Banks and their regulators also turned to scenario stress test­
ing and reverse stress testing. Scenario analysis and stress
testing ignore the problem of measuring the frequency or
probability of a rare event. Instead, they focus analytical
resources on imagining a reasonably plausible worst-case
scenario that may develop in stages over an extended period.
institutions and w hole industries, and across many different
risk typ es.
The shortcom ings of VaR as a risk measure were understood
well before the global financial crisis of 2007-2009, but the crisis
brought these weaknesses to the forefront and led to a reaction
against over-dependence on this risk m etric. VaR does, however,
remain an im portant tool for risk m anagers.
Bank regulators have tried to improve the way VaR is calculated,
make its calculation across the industry more consistent and reli­
able, and strengthen the role of supplem entary risk measures
such as expected shortfall (ES) and worst-case scenario analysis
(Box 1.5).
The inherent drawbacks of VaR have encouraged risk managers
to adopt a broader approach to risk metrics. Aggregate risk m ea­
sures are useful in their place, but they inevitably fail to capture
key dimensions of risk and must be supplem ented with other
approaches. Understanding risk aggregation and its strengths
and weaknesses is our eighth risk m anagem ent building block.
1.9 BALANCING RISK AND REWARD
O ne of the great advantages of a VaR approach is that it helps
the firm to com pare the risk exposures of different business
lines. Firms come to understand the expected and unexpected
loss levels associated with different activities. Furtherm ore, the
firm can protect itself against these risks by making sure that its
risk capital— also known as econom ic capital— is large enough to
absorb the unexpected risk.
In the banking industry, econom ic or risk capital is the amount
of capital the firm requires based on its understanding of its
econom ic risks. It is distinct from regulatory capital, which is cal­
culated based on regulatory rules and m ethodologies. Econom ic
Chapter 1 The Building Blocks of Risk Management
Th e risk m anager d evelo p s the scenario — or is handed it
by a regulator— and then analyzes the im pact of the event
on the institution given its risk exp o sures and reactive
cap ab ilities. Scenario analysis and stress testing can be
highly quantitative and involve co m p lex m odeling, but the
num bers are all focused on assessing severity rather than
freq uency.
Reverse stress testing starts at the other end. The institution
applies its modeling capabilities to work out how bad losses
could get, then works backwards to try to understand how
those losses were linked to its exposures and activities. How
could the institution manage its activities to avoid the worst
that might happen?
capital and regulatory capital are som etim es in alignm ent, but
often generate quite different numbers.
Econom ic capital provides the firm with a conceptually satisfying
way to balance risk and reward. For each activity, firms can com ­
pare the revenue and profit they are making from an activity to
the amount of econom ic capital required to support that activity.
A firm can then take these risk capital costs into account when it
prices a product and when it com pares the performance of differ­
ent business lines. There are clear reasons to do this. For exam ­
ple, Business A might attract significant costs every year in terms
of EL but incur little in the way of unexpected losses. Business B,
on the other hand, might attract very little in the way of EL but
suffer from very large losses at the end of every business cycle.
W ithout a sophisticated risk-adjusted analysis of profitability,
it will be difficult to com pare Business A and Business B. Most
likely, Business B will look very attractive during the benign part
of the cycle. The firm might decide to cut product prices to
build up business volum e. This frequently results in unexpected
losses when the cycle turns. (Banking industries globally have
tended to behave in exactly this manner, exacerbating the ten­
dency for whole econom ies to go from boom to bust.)
To factor in the cost of risk of both expected and unexpected
losses, the bank can apply a classic formula for risk-adjusted
17
return on capital (or RA RO C):
R A R O C = R ew ard/Risk
W here, reward can be described in term s of After-Tax Risk-
Adjusted Expected Return, and risk can be described in term s of
econom ic capital.
17 See M. Crouhy, D. Galai, and R. Mark, The Essentials o f Risk Manage­
ment, 2nd ed. (Ch. 17), McGraw Hill, 2014.
■ 13
After-Tax N et Risk-Adjusted Exp ected Return also needs to be
adjusted for Expected Losses:
R A R O C = A fter-Tax N et Risk-Adjusted Expected Return/
Econom ic Capital
For an activity/portfolio to add value to shareholders (and the
stock price), RA R O C should be higher than the cost of equity
capital (i.e., the hurdle rate or minimum return on equity capital
required by the shareholders to be fairly com pensated for risk).
There are many variants on the R A R O C form ula, applied across
many different industries and institutions. Their level of sophis­
tication varies but all have the same purpose: to adjust perfor­
mance for risk. Four day-to-day applications stand out.
have set prices too low to make a risk-adjusted profit in one busi­
ness segment, while in another it may have the ability to reduce
prices and increase market share (and overall profitability).
• Risk m anagem ent co st/b en efit analysis: R A R O C analyses can
help a firm com pare the cost of risk m anagem ent (e.g ., risk
transfer via insurance, to the benefit of the firm).
There are many practical difficulties in applying R A R O C , includ­
ing its dependence on the underlying risk calculations. Business
lines often dispute the validity of RA R O C numbers, som etim es
for self-interested reasons. As with other types of risk metrics
(Box 1.6), decision-m akers should always understand what the
number means and what is driving it.

• Business com parison: R A R O C allows firms to com pare the
perform ance of business lines that require different amounts
of econom ic capital.
• Investm ent analysis: A firm typically uses the RA R O C formula
that uses projected numbers to assess likely returns from
future investm ents (e.g ., the decision to offer a new type of
credit product). RA R O C results based on past returns can
also be used to determ ine if a business line is providing a
return above a hurdle rate dem anded by the equity investors
who are the providers of the firm's risk capital.
• Pricing strategies: The firm can re-examine its pricing strategy for
different customer segments and products. For example, it may
1.10 ENTERPRISE RISK
MANAGEMENT (ERM): MORE THAN
ADDING UP RISK?
O ne challenge to an effective firm-wide risk m anagem ent pro­
cess is that at many firms, business divisions manage their risk
in a silo e d approach (i.e., where each division m anages its own
exposures independently without considering the risk exposures
of other divisions). Financial risk m anagers have long recognized
that they must overcom e this silo-based risk m anagem ent pro­
cess to build a broad picture of risk across risk types and busi­
ness lines: enterprise risk m anagem ent (ERM ).

BOX 1.6 HARD NUMBERS?

Risk reports are full of numbers that look objective and
em pirical. Risk analyses perform a confusing array of tasks
(Figure 1.6). Som e are intended to quantify risk in some
absolute sense— for exam ple, Risk Probability x Exposure x
Severity— though the data and the m odeling that underpin
these num bers vary in quality.
O thers track some com ponent of this equation, such as risk
exposure. However, a drop in one risk com ponent may not
mean risk is declining, unless everything else remains the
sam e. For exam ple, a bank losing m arket share might rem edy
this by loosening credit quality: The drop in loan volume may
not mean less credit risk.

Other numbers track key risk indicators (KRIs), which are quantita­
tive measurements that are used to assess potential risk expo­
sures. For example, a staff turnover metric might act as a KRI for
a type of operational risk. In this case, the relationship of the risk
indicator to the risk under examination is often based on judg­
ment. Decision-makers looking at risk metrics going up and down
sometimes fool them selves that they are watching risk itself,
when they are really watching a risk proxy of uncertain utility.
Through either judgm ent or calculation, businesses must bal­
ance risk and reward. That makes RA R O C and sim ilar m ea­ dimensions of risk.
sures the ninth building block of risk m anagem ent.

14 ■ Financial Risk Manager Exam Part I: Foundations of Risk Management

We devote Chapter 4 to ERM , the tenth building block of risk
m anagem ent. ERM projects encourage firms to think about
enterprise risk using tools, such as a clear statem ent of corporate
risk appetite, a cohesive approach to risk m anagem ent rough
global risk com m ittees, and so on.
O ftentim es, historic ERM efforts have over-focused on the need
to express risk as a single number such as econom ic capital or
VaR. Expressing risk as a single number was too sim plistic an
approach.
Perhaps the biggest lesson of the 2007-2009 global financial cri­
sis was that risk cannot be reduced to any single number.
• It is multi-dimensional, so it needs to be approached from
many angles, using multiple m ethodologies.
• It develops and crosses risk types, so even a wide view of risk
types— but at only one point in tim e— may miss the point.
• It dem ands expert judgm ent that is com bined with applica­
tion of statistical science.
Measuring risk in econom ic capital term s is im portant for bal­
ancing risk and reward. However, the key factor that saves an
institution may come from another risk analysis tool— perhaps
from worst-case scenario analysis or some new digital approach
(Box 1.7). Firms need a 360-degree view of risk and this can only
be built using a range of tools and a healthy am ount of curiosity.
For exam ple, insights might come from a risk m anager digging
deep and realizing the implications of a structural change in
a market. It might come from looking at the competition and
realizing that behavior across the industry might precipitate a
market crisis. O r it might come from a new risk indicator such
as a market-derived credit risk indicator that signals a change in
BOX 1.7 DIGITAL RISK M ANAGEM ENT?
The digital era is changing the face of business in many ways,
including the new ways that corporations interact with cus­
tom ers (m obiles, sensors) and new risks (cyber risk, privacy
regulations). How will the digital era change the working day
of the risk m anager over the next few years?
According to a survey by M cKinsey in 2017, the digital trans­
form ation of risk functions in financial institutions is occurring
more slowly than the transform ation of customer-facing oper­
ations. However, big changes are underway, including:
• Drawing information from a w ider set of sources to apply
advanced analytics to measure risk, for exam ple, applying
big data analytics to credit and operational risks;
• Faster and real-time decision-making based on more auto­
mated risk processes, for exam ple, autom ated corporate
credit scoring; and
Chapter 1 The Building Blocks of Risk Management
credit condition at a major counterparty early enough for action
to be taken.
That moment of realization, however, must be followed up with
actions. The modern approach to ERM must also look at the pro­
cesses that link information to action and also look at the firm's
corporate governance and risk culture, as we discuss in Chap­
ters 3 and 4. If the firm embarks on an aggressive push for growth
only to realize that risks have not been fully understood, what is
its process for changing course? Has that fire drill been tested?
ERM is no longer simply about aggregating risk across risk types
and businesses. It is about taking a more holistic approach to
the entire risk m anagem ent process and its relationship to stra­
tegic decisions. It is about the way the firm thinks about risk,
and in doing so establishes its corporate identity (Figure 1.7).
Using a Full Range
of Risk Analysis
Tools Looking at
Various Time
Horizons
Focusing on
People, How They
Communicate, and
"The Way We Do
Things"
Fiqure 1.7 ERM needs to think a bit bigger.
• G reater productivity, as risk processes are engineered
away from paper docum ents towards autom ated work
flows, for exam ple, for reviews of docum entation.
The survey found that there are big challenges involved with
digitizing risk m anagem ent in the form of legacy infrastruc­
ture, limited data, and the need for new digital skills. Data
scientists have the critical skill set for digitized risk functions
and may soon be in as much dem and as "rocket scientist"
risk m odelers.
S o u rce: M cK in sey & C o and Institute o f International Finance:
The Future o f Risk M anagem ent in the Digital Era, O cto b e r
2017; se e Exh ib it 23 regarding the n e e d for data scientists in
digital risk m anagem ent functions.
■ 15
The following questions are i to help candidates understand the material. They are not actual FRM exam questions.

QUESTIONS
1.1 D escribe and provide exam ples of fundam ental risk fac­ • Second line: Business line that generates, owns and
tors and their sub-risk factors that drive the probability of m anages risk; and
a firm's default • Third line: Periodic independent m anagem ent over­
1.2 W hat are the four com ponents of a risk m anagem ent sight and assurance such as internal audit.
process? A. True
B. False
1.3 Provide an exam ple of w hat is meant by basis risk.
1.18 Reverse stress testing applies its modeling capabilities to
1.4 W hat are two types of liquidity risk?
estim ate the size of potential losses.
1.5 W hat is meant by strategic risk? A. True
1.6 D escribe how risk m anagers becom e involved in business B. False
risk. 1.19 Frank Knight called variability that cannot be quantified at
1.7 W hat Is reputation risk? Provide exam ples in your answer. all as "unknown unknowns."
A. True
1.8 W hat is meant by econom ic capital? Contrast it with
B. False
regulatory capital.
1.20 The e x p e c te d shortfall is the expected loss in the tail of
1.9 W hat is the basic idea of R A R O C ? Provide the RA RO C
the distribution.
equation in your answer.
A. True
1.10 W hat are a few applications of R A R O C ? Provide exam ­ B. False
ples in your answer
1.21 Business risk involves making large, long-term decisions
1.11 D escribe the 4:15 p.m . report about the firm's direction, often accom panied by major
investm ents of capital, human resources, and m anage­
1.12 Provide a list of exam ples of risk m anagem ent that can
ment reputation.
be seen in early history.
A. True
1.13 Provide a list of the key risk m anagem ent building B. False
blocks.
1.22 Enterprise Risk M anagem ent is the m anagem ent of risk at
1.14 Provide a list of the four choices involved in the classic the business unit level.
risk m anagem ent process. A. True
1.15 Unsupervised machine learning can help the risk m anager B. False
identify the "unknown unknowns" through identifying 1.23 Securitization is a mechanism to transfer risk to a third
clusters and correlations without specifying the area of party.
interest in advance. A. True
A. True B. False
B. False
1.24 Business risk applies only to large non-financial corporates.
1.16 Banking regulators are encouraging tools that support A. True
using advanced analytical form ulas to calculate regulatory B. False
operational risk capital.
1.25 E S is
A. True
A. a statistical measure designed to quantify the mean
B. False
risk in the tail of the distribution beyond the cut-off of
1.17 The three lines of defense consists of: the VaR measure.
• First line: Risk m anagers that specialize in risk m anage­ B. the case where R A R O C fails to be greater than a
ment and day-to-day oversight; hurdle rate.

16 ■ Financial Risk Manager Exam Part I: Foundations of Risk Management

The following questions are intended to help candidates understand the material. They are not actual FRM exam questions.

1.26 Tail risk techniques are dealt by 1 .3 0 O perational risk includes

A. Extrem e Value Theory. A. counterparty risk.
B. VaR Theory. B. cyber risk.
C. Probably of Default Theory. C . reputation risk.
D. standard deviation. D. business risk.

1.27 O perational risk includes 1.31 The purpose of econom ic capital is to absorb
A. legal risk. A. expected loss.
B. business risk. B. unexpected loss.
C. reputation risk. C . tail loss.
D. currency risk. D. all of the above.

1.28 EL for a loan is based on 1 .3 2 Reputation risk

A. probability of default (PD). A. is easy to quantify.
B. exposure at default (EAD ). B. is the responsibility of the chief m arket risk officer.
C. loss given default (LG D ). C . cannot be managed at all.
D. all of the above D. should be monitored by the board.

1.29 W hich of various G reek m easures can be added together

across different currencies?
A. Delta
B. Gam m a
C. Theta
D. None of the above

Chapter 1 The Building Blocks of Risk Management ■ 17

The following questions are i to help candidates understand the material. They are not actual FRM exam questions.
ANSWERS
1.1 PD of a firm is driven by a firm's strength or weakness in
term s of key variables such as financial ratios, industry
sector, country, quality of data, and m anagem ent quality.
Each fundam ental set of risk factors is driven by sub­
factors. For exam ple, m anagem ent years of experience is
a sub-factor of the m anagem ent quality variable.
1.2 The risk m anager first attem pts to identify the risk then
next analyzes the risk. Subsequently the risk m anager
assesses the im pact of any risk event and ultim ately man­
ages the risk. In summary, the four com ponents are
1. Identify the risk,
2. Analyze the risk,
3. A ssess Im pact of risk, and
4. Manage the risk.
1.3 A form of m arket risk known as basis risk occurs if a posi­
tion intended to hedge another position might do so
im perfectly.
1.4 The two types are funding liquidity risk and trading
liquidity risk
Funding liquidity risk refers to the case where a firm can­
not access enough liquid cash and assets to m eet its obli­
gations. For exam ple, banks take in short-term deposits
and lend the money out for the longer term at a higher
rate of interest.
Trading liquidity risk refers to a case where markets
tem porarily seize up. For exam ple, if m arket participants
cannot, or will not, take part in the m arket, this may force
a seller to accept an abnorm ally low price, or take away
their ability to turn an asset into cash and funding at any
price.
1.5 Strategic risks involve making large investm ents, in long­
term decisions about the firm's direction, that can affect
its future direction and strategy.
1.6 Risk m anagers have specific skills they can bring to bear
in term s of quantifying aspects of business risk. For
exam ple, credit risk experts often becom e involved in
managing supply chain risk. Risk m anagers should be
involved at the start of business planning. For exam ple,
it may be im possible to fund the construction of a power
station without some form of energy price risk m anage­
ment strategy in place.
18 ■ Financial Risk Manager Exam Part I: Foundations of Risk Management
1.7 Reputation risk is the danger that a firm will suffer a sud­
den fall in its m arket standing or brand with econom ic
consequences. Rumors can be fatal in them selves. For
exam ple, a large failure in credit risk m anagem ent can
lead to rumors about a bank's financial soundness. Inves­
tors and depositors may begin to w ithdraw support in
the expectation that others will also w ithdraw support.
Unethical behavior of m anagers in the firm can hurt its
reputation.
1.8 Econom ic (risk) capital is the amount of capital the firm
requires based on its understanding of its econom ic risks.
Regulatory capital is calculated based on regulatory rules
and m ethodologies.
1.9 R A R O C = Rew ard/Risk. Reward can be described
in term s of After-Tax Risk-Adjusted Expected Return.
Risk can be described in term s of econom ic capital.
R A R O C should be higher than the cost of equity capi­
tal. R A R O C = A fter-Tax Net Risk-Adjusted Expected
Return*/econom ic capital
* After-Tax Expected Return is adjusted for EL
1.10 R A R O C can be used in business com parison, investm ent
analysis, pricing strategy, and cost-benefit analysis.
• Business com parison: For exam ple, com pare the
perform ance of business lines that require different
amounts of econom ic capital.
• Investm ent analysis: For exam ple, assess likely
returns from future investm ents (e.g ., the decision
to offer a new type of credit product).
• Pricing stra teg ies: For exam ple, exam ine pricing
strategy for different custom er segm ents and prod­
ucts (e.g ., it may have set prices too low to make a
risk-adjusted profit).
• Risk m anagem ent co st/b en e fit analysis: For
exam ple, com pare the dollar cost of risk m anage­
ment (e.g ., risk transfer via insurance, to the dollar
benefits).
1.11 Dennis W eatherstone, C E O of J .R Morgan, called for a
report in January 1990 on the total risk of his firm to be
delivered to his desk every day at 4.15 p.m .
1.12 See Figure 1.2 in C hapter 1
The following questions are intended to help candidates understand the material. They are not actual FRM exam questions.

1.13 linked to its exposures and activities. The goal is to help

an institution risk manage its activities to avoid the worst
1. The risk m anagem ent process
that might happen.
2 . Identifying known and unknown risks
3. EL, unexpected loss, and tail loss 1.19 False because Frank Knight sets out a fundam ental clas­
4. Risk factor breakdown sification of "know n" versus "unknow n" risk in his classic
5. Structural change from tail risk to system ic crisis paper on risk. Donald Rum sfeld, form er US Secretary of
6 . Human agency and conflicts of interest Defense said that "There are things we know that we
7. Typology of risks and risk interactions know. There are known unknowns . . . But there are also
8. Risk aggregation unknown unknowns".
9. Balancing risk and reward
1.20 True
10. Enterprise risk m anagem ent (ERM)
1.21 False
1.14
1.22 False
1. Avoid Risk
2 . Retain Risk 1.23 True
3. M itigate 1.24 False
4. Transfer
1.25 C . a statistical measure designed to quantify the mean
1.15 True risk in the tail of the distribution beyond the cut-off of
1.16 False because the Basel C om m ittee signaled a change the VaR measure.
of direction in 2016. Basel encourages banks to under­
1.26 A . Extrem e Value Theory.
stand their operational risk using a variety of tools but
capital allocation would be based on a sim pler stan­ 1.27 A . legal risk.
dardized approach using w eighted bank size with a mul­ 1.28 D. because EL = EA D X LG D X PD
tiplier based on the bank's record of larger operational
1.29 D. because G reeks for exam ple do not imply the
risk losses.
same level of risk across markets (e.g ., delta in foreign
1.17 False because business line is traditionally referred to as exchange versus com m odity m arkets).
the first line and risk m anagem ent is referred to as sec­
1.30 B. cyber risk.
ond line.

1.18 True because risk m angers work back from the reverse 1.31 B. unexpected loss.
stress test to try to understand how those losses were 1.32 D. should be monitored by the board.

Chapter 1 The Building Blocks of Risk Management 19

 Learning Objectives
A fter com pleting this reading you should be able to:

Com pare different strategies a firm can use to manage its A pply appropriate m ethods to hedge operational and
risk exposures and explain situations in which a firm would financial risks, including pricing, foreign currency, and
want to use each strategy. interest rate risk.

Explain the relationship between risk appetite and a firm's A ssess the im pact of risk m anagem ent tools and instru­
risk m anagem ent decisions. ments, including risk limits and derivatives.

Evaluate some advantages and disadvantages of hedging

risk exposures, and explain challenges that can arise when
im plem enting a hedging strategy.

21
It might seem obvious, given the discussion in C hapter 1, that
firms should manage financial risk. However, it is not that simple
in the corporate world. Specifically, a firm must answer several
questions.
• Does managing risk make sense from the perspective of the
firm's owners?
• W hat is the precise purpose of a risk m anagem ent strategy?
• How much risk should the firm retain? W hat risks should
be m anaged? W hat instruments and strategies should be
applied?
The wrong answers can turn risk m anagem ent itself into a major
threat to the firm.
Figure 2.1 lays out these issues as a road map. But while this
chapter follows this road map, the risk m anagem ent process
itself is deeply iterative. For exam ple, once a firm understands
the costs and com plexities of risk m anagem ent, it might revisit
w hether it should be involved in the risk-generating business
activity at all.
2.1 BACKGROUND: THE MODERN
IMPERATIVE TO MANAGE RISK*•
Firms have always managed their core business risks. They try to
understand what drives custom er dem and, cultivate a range of
suppliers for critical com ponents, backup their data, and insure
their warehouses.
However, they have not always managed financial risks with the
same intensity. So why do modern firms stress the im portance
of financial risk m anagem ent?
The answer lies in a potent mix of need and opportunity.
• N e e d : The need to manage financial risk grew significantly
from the 1970s as m arkets liberalized (e.g ., com m odities,
interest rates, and foreign exchange), price volatility shot up,
and the global econom y gathered steam .
• O pportunity: The growth in m arket volatility helped spawn
a fast-evolving selection of financial risk m anagem ent instru­
ments in the 1980s and 1990s, giving firms many more
opportunities to manage their risk profiles.
Figure 1.1 in Chapter 1 showed the rapid growth in instrument
types after the 1970s that was fueled by theoretical advances
such as the Black-Scholes-M erton option pricing m odel. This
process continued with the more recent arrival of credit and
w eather derivatives in the 1990s along with the ongoing em er­
gence of cyber risk transfer instruments beginning in the twenty
first century.
22 ■ Financial Risk Manager Exam Part I: Foundations of Risk Management
1. Identify risk appetite.
• Identify key corporate goals and risks.
• Should we manage risk?
• Which risks should we m anage?
• Create a risk appetite statem ent (broad term s).
2 . Map risks, make choices.
• Map risks.
• A ssess or measure risk/impact.
• Perform risk/reward analysis of risk m anagem ent
strategy (RA R O C etc.)
• Prepare com parative cost/benefit of risk m anage­
ment tactics.
• Choose basic strategy/tactics.
• Create a risk appetite statem ent (detailed term s).
3 . O perationalize risk appetite.
• Express risk appetite in operational term s.
• A ssess risk policies.
• Set risk limit fram ework.
• Rightsize risk m anagem ent team .
• Resources, expertise, infrastructure
• Incentives and independence
4 . Im plem ent.
• Choose tactics/instrum ents.
• Make day-to-day decisions.
• Establish oversight.
5 . Re-evaluate regularly to capture changes in:
• Risk appetite/risk understandings/stakeholder
view points,
• Business activity and risk environment (remapping), and
• New tools, tactics, cost-benefit analyses.
Fiqure 2.1 Risk Management Road Map: Five
Milestones.
Two decades of growth in the principal derivatives m arkets are
captured in Figure 2.2. The numbers behind this Figure include
trading as well as end-user risk m anagem ent. The distinct level­
ing off of growth in some risk m arket categories has been driven
by a fall in speculative use, tightening bank regulation,1 and a
decline in interest rates and m arket volatility following the
2007-2009 financial crisis. A t the same tim e, there are other risk
transfer m arkets (e.g ., cyber risk m anagem ent) that are continu­
ing to grow rapidly.1
1 For example, see A. Nag and J. McGeever, "Foreign Exchange, the
World's Biggest Market, Is Shrinking," Reuters, February 2016: https://
www.reuters.com/article/us-global-fx-peaktrading-idUSKCN0VK1 UD.
OTC derivatives notional amount outstanding by risk category
— Total Contracts —Credit Default Swaps Foreign Exchange — Interest Rates
(CDS) Contracts
Figure 2.2 OTC derivative notional volumes by risk type
(1999-2017).
Source: BIS Derivatives Statistics, see https://www.bis.org/statistics/about derivatives
stats.htm?m=6%7C32. Reprinted by permission.
Risks From Using Risk Management
Instruments
Risk m anagem ent instruments allow firms to hedge econom ic
exposures, but they can also have unintended negative conse­
quences. They can quickly change a firm's entire risk profile (i.e.,
within days or hours) in ways that can either reduce risk or build
BOX 2.1 DO EQUITY INVESTORS WANT MANAGERS TO HEDGE RISK?
The answer is generally "yes" if the investor has concentrated
their investm ent in a specific firm , (e.g ., a family-owned firm
or even a state-owned firm). The answer is potentially "n o " in
the more common case where the investor holds the invest­
ment as part of a diversified portfolio.
Note that in a large portfolio, any risks specific to the firm in
question are diversified away. Reducing firm -specific volatil­
ity in the value of an individual stock is therefore of minimal
value to investors.
M eanwhile, system atic risks that are not diversified away
by portfolio diversification (e.g ., interest rate risk) can be
m anaged at the portfolio level by the investor. The investor,
therefore, receives little benefit from such risk m anagem ent
a speculative position. Furtherm ore, this change may
not be im m ediately apparent.
USD mn
For exam ple, a firm with an exposure to a variable
interest rate might use a com plicated instrument that
dam pens this exposure, provided that interest rates
stay within certain bounds. But the same instrument
might increase the firm's financial exposure if interest
rates break through a given ceiling. Is this risk man­
agem ent, or a bet?
Modern corporations can potentially have risk profiles
traditionally associated with investm ent banks. All
that is needed is a computer, the right passwords,
and (hopefully) the permission of the board. The
growing resources devoted to corporate risk man­
agem ent exist partly to ensure these new corporate
capabilities are used wisely.
Hedging Philosophy
Contracts Ju st because a risk can be hedged does not mean
that it should be hedged. Hedging is simply a tool
and, like any tool, it has limitations.
For exam ple, hedging can only stabilize earnings
within a relatively short tim e horizon of a few years.
Hedging also has costs that are both transparent
(e .g ., an option prem ium ) and opaque (e .g ., the
dangers arising from tactical errors and rogue trading). M ean­
w hile, as Box 2.1 notes, equity investors who own firm s might
feel that risk is diversified aw ay in the context of their invest­
m ent portfolios.
These theoretical and practical objections to hedging should
lead firms to question w hether and how risk should be
at the level of the individual firm. A t the same tim e, some
investors want exposure to certain m acroeconom ic risks (e.g .,
the price of oil or gold).
The argum ent against hedging risk at the balance-sheet level
is well grounded in finance theory. However, finance theory
itself makes several unrealistic assum ptions about financial
m arkets. This chapter explores powerful "real-w orld" counter
argum ents in favor of hedging.
M eanwhile, a decades-long series of empirical studies aimed
at revealing whether hedging helps firms or not (e.g ., in terms
of raising their stock price com pared to non-hedgers) has yet
to deliver a knock-out blow for any one side of the argument.
The answer may turn out to vary across different industries.
Chapter 2 How Do Firms Manage Financial Risk? ■ 23
m anaged. But there are also powerful counterargum ents
in favor of hedging.
The th eo retical argum ents against hedging rest on the idea
th at m arkets are, in som e sen se, p e rfe ct and frictio n less. In
fa ct, there are m any m arket im p erfectio n s. H edging is often
intended to reduce the chance of financial d istress, which
incurs both d irect costs (e .g ., bankruptcy costs) and m ajor
o p p o rtu n ity costs. A firm hit by an u n exp ected m arket loss
will reduce its investm ent in other areas and m ove more
cautiously.
Im proving revenue stability also sends an im portant m essage
to potential d eb t investors who may be concerned about the
firm 's soundness. D eb t investors usually get no upside from a
firm 's revenue volatility. Th ey are only interested in w hether
the firm can fulfill its prom ises. That's also true for key custom ­
ers and suppliers.
In addition, hedging can make sense for investors if it is used
as a tool to increase the firm 's cash flow s (rather than to
reduce equity investor risk). For exam p le, firm s may need to
offer their custom ers a stable price over the next three years,
which may be im possible w ithout hedging a key cost input.
If hedging like this increases custom er dem and, then equity
investors are happy.
Likew ise, a firm th at com m its to supply a product into a fo r­
eign m arket in one year's tim e will need to hedge the relevant
currency to lock in profit m argins. For m anagers, perhaps the
m ost im portant operational benefit of hedging is the plan­
ning b enefit. W ithout the use of hedging, the random uncer­
tainty of a fluctuating currency can make planning alm ost
im possible.
Equity investors are also happy if the firm uses hedging to
reduce its tax bill (e.g ., by stabilizing revenues from one year to
the next). Again, hedging has the effect of increasing after-tax
revenues.
Finally, equity investors are not the only stakeholders, and cer­
tainly not the only decision-m akers. M anagers, regulators, and
general staff exp ect the firm to be financially sound and pro­
tected from sudden mishaps. Less legitim ately, m anagers may
use hedging to ensure their firm m eets key short-term targets
(e.g ., stock analyst expectations) that affect their prestige and
com pensation. Risk m anagers need to pay close attention to
how derivatives can leverage agency risks.
There are im portant argum ents for and against hedging, as
well as a variety of potential m otivations. Firm s need to explain
their rationale for hedging in term s of basic aims (e .g ., m an­
aging accounting risk, balance-sheet risk, econom ic risk, or
operational risk). They also need to be clear on the size of their
risk ap p etite.
24 ■ Financial Risk Manager Exam Part I: Foundations of Risk Management
2.2 RISK APPETITE—WHAT IS IT?
Risk appetite describes the am ount and types of risk a firm is
willing to accept. This is in contrast to risk capacity, which
describes the maximum amount of risk a firm can absorb.2
A recent trend among corporations is to use a board-approved
risk appetite to guide m anagem ent and (potentially) to inform
investors. But what exactly is a risk appetite in practical term s? It
is two things.
1. A statem ent about the firm's willingness to take risk in
pursuit of its business goals. The detailed risk a p p etite
sta tem en t is usually an internal docum ent that is subject to
board approval. However, attenuated versions can appear
in some annual corporate reports.
2. The sum of the mechanisms linking this top-level statem ent
to the firm's day-to-day risk m anagem ent operations. These
m echanisms include the firm's detailed risk policy, business-
specific risk statem ents, and the fram ew ork of limits for key
risk areas.
The operational expression of the risk appetite statem ent should
also be approved by the board and needs to be congruent with
a w ider set of risk-related signals that the firm sends to its staff
(e.g ., incentive com pensation schem es).
The banking industry, pushed by regulators and a series of cri­
ses, is perhaps at the forefront of developing risk appetite as a
concept. Box 2.2 describes how one leading global bank defines
its risk appetite and sets it to work.
There is a trend toward making corporate risk appetites more
explicit, both in term s of the kinds of risks deem ed acceptable
and in term s of forging a link to quantitative risk m etrics. How­
ever, one fundam ental question concerns the meaning of the
phrase risk a p p etite, which is used to mean many different (if
related) concepts in the business literature (Box 2.3).
Is risk appetite the total am ount of risk the firm could bear w ith­
out becoming insolvent? O r is it the am ount of risk the firm is
taking today? O r the amount that it would be happy to bear at
any one tim e?
In Figure 2.3, the answer is the latter. Here, the risk appetite is
set well below the firm's total risk bearing capacity, and above
the amount of risk the firm is exposed to currently (labeled here
as the firm's risk profile). The dotted lines are upper and lower
trigger points for reporting purposes. These are designed to let
2 For example, from a risk capacity perspective, a bank is not allowed to
lower its leverage ratio below 3% (where leverage ratio is a measure of
the bank's tier 1 capital as a percentage of its assets + off balance-sheet
exposures).
 BOX 2.2 HOW IS HSBC USING ITS RISK APPETITE STATEMENT? (EXTRACT
FROM 2 0 1 6 A N N U A L R E P O R T )
"The group's Risk A ppetite Statem ent describes the types
and levels of risk that the group is prepared to accept in
executing its strategy. Q uantitative and qualitative metrics
are assigned to 13 key categories, including: earnings, capital
and leverage, liquidity and funding, interest rate risk in the
banking book, credit risk, traded risk, operational risk, finan­
cial crim e com pliance and regulatory com pliance. M easure­
ment against the m etrics:
• G uides underlying business activity;
• Informs risk-adjusted rem uneration;
• Enables the key underlying assum ptions to be monitored
and, where necessary, adjusted through subsequent
business planning cycles; and
• Promptly identifies business decisions needed to mitigate risk.
The Risk A ppetite Statem ent is approved by the Board fo l­
lowing advice from the Risk Com m ittee. It is central to the
annual planning process, in which global businesses, geo­
graphical regions and functions are required to articulate
their individual risk appetite statem ents. These are aligned
with the group strategy, and provide a risk profile of each
global business, region or function in the context of the indi­
vidual risk categ ories."
S o u rce: Excerpted from H SBC Bank pic, Annual Report and
Accounts 2016, page 20.

BOX 2.3 FIRM-LEVEL VERSUS INDUSTRY-LEVEL RISK APPETITE

The main te xt talks about the risk Chart 7. Corporate risk appetite
appetite of an individual firm . But
% of C F O s who think this is a good tim e to take greater risk onto their balance sheets
how does this relate to the industry-
level risk appetite discussed in the
business press? For exam ple, econo­
mists often survey the risk a p p etite
felt by business leaders and use the
results to track how eager firms are
to invest and grow (figure).

It may be best to think of a firm's

internal risk appetite as a relatively
stable "through the cycle" attitude
toward risk at an individual firm.
M eanwhile, the figure is a "point in
tim e" barom eter of sentim ent across
the industry, driven largely by exter­
nal environmental factors (e.g ., Brexit
or G D P growth).
Q3 Q2 Q1 Q4 Q3 Q2 Q1 Q4 Q3 Q2 Q1 Q4 Q3 Q2 Q1
Fiqure UK corporate risk appetite—CFO survey data.
Source: Deloitte, The Deloitte CFO Survey (UK), Q1 2018, page 3. Reprinted by permission.

the board know if risk taking looks unnaturally low or if there is a
danger of breaching the agreed risk ap p etite.3
3 Our arguments in this paragraph, and the exhibit it refers to, fol­
low the discussion in Deloitte, Risk Appetite Frameworks, How to
Spot the Genuine Article, 2014, page 8: https://www2.deloitte.com/
content/dam/Deloitte/au/Documents/risk/deloitte-au-risk-appetite-
frameworks-financial-services-0614.pdf. There are also useful discussions
in COSO, "Enterprise Risk Management: Integrating with Strategy and
A nother key issue concerns consistency of risk appetite across
risk types. G enerally, firms regard them selves as more or less
"conservative " or "entrepreneurial" in their attitude toward
risk. However, this characterization should logically depend on
the type of risk, and on the firm's risk m anagem ent expertise.
Performance," June 2017, volume 1. Note that the terminology around
risk appetite— particularly capacity and tolerance— is not always used
consistently across the literature.

Chapter 2 How Do Firms Manage Financial Risk? ■ 25

 Capacity
Appetite
Fiqure 2.3 Risk appetite as a metric.
Source: Deloitte, Risk Appetite Frameworks, How to Spot the Genuine
Article, 2014, detail from Figure 1, page 8: https://www2.deloitte.com/
content/dam/Deloitte/au/Documents/risk/deloitte-au-risk-appetite-
frameworks-financial-services-0614.pdf.
For exam ple, a high-tech firm might decide to adopt a very
high-risk strategic objective in the belief that this is within its
expertise. It might even believe that it will lose its purpose
entirely if it does not outpace com petitors. Here, taking a bet is
risk m anagem ent. However, the same firm could logically take a
very conservative view of how it m anages its foreign exchange
exposures. Furtherm ore, may already be managing some risks
(e.g ., cyber risk) much more explicitly and adeptly than the con­
servative blue-chip firm across the road.
Risk appetite is therefore part of a firm's wider identity and capa­
bilities. Firms must ask, "W ho are w e?" and "W ho do our stake­
holders think we are?" well before they get to the point of trying
to operationalize a risk appetite. (Whether crafting a corporate
"mission statem ent" will help in this endeavor is another question.)
In truth, forging a robust link between top-of-house risk ap p e­
tite statem ents and the operational m etrics of risk appetite in
a particular risk type or business line is a challenging task. As
seen in C hapter 1, there is no single measure of risk, even within
a single risk type, that allows us to monitor risk at the business
level and then easily aggregate this to the enterprise level.
The result is that firms operationalize their risk appetite using a
m ultiplicity of m easures. For financial firms, this can include busi­
ness and risk-specific notional limits, estim ates of unexpected
loss, versions of value-at-risk (VaR), and stress testing. The level
of detail needs to reflect the nature of the risk and the sophisti­
cation of the risk m anagem ent strategy.
2.3 RISK MAPPING— HERE BE
DRAGONS!
The risk appetite statem ent tells a firm what the basic objective
is. But it also needs to map out its key risks at the cash flow level
and assess its size and timing over particular tim e horizons.
26 ■ Financial Risk Manager Exam Part I: Foundations of Risk Management
For exam ple, a firm might be exposed to a major com m odity
price risk (e.g ., the price of copper) arising from its manufactur­
ing operations. In this case a risk m anager might begin by look­
ing ahead to the am ount of copper the firm will need to keep in
stock. W hen will it need the m etal, and where will it need to be
delivered? W hich local price benchm ark most closely represents
its risk?
A firm may also be exposed to foreign exchange risk. The
first step here is to map out existing positions as well as con­
tracts and other upcoming transactions. The firm then needs
to develop a policy that dictates which exposures should be
hedged (e.g ., should hedging include sales that are probable
but not yet certain?) It also needs to set down the timing of the
various cash flows as well as understand the assets and liabilities
exposed to exchange rates.
It may well be that (by design or accident) some of the cash
flows cancel each other out. M apping risk is a way to recognize
im portant netting and diversification effects and to put in place
a plan for increasing these effects in future years.
A firm may also be exposed to risks that it will need to insure
against (e.g., the risk of natural catastrophes, physical mishaps,
and cyber incidents). Risk mapping should not ignore risks that
are difficult to track in term s of exposure and cashflow. For
exam ple, a new business line might attract large, difficult to
quantify data privacy risks as well as foreign exchange exposures.
2.4 STRATEGY SELECTION: ACCEPT,
AVOID, MITIGATE, TRANSFER *•
O nce a risk m anager understands the firm's risk appetite and
has m apped its key risks, then he or she can decide how to best
handle each risk.
First, risk m anagers must define the most im portant risk exp o ­
sures and make some basic prioritization decisions. W hich risks
are most severe and most urgent?
Second, the firm needs to assess the costs and benefits of the
various risk m anagem ent strategies.
• Retain: Firms will want to accept some risks in their entirety,
or to accept part of a loss distribution. Note that retained risks
are not necessarily small. For exam ple, a gold mining com ­
pany may choose to retain gold price risk because its investors
desire such an exposure. Alternatively, an input price risk that
expresses itself as expected loss can be retained and priced
into the product. A key part of risk m anagem ent is making
carefully considered decisions to retain risk.
• A v o id : Firms may want to avoid the types of risk that they
regard as "unnatural" to their business. Some risks can only
 be avoided by stopping a business activity. Firms som etim es
say they have "zero tolerance" for certain kinds of risk or
risky behavior. But unless the right safeguards are in place,
this sentim ent may be more hopeful than descriptive.
• M itig a te: O ther risks can be m itigated in various ways. Exam ­
ples include a firm asking for additional collateral to mitigate
a credit risk and an airline investing in more efficient aircraft
to mitigate its exposure to je t fuel price risk.
• Transfer: Firms can transfer som e portion of their risks to
third parties. For exam ple, insurance contracts and financial
derivatives offer ways to transfer risks (at a financial cost).
Senior m anagem ent and the board will be responsible for
selecting risk m anagem ent strategies for larger risks. However,
the risk m anager needs to help them choose among the vari­
ous options. W hich strategy allows the firm to stay within its risk
appetite in the most efficient manner?
It is rare for the costs of each strategy to be com pletely trans­
parent. The cost of transferring the risk, for exam ple, would ide­
ally include the cost of em ploying a risk m anager and the cost of
managing any residual risks (e.g ., basis risks).
M eanwhile, a firm that hedges a com m odity price might find
that its com petitors gain a short-term advantage from any fall in
the spot price. Can it really put a num ber against that potential
com petitive w eakness? W hile numbers are critical, a great deal
of business judgm ent is also required.
Finally, firm s may have to conduct this kind of analysis for risks
that are harder to quantify than m arket risk— including new
insurable risks.4 For exam ple, firms may need to estim ate the
size of a cyber risk loss through worst-case analysis and expert
judgm ent (e.g ., a 5% estim ated chance of a USD 100 million
data loss event), and then com pare this to the mitigation offered
by a costly data system s upgrade. That in turn may need to be
com pared to the costs and benefits of transferring part of the
risk to the fast-evolving cyber insurance market.
2.5 RIGHTSIZING RISK MANAGEMENT
O nce a firm has an idea of its goals in key risk areas, it needs to
make sure it has a risk m anagem ent function that can develop
and execute the approach (Figure 2.4). O ne issue is the need to
rightsize risk m anagem ent.
For exam ple, transferring a well-understood risk through a one-
off m arket hedge or the purchase of annual insurance can be
4 For example, see the discussion in M. Crouhy, D. Galai, and R. Mark,
"Insuring vs Self-Insuring Operational Risk: The Viewpoint of Depositors
and Shareholders," Journal o f Derivatives 12 (2), 2004, pp. 51-55.
Chapter 2 How Do Firms Manage Financial Risk?
• Determ ine the following:
• Risk appetite/hedging philosophy;
• Basic goals (e.g ., reducing volatility, enhancing
m arket-perceived soundness of firm , reducing taxes
paid, reducing limit breach risk);
• Accounting treatm ent (cost center, econom ic center, or
profit center); and
• Risks covered:
• Risk type (financial risk, operational risk, business
risk, reputational risk, strategic risk, etc.); and
• Tim e horizons
• Rightsizing the function:
• Resources, and
• Budget
• Set reporting lines/accountability/oversight:
• Independence
• Establish policy and procedures (docum entation).
• Evaluate perform ance:
• Evaluation m ethodology, and
• Incentive com pensation
Figure 2.4 Ensuring the risk management unit is fit
for purpose.
(relatively) sim ple. Running a dynam ic and sophisticated hedg­
ing strategy that involves continual readjustm ent in the markets
is another m atter entirely.
Dynamic strategies can offer cost savings, but they require a
much bigger investment in systems and trader expertise. They
may require the firm to build com plex models and to apply
sophisticated metrics (e.g., VaR) and a wider-ranging limit system
(Figure 2.5). It also becom es more important to separate out the
trading function from the back-office and risk oversight functions.
W ithout rightsized team s in place, firm s using sophisticated
risk m anagem ent instrum ents and strategies can becom e too
dependent on suppliers such as investm ent banks. For exam ple,
they may end up without a good way to independently price
an instrum ent. A t several points during the year, firms need to
conduct a board-level gap analysis to make sure their level of
sophistication matches the conservatism of their strategy.
A firm will also need to make sure the risk m anagem ent function
has a clear accounting treatm ent in term s of w hether it operates
as a cost center or a profit center. Risk m anagem ent at many
non-financial firms is regarded a cost center, while some forms
of risk m anagem ent in banking adopt a profit center approach.
Firms also need to decide on a related issue: should the costs
of risk m anagem ent be proportionally distributed to the areas
that risk m anagem ent serves? The answers to all these questions
depend on an organization's risk culture and appetite.
■ 27
 Limit Nature Example Weakness

Stop Loss Limits Loss threshold and associated action (e.g ., close out, Will not prevent future exposure, only limit
escalation) realized losses

Notional Limits Notional size of exposure Notional am ount may not be strongly related
to econom ic risk of derivative instrum ents,
especially options.

Risk Specific Limits Limits referencing some special feature of risk in These limits are difficult to aggregate; may
question (e.g ., liquidity ratios for liquidity risk) require specialized knowledge to interpret.

M aturity/Gap Limits Limit amount of transactions that mature or reset/ These limits reduce the risk that a large volume
reprice in each tim e period of transactions will need to be dealt with in a
given tim e fram e, with all the operational and
liquidity risks this can bring. But they do not
speak directly to price risk.

Concentration Limits Limits of concentrations of various kinds (e.g ., to These limits must be set with the understand­
individual counterparties, or product type) ing of correlation risks. They may not capture
correlation risks in stressed m arkets.

G reek Limits Option positions need to be limited in term s of their These limits suffer from all the classic model
unique risk characteristics (e.g ., delta, gamma, vega risk) risks and calculation may be com prom ised at
trading desk level without the right controls
and independence.

Value-at-Risk (VaR) A ggregate statistical number VaR suffers from all the classic model risks and
may be m isinterpreted by senior m anagem ent.
Specifically, VaR does not indicate how bad a
loss might get in an unusually stressed m arket.

Stress, Sensitivity, These limits are based on exploring how bad things Varies in sophistication. D ependent on deep
and Scenario Analysis could get in a plausible worst-case scenario. Stress tests knowledge of the firm's exposures and market
look at specific stresses. Sensitivity tests look at the behavior. Difficult to be sure that all the bases
sensitivity of a position or portfolio to changes in key are covered (e.g ., there are endless possible
variables. Scenario modeling looks at given real-world scenarios).
scenarios (hypothetical or historical).

Fiqure 2.5 Limits— Example Types.

2.6 RISK TRANSFER TOOLBOX *
In many cases, the risk m anager will decide to transfer a portion
of a financial risk to the risk m anagem ent m arkets. The range
of instruments available for hedging risk is can be categorized
(broadly) into swaps, futures, forw ards, and options.
A nother key difference cuts across instrument types: trading
m echanics. Is the instrum ent offered through one of the large
exchanges, or is it a private bilateral O T C agreem ent between
two parties? O T C and exchange-based derivatives have differ­
ent strengths and w eaknesses, particularly relating to liquidity
and counterparty credit risk.

These instrum ents have different capabilities like the different
tools in a toolbox (Figure 2.6).
The use of these instrum ents requires firms to make key d eci­
sions based on their specific needs. For exam ple, firm s must
decide how much they are willing to pay to preserve flexibility.
Note that a forward contract provides price stability, but not
much flexibility (because it requires the transaction to occur at
the specified tim e and price). A call option provides both price
stability and flexibility, but it com es with its own added cost (i.e.,
the option premium).
Exchange-based derivatives are designed to attract trading
liquidity. Not all succeed, but most can be traded easily at a
relatively low transaction cost. The downside of this approach
is like that of buying an off-the-rack suit: it is difficult for the risk
m anager to find a perfect fit. For exam ple, a com m odity risk
m anager may find the available futures contract does not cover
the exact risk type, has a timing mismatch, or captures the price
in the wrong location. These mism atches create basis risk.
More positively, exchange-based derivatives minimize counter­
party credit exposure through margin requirem ents and netting

28 ■ Financial Risk Manager Exam Part I: Foundations of Risk Management

 Instrument Type Defining Features

Forward It is a tailored agreem ent to exchange an agreed upon quantity of an asset at a pre-agreed price at some
future settlem ent date. The asset may be delivered physically, or the contract may stipulate a cash settlem ent
(i.e., the difference between the agreed upon price and some specified spot or current price).

Future It is an exchange-listed forward with standardized term s, subject to margining.

Swap It is an over-the-counter (O TC) agreem ent to swap the cash flows (or value) associated with two different
econom ic positions until (or at) the maturity of the contract. For exam ple, one side to an interest rate swap
might agree to pay a fixed interest rate on an agreed upon notional amount for an agreed upon period, while
the other agrees to pay the variable rate. Swaps take different forms depending on the underlying m arket.

Call Option The purchaser of a call option has the right, but not the obligation, to buy the underlying asset at an agreed
upon strike price, either at the maturity date (European option) or at any point during an agreed upon period
(Am erican option).

Put Option The purchaser of a put option has the right, but not the obligation, to sell the underlying asset at the agreed
upon strike price at the maturity date (European option) or at any point during an agreed upon period
(Am erican option).

Exotic Option There are many different options beyond the standard or plain vanilla puts and calls. These include Asian (or
average price) options and basket options (based on a basket of prices).

Swaption It is the right, but not the obligation, to enter a swap at some future date at pre-agreed term s.

Figure 2.6 The risk management toolbox.

arrangem ents. Counterparty credit risk in the O T C markets

Notional Outstanding
often looks rather low until a financial crisis occurs. A t that point,
(Dec 31, 2017)
banks and other counterparties suddenly look fragile. Clearing
Commodity Derivative (in USD Millions)
houses have begun to play a bigger role in the O T C m arket, so
the distinction between exchange-based and O T C instruments Aluminum Swaps USD 1,412
in term s of counterparty risk is no longer as clear cut. Natural G as and Energy Derivatives USD 211
Risk m anagers can mix and match the various O T C and Exchange-Traded W heat Futures USD 509
exchange-based instrum ents to form a huge variety of strate­
Exchange-Traded Sugar Futures USD 87
gies. The next few sections look at strategy form ulation in three
key m arkets: agricultural products, energy, and interest rate/ Corn Swaps USD 223

foreign exchange. Rice Swaps USD 221

Figure 2.7 Anheuser-Busch: Selected commodity

Beer and Metal
The modern history of risk m anagem ent arguably began with
the agricultural futures contracts listed on the Chicago Board of
Trade (C BO T) in the 1860s. Farm ers, as well as food and drink
producers, manage com m odity price risks of many kinds. For
exam ple, the U.S. brewer Anheuser-Busch has big price exp o­
sures to wheat, barley, hops, corn grits, corn syrup, and other
agricultural products, as well as to the aluminum it uses for its
beer cans and the energy it uses in its processes.5 Like other
brewers, it is a major user of derivatives to manage these risks
(Figure 2.7).
derivatives usage.
Source: Anheuser-Busch InBev, 2017 Annual Report, Section C:
Commodity price risk, page 123.
Anheuser-Busch and other big U.S. brewers have various strate­
gies available to them .6*For exam ple, the brewers can manage
w heat price exposures by fixing the price they pay per bushel of
w heat using futures contracts (e.g ., contracts traded on the
C B O T ). They can then hold these contracts for some months
until they mature. A t that point, the brewers can either take

6 For an enlightening account of Anheuser-Busch's strategy see the first

part of B. Tuckman, "Derivatives: Understanding Their Usefulness and
5 Anheuser-Busch InBev, 2077 Annual Report, Section C: Commodity Their Role in the Financial Crisis," Journal o f Applied Corporate Finance,
price risk, page 123. Volume 28, Number 1, Winter 2016.

Chapter 2 How Do Firms Manage Financial Risk? ■ 29

delivery as specified by the exchange or sell it near the delivery
date and use the proceeds to purchase from their favored sup­
plier. Either way, they have largely managed the price risk of
w heat for that period using a liquid exchange contract.
For a different com m odity, such as the aluminum used in beer
cans, the same brew er might instead turn to the O T C m arket
and enter a swap with a bank. Here, the brew er pays the bank
a fixed price for a given quantity of aluminum every few weeks
for the life of the swap. In return, the bank pays the brew er the
variable m arket price charged by the brewer's local aluminum
suppliers. By tailoring an O T C swap, the brewer can manage the
basis risks that arise from its production requirem ents (i.e., in
term s of the precise tim e it needs the metal and any variability
in local pricing).
If the price of aluminum falls, the bank could end up with a heavy
loss. More likely, the bank will lock in a profit margin by hedging
its own position using its expertise in the metals m arkets. M ean­
while, the brewer is happy because it has fixed an aluminum
price that might otherwise prove highly volatile and subject to
random geopolitical factors (e.g ., trade disagreem ents, tariffs, or
sanctions against key aluminum producing countries).7
Airline Risk Management: Turbulence
Ahead
Airlines are heavily exposed to volatile je t fuel prices, with as
much as 15-20% of airline operating costs burnt in the air. In
their fiercely com petitive industry, airlines cannot easily raise
passenger ticket prices in response to spikes in oil prices. This
is because ticket pricing follows consum er dem and rather than
airline costs.
A s a result, the industry has used a sophisticated combination of
swaps, call options, collars (i.e., calls and puts), current oil con­
tracts, and other instrum ents to manage its price risks since the
mid-1980s. (The m arket matured quickly after the 1990-1991
G ulf W ar caused a spike in energy prices. Note that many man­
agem ent m arkets are born out of crises.)
O ne problem for airlines is that there are few futures contracts
available for jet fuel. Using w idely available exchange instru­
ments to hedge against the price of crude oil or some other
oil product (e.g ., heating oil) is one way to get around this.
7 See A. Petroff, "Sanctions Have Sent Aluminium Soaring. That Could
Hurt Your Wallet," CNN Money, April 11 2018, see http://money.cnn
.com/2018/04/11/investing/aluminum-prices-sanctions-rusal/index.html.
The price of the metal is also affected by more fundamental factors such
as bauxite mining and smelting costs. See C. Harris, "Long-term Metal
Price Development," Managing Metals Price Risk, Risk Publications,
1997, pages 167-187.
30 ■ Financial Risk Manager Exam Part I: Foundations of Risk Management
However, this method leaves airlines open to changes in the
volatile "sp read " between the price of je t fuel and the price of
crude oil. Airlines using this approach therefore need to hedge
this differential, as well as other basis risks in term s of timing
and location. A s an alternative, many firms use O T C instruments
to tailor their hedging to je t fuel prices and to their specific
delivery requirem ents.
Despite decades of je t fuel hedging, there is still industry dis­
agreem ent about w hether airlines ought to be hedging at all.
Most airlines hedge some of their price risk, but some prefer to
retain it all.
The naysayers cite the expense of hedging program s, as well
as the risk hedging will lock in je t fuel prices at a high point in
the m arket just before a steep price fall. This might not seem so
bad. Few airlines are 100% hedged so a price fall is always good
news. However, it can lead to severe hedging losses and make
the profitability of the hedged airline look poor com pared to its
unhedged com petitors.
Unhedged Am erican Airlines reported a bum per year for 2014
because it could take full advantage of a 40% -50% fall in the
price of je t fuel. Am erican, unlike its hedged com petitors,8
ended up saving USD 600 million. With oil prices staying low in
the years after 2014, many of Am erican Airlines' com petitors
began cutting back on their hedging operations.
But remaining unhedged is also a bet. Back in 2008, oil had
reached unexpected highs even as the world was enveloped in a
financial crisis. That year, the airlines with the tightest hedging
programs were the ones that looked clever.9*
Airlines can try to get around this conundrum by hedging only
a portion of their je t fuel costs, using options, or entering long
forward contracts on je t fuel. But options-based strategies, while
arguably the purest form of risk m anagem ent, can be expensive
to put in place.
Might vertical integration help? Delta A ir Lines, one of the
world's largest airlines, bought its own oil refinery in 2012 as
part of its fuel m anagem ent strategy. O ver the years, the invest­
ment has allowed the airline to manage je t fuel availability in a
key region while helping to cover the spread between je t fuel
costs and the cost of crude oil.
8 H. Martin, "American Airlines' Fuel-Buying Bet Pays Off in Record
Profit," Los Angeles Times, January 28, 2015; see http://www.latimes
.com/business/la-fi-airlines-fuel-hedging-20150128-story.html
9 For an accessible overview of airline hedging ups and downs,
see H. Gosai, Part Two: Fuel Hedging in the Airline Indus­
try, September 2017: https://airlinegeeks.com/2017/09/18/
part-two-fuel-hedging-in-the-airline-industry/
 BOX 2.4 MCDONALD'S FINANCING AND MARKET RISK— FORM 10-K EXCERPTS
"Th e Com pany generally borrows on a long-term basis and
is exposed to the im pact of interest rate changes and foreign
currency fluctuations. D ebt obligations at D ecem ber 31, 2017
totalled USD 29.5 billion, com pared with USD 26.0 billion at
D ecem ber 31, 2016. . . .
The Com pany uses major capital m arkets, bank financ­
ings and derivatives to m eet its financing requirem ents and
reduce interest expense. The Com pany m anages its debt
portfolio in response to changes in interest rates and foreign
currency rates by periodically retiring, redeem ing and repur­
chasing debt, term inating swaps and using derivatives. The
Com pany does not hold or issue derivatives for trading pur­
poses. All swaps are over-the-counter instrum ents.
In managing the im pact of interest rate changes and for­
eign currency fluctuations, the Com pany uses interest rate
However, the refinery industry has its own ups and downs, which
could be a potential distraction for Delta. Furtherm ore, owning
a refinery arguably increases the airline's exposure to crude oil
AA
price volatility. A fter all, most of a refinery's output is not jet
fuel. In airline risk m anagem ent, as in life, there are no easy
answers.
Interest Rate Risk and Foreign Exchange
Risk Management
Interest rate and foreign currency risks are critical areas of price
risk m anagem ent for many firms. Box 2.4 presents excerpts from
M cDonald's 2017 Form 10-K (i.e., its annual report) that help
explain why this is so. As a global business with a presence in
over 100 countries, the fast food operator and franchiser has an
active risk m anagem ent function.
W hile individual transactions can be im portant, large firms like
M cDonald's have many financial exposures that balance and
10 The refinery, situated on the East Coast of the United States, has
had some good and some less good years in terms of profitability,
but has given Delta some leverage on jet fuel prices and more gener­
ally the "crack spread" in the region. See A. Levine-Weinberg, "Delta
Air Lines' Refinery Bet is About to Pay Off Again," The Motley Fool,
September 2017: https://www.fool.com/investing/2017/09/03/delta-
air-lines-refinery-bet-is-about-to-pay-off-a.aspx; J. Renshaw, "Exclusive:
Delta Hires Consultant to Study Refinery Options— Sources," March 14,
2017: https://www.reuters.com/article/us-delta-air-refineries-monroe/
exclusive-delta-hires-consultant-to-study-refinery-options-sources-idUSK-
BN16L24H; A. M. Almansur et al., "Hedging Gone Wild: Was Delta Air­
lines' Purchase of Trainer Refinery a Sound Risk Management Strategy?"
October 4, 2016. This final reference includes a review of the literature
on the value of hedging price risk, see pages 4-7.
Chapter 2 How Do Firms Manage Financial Risk?
swaps and finances in the currencies in which assets are
denom inated. The Com pany uses foreign currency debt
and derivatives to hedge the foreign currency risk associ­
ated with certain royalties, intercom pany financings and
long-term investm ents in foreign subsidiaries and affiliates.
This reduces the im pact of fluctuating foreign currencies on
cash flows and shareholders' equity. Total foreign currency-
denom inated debt was USD 12.4 billion and USD 8.9 bil­
lion for the years ended D ecem ber 31, 2017 and 2016,
respectively. In addition, where practical, the Com pany's
restaurants purchase goods and services in local currencies
resulting in natural h ed g es."
S o u rce: Excerpts are from M cDonald's Corporation, Form
10-K annual report for the fiscal year ended D ecem ber 31,
2017, pages 26-27.
offset each other. In fact, the business activities of a large firm
often create natural hedges (e.g ., the inflows and outflows of
foreign currency).11
Moreover, the relationship between interest rates and foreign
exchange rates is itself im portant. For exam ple, should a firm
raise money in the same currency as its overseas operations to
minimize its exposure to foreign exchange risk? This may not be
a practical option in some m arkets.
For many firms, interest rate risk is a major concern. Their funda­
mental task is to avoid taking on too much debt at high interest
rates and avoid overexposure to variable rates of interest. This
balancing act is determ ined by:
• Each firm's financial risk appetite, which may set out the lev­
els of debt the board is happy with, and
• The proportion of fixed interest to variable interest, (perhaps
across several tim e horizons).
A firm's financial risk appetite needs to be congruent with its
target credit rating and any covenants it has made to banks and
other financing providers.
Even if the firm's risk appetite remains stable, the rest of its risk
m anagem ent environm ent is constantly changing (Figure 2.8).
These changes will com e as the debt portfolio m atures, business
financing needs evolve, as well as when regulations and taxes 1
11 There is reason to think that many firms use derivatives only to fine-
tune their risk profile, with much of the risk management already accom­
plished through business decisions and natural hedges. See discussion
in W. Guay and S. P. Kothari, "How Much Do Firms Hedge with Deriva­
tives," March 2002, p. 3; paper: http://www1.american.edu/academic
.depts/ksb/finance_realestate/mrobe/Library/howmuch.pdf
■ 31
 Firm Risk Appetite The firm's risk appetite sets the key goals.

Market Practicalities It may be easier to raise money in one m arketplace and then shift risk charac­
teristics (currency, fixed versus, variable, etc.) into another using derivatives.

Changing Business and Financing Needs Deals roll over, and businesses grow.

Basic Aims: Cost Center versus Profit Center The treasurer may be perm itted to take a view on the m arket direction.

Regulations and Taxes The treasurer may need to respond to changes in the regulations and taxes.

Market Direction and Behavior The treasurer may need to prepare for rising interest rates or respond to yield
curve behavior.

Fiqure 2.8 What drives interest rate risk management— examples of factors.

change. More urgently, interest rates change and so do the rela­

Tips
tionships between rates across a range of maturities (i.e., yield
curve risk). Set out clear goals.

Changes in interest rates are linked to the broader econom y and
consumer dem and. They may affect the fundamental health of
a business, including its ability to meet debt obligations. On the
upside, the falling cost of servicing variable rate debt can offer an
important natural hedge in a deteriorating business environment.
Keep instruments and strategies sim ple.
Disclose the strategy and explain ram ifications.
Set resources and limits suitable for the strategy.
Stress test and set up early warning indicators.

W atch for counterparty and break clause risk.

Treasures m eet this com plex challenge by using a variety of
instrum ents, such as O T C interest rate swaps and currency
swaps. W hen form ulating specific strategies, the risk m anager
should return repeatedly to the firm's risk appetite and their
directive. O ften, that directive is to create a more stable version
of the future around which the firm can plan.
2.7 WHAT CAN GO WRONG IN
CORPORATE HEDGING?
The answer to this question: everything! A firm can m isunder­
stand the type of risk to which it is exposed, map or measure
the risk incorrectly, fail to notice changes in the m arket struc­
ture, or suffer from a rogue trader on its team . Figure 2.9 sets
out some sim ple tips that might have prevented many corporate
risk m anagem ent disasters.
Consider the ram ifications of many different m arket
scenarios, for exam ple, margin calls.
Fiqure 2.9 Simple tips for conservative end users.
business problem s, than it is about true risk m anagem ent. A t
w orst, the program might be characterized by unnecessarily
com plex derivative structures, leverage, or strategies that turn
sour after some superficially unlikely but entirely plausible event
(such as an unexpected shift in interest rates or a rise in basis
risk). This is not really a failure of risk m anagem ent, but of cor­
porate governance.
A purer cause of failure is poor communication about the risk
m anagem ent strategy and its potential consequences. The clas­
sic exam ple of this is perhaps the implosion of the MGRM (MG
Refining and Marketing) hedging program in 1993.

O ne cause of a mishap is to create a "risk m anagem ent" pro­
gram that is not really intended to manage risk. For exam ple, it
may seem legitim ate for the firm to use risk m anagem ent instru­
ments to lower the am ount of interest that it pays. Swaps and
other derivatives can be used to attem pt to reduce the amount
of interest paid, but in exchange the hedger may be forced
take on much more downside risk, or to alter the structure of
the interest paid to minimize paym ents in the short-term in
exchange for ballooning paym ents in the future.
This kind of program is often more about artificially enhancing
returns to m eet analyst forecasts, or covering up fundam ental
M GRM , the energy trading US subsidiary of M etallgesellschaft
A G , had promised to supply end users with 150 million bar­
rels of gasoline and heating oil over ten years at fixed prices. It
hedged this long-term price risk with a supersized rolling pro­
gram of short-dated futures and O T C swaps.
The hedging strategy might well have worked if it had been
pursued to the end. However, changes in the underlying oil
m arket (i.e ., a fall in cash prices and a shift in the price curve
from backwardation to contango) m eant that the program gen­
erated huge margin calls that becam e a severe and unexpected
cash drain.

32 ■ Financial Risk Manager Exam Part I: Foundations of Risk Management

A s a result, M GRM 's startled parent com pany liquidated the
hedges at a considerable loss. W hat happened next is that the
m arket reversed and moved against the now unhedged M GRM ,
resulting in even greater losses on its original custom er com m it­
ments. Essentially, MGRM lost tw ice:
• First, when it unwound the hedges at a loss due to the cash
drain from the margin calls, and
• Second, when the m arket moved against the original con­
tracts (which were by then unhedged).
In this case, no rogue traders were involved. Instead, MGRM
remains a lesson in the im portance of thinking through the
possible consequences of hedging program s and com m unicat­
ing the ram ifications to stakeholders. If M GRM 's m anagem ent
had anticipated the potential liquidity im pact of hedging with
futures, they could have set aside enough capital to m eet the
margin calls and maintain the hedge. O r maybe they might have
decided to hedge differently in a way that did not create so
much liquidity risk from collateral calls.
O f course, the world never hears about the hedges that go
right. O r about the firms that would have gone bust if they had
not put a well-m anaged, well com m unicated hedging program
Do you think derivatives end-user activity (hedging,
trading) in the industry will increase, decrease, or
stay the same over the next three to five years?
ncrease ■ Stay the same ■ Decrease
Figure 2.10 Professionals believe derivatives
end-user activity will increase.
Source: ISDA, Future of Derivatives Survey, April 2018, page 4; survey
conducted February-March 2018; respondents comprised 43% buy-side
firms (financial and non-financial firms). Reprinted by permission.
Chapter 2 How Do Firms Manage Financial Risk?
into place. There's a reason most professionals believe end-user
activity will continue to increase in the derivatives markets in the
years ahead (Figure 2.10).
SUMMARY
This chapter has set out a logical way to think through the cor­
porate risk m anagem ent process. But there are no silver bullets
and no easy answers.
Firm s must understand th eir business exp o sure and th e ir nat­
ural hed g es. Th ey must think through and ju stify th eir h ed g ­
ing philosophy. Th ey m ust set out th e ir risk a p p e tite , and link
this to sp e cific goals as well as to practical levers (e .g ., risk
lim it fram ew o rks and a rightsized risk m anagem ent function).
T h ey m ust com m unicate about risk goals and hedging stra te ­
gies so th at co nsequences are well understood and e x p e c ta ­
tions are m anaged.
Finally, they must do som ething less tangible: build the right risk
culture in which everyone works together to the same end. Risk
culture can be assessed. Im portant questions to ask include the
following.
• Can the firm show it regularly com m unicates about risk and
responds to warning signs and near misses?
• Has it tested w hether key staff have a common understand­
ing of the firm's risk appetite?
• Can it dem onstrate that its board has an awareness of the
firm's top ten risks?12
All this is important for firms, but it is also important for those at
the coalface of risk managem ent. A risk manager that attains a
pre-agreed risk m anagem ent goal (e.g., stabilizing a volatile busi­
ness exposure over a three-year tim e horizon) has done a difficult
job. That risk m anager deserves to know that his or her success
is part of a bigger strategic plan that has already been communi­
cated to stakeholders and is supported by the whole firm.1
19
For further discussion see S. Heiligtag et al., "Enterprise-risk-manage­
ment practices: Where's the Evidence? A survey across two European
industries," McKinsey Workinq Papers on Risk, Number 53, February
2014, Exhibit 6.
■ 33
The following questions are i to help candidates understand the material. They are not actual FRM exam questions.

QUESTIONS
2.1 W hat are the key risk m anagem ent com ponents that need
to be re-evaluated on a regular basis for designating a risk
m anagem ent road map?
2.2 Provide several exam ples to dem onstrate that the C-suite
supports a strong risk culture.
2.3 D escribe w hat is m eant by risk appetite in practical
term s.
2.4 Provide exam ples of what factors drive interest rate risk
m anagem ent.
2.13 Airlines have used a sophisticated com bination of swaps,
call options, collars (calls and puts), futures contracts, and
other instruments to manage their price risks since around
the mid-1980s.
A. True
B. False
2.14 MGRM was exposed to a shift in the price curve from
backwardation to contango, which meant that the pro­
gram generated huge margin calls that becam e a severe
and unexpected cash drain.

2.5 Provide exam ples of hedging tips for conservative end A. True
users. B. False

2.15 There is an agreem ent among experts that all airlines

2.6 D escribe why modern firms make such a big deal of finan­
ought to be hedging their je t fuel price risk.
cial risk m anagem ent?
A. True
2.7 Provide exam ples of com m odity derivatives that a brewery B. False
might use to manage their risk.
2.16 If a risk exists then the firm should always hedge it.
2.8 Risk appetite includes asking "W ho are w e?" and "W ho A. True
do our stakeholders think we are?" well before trying to B. False
operationalize a risk appetite.
2.17 M cDonalds uses major capital m arkets, bank financings,
A. True
and derivatives to m eet its financing requirem ents and
B. False
reduce interest expense.
2.9 The M GRM (MG Refining & Marketing) hedging program A. True
in 1993 is a classic exam ple of good communication B. False
about the risk m anagem ent strategy and its potential
2.18 Risk appetite refers to the total amount of risk
consequences.
A. the firm could bear without becom ing insolvent.
A. True
B. the firm is taking today.
B. False
C. the am ount that it would be happy to bear at any one
2.10 A firm can find a com plicated tailored instrum ent that tim e.
always dam pens their exposure to a variable interest rate. D. none of the above.
A. True
2.19 Risk capacity refers to the total am ount of risk
B. False
A. the firm could bear without becom ing insolvent.
2.11 Airlines are heavily exposed to volatile je t fuel prices, with B. the firm is taking today.
as much as 45-60% of airline operating costs burnt in the C. the am ount that it would be happy to bear at any
air. one tim e.
A. True D. none of the above.
B. False
2.20 Transferring risk to a third party includes
2.12 M GRM 's hedging strategy might well have worked if it A. insurance contracts.
had been pursued to the end. B. financial derivatives.
A. True C. all of the above.
B. False D. none of the above.

34 Financial Risk Manager Exam Part I: Foundations of Risk Management

The following questions are intended to help candidates understand the material. They are not actual FRM exam questions.

2.21 Exchange-based derivatives are designed to 2.25 Brewers can fix the price they pay per bushel of wheat
A. be traded easily at a relatively low transaction cost. to manage w heat price exposures by buying futures con­
B. be a perfect fit hedge. tracts and
C. avoid basis risk. A. holding these futures contracts until they mature and
D. reduce counterparty credit risk. take delivery specified by the exchange in term s of
quality and location.
2.22 Minimizing counterparty credit exposure can be obtained
through the use of B. selling these futures contracts near the delivery date
and using the proceeds to purchase the w heat now
A. margin requirem ents.
from their favored supplier.
B. netting arrangem ents.
C. all of the above. C . All of the above

D. it cannot be minimized at all. 2.26 O nce the firm /bank makes a risk appetite statem ent

2.23 The agricultural futures contracts first listed on the A. it is com m itted to follow it for at least three years.

Chicago Board of Trade (C BO T) in the

B. it must report it in their annual financial report.
C . the board must approve it.
A. 1860s.
B. 1920s. D. all of the above.

C. 1940s.
D. after the 1950s.

2.24 Do equity investors want m anagers to hedge risk?

A. G enerally yes, if the investor has concentrated their
investm ent in a particular firm
B. Alw ays yes

Chapter 2 How Do Firms Manage Financial Risk? ■ 35

The following questions are i to help candidates understand the material. They are not actual FRM exam questions.

ANSWERS
2.1 Re-evaluate regularly changes in: 2.5

• Risk appetite/risk understandings/stakeholder Tips include

view point,
• Business activity and risk environment (remapping), and
• New tools, tactics, cost/benefit analysis.
2.2 The C-Suite can dem onstrate it has a strong risk culture
through:
• Regularly com municating about risk,
• Responding in a tim ely manner to warning signs and
near misses,
• Periodically testing w hether there is a common under­
2.6 The answer lies in two aspects of risk m anagem ent. First,
standing of the firm's risk appetite,
• Dem onstrating that it has an awareness of the firm's
top ten risks, and
• Com m unicating that the success of the risk m anager s
is part of a bigger strategic plan.
2.3 First, it is a statem ent about the firm's willingness to take
• Setting clear goals,
• Keeping instrum ents sim ple,
• Keeping strategies sim ple,
• Disclosing the strategy,
• Explaining ram ifications,
• Setting resources and limits suitable for the strategy,
• Stress testing, and
• Setting early warning indicators.
the need to manage financial risk grew significantly from
the 1970s on because com m odity, interest rate, and
foreign exchange m arkets liberalized and price volatil­
ity shot up. Second, growth in m arket volatility helped
spawn a fast-evolving m arket in financial risk m anage­
ment instruments through the 1980s and 1990s, giving

risk in pursuit of its business goals. Second, it is the sum more opportunities to manage their risk adjusted returns.
of the mechanisms that link this top-level statem ent to the Globalization of com panies and of trading introduced
firm's day-to-day risk management operations. It assesses additional financial risk exposures.

the risk exposures the firm is willing to assume in relations 2.7 These Com m odity derivatives might include
to the expected returns from engaging in risky activities.
• Aluminum swaps,
2.4
• Natural gas and energy derivatives,
Firm Risk A ppetite The firm's risk appetite sets
the key goals. • Exchange-traded w heat futures,

M arket Practicalities It may be easier to raise money • Exchange-traded sugar futures,

in one marketplace and then • Corn swaps, and
shift the risk characteristics (cur­
rency, fixed versus variable etc.) • Rice swaps.
in another using derivatives.
2.8 True
Changing Business M eanwhile, deals roll over,
2.9 False
and Financing Needs businesses grow.
2.10 False, because only true if interest rates stay within cer­
Basic Aim s: Cost The treasurer may be perm it­
C enter versus Profit ted to take a view on the mar­ tain bounds. If interest rates later break through a given
C enter ket direction. ceiling then the firm's financial exposure might increase.

Regulations and The treasurer may need to 2.11 False, because only 15-20% of airline operating costs are
Taxes respond to change in the burnt in the air.
rules of the gam e.
2.12 True
M arket Direction and The treasurer may need to
Behavior prepare for rising interest 2.13 True
rates or respond to yield 2.14 False, because the curve moved from backwardation to
curve behavior.
contango.

36 ■ Financial Risk Manager Exam Part I: Foundations of Risk Management

The following questions are intended to help candidates understand the material. They are not actual FRM exam questions.

2.15 False, most airlines hedge some of their price risk, 2.20 C. all of the ab o ve1
14
but some prefer to retain it all. The naysayers cite the 2.21 D. reduce counterparty credit risk
expense of hedging programs and fear that they will lock
2.22 C. all of the above
in je t fuel prices at a high point in the m arket, just before
a steep price fall. 2.23 A . 1860s

2.16 False 2.24 G enerally yes. Potentially no in the case where the
investor holds the investm ent as part of a diversified
2.17 True13
portfolio.
2.18 C . the amount that it would be happy to bear at any
2.25 C. all of the above
one time
2.26 The board must approve it.
2.19 A . the firm could bear without becoming insolvent

1 *3
See McDonald's Corporation, Form 10-k annual report for fiscal year 14 See https://www.cnbc.com/amp/2019/01/02/mortgage-applications-
ended December 31, 2017, pages 26-27. plummet-nearly-10percent-to-end-2018-despite-lower-rates.html

Chapter 2 How Do Firms Manage Financial Risk? ■ 37

 Learning Objectives
A fter com pleting this reading you should be able to:

Explain changes in corporate risk governance that Evaluate the relationship between a firm's risk appetite
occurred as a result of the 2007-2009 financial crisis. and its business strategy, including the role of incentives.

Com pare and contrast best practices in corporate Illustrate the interdependence of functional units within a
governance with those of risk m anagem ent. firm as it relates to risk m anagem ent.

A ssess the role and responsibilities of the board of A ssess the role and responsibilities of a firm's audit
directors in risk governance. com m ittee.

39
Corporate governance is the way in which com panies are run.1 It
describes the roles and responsibilities of a firm's shareholders,
board of directors, and senior m anagem ent.
Corporate governance, along with its relationship to risk, has
becom e a major issue in the banking industry. This chapter
traces the developm ent of risk governance (i.e., how firms
undertake and oversee risk management) over the past two
decades. It describes how risk governance morphed from a
vague principle into a well-defined set of best practices and
becam e a central tenet of modern banking regulation.
The ascendance of risk governance is closely linked to a series
of high-profile corporate scandals that occurred in the first
decade of the twenty-first century. The first wave of these fail­
ures included the bankruptcies of Enron in 2001, W orldCom and
Global Crossing in 2002, and Parm alat SpA in late 2003. In these
cases, corporate failure was precipitated by financial or account­
ing fraud.
W hile this fraud was perpetrated primarily by executives, it is
im portant to note that their actions were seem ingly unchecked
by the firm s' auditors and boards of directors. Specifically,
boards and shareholders were not informed of the econom ic
risks undertaken by corporate m anagem ent. This lack of com ­
munication reflected a fundam ental breakdown in corporate
disclosure and accountability. Financially engineered products
(e.g ., derivatives) were often involved and were used at tim es to
disguise the severity of the failing firm s' financial positions.
These scandals, and the faulty corporate governance that
allowed them to occur, led to regulatory reforms designed to
enhance the governance of public firms, increase transparency
and executive accountability, and improve financial controls and
oversight. In the United States, these changes took the form of
federal legislation: the Sarbanes-O xley A ct1
2 (SO X). This law laid
the foundation for federally enforced corporate governance
rules based on stricter securities regulation. The law was passed
in 2002 and the new standards were put into effect the follow ­
ing year, with the Securities and Exchange Com m ission requiring
US-based securities exchanges and associations to make sure
that their listing standards conform ed to the new m andated
standards set forth by S O X .3 In addition to governance, these
rules also had significant im plications for risk m anagem ent.
1 Report of the Committee on the Financial Aspects of Corporate
Governance (1992), http://cadbury.cjbs.archios.info/report.
2 The Sarbanes-Oxley Act - Pub. L. 107-204, 116 Stat. 745.
3 The final rule on standards for Listed Companies Audit Commit­
tees was put into effect in April of 2003, with exchanges required to
have their own internal rules for compliance approved by the SEC by
December 1, 2003.
40 ■ Financial Risk Manager Exam Part I: Foundations of Risk Management
Europe refrained from a legislative approach. Instead, European
regulators pursued a voluntary reform of corporate codes and
a regim e of "com ply-or-explain" for departures from these
codes. These reforms focused on internal controls, governance
m echanism s, and financial disclosure and did not directly
address risk m anagem ent.
The 200 7-2 00 9 global financial crisis was directly tied to risk
m anagem ent failures. The crisis itself was trig gered by the
downward turn in a previously "h o t" housing m arket, which
was fueled by an all-too-easy m ortgage m arket and acceler­
ated by a boom ing m arket for m o rtg ag e-b acked securities
that w ere traded by leading financial institutions. During this
tim e, lenders engaged in unsound practices by extending
m ortgages to unqualified individuals and encouraging home-
ow ners to take on more debt than they could handle. Invest­
m ent banks securitized these loans into com plex asset-backed
securities, which found their w ay into the m ainstream credit
m arket. Th e financial institutions responsible for originating
and trading these structured instrum ents, as well as the rating
agencies used to assess them , failed to accurately appraise
their value and risk.
A s the num ber of m ortgage defaults clim b ed , the system
unraveled and several m ajor investm ent banks holding
low -quality assets found them selves on the verge of co l­
lapse. A s the crisis unfolded, it becam e ap p arent that the
problem s encountered in the m ortgage m arket extend ed
far beyond hom eow ner lending. During the boom years
preceding the crisis, risk m anagem ent at many financial
institutions was m arginalized as execu tive m anagem ent threw
caution to the wind in pursuit of g reater returns. The decline
in underw riting standards, the breakdow n in o versight, and
a reliance on co m p lex cred it instrum ents cam e to character­
ize the cred it m arkets. This eventually led to the failure of
num erous financial institutions. Although originating in the
United States, the crisis affected banking and econom ic
activity all around the w orld . It was system ic in nature and
global in sco p e.
The events of 2007-2009 underscored the inadequacy of the
corporate governance regulation adopted earlier in the decade.
N either the regulation of Sarbanes-O xley nor the principle-
based light touch approach in Europe were able to avert the
crisis in the banking and securities industries. N onetheless, many
saw the absence of executive accountability and the failure of
internal corporate oversight as significant contributors to the
crisis and the ensuing loss of confidence in the banking system .
The debate on corporate governance continued in the after-
math of the crisis. Table 3.1 summarizes some of the key issues
in this debate.
 BOX 3.1 SARBANES-OXLEY (SOX)
SO X came into effect on Ju ly 30, 2003, creating stricter legal any fraudulent activities related to individuals who have
requirem ents for boards, senior m anagem ent, as well as both a material role in the control system s, to external audi­
external and internal auditors.
tors, the internal audit function, and the firm's audit
Some of the im portant aspects of SO X are com m ittee.
• C h ief executive officers (C EO s) and chief financial officers • The effectiveness of a firm's reporting procedures and
(CFO s) must ensure that reports filed with the S E C are controls must be reviewed annually.
accurate for publicly traded firm s.4 This includes certifying • The names of individuals who serve on the board audit
that "[such reports do] not contain any untrue statem ent
com m ittee are to be disclosed.
of a material fact or omit to state a material fa c t." 5
These individuals are expected to:
• C E O s and C F O s must affirm that disclosures provide a
com plete and accurate presentation of their company's • Understand accounting principles,
financial conditions and operations.
• Be able to com prehend financial statem ents, and
• C E O s and C F O s are also responsible for internal controls,
• Have experience with internal audits and understand
including their design and m aintenance.
the functions of the audit com m ittee.
• Furtherm ore, firm officers are required to disclose any
significant deficiencies in internal controls, as well as

Table 3.1 Key Post Crisis Corporate Governance Concerns—The Banking Industry
Stakeholder Priority Enquiries into the 2007-2009 financial crisis found that often little attention was paid to controlling tail
risks and considering truly worst-case outcom es. This has led to a debate about the uniquely com pli­
cated set of stakeholders in banking and the potential im pact on corporate governance.

In addition to eq uity, banks have large am ounts of d ep o sits, d eb t, and im plicit governm ent guar­
antees. D ep o sito rs, d eb th o ld ers, and taxp ayers have a much stronger interest in m inim izing the
risk of bank failure than do m ost shareholders, who often seem to press for short-term results.
Shareholder em p ow erm ent, the usual rem edy to corporate governance ills, may therefo re be an
inadequate solution for the banking industry's w o e s.6

Board Composition The crisis reignited a longstanding debate as to how to ensure bank boards can achieve the appropri­
ate balance of independence, engagem ent, and financial industry expertise. Analyses of failed banks
do not show any clear correlation between success and a predom inance of either insiders or outsiders.
O ne can note, however, that failed bank Northern Rock had several banking experts on its board.

Board Risk Oversight The im portance of boards being proactive in risk oversight becam e increasingly recognized follow ­
ing the crisis. This has led to a focus on educating boards about risk and making sure they maintain a
direct link to the risk m anagem ent infrastructure (e.g ., by giving C R O s direct reporting responsibilities
to the board).

Risk Appetite Regulators have pushed banks to articulate a form al, board-approved risk appetite that defines a
firm's willingness to undertake risk and tolerate threats to solvency. This can be translated into an
enterprise-wide setting of risk limits. Engaging the board in the limit-setting process helps to make
sure it thinks clearly about risk-taking and its im plications for day-to-day decision-m aking.

Compensation O ne of a board's key levers in determ ining risk behavior is its control over com pensation schem es.
Boards have a duty to exam ine how pay structures might affect risk-taking and w hether risk-adjust­
ment m echanisms capture all key long-term risks. Some banks have started instituting reforms, such as
limiting the scope of bonuses in com pensation packages, as well as introducing deferred bonus pay­
ments and claw back provisions.

6 See discussion in H. Mehran et al., "Corporate Governance and Banks:

4 Such reports are filed quarterly and annually.
What Have We Learned from the Financial Crisis?" Federal Reserve Bank
5 The Sarbanes-Oxley Act - Pub. L. 107-204, 116 Stat. 745, section 302. o f New York, Staff Report No. 502, June 2011.

Chapter 3 The Governance of Risk Management ■ 41

3.1 THE POST-CRISIS REGULATORY
RESPONSE
The concerns regarding risk governance in the banking indus­
try, summarized in the previous table, were and continue to be
addressed in post-crisis financial regulation. The Basel Com m it­
tee on Banking Supervision (B C B S), an organization com prised
of the central banks and bank supervisors from 27 jurisdictions,
focuses on form alizing international standards for prudential
banking regulation. The standards set by the B C B S are not
legally binding, but they are incorporated voluntarily in the
regulatory system s of m em bers and other jurisdictions.
The 1988 Basel Accord (Basel I) focused on devising a uniform
method for setting capital adequacy standards in the wake
of the Latin Am erican debt crisis earlier that decade. Focus­
ing primarily on credit risk, Basel I introduced a risk-weighted
approach to capital requirem ents, setting the prescribed mini­
mum capital at 8% of a firm's risk-weighted assets.
In 1999, the B C B S began work on a revised capital adequacy
fram ework designed to supersede Basel I. This initiative, called
the Basel II fram ew ork, was finalized in 2006 and incorporates a
bank's trading activity alongside its lending activity in the calcu­
lation of risk. The 8% minimum rem ained, but the risk-weighting
m ethodology was refined. This made Basel II more risk-sensitive
and better attuned to financial innovation com pared to its pre­
decessor. Basel II also introduced standards for supervisory bank
reviews as well as disclosure requirem ents to reinforce market
discipline through transparency.
Many jurisdictions were in the process of im plem enting Basel II
when the global financial crisis unfolded. The Basel III Accord
was a direct response to the crisis and focused on injecting
greater system ic resiliency in the banking system . Basel III
focuses on both firm -specific risk and system ic risk.
Most of the reforms being phased in under Basel III continue to
em phasize capital adequacy issues, such as the coverage
required from regulatory capital along with its quantity and qual­
ity. Basel III raises capital quality by limiting core Tier 1 capital to
common equity and retained earnings, which provide loss
absorption unlike other forms of hybrid debt. Basel III also
im poses new ratios for short-term and long-term liquidity, such
as the 30-day Liquidity Coverage Ratio (LCR) and the one-year
net stable funding ratio (N SFR). In particular, the N SFR should
help to counter pro-cyclicality because it is designed to ensure
banks lessen their dependence on wholesale short-term
funding.7
7 When this funding evaporates during a credit crisis, it forces banks to
shed assets at depressed prices to meet liquidity requirements.
42 ■ Financial Risk Manager Exam Part I: Foundations of Risk Management
The risk-based capital requirem ents adopted in Basel II have
been expanded to better address risks emanating from capi­
tal m arkets activities. These risks include exposure to central
counterparties, margins on non-centrally cleared derivatives,
exposure to counterparty credit risks, and securitization.
Basel III has also designed a m acroprudential overlay intended
to reduce system ic risk and lessen procyclicality. The m acropru­
dential overlay consists of five elem ents:
1. A leverage ratio of 3%,
2. A countercyclical capital buffer,
3 . Total loss-absorbing capital (TLAC) standards that apply to
global system ically im portant banks (G-SIBs),
4. System ically im portant m arkets and infrastructures (SIMIs);
in the case of O T C derivatives, the Basel Com m ittee is
pushing the m arket to move as many trades as possible
through centralized clearing and trade reporting, and
5. Capturing system ic risk and tail events in risk modeling and
stress testing.
The fram ew ork for handling m arket risk was revised in 2016 with
the Fundam ental Review of the Trading Book (FR T B ).8 Specifi­
cally, disclosure requirem ents were enhanced to reflect a more
com prehensive approach to describing and calculating risk, as
well as to facilitate com parative risk analysis.
The B C B S also confronted governance issues exposed by the
crisis. In O cto b er 2010, it issued several principles designed to
improve corporate governance in the banking industry. These
principles addressed the duties of the board and the qualifica­
tion of board m em bers, as well as the im portance of an inde­
pendent risk m anagem ent function.9 These principles were
revised in 2015 with an eye tow ards reinforcing the board's
active role in collective oversight and risk g o vernance.101The
revised guidance report defines roles of the board and the
board risk com m ittees, senior m anagem ent, C R O s, and internal
auditors.
Corporate governance in banking has been strongly im pacted
by the post-crisis regulatory response. This includes Basel III, but
also the U.S. Dodd-Frank A ct and the European Supervisory
_ 4 4
Review and Evaluation Process (SREP).
8 Basel Committee for Banking Supervision, Minimum Capital Require­
ments for Market Risk, January 2016.
9 Basel Committee for Banking Supervision, Principles for Enhancing
Corporate Governance, October 2010.
10 Basel Committee for Banking Supervision, Corporate Governance
Principles for Banks, July 2015.
11 This is new approach to bank supervision for European banks regu­
lated by the Single Supervisory Mechanism.
Table 3.2 Corporate Governance Principles for Banks
1. Board's Overall The board has overall responsibility for the bank, including approving and overseeing
Responsibilities m anagem ent's im plem entation of the bank's strategic objectives, governance fram e­
work and corporate culture.

2. Board Qualifications Board m em bers should be and remain q u alified , individually and co llectively,
and Composition for their positions. They should understand their oversight and co rporate gover­
nance role and be able to exercise sound, o b jective ju d g m en t about the affairs of
the bank.

3. Board's Own Structure The board should define appropriate governance structures and practices for its own
and Practices work and put in place the means for such practices to be followed and periodically
reviewed for ongoing effectiveness.

4. Senior Management Under the direction and oversight of the board, senior m anagem ent should carry out
and manage the bank's activities in a manner consistent with the business strategy, risk
appetite, rem uneration, and other policies approved by the board.

5. Governance of Group In a group structure, the board of the parent firm has the overall responsibility for the
Structures group and for ensuring the establishm ent and operation of a clear governance fram e­
work appropriate to the structure, business, and risks of the group and its entities. The
board and senior m anagem ent should know and understand the bank group's organi­
zational structure and the risks that it poses.

6. Risk Management Banks should have an effective independent risk m anagem ent function, under the
Function direction of a chief risk officer (CRO ), with sufficient stature, independence, resources,
and access to the board.

7. Risk Identification, Risks should be identified, m onitored, and controlled on an ongoing bank-wide and
Monitoring, and individual entity basis. The sophistication of the bank's risk m anagem ent and internal
Controlling control infrastructure should keep pace with changes to the bank's risk profile, the
external risk landscape, and to industry practice.

8. Risk Communication An effective risk governance fram ework requires robust communication within the bank
about risk, both across the organization and through reporting to the board and senior
m anagem ent.

9. Compliance The bank's board of directors is responsible for overseeing the m anagem ent of the
bank's com pliance risk. The board should establish a com pliance function and approve
the bank's policies and processes for identifying, assessing, m onitoring, reporting, and
advising on com pliance risk.

10. Internal Audit The internal audit function should provide independent assurance to the board and
should support the board and senior m anagem ent in promoting an effective gover­
nance process and the long-term soundness of the bank.

11. Compensation The bank's remuneration structure should support sound corporate governance and
risk m anagem ent.

12. Disclosure and The governance of the bank should be adequately transparent to its shareholders,
Transparency depositors, other relevant stakeholders, and m arket participants.

13. Role of Supervisors Supervisors should provide guidance for and supervise corporate governance at
banks, including through com prehensive evaluations and regular interaction with
boards and senior m anagem ent; should require im provem ent and rem edial action
as necessary; and should share information on corporate governance with other
supervisors.

Source: Basel Committee on Banking Supervision, Guidelines: Corporate Governance Principles for Banks, July 2015, 8-40.

Chapter 3 The Governance of Risk Management ■ 43

After the Crisis: Industry Restructuring
and the Dodd-Frank Act
Until 1999, commercial banking in the United States was segre­
gated from investment banking by law under the Glass-Steagall
Act. That year, the Graham-Leach-Bliley A ct largely abolished the
restrictions em bodied in the Glass-Steagall A ct. Specifically, it
enabled bank holding companies to convert into financial services
holding companies (FSHCs). As FSHCs could combine investment
banking, commercial banking, insurance, and broker-dealer activ­
ities under one corporate umbrella, it was intended to encourage
A Q
the growth of universal banking in the United States.
D espite the repeal of G lass-Steagall, however, com m ercial
and investm ent banking rem ained as two separate industries
operating under two regulatory paradigm s. W hile U .S. banking
regulation involves both supervision of business conduct (i.e .,
investor protection) and prudential regulation aim ed at ensur­
ing bank stability, investm ent banking did not com e under the
purview of bank regulators and was therefore not subject to
prudential oversight. In addition, investm ent banking was gen­
erally regarded as marginal to the stability of the United States
banking system (until the 2007-2009 crisis proved otherw ise).
The com petitive structure of the banking industry was altered
dram atically during, and as the result of, the crisis. Investm ent
giants, including Bear Stearns and Merrill Lynch, were merged
(under duress) with banking institutions. Lehman Brothers went
bankrupt. The last two major investm ent banks, Goldm an Sachs
and Morgan Stanley, were converted into bank holding com pa­
nies (BH Cs). This made them subject to the full force of banking
regulation, but also eligible for the credit extended to banking
institutions by the Federal Reserve System .
A O
In Ju ly 2010, the Dodd-Frank A ct was signed into law. The
Act's 2,300 pages overhauled the regulation of the financial
industry in the United States, aiming to improve both consum er
protection and system ic stability. Specifically, it attem pted to
address several issues.
• Strengthening the F e d : The A ct extended the regulatory
reach of the Federal Reserve (i.e., the Fed) in the areas con­
cerned with system ic risk. All the system ically im portant
financial institutions (SIFIs), which are defined as bank holding
firms with more than USD 50 billion14 of assets, are now reg­
ulated by the Federal Reserve and the Fed's m andate now
includes m acroprudential supervision.
19
A. Saunders and L. Allen, (2010). Credit Risk Measurement In and Out
o f the Finandal Crisis: New Approaches to Value at Risk and Other Para­
digms, Hoboken, N .J.: J. Wiley, 2010.
19
Dodd-Frank Wall Street Reform and Consumer Protection Act - Pub.L.
111-203, H.R. 4173.
14 In 2018 the U.S. Congress raised this threshold to USD 250 billion.
44 ■ Financial Risk Manager Exam Part I: Foundations of Risk Management
• En din g too-big-to-fail: D odd-Frank proposed an end
to "too-big-to-fail" by creating an orderly liquidation
authority (O LA ).
• Resolution plan: SIFIs are required to submit a so-called
"living w ill" to the Federal Reserve and the Federal Deposit
Insurance Corporation (FD IC) that lays out a corporate
governance structure for resolution planning.
• D erivatives m arkets: The A ct launched a transparency-
focused overhaul of derivatives markets regulation with the
aim of helping m arket participants with counterparty risk.
• The V olcker R ule: This is a prohibition on p roprietary tra d ­
ing, as well as the partial or full o w nership/partnership of
hedge funds and private equity funds by banking e n titie s.*1
15
• Protecting consum ers: The A ct created a Consum er Financial
Protection Bureau (C FPB) to regulate consum er financial
services and products.
• Stress testin g : The A ct instituted a radically new approach
to scenario analysis and stress testing, with the following
characteristics:
• A top-down approach with m acroeconom ic scenarios
unfolding over several quarters;
• A focus on the effects of m acroeconom ic downturns on
a series of risk types, including credit risk, liquidity risk,
m arket risk, and operational risk;
• An approach that is com putationally dem anding, because
risk drivers are not stationary, as well as realistic, allowing
for active m anagem ent of the portfolios;
• A stress testing fram ew ork that is fully incorporated
into a bank's business, capital, and liquidity planning
processes; and
• An approach that not only looks at each bank in isolation,
but across all institutions. This allows for the collection
of system ic information showing how a major common
scenario would affect the largest banks collectively.
The Federal Reserve Board (FRB) conducts two stress testing
exercises:
1 . The Dodd-Frank A ct Stress Test (D FAST) for banks with
assets above USD 10 billion, and
2. The Com prehensive Capital Analysis and Review (CC A R) for
banks with assets above USD 50 billion.16
15 This provision, originally proposed by the former Chairman of the
Federal Reserve Paul Volcker, is nicknamed the Volcker Rule and it
became effective in July 2015. With the proposed 2018 reform of the
Dodd-Frank Act, the smallest banks (i.e., those with less than USD
10 billion in assets) would be exempt from the Volcker rule.
16 Under the 2018 reform of the Dodd-Frank Act, it is now mandatory
only for banks with assets above USD 250 billion.
C C A R is an annual exercise with the three supervisory
scenarios and tw o internally generated scenarios (i.e ., BH C
baseline and BH C ad verse). BH C s m ust present a capital
plan describing all planned actions (e .g ., dividend increases,
share repurchases, m ajor acquisitions) over a planning hori­
zon of nine q uarters. Banks must have a T ie r 1 capital ratio
of at least 5% throughout the planning period. Tho se that
exceed this ratio should revise their risk ap p etites dow n­
w ard. M eanw hile, the Fed's qualitative assessm ent of a
capital plan revolves around the ad eq uacy of the internal
processes.
The European Regulatory Response to
the GFC: SREP and EBA Stress Tests
A new approach to bank supervision, called the Supervisory
Review and Evaluation Process (SREP), is taking hold for banks
in Europe.
The SREP introduces three new principles to banking
supervision:
1. A forward-looking em phasis on the sustainability of each
bank's business m odel, including during conditions of
stress,
2 . An assessm ent m ethodology based on best practices within
the banking industry, and
3 . An expectation that every bank will ultim ately operate
under the same standards.
Th e internal capital ad eq u acy assessm en t process (IC A A P )
and the internal liquidity ad eq u acy assessm ent process
(ILA A P) are the tw o key com ponents of SREP.
1 . The IC C A P incorporates scenario analysis and stress
testing. It outlines how stress testing supports capital
planning.
2 . The ILAAP incorporates the potential losses from asset
liquidations and increased funding costs during stressful
periods.
European banks with assets of EU R 30 billion and above
m ust run European Banking A uth o rity (EB A ) stress tests.
Th ese stress tests are run at the consolidated banking group
level (insurance activities are exclu d ed ). Two supervisory
m acroeconom ic scenarios covering a three-year period are
provided by the regulator: a baseline scenario and an adverse
scenario.
Although the scenarios unfold over a three-year period, the
approach (contrary to C C A R ) is fundam entally static and banks
are only required to look at the im m ediate im pact of the cum u­
lative shocks over the three-year period.
Chapter 3 The Governance of Risk Management
3.2 INFRASTRUCTURE OF RISK
GOVERNANCE
This section discusses the infrastructure of risk governance and
address three critical questions.
1. Are corporate governance best practices related to best
practice in risk m anagem ent, and if so, how?
2. How is risk management delegated through the organiza­
tion? What roles do the executive staff and board committees
undertake in the execution and oversight of risk management?
3 . How does risk m anagem ent policy filter down to business
m anagers and how is it reflected in the way regular business
is conducted?
These questions seek to outline how corporate risk m anage­
ment should be designed and diffused throughout financial
institutions. W hile the focus of this section is on the banking
industry, the concepts, principles, and protocols articulated
below are relevant for other corporations as well.
The Board and Corporate Governance
O ne of the key duties of a corporate board of directors is to
protect the interests of shareholders. Traditionally, the board
has been cast as the gatekeeper for all shareholders. A grow­
ing number of analysts, however, argue that the responsibility
of the board extends beyond shareholders to include all cor­
porate stakeholders (e.g ., debtholders and em ployees). Given
the divergent interests of the various stakeholders, managing
this responsibility is not always an easy task. D ebtholders, for
exam ple, are primarily interested in the extrem e downside risk.
This is because their stake in the firm is most at risk during times
of distress (i.e., when corporate solvency is on the line).
The board is also charged with overseeing executive m anage­
ment. Analyzing the risks and returns from corporate activity is
one of the board's fundam ental duties. If m anagem ent assumes
a given risk, the board must understand the type and magnitude
of the threat posed should that risk come to fruition.
Addressing conflicts of interest between m anagem ent and
shareholders lies at the heart of corporate board oversight.
Such conflicts are referred to in the financial literature as agency
problem s, and they are often m anifested as the unwarranted
assumption of risk to pursue short-term profits or to enhance
apparent perform ance. These activities put the interests of man­
agem ent squarely against those of longer-term stakeholders.
Conflicts of interest are easily created, rendering agency risk
a perennial governance challenge. For exam ple, giving execu­
tives stock options (which take on value only if the firm's shares
exceed a certain price) can incentivize senior m anagem ent to
■ 45
take actions designed to tem porarily boost the firm's share
price, even if these actions hurt the firm in the long term .
Even the best-designed executive com pensation system s cannot
fully prevent executives from being tem pted to pursue short­
term results to the detrim ent of long-term objectives. For this
reason, the scope and structure of executive com pensation has
becom e a major concern and m easures to strengthen executive
accountability are gaining traction.
Ongoing tensions between the interests of C E O s and the inter­
ests of longer-term stakeholders have becom e a prominent
feature of corporate m anagem ent. A gency risks arising from
these tensions provide an im portant rationale for the board's
independence from executive m anagem ent. They also explain
the recom m ended best practice of separating the position of
C E O from that of board chairman.
The bankruptcy of brokerage firm M F Global in 2011 illustrates
the perils of agency risk, particularly when the board's indepen­
dence from executive m anagem ent is questionable.
In 2010, MF Global appointed Jon C o rzine171
8as chairman of the
board and C E O . A t the tim e, the firm was already experiencing
liquidity and com pliance problem s. Under Corzine's leadership,
AQ
and despite repeated warnings by the firm's C R O at the tim e,
MF Global made huge proprietary investm ents in European sov­
ereign debt. These investm ents soured in 2011, exacerbating
the firm's liquidity problem s. This led to a loss of shareholder
and client confidence, and ultim ately to the firm's collapse.
During this tim e, the firm allegedly m isappropriated client
funds in an attem pt to keep the firm solvent. This prom pted the
U.S. Com m odity Futures Trading Com m ission (C FTC ) to act
against Corzine and the firm's assistant treasurer.19
From Corporate Governance to
Best-Practice Risk Management
The experience of the past two decades illustrates how the
objectives of corporate governance and risk m anagem ent have
converged. The 2007-2009 crisis exposed extrem e deficiencies in
risk management and oversight among financial institutions. As a
result, post-crisis regulation has raised the bar for risk governance
with the aim of reining in both financial and agency risks.
Risk governance involves setting up an organizational infrastruc­
ture to articulate formal procedures for defining, im plem enting,
17 As a U.S. Senator, Corzine helped draft the Sarbanes-Oxley Act in 2002.
18 M. Peregrine, "Another View: MF Global's Corporate Governance
Lesson," New York Times, December 16, 2011, https://dealbook.nytimes
.com/2011/12/16/another-view-mf-globals-lesson-in-corporate-governance.
19 CFTC Press Release 7508-17, January 5, 2017. https://www.cftc.gov/
PressRoom/PressReleases/pr7508-17.
46 ■ Financial Risk Manager Exam Part I: Foundations of Risk Management
and overseeing risk m anagem ent. It is also about transparency
and establishing channels of communication within the organiza­
tion as well as with external stakeholders and regulators.
The mix of the measures adopted, and the degree to which they
are enshrined in law, varies between jurisdictions. In 2012, the
World Bank articulated a set of standards for risk governance
aimed at improving the effectiveness of risk m anagem ent and
control, enhancing risk m anagem ent standards, and promoting
the com petitiveness and sustainability of financial institutions.20
The board of directors plays a central role in both the shaping
and oversight of risk m anagem ent. Its primary responsibility in
risk governance is to assess the fundam ental risks and rewards
engendered in the firm's business strategy. This assessm ent
must be based on a clear understanding of the institution's
direction and goals. The board must proactively participate in
strategic planning as well as outline the appropriate risk ap p e­
tite (as discussed in C hapter 2).
Risk appetite is intimately related to business strategy and capital
planning. Certain activities may be categorically inappropriate for
an enterprise given the type of risk involved. The appropriateness
of other activities may be a function of their scope relative to the
firm's total asset value. Business planning must take risk m anage­
ment into consideration from the outset, and the matching of
strategic objectives to risk appetite must be incorporated into the
planning process. Equally important is a clear communication of
risk appetite and risk position throughout the firm. This allows the
firm to set appropriate limits on its various risk-bearing activities.
The board is also responsible for oversight and risk transparency.
It must ascertain whether any major transaction undertaken by
the firm is consistent with the authorized risk and associated
business strategies. Similarly, it must ensure that the disclosure
to managers and relevant stakeholders is both adequate and
com pliant with internal corporate rules and external regulations.
Given the board's accountability to stakeholders, the board is
ultimately responsible when risk policy is ignored or violated.
To fulfill its role in risk governance, the board must assess
w hether the firm has put an effective risk m anagem ent system in
place that enables it to further its strategic objectives within the
confines of its risk appetite. The board must also make sure that
procedures for identifying, assessing, and handling the various
types of risk (e.g ., business, operational, reputational, m arket,
liquidity, com pliance, and credit) are in place. W hile a willful
assumption of excessive risk lies at the heart of many corporate
failures, just as many can be attributed to an inability to identify
risk or assess it properly in a tim ely manner.
90
IFC, Standards in Risk Governance for Financial Institutions, 2012,
https://www.ifc.org/wps/wcm/connect/ce387e804c9ef58697c4d-
7f81 ee631 cc/ECACR-RiskGovernanceStandards.pdf?MOD=AJPERES
The risk m anagem ent process may seem com plex and con­
founding and boards may find this task difficult to take on.
However, the strategic principles underlying risk governance are
sim ple. Ultim ately, only four basic choices need to be made in
the m anagem ent of corporate risk:
1. The choice to undertake or not to undertake certain activities;
2. The choice to transfer or not transfer either all or part of a
given risk to a third party (or third parties); such transfers
can be accom plished via the purchase of insurance policies,
hedging activities, and so on;
3 . The choice to preem ptively mitigate risk through early
detection and prevention; and
4. The choice to assume or not assume risk, fully cognizant of
both the upside and downside im plications.
Risk management must be implemented across the entire
enterprise21 under a set of unified policies and methodologies.
(This is called enterprise risk management and is discussed in
Chapter 8.) The infrastructure of risk management, which includes
both physical resources and clearly defined operational processes,
must be up to the task of an enterprise-wide scope. The task of
assessing the fitness of a risk management system is daunting, but
doable nonetheless. One way to measure the seriousness of a risk
management process is to examine the human capital employed
and the risk managers' standing within the corporate hierarchy.
• Is the risk m anager considered to be a m em ber of the
executive staff and can this position lead to other career
opportunities?
• How independent is the risk m anager? W hat authority does
he or she hold? To whom does he or she report?
• Are risk m anagers paid well relative to other em ployees who
are rewarded for perform ance (e.g ., traders)?
• To what extent can one characterize the enterprise's ethical
culture as being strong and resilient against the actions of
bad actors? Has the firm set clear-cut ethical standards and
are these standards actively enforced?
The board must also evaluate the firm's perform ance metrics
and com pensation strategy. It has the critical responsibility of
making sure executives are com pensated based on their risk-
adjusted perform ance and that the incentives inherent in such
com pensation do not clash with shareholder interests.
21 The OECD's paper on Corporate Governance and the Financial Crisis:
Conclusions and Emerging G ood Practices to Enhance Implementa­
tion o f the Principles, February 2010, p. 4, states that ". . . an important
conclusion is that the board's responsibility for defining strategy and
risk appetite needs to be extended to establishing and overseeing
enterprise-wide risk management systems".
Chapter 3 The Governance of Risk Management
W ithin the fram ew ork of risk governance oversight, the board
should ensure the inform ation it obtains concerning the
im plem entation of risk m anagem ent is accurate and reliable.
Inform ation should be gathered from m ultiple sources, includ­
ing the C E O , other senior execu tives, and both internal and
external auditors. Board m em bers must also arm them selves
with additional know ledge, because they are required not only
to ask tough questions but also understand the answ ers they
are told.
The board's scope in risk governance is com prehensive. How­
ever, its responsibility to take a proactive approach does not
suggest a day-to-day involvem ent. Rather, its role is to ensure
that the processes and procedures around the delegation and
im plem entation of risk m anagem ent decisions are performing as
planned. As discussed previously, the 2007-2009 financial crisis
highlighted the need to strengthen the role of the board and its
com m itm ent to risk m anagem ent.
Board m em bers need to be trained on risk issues and on how
to evaluate and define the firm's risk appetite. They need to be
able to assess the firm's capacity for risk over a specified time
horizon while considering the firm's mix of business activities,
earnings goals, strategic objectives, and com petitive position.
This will allow the board to understand the firm's risk profile and
monitor its perform ance relative to the risk appetite.
The board should also have a risk com m ittee whose members
have enough analytic sophistication and business experience to
properly analyze key risks. The board risk and audit com m ittees
should be two separate entities, given that each requires differ­
ent skills to m eet its respective responsibilities.
3.3 RISK APPETITE STATEMENT
Publishing a risk appetite statem ent (RAS) is an im portant com ­
ponent of corporate governance. The Financial Stability Board
(FSB) describes an RAS as "a written articulation of the aggre­
gate level and types of risk that a firm will accept or avoid in
order to achieve its business objectives." The RAS includes both
qualitative and quantitative statem ents.
The objectives of an RAS should be clearly articulated. For
exam ple, as shown in Box 3.2, objectives include maintaining a
balance between risk and return, retaining a prudent attitude
22 Financial Stability Board. (2013, November 18). Principles for an
Effective Risk Appetite Framework. Retrieved from https://www.fsb.
org/2013/11 /r_131118/
23 The FSB also makes the point that an RAS should address "difficult
to quantify risks such as reputation and conduct risks as well as money
laundering and unethical practices."
■ 47
 BOX 3.2 RISK APPETITE STATEMENT O B JEC TIV ES24
Risk A p p e tite S ta tem e n t Engaging in client-oriented businesses that we
understand;
C IB C 's risk appetite statem ent defines the amount of risk we
are willing to assume in pursuit of our strategic and finan­ Maintaining a balance between risk and returns;
cial objectives. O ur guiding principle is to practice sound Retaining a prudent attitude tow ards tail and event risk;
risk m anagem ent, supported by strong capital and funding Meeting regulatory expectations and/or identifying and
positions, as we pursue our client-focused strategy. In defin­ having plans in place to address any issues in a tim ely
ing our risk appetite, we take into consideration our vision, manner; and
values, and strategy, along with our risk capacity (defined by
Achieving/m aintaining an A A rating.
regulatory constraints). It defines how we conduct business,
which is to be consistent with the following objectives:
• Safeguarding our reputation and brand;
• Doing the right thing for our clients/stakeholders;

BOX 3.3 RISK POLICIES, LIMITS, AND MANAGEMENT OVERSIGHT25

Enterprise-Wide Risk Management Framework

Risk Appetite Statement and Risk Appetite Framework

Risk Overarching Framework/Policy Risk Limits Management Oversight

Credit C redit Risk M anagem ent Policy Credit Concentration Limits C red it Com m ittees
Delegated Credit Approval Authorities Global Risk Com m ittee

M arket Capital M arkets Risk M arket Risk Limits Capital M arkets Authorized
M anagem ent Policies D elegated Risk Authorities Products Com m ittee
Structural Risk M anagem ent Global Risk Com m ittee
Policy Global A sset Liability Com m ittee
O perational O perational Risk M anagem ent Key Risk Indicators O perational Risk and Control
Policy Com m ittee
Control Fram ework Global Risk Com m ittee
Reputation Reputation Risk M anagem ent Key Risk Indicators Reputation and Legal Risks
Fram ework and Policy Com m ittee

Liquidity Liquidity Risk M anagem ent Policy Liquidity and Funding Limits Global A sset Liability Com m ittee
Pledging Policy Pledging Limits Global Risk Com m ittee
Strategic Strategic Planning Policy Risk A ppetite Statem ent Executive Com m ittee

Regulatory Regulatory Com pliance M anage­ Key Risk Indicators Global Risk Com m ittee
ment Policy

toward tail and event risk, and achieving a desired credit rating. B) Be linked to the institution's short- and long-term stra te ­
The FSB states that: gic, capital, and financial plans, as well as com pensation
program s . . . "
"[a]n effective risk a p p etite statem en t should:
A su m m ary list o f key risk p o lic ie s and lim its sh o u ld be
a) Include key backgrou n d inform ation and the assum p­
m ade tra n sp a re n t to all sh a re h o ld e rs. Fo r e x a m p le , B o x 3 .3
tions that inform ed the financial institution's stra teg ic
sh o w s a list o f all th e key risk ty p e s, th e re le v a n t p o lic ie s,
and business plans at the tim e they w ere a p p ro ved

o r

24 Reference CIBC 2017 Annual report, page 44. Reference CIBC 2017 Annual report, page 45.

48 ■ Financial Risk Manager Exam Part I: Foundations of Risk Management

 Capacity, Appetite, and Tolerance
Tolerance
Target
Capacity
co
Appetite
I I
Capacity Performance
Appetite
Tolerance/Target
Figure 3.1 Risk profile, risk appetite, risk capacity and performance
Source: COSO, Enterprise Risk Management, Integrating with Strategy and Performance, June 2017,
Figure 7.5, page 62. Reprinted by permission.
th e ty p e s o f risk lim its, and th e m an ag e m e n t re sp o n sib le
fo r o v e rsig h t.
An RAS should contain risk appetite and risk tolerance measures
that limit the am ount of risk taken at the business unit level as
well as the organizational level. The RAS should also make trans­
parent the relationship between risk appetite, risk capacity, risk
tolerance, and the current risk profile.
A s shown in Figure 3 .1 , risk to leran ce refers to the range of
acce p tab le outcom es related to achieving a business o b je c­
tive . Risk to leran ce (see dotted lines in Figure 3.1) is a tactical
m easure, w hereas risk ap p e tite is a broader ag g reg ate m ea­
sure of the am ount at risk. Risk ap p etite is set at a level su f­
ficien tly below the risk cap acity to ensure th at the actual risk
stays well below the risk cap acity of the firm . Th e goal here
is to keep the actual risk profile within the estab lish ed risk
to le ran ce bands. O p eratin g within the risk to le ran ce bands
provides m anagem ent with com fort th at the firm can achieve
the desired risk-adjusted return o b jectives su b ject to lim iting
the am ount at risk.
3.4 IMPLEMENTING BOARD-LEVEL
RISK GOVERNANCE
The previous sections have outlined the rationale and some of the
objectives of risk governance This section exam ines the m echa­
nisms used by financial institutions (as well as other risk-taking
corporations) to implement risk governance best practices.
Chapter 3 The Governance of Risk Management
A t most firm s, the key risk m anage­
ment policies and procedures are
approved by the board audit and
risk m anagem ent com m ittees. These
com m ittees also review the im ple­
m mentation of these policies and
exam ine their efficacy. They interpret
the board-approved risk appetite
and break it down into a set of
I
I practical restrictions and limitations.
These new rules are then dissem i­
I
I nated throughout the organization
I by the executive staff and depart­
I ment heads.
The Board Audit
Committee
An effective audit com m ittee is
essential to the directors' oversight
of the firm. In addition to being
accountable for the accuracy and
com pleteness of a firm's financial and regulatory disclosures, the
audit com m ittee is responsible for ensuring the firm 's com pli­
ance with best-practice standards in non-financial m atters as
w ell. Regulatory, legal, com pliance, and risk m anagem ent activi­
ties all fall under the purview of the audit com m ittee.
An audit provides the board with independent verification of
w hether the firm is doing what it claims to be doing. This critical
verification function sets the audit com m ittee's work apart from
the work of other risk com m ittees.
A t the same tim e, however, the audit com m ittee's duties extend
beyond the search for discrepancies and infringem ents. The
com m ittee must assess not only the veracity, but also the qual­
ity of the firm's financial reporting, com pliance, internal control,
and risk m anagem ent processes. For exam ple, in its review of
financial statem ents, the audit com m ittee must not only confirm
the accuracy of the financial statem ents, but that the firm suf­
ficiently addresses the risk of possible material m isstatem ents
in its reporting as well. The financial crisis revealed the failure of
many firm s' audit com m ittees to uncover the excess risk under­
taken in proprietary trading, or to alert their boards to the risk
of holding disproportionately large positions in structured credit
products.
To successfully execute their duties, audit com m ittee m em bers
must be know ledgeable, capable of independent judgm ent,
financially literate, and have the utmost integrity. M em bers can­
not be afraid to challenge m anagem ent and ask hard questions
when needed. In most banks, a director who is not a m em ber
of the executive staff chairs the audit com m ittee, and most of
■ 49
its m em bers are independent as w ell. Although the audit com ­
mittee's relationship with m anagem ent can be adversarial at
tim es, the two groups need to foster an am icable and produc­
tive relationship in which all lines of com munication are always
kept open.
The Evolving Role of a Risk Advisory
Director
It is unreasonable to exp ect the entire board to possess the
skills necessary to analyze the financial condition of com plex
risk-taking corporations (which financial institutions are by defini­
tion). This is particularly true if the appointed independent direc­
tors include individuals who originate from other industries
beyond the financial services sector26 and who have no connec­
tions to the enterprise. This practice can be problem atic,
because (historically) it has been a sim ple m atter for executives
to befuddle non-executives who lack the skills and/or confi­
dence to challenge them . Director training program s, as well as
outside professional support, can be helpful in this regard.
O ne approach is for the board to include a risk specialist. This is
typically an independent m em ber of the board (not necessarily
a voting member) who specializes in risk analysis and m anage­
ment. This person's job is usually to enhance the efficacy of the
executive risk com m ittee and the audit com m ittee. This involves
exam ining risk governance in term s of the risk policies approved
by the board, as well as the m ethodologies and infrastructure
used to execute and oversee them .
These risk advisory directors can also keep board m em bers
apprised as to the best practices in corporate governance and
risk m anagem ent. They can also give their professional opinion
on risks associated with the firm's core business model and the
areas of activity in which the firm operates or seeks to pursue.
The Special Role of the Board Risk
Management Committee
A board risk m anagem ent com m ittee is responsible for setting
the firm's risk appetite and independently reviewing the gover­
nance of all material risks. The com m ittee's review includes an
analysis of policy guidelines, m ethodologies, and risk m anage­
ment infrastructure. By maintaining direct contact with external
and internal auditors, a board risk m anagem ent com m ittee
can allow for better communication between the board and
m anagem ent.
26 This is often done by design.
50 ■ Financial Risk Manager Exam Part I: Foundations of Risk Management
In addition, the board of directors typically delegates the respon­
sibility for approving and reviewing the risk levels to the board
risk management committee. Its role, as well as the terms of its
oversight, are usually formally approved and documented by the
board. The board risk management committee also monitors
financial, operational, business, reputational, and strategic risks. It
reports to the board on various issues (e.g., the extension of spe­
cial credit should the firm exceed the risk limits set by the board).
3.5 RISK APPETITE AND BUSINESS
STRATEGY: THE ROLE OF INCENTIVES
This section illustrates how structure m eets process to ensure
that a firm's regular activities are appropriate given its risk ap p e­
tite and the limits defined by the various board and executive
com m ittees.
The process can be summarized as follows.
• The board risk com m ittee approves the firm's risk appetite on
an annual basis. This risk appetite is based on a set of broad,
yet clearly defined, risk metrics (e.g ., the total interest rate
risk assumed by the bank).
• The firm's senior risk com m ittee (which is led directly by the
C E O and typically includes the C R O , the C F O , the treasurer,
chief com pliance officer, and the executives in charge of the
various business units) is em powered by the board to im ple­
ment and oversee the risk appetite fram ework.
• Under the board's authority, the senior risk com m ittee deter­
mines the limiting param eters for financial (e.g ., credit and
market) and nonfinancial risk (e.g ., business risk and opera­
tional risk) undertaken by the firm . Sub-com m ittees may be
established to handle each type of risk independently. For
exam ple, the firm's credit risk com m ittee would set limits on
the m agnitude and type of credit risk undertaken, as well as
oversee credit risk reporting.
• A fter setting risk ceilings, the senior risk com m ittee then
reports back to the board risk com m ittee with recom m enda­
tions regarding the total risk deem ed prudent (which are sub­
ject to the latter's consideration and approval).
The Role of the CRO
The senior risk com m ittee also bears responsibility for the estab­
lishment, docum entation, and enforcem ent of any corporate
policies concerning risk. It also sets risk limits for specific busi­
ness activities, which are then delivered to the C R O . The C RO
is usually a m em ber of the risk com m ittee and is responsible for
the design of the firm's risk m anagem ent program (in addition
to other responsibilities). The C R O is also responsible for risk
policies, analysis approaches, and m ethodologies, as well as
the risk m anagem ent infrastructure and governance inside the
organization.
The bank's senior risk com m ittee delegates the power to make
day-to-day decisions to the C R O . This includes the ability to
approve risks exceeding preset limits imposed on the various
business activities, provided these exceptions remain within the
bounds of the overall board-approved limits.
For exam ple, each business unit may be given authorization to
assume a certain maximum level of risk up to a certain ceiling. The
firm's senior risk committee reviews and approves each business
unit's mandate periodically, and the C RO is responsible for moni­
toring these limits. In larger financial institutions, the best practice
is for such processes (e.g., the developm ent and approval/renew-
ing of such risk-taking allowances) is clearly defined. Usually,
any such approval is valid for one year following approval by the
senior risk committee. However, the C RO may approve an exten­
sion of the mandate to accom m odate the committee's schedule.
Although C R O s are typically part of the m anagem ent team , it is
critical for them to be granted both the authority and indepen­
dence to effectively discharge their duties. The global financial
crisis, along with the problem s exem plified by the MF Global
bankruptcy, underscore the need to fortify C R O independence
and authority. C RO s should be proactively involved in setting
risk strategy as well as in the im plem entation and managerial
oversight of risk m anagem ent. They should also report directly
to the C E O , maintain a seat on the board risk com m ittee, and
have a voice in approving new financial instruments and lines of
business. Most im portantly in this regard, the C R O should have
a clear m andate to bring any situation that potentially com pro­
mises the bank's risk appetite guidelines or its risk policy to the
attention of m anagem ent at all levels and to the board.
A t many banks, C RO s act as a liaison between the board and
managem ent. They keep the form er apprised as to the enter­
prise's risk tolerance and the efficacy of its risk m anagem ent pro­
gram, alerting it to deficiencies in the system. A t the same tim e,
the C R O com municates the board's views to m anagem ent and
distributes this information throughout the entire organization.
All organizations must strike a balance between ensuring they
can achieve their objectives and maintaining risk standards. The
C RO is responsible for independently monitoring these standards
on an ongoing basis. He or she may order specific units to cut
back or entirely close positions in the wake of concerns regarding
exposures to market, credit, operational, or business risks.
Corporations may also appoint business risk com m ittees for
each major line of business. A business risk com m ittee typi­
cally com prises both business and risk personnel. Its goal is to
Chapter 3 The Governance of Risk Management
align business unit decisions with the organization's desired
risk/reward tradeoff and ensure proper risk m anagem ent at
the business line level. The business risk com m ittee can be
responsible for articulating how a given risk will be handled in
accordance with how risk m anagem ent for a specific business
relates to the overall risk function. Additionally, the authority to
approve policies related to more business-specific risk and to
conduct detailed reviews of business-level risk limits can also be
entrusted to the business risk com m ittee.
Limits Policies
Optim al risk governance requires the ability to link risk appetite
and limits to specific business practices. Accordingly, appropri­
ate limits need to be developed for each business as well as for
the specific risks associated with the business (as well as for the
entire portfolio of the enterprise).
M arket risk limits are designed to constrain exposure to risk
derived from price and rate changes. Credit risk limits are
intended to cap a firm's exposure to defaults or an erosion in
the quality of credit exposures (e.g ., those originating from
the lending portfolio or through derivative transactions). Banks
also tend to place exposure to other types of risk (e.g ., asset/
liability m anagem ent, liquidity, or even catastrophe risk) on their
policy agenda as well. The nature of any given limit will vary and
is driven by the nature of the risk in question, the com petitive
positioning of the firm , and the span of its activities. Best prac­
tice dictates that the processes involved in setting risk limits,
reviewing exposures, approving exceptions to risk limit policy,
and analyzing m ethodologies be docum ented.
Best practice in risk m anagem ent often em ploys analytical m eth­
odologies to measure risk. W hen analyzing credit risk, a bank's
potential exposure can be analyzed by risk grade. Risk-sensitive
m ethodologies (e.g ., VaR) are useful in the assessm ent of risk for
most typical portfolios under an assumption of relatively normal
m arket conditions. However, they are less applicable in stressed
circum stances or for more specialized portfolios. Accordingly,
best practices call for scenario analysis and stress testing to be
included in the risk analysis toolbox and incorporated within the
limit fram ework in order to validate survivability under worst-
case conditions.
Most institutions set two types of limits.
1. Tier 1 limits are specific and often include an overall limit
by asset class, an overall stress-test limit, and a maximum
drawdown limit.
2. Tier 2 limits are more generalized and relate to areas of
business activity as well as aggregated exposures catego­
rized by credit rating, industry, maturity, region, and so on.
■ 51
Standards for the m etrics em ployed by risk limits are proposed
by the C R O and approved by the internal risk com m ittee. Practi­
cally speaking, these limits should be designed such that the
probability of exceeding them during the normal course of busi­
ness is low. Limit determ ination needs to take the business unit's
historical behavior into account and to aim for a figure that gives
the business unit a margin for error. For exam ple, a bank may
decide to design their Tier 1 limits on m arket risk such that, dur­
ing the normal course of business and under normal m arket con­
ditions, the unit's exposures range from 40% to 60% of the set
limit and perhaps the peak limit utilization (again, under normal
m arket conditions) should hit 75% to 85% of this ceiling.27
A consistently designed limit structure helps banks to consoli­
date their risk m anagem ent across diverse businesses. When
limits are calculated in a unified manner and expressed in term s
of econom ic capital, or a sim ilar unified term , it is then possible
to apply Tier 2 limits across business lines.
Monitoring Risk
The setting of meaningful risk limits marks the beginning, rather
than end, of the risk m anagem ent process. O nce set, these
limits must be closely monitored to verify com pliance. O f all the
types of risks discussed in the previous section, m arket risk is the
most tim e-sensitive and thus requires continual monitoring.
To monitor m arket risk limits effectively, the daily valuation of
asset positions is im perative. Profit and loss statem ents should
be prepared outside of the bank's trading departm ent and sub­
mitted to (non-trading) executive m anagem ent. In addition, all
assum ptions used in the valuation models should be indepen­
dently verified. Sim ilarly, the trading team 's adherence to risk
policy and m arket risk limits, as well as the bank's escalation plan
for dealing with exceptions, should be docum ented on a tim ely
basis. Procedures covering the treatm ent of acceptable limit
exceptions and unacceptable violations should be articulated in
writing and made clear to m anagers and traders alike.
The assessm ent of portfolio valuation m ethods constitutes an
integral part of risk limit m onitoring. The variance between a
portfolio's actual volatility and that predicted under the bank's
risk m easurem ent m ethodology should be evaluated on a regu­
lar basis. Stress tests should be done to ascertain the impact
of material changes to m arket and credit risk on the bank's
earnings.
W here tim e is of the essence, the most appropriate source
of information may well be the front office. For exam ple, risk
27 This is just an illustrative example; some organizations may prefer lim­
its set at higher or lower levels.
52 ■ Financial Risk Manager Exam Part I: Foundations of Risk Management
m easures relating to the monitoring of intra-day trading exp o ­
sures may need to be extracted directly from the day's accu­
mulated client orders. Data used in the monitoring of m arket
limits, on the other hand, should be obtained from consoli­
dated m arket data feeds not connected to front office system s.
To ensure integrity, this data must be reconciled with entries
in the bank's official books and their form at must facilitate risk
m easurem ent, such as with VaR m ethodologies for calculating
m arket or credit risk.
In the im plem entation of both Tier 1 and Tier 2 limits, business
units must adhere to strict protocols regarding prior disclosure
of anticipated limit violations to the risk m anagem ent function.
The C R O must be notified well in advance of potential limit
deviations. If risk m anagem ent is alerted to a planned excess,
the probability that this excess will be approved is higher.
For exam ple, business unit heads may be compelled to issue an
alert when an exposure reaches a certain threshold (e.g., 85% of
the limit). The C R O , jointly with the unit head, could then petition
the bank's business risk com mittee for a tem porary limit increase.
Upon approval, the business risk committee would then submit
the request for final approval by the senior risk committee.
Should the limit be breached, the risk m anagem ent function
should im m ediately record all excesses on a daily limit e x c e p ­
tion re p o rt that distinguishes between Tier 1 and Tier 2 limit
exceptions. This report specifies the circum stances and ratio­
nale for the exceed ances and outlines how the bank plans to
handle them .
Tier 1 limit exceedances must be cleared or corrected imme­
diately. Tier 2 exceedances are less urgent and can be cleared
within a few days or a w eek. The C R O should then list all Tier 1
and Tier 2 limit exceedances on an enterprise exception report,
which captures all exceptional risk activity at the enterprise level.
This report is then subm itted for discussion at the daily risk m eet­
ing. No manager, including the C E O , should be authorized to
exclude risk limit exceedances from the daily exception report.
There is an opportunity cost inherent in effective risk limit man­
agem ent. Because the bank prevents the preem ptive assum p­
tion of additional risk, it may have to forfeit opportunities for
additional profits. As a given limit is neared, a bank should con­
duct a cost-benefit-risk analysis to decide if an exception should
be m ade.
3.6 INCENTIVES AND RISK-TAKING
O ne lesson from the global financial crisis is that the prevailing
executive com pensation schem es at many financial institutions
encouraged short-term risk-taking, causing m anagem ent to
often underestim ate and at tim es entirely ignore long-term
risks. The trend to reward bankers and traders with bonuses
tied to short-term profits, or to the volum e of business activity,
had grown in the tw o decades preceding the crisis. This incen-
tivized these individuals to front load incom e and push off risk.
Com pensation schem es w ere structured like call options in that
they had unlim ited upside but w ere capped on the dow nside.
Execu tives collected bonuses when the bank posted profits,
but there was no real penalty attached to poor perform ance
or losses. A id ed by excessive leverage, bank personnel w ere
literally able to "b e t the bank" on astonishingly reckless invest­
m ent strateg ies.
In many jurisdictions, regulations now require public firm s to
establish a dedicated board com pensation com m ittee to set
executive com pensation. Such regulation is driven by concerns
over the ability of C E O s to persuade board m em bers to com ­
pensate them selves and other executives at the expense of
shareholders, who have virtually no say in such decisions.
It is now w idely recognized that com pensation is part of a sound
risk culture. Specifically, it should be aligned with the long-term
interests of shareholders and other stakeholders, as well as with
risk-adjusted return on capital. It should incentivize em ploy­
ees to take calculated, rather than reckless, risks. Banks must
address any potential distortions arising from the way they struc­
ture com pensation. The incorporation of risk m anagem ent con­
siderations into the setting of perform ance m ilestones is on the
rise and is already considered a leading practice. Com pensation
planning is increasingly considered a key facet of enterprise­
wide risk m anagem ent.
That said, one must recognize that firms will always be tem pted
to offer attractive com pensation packages to so-called "rain­
m akers" who exhibit an unusual talent for generating revenues.
A bsent international cooperation, the m arket for human capital
may be subject to regulatory arbitrage as banking enterprises
cherry pick the jurisdictions in which they operate.
In Septem ber 2009, the G-20 countries called on their respec­
tive central bank governors and finance ministers to establish an
international fram ew ork to prom ote financial stability, including
a reform of com pensation practices. In an endorsem ent of the
FSB's im plem entation standards, the G-20 recom m endations
included:
• The elimination of multi-annual guaranteed bonuses;
• The incorporation of executive downside exposure through
the deferral of certain com pensation, the adoption of share-
based remuneration to incentivize long-term value creation,
and the introduction of claw back provisions that require reim­
bursem ent of bonuses should longer-term losses be incurred
after bonuses are paid;
Chapter 3 The Governance of Risk Management
• Limitations on the amount of variable com pensation granted
to em ployees relative to total net revenues;
• Disclosure requirem ents to enhance transparency; and
• Affirm ing the independence of the com m ittees responsible
for executive com pensation oversight to ensure their align-
Q Q
ment with perform ance and risk.
In 2014, the FSB reported that im plem entation of these stan­
dards was essentially com plete in alm ost all FSB jurisdictions. In
some jurisdictions (e.g ., the European Union), regulators went
beyond the recom m ended standards and adopted bonus caps
equal to 100% of an executive's salary or, if approved by two-
thirds of shareholders, 200% of their salary.
Share-based com pensation aims to align the respective
interests of execu tives and shareholders. Th eo retically,
occupying the sam e boat as other shareholders should curb
excessive execu tive risk-taking. Flowever, this is not n eces­
sarily the case. Prior to the collapse of Lehm an Brothers, for
exam p le, em p loyees held ap p ro xim ately one third of the
firm 's shares. O ne must also bear in mind th at share ow ner­
ship can also encourage risk-taking because w hile potential
shareholder gains are infinite, losses are lim ited to their
investm ent.
O ne rem edy for this dilemma could be to turn em ployees into
the bank's creditors by introducing restricted notes or bonds
tied to com pensation schem es. Swiss bank UBS adopted such a
solution in 2013. It paid its most highly com pensated em ployees
in part with bonus b o n d s that are forfeited if the bank's regula­
tory capital ratio falls below 7.5% .
3.7 THE INTERDEPENDENCE OF
ORGANIZATIONAL UNITS IN RISK
GOVERNANCE
The im plem entation of risk m anagem ent at virtually all levels of
the enterprise is primarily the responsibility of the bank's staff,
rather than the board com m ittees. Executives and line busi­
ness m anagers need to work together to m anage, monitor, and
report the various types of risk being undertaken. Figure 3.2
outlines how risk m anagem ent flows and is shared by various
m anagem ent functions. Business m anagers also play an impor­
tant part in the verification of tim ely, accurate, and com plete
deal capture and their affirmation of official profit and loss (P&L)
statem ents.*
n o
G20 Leaders Statement: The Pittsburgh Summit, September 24-25,
2009, Pittsburgh http://www.g20.utoronto.ca/2009/2009communique
0925.html (accessed 19/4/2018).
■ 53
 Senior Management
• Sets business level risk tolerances
• Designs and manages policy
• Evaluates performance
Risk Management
• Manages risk policy development and
implementation
• Monitors limits 4 • Oversees official valuations—
• Controls model implementation risks
• Gives senior management
independent risk assessments
Fiqure 3.2 Interdependence in risk management.
A bank's operations function not only shares in the im plem enta­
tion of risk m anagem ent but plays a critical role in risk oversight
as well. In investm ent banks, for exam ple, its role is to indepen­
dently execute, record, and settle trades; reconcile front and
back-office positions; and chronicle all transactions. The opera­
tions staff also prepares earnings reports as well as independent
valuations of the bank's positions (e.g ., mark-to-market).
The finance group, on the other hand, is responsible for devel­
oping valuation and finance policies, ensuring the accuracy and
com pleteness of reported earnings, and reviewing independent
valuation m ethodologies and processes. Finance also manages
business planning and is called upon to support the financial
needs of the various business lines.
3.8 ASSESSING THE BANK'S AUDIT
FUNCTION
The previous sections outlined a risk m anagem ent process that
conforms to risk governance. Adherence to this process can pre­
vent the assumption of unbridled excessive risk. However, the
risk governance function alone cannot ascertain com pliance to
the policies established by the board and external regulations.
This is where the audit function comes in. It is incum bent upon
the internal audit function to ensure the set-up, im plem entation,
and efficacy of risk m anagem ent/governance.
To this point, regulators typically require the internal audit func­
tion to review all processes, policies, and procedures related
54 ■ Financial Risk Manager Exam Part I: Foundations of Risk Management
Business Line
• Takes on and manages exposure to
►
approved risks
• Verifies valuations
Finance & Operations
• Sets and manages valuation & finance
policies
including independent verifications
• Manages and supports analyses
required for business planning
• Ensures proper settlement/deal
capture/documentation
to risk m anagem ent. A com prehensive review includes, among
other things, assessing the organization of the risk control unit
and docum entation along with analyzing the integrity of risk
governance and the efficacy of the risk m anagem ent process.
This analysis includes the integration of risk m easures into daily
business m anagem ent.
Internal auditors are responsible for:
• Reviewing monitoring procedures,
• Tracking the progress of risk m anagem ent system upgrades,
assessing the adequacy of application controls in generating
and securing data, and
• Affirm ing the efficacy of vetting processes.
Best practices also call for the internal audit function to review
docum entation relating to com pliance and to com pare this with
the standards stipulated in the regulatory guidelines.29 It should
also offer its opinion on the reliability of any VaR reporting
fram ework.
Taking m arket risk as an exam ple, bank auditors are called upon
to review the vetting process pertaining to the derivative valu­
ation m odels used by both the front office and the back office.
They must sign off on any significant changes to the risk quanti­
fication process as well as validate the range of risks analyzed by
the various risk m easurem ent m odels. Internal auditors are also
required to inspect the reliability of information system s as well
29 Such standards include qualitative and quantitative criteria.
as the validity and com pleteness of the data on which m arket
risk metrics are com puted.
Regulatory requirem ents notwithstanding, a key task undertaken
by the audit function should be the evaluation of the design and
conceptual soundness of risk m easurem ent. Internal auditors
should validate m arket risk m odels by back testing investm ent
strategies. Additionally, they should evaluate the soundness of
risk m anagem ent information system s (also called risk MIS) used
in the quantification of risk throughout the enterprise. These can
include coding processes, internal model applications, and con­
trols over position data capture. Sim ilarly, auditors should ana­
lyze assum ptions pertaining to volatility, correlations, and other
param eter estim ates. An auditor's responsibilities often include
ensuring the veracity of the m arket databases used to generate
VaR param eters.
A risk m anagem ent function can be rated. This rating may be
used internally or by third parties (e.g ., rating agencies) that
undertake com parative analyses of multiple enterprises. There is
no one formula for excellence in risk m anagem ent. Despite this,
the rating of risk m anagem ent practices would be instrumental
in facilitating com parisons across an organization so that both
the internal and external parties can benefit from such objective
critiques.
The Institute of Internal Auditors (I IA) has devised a set of stan­
dards relating to internal controls, governance, and risk m anage­
ment. The organization's International Professional Practices
Fram ework (IPPF) articulates standards, some of which are man­
datory and others that are strongly recom m ended. The
Chapter 3 The Governance of Risk Management
m andatory standards and ethical code define the requirem ents
for professional practice.30 The recom m ended guidance outlines
how these standards should be applied and im plem ented in
practice.31
W ithin the industry, there has been an active debate as to
w hether the audit function should have effective oversight of
the firm 's operational risk m anag em ent.32 Note that the audit
has a natural interest in the quality of internal controls. W hile
subject to auditor review, however, the im plem entation of risk
m anagem ent must remain sep arate from the auditing function.
A s a basic principle, auditor independence from the underlying
activity is essential to ensure confidence in any assurances or
opinions rendered by the auditors to the board, and this
applies equally to the risk m anagem ent function and its associ­
ated processes. Unless this independence is m aintained, con­
flicts of interest could com prom ise the quality of both risk
m anagem ent and audit activity and seriously jeo p ard ize risk
governance.
See the Professional Guidance section of the IIA's website:
https://global.theiia.org/standards-guidance/Public%20
Documents/I PPF-Standards-2017.pdf.
31 The Institute of Internal Auditors, (n.d.). Recommended Guidance.
Retrieved from https://global.theiia.org/standards-guidance/
recommended-guidance/Pages/Strongly-Recommended-Guidance.aspx
32 See Crouhy, Galai, and Mark, "Key Steps in Building Consistent
Operational Risk Measurement and Management." In Operational Risk
and Financial Institutions, ed. R. Jameson, London: Risk Books, 1998.
■ 55
The following questions are i to help candidates understand the material. They are not actual FRM exam questions.

QUESTIONS
True/False Questions
3.1 A fter establishing a risk limit, a bank should plan to 3.4 The board of directors should be responsible for
maintain a risk exposure level just below the limit during overseeing and approving a firm's risk governance.
the normal course of business.
A. True
A. True B. False
B. False 3.5 Conflicts of interest between senior m anagem ent and
3.2 The standards set in the "Basel A cco rd " are legally other internal m anagem ent are referred to as "agency
binding in all banks in most countries. problem s."

A. True A. True
B. False B. False

3.3 Basel III designed a m acroprudential overlay leverage

ratio of 5% intended to reduce system ic risk and lessen
pro-cyclicality.

A. True
B. False

Short Concept Questions

3.6 The Dodd-Frank A ct overhauled the regulation of financial
institutions in the United States, aiming at improving
both consum er protection and system ic stability. List and
discuss three issues that the Dodd-Frank A ct tried to
address?
3.7 D escribe what is involved in risk governance.
3.8 W hat w ent wrong in MF Global after 2010? How was it
related to corporate governance issues?
3.9 D escribe key points involved in constructing a risk
appetite.
3.10 W hat are the four basic choices a bank needs to make
regarding a potential risk exposure?
3.11 How would one assess the stature of the C R O in the
organization?
3 .1 3 W hat is the difference between Tier 1 and Tier 2 limits?
3.14 W hat were three recom m endations from the Financial
Stability Board regarding com pensation after the
2007-2009 financial crisis?
3.15 W hat are the roles of the senior m anagem ent risk
com m ittee?
3.16 W hat are the key roles and responsibilities of an internal
audit function?
3.17 D escribe three key roles and responsibilities of the board
of directors.
3.18 D escribe the roles and responsibilities of the board audit
com m ittee.

3.12 Describe what a "Risk A ppetite Statem ent" (RAS) is and

the objectives of a RAS.

56 ■ Financial Risk Manager Exam Part I: Foundations of Risk Management

The following questions are intended to help candidates understand the material. They are not actual FRM exam questions.
Multiple Choice Questions
3.19 According to the Sarbanes-O xley (SOX) A ct, who is
required to certify the accuracy of the financial reports?
A. The chief risk officer (CRO ) only
B. The chief executive officer (C EO ) only
C. The chief financial officer (C FO ) only
D. C E O , C F O , and C R O only
E. C E O and C F O only
3.20 W hich of the following is not a concern of corporate
governance in banks?
A. Ensuring com petitive positioning of the bank in each
market
B. Determ ining the risk appetite
C. Board composition
D. Com pensation policy
3.21 W hich of the following was not an aim of the
Dodd-Frank A ct?
A. Verifying the accuracy of financial reports
B. Living Will and resolution plan
C. Stress testing and scenario analysis
D. Protecting consum ers
Chapter 3 The Governance of Risk Management
3.22 Risk governance does not include
A. setting limits on risk exposures.
B. setting the infrastructure for risk m anagem ent
information flows.
C. allowing for transparency of risk procedures.
D. setting m ethodologies to assess credit risk.
3.23 The major roles of the audit com m ittee do not include
A. reviewing the risk m anagem ent process.
B. preparing the annual financial report.
C. analyzing the integrity of risk governance.
D. affirming the reliability of vetting processes.
3.24 The roles of the senior m anagem ent risk com m ittee
include
A. calculations of the daily VaR.
B. reviewing the daily VaR.
C. planning the scenario analysis.
D. setting risk limits for specific business activities.
■ 57
The following questions are i to help candidates understand the material. They are not actual FRM exam questions.
ANSWERS
3.1 False, because the bank should operate well below its
risk limits during the normal course of business
3 .2 False
3.3 False, because the leverage ratio is 3%.
3.4 True
3.5 False, because "agency risk" puts the interests of man­
agem ent squarely against those of a com pany's longer-
term stakeholders.
3.6 Include any of the following seven elem ents.
• Strengthening the F e d : The A ct extended the
regulatory reach of the Federal Reserve (i.e., the Fed)
in the areas concerned with system ic risk. All the sys-
tem ically im portant financial institutions (SIFIs), which
are defined as bank holding firms with more than USD
50 billion of assets, are now regulated by the Federal
Reserve and the Fed's m andate now includes m acro­
prudential supervision.
• Ending too-big-to-fail: Dodd-Frank proposed an end
to "too-big-to-fail" by creating an orderly liquidation
authority (O LA).
• Resolution plan: SI FIs are required to subm it a
so-called "living w ill" to the Federal Reserve and
the Federal Deposit Insurance Corporation (FDIC)
that lays out a corporate governance structure for
resolution planning.
• D erivatives m arkets: The A ct launched a transparency-
focused overhaul of derivatives m arkets regulation
with the aim of helping m arket participants with
counterparty risk.
• The Volcker Rule: This is a prohibition on proprietary
trading, as well as the partial or full ownership/
partnership of hedge funds and private equity funds
by banking entities.
• P rotectin g consum ers: The A ct created a Consum er
Financial Protection Bureau (C FPB) to regulate
consum er financial services and products.
• Stress testin g : The A ct instituted a radically new
approach to scenario analysis and stress testing, with
the following characteristics.
• A top-down approach with m acroeconom ic
scenarios unfolding over several quarters;
58 ■ Financial Risk Manager Exam Part I: Foundations of Risk Management
• A focus on the effects of m acroeconom ic down­
turns on a series of risk types, including credit risk,
liquidity risk, m arket risk, and operational risk;
• An approach that is com putationally dem anding,
because risk drivers are not stationary, as well as
realistic, allowing for active m anagem ent of the
portfolios;
• A stress testing fram ew ork that is fully incorpo­
rated into a bank's business, capital, and liquidity
planning processes; and
• An approach that not only looks at each bank in
isolation, but across all institutions. This allows for
the collection of system ic information showing how
a major common scenario would affect the largest
banks collectively.
3.7 Risk governance involves
• Setting up an organizational infrastructure of human,
IT, and other resources as well as articulating formal
procedures for defining, im plem enting, and o versee­
ing risk m anagem ent; and
• Transparency and the channels of communication
established within the organization as well as with
external stakeholders and regulators.
3.8 Key points include the following.
• Jon Corzine was appointed chairman of the board and
C E O of M F Global In 2010.
• MF Global was experiencing liquidity and com pliance
problem s.
• Despite repeated warnings by the company's chief
risk officer, MF Global made huge proprietary invest­
ments in European sovereign debt. These investm ents
soured in 2011, exacerbating the com pany's liquidity
problem s.
• Liquidity problem s led to the loss of shareholder and
client confidence, and ultim ately to the firm's collapse.
• The com pany allegedly m isappropriated client funds
to m eet the cash crunch.
3.9 Key points include the following.
• Risk appetite is intim ately related to business strategy
and capital planning.
• Certain activities may be categorically inappropriate
for an enterprise given the type of risk involved.
The following questions are i to help candidates understand the material. They are not actual FRM exam questions.
• Business planning must take risk m anagem ent into
consideration from the outset.
• The matching of strategic objectives to the risk ap p e­
tite must be incorporated into the planning process.
• Clear communication of the firm's risk position and
risk appetite is essential so that appropriate limits can
be set on various risk-bearing activities.
3.10 The choice to:
• Not undertake certain activities,
• Transfer either all or part of a certain risk to third parties,
• Preem ptively m itigate risk through early detection and
prevention, and
• Assum e the risk while being fully cognizant of both
the upside and downside im plications.
3.11 Q uestions to ask include the following.
• Is the risk m anager a m em ber of the executive
staff and can this position lead to other career
opportunities?
• How independent is the risk m anager?
• W hat authority does the risk m anager hold?
• To whom does the risk m anager report?
• Are risk m anagers com paratively well paid relative to
other em ployees who are rewarded for perform ance?
• Is the enterprise's ethical culture strong and resilient
to the actions of bad actors?
• Has the bank set clear-cut ethical standards and are
these standards actively enforced?
3.12 A risk appetite statem ent:
• Is an im portant com ponent of corporate governance,
• Articulates the level and types of risk a firm is willing
to accept to reach its business goals,
• Includes both qualitative and quantitative statements, and
• Helps to reinforce a strong risk culture.
O bjectives include
• Maintaining a balance between risk and return;
• Retaining a prudent attitude toward tail risk and event
risk;
• Achieving a desired credit rating;
• Linking short-term capital and long-term capital,
financial and strategic plans, as well as com pensation
structure;
Chapter 3 The Governance of Risk Management
• Setting risk appetite and risk tolerance measures
which limit the amounts at risk that are expressed
at the business unit level and on an enterprise
level; and
• Making transparent the relationship between risk
appetite, risk capacity, risk tolerance and a firm's
current risk profile.
3.13 Tier 1 limits:
• Are specific and often include overall limits by asset
class, an overall stress-test limit, and a maximum
drawdown limit; and
• Excesses must be cleared or corrected im m ediately.
Tier 2 limits:
• Are more generalized;
• Relate to areas of business activity and aggregated
exposures to credit ratings, industries, m aturities,
regions, and so on; and
• Excesses are less urgent and can be cleared within a
within a few days or a w eek.
3.14 Recom m endations include:
• The elimination of multi-annual guaranteed bonuses;
• The incorporation of executive downside exposure
through the deferral of certain com pensation, the
adoption of share-based remuneration to incentivize
long-term value creation, and the introduction of
claw back provisions requiring reim bursem ent of
bonuses should longer-term losses be incurred after
bonuses are paid;
• The placem ent of limitations on the amount of
variable com pensation granted to em ployees relative
to total net revenues; and
• The imposition of disclosure requirem ents to enhance
transparency.
3.15 The senior m anagem ent risk com m ittee:
• Reports back to the board risk com m ittee with recom ­
m endations regarding the total at risk deem ed pru­
dent for the latter's consideration and approval;
• Establishes, docum ents, and enforces all corporate
policies in which risk plays a part;
• Sets risk limits for specific business activities, which
are then delivered to the C R O ; and
• D elegates the power to make day-to-day decisions
to the C R O . This delegation includes the power to
■ 59
The following questions are i to help candidates understand the material. They are not actual FRM exam questions.
approve risks exceeding preset limits imposed on
the various business activities, provided these e xce p ­
tions remain within the bounds of the overall board-
approved limits.
3.16 Key roles and responsibilities include:
• Independently assessing risk governance as well as
the im plem entation and efficacy of risk m anagem ent;
• Reviewing the risk m anagem ent process, a com pre­
hensive review includes, among other things, assess­
ing adequacy of the organization of the risk control
unit and docum entation;
• Analyzing the integrity of risk governance and the
efficacy of the risk m anagem ent process, including
the integration of risk m easures into daily business
m anagem ent;
• Exam ining the monitoring procedures, for tracking the
progress of risk m anagem ent system upgrades;
• Assessing the adequacy and effectiveness of applica­
tion controls in generating and securing data;
• Affirm ing the reliability of vetting processes;
• Com paring com pliance docum entation with qualita­
tive and quantitative criteria stipulated by regulations;
• Offering its opinion on the reliability of any risk
exporting fram ew ork; and
• Evaluating the risk m easurem ent m ethodologies both
in term s of theory as well as im plem entation, includ­
ing stress-testing m ethodologies.
3.17 Such roles and responsibilities include:
• Assessing the fundam ental risks and rewards engen­
dered in the bank's business strategy, based on a
clear understanding of the latter's direction and goals;
• Harmonizing risk appetite with the bank's strategic plan;
• Being accountable for risk transparency; and
• Making sure that:
• Any major transaction undertaken is in-line with
authorized risk taking as well as with the relevant
business strategies.
• An effective risk m anagem ent system is in place
that enables corporation to further its strategic
objectives within the confines of its risk appetite.
• Procedures for identifying, assessing, and handling
the various kinds of risk are effective.
• Executives are com pensated based on their risk-
adjusted perform ance and that the incentives
60 ■ Financial Risk Manager Exam Part I: Foundations of Risk Management
inherent in such com pensation do not clash with
shareholder interests.
• Disclosure to m anagers and relevant stakeholders
is both adequate and com pliant with internal cor­
porate rules and external regulations.
• The information it obtains concerning the im ple­
mentation of risk m anagem ent is accurate and
reliable.
3 .1 8 The board audit com m ittee is responsible for:
• Assessing the veracity and the quality of the firm's
financial reporting, com pliance, internal control and
risk m anagem ent processes; and
• Com pliance with best-practice standards in non-finan-
cial m atters.
Regulatory, legal, com pliance, and risk m anage­
ment activities also fall under the purview of the audit
com m ittee.
3 .1 9 E. C E O and C F O only
S O X specifically requires the C E O and C F O to affirm the
accuracy of all financial disclosures.
3 .2 0 A . Ensuring com petitive positioning of the bank in each
market
Corporate governance is concerned with proper controls
around the running of a business entity— not the specif­
ics of strategy.
3.21 A . Verifying the accuracy of financial reports
A ccuracy of financial reports was an aim of Sarbanes-
O xley, not Dodd-Frank.
3 .2 2 D. Setting m ethodologies to assess credit risk
The specifics of risk methodologies are not a part of risk
governance. However, risk governance does extend to
ensuring the activities around the developm ent of the
methodologies are appropriately controlled and disclosed.
3 .2 3 B. Preparing the annual financial report
The audit com m ittee serves as a check on processes
and procedures. In this case, the audit com m ittee would
ensure that the process around the report was properly
controlled and delivered accurate results.
3 .2 4 D. Sets risk limits for specific business activities
The senior m anagem ent risk com m ittee em powers the
C R O to have oversight into the specifics of how risk is
reported and analyzed as well as the overall day-to-day
m anagem ent of risk.
Credit Risk Transfer
Mechanisms
Learning Objectives
A fter com pleting this reading you should be able to:

Com pare different types of credit derivatives, explain Evaluate the role of credit derivatives in the 2 0 0 7 -2 0 0 9
how each one transfers credit risk, and describe their financial crisis, and explain changes in the credit derivative
advantages and disadvantages. market that occurred as a result of the crisis.

Explain different traditional approaches or mechanisms Explain the process of securitization, describe a special
that firms can use to help mitigate credit risk. purpose vehicle (SPV), and assess the risk of different busi­
ness models that banks can use for securitized products.

61
4.1 OVERVIEW OF CREDIT RISK
TRANSFER MECHANISMS
The core risk exposure for banks is credit risk. Traditionally,
banks have taken short-term liquid deposits and provided long­
term , illiquid loans. Before the new millennium, banks had only
a limited capacity for managing credit risk exposure. That all
changed by the end of the twentieth century.
In 2002, then-Federal Reserve Chairm an Alan Greenspan spoke
of a "new paradigm of active credit m anagem ent." He argued
that the United States banking system had withstood the
2001-2002 econom ic slowdown in part because it had trans­
ferred and dispersed credit exposures using novel credit deriva­
tives and securitizations. These included credit default swaps
(CD Ss), collateralized debt obligations (CD O s), and collateral­
ized loan obligations (C L O s).1
This praise may seem m isguided, given the role of credit trans­
fer instrum ents in the build-up of system ic risk that preceded
the 2007-2009 global financial crisis. However, the blame ini­
tially assigned to credit derivatives should in fact be laid at the
feet of those who used and abused them .
The C D S and C LO m arkets remained robust, in certain respects,
during and following the crisis. As a result, they fulfilled their
purpose of helping to manage and transfer credit risk. Although
there were major system ic deficiencies (e.g ., conflicts of inter­
est and transparency issues) that needed to be addressed, the
mechanisms them selves were not the real culprit in precipitating
the crisis.
Many com m entators have come to the view that the role of
these mechanisms in causing the crisis may have had more to
do with failings of the pre-crisis securitization process than with
the underlying principle of credit risk transfer. Note that the per­
form ance of credit derivative m arkets was, and remains, highly
varied. Some parts of the securitization industry remained viable
through much of the crisis and beyond. This is perhaps because
their risks remained relatively transparent to investors.
W hile some credit transfer m arkets and instrum ents met their
dem ise following the financial crisis, some are now reappearing
(though not as they were in the past). Some of these instruments
may take off again as the econom y improves and if interest rates
rise high enough to support costly securitization processes. Still
others were relatively unaffected by the crisis.
Some of the more robust instruments that survived the crisis
include C D S and asset-backed securities (ABS), which can be1
1 A. Greenspan, "The Continued Strength of the U.S. Banking System,"
speech, October 7, 2002.
62 ■ Financial Risk Manager Exam Part I: Foundations of Risk Management
backed by assets such as auto loans, credit cards receivables,
equipm ent leases, and student loans. In addition, asset-backed
commercial paper (A BCP) and m ortgage backed securities
(MBS) are expected to survive and draw renewed interest. W hile
the C LO m arket was dorm ant for a few years following the crisis,
new C LO issuance has grown significantly since 2011, surpassing
pre-crisis volum es.
Collateralized debt obligations squared (CD O s-squared), as well
as other forms of overly com plex securitized instrum ents (e.g .,
single-tranche C D O s and com plex A B C P ) are unlikely to be
revived. Their com plexity was not meant to make these instru­
ments better at hedging risk. Rather, it was meant to make them
easier to market.
M eanwhile, new credit risk transfer strategies are em erging.
O ne exam ple can be seen in the growing number of insurance
com panies buying bank loans with the aim of building asset
portfolios that match their long-term liabilities. The high capital
costs associated with post-crisis reforms suggest the "buy-and-
hold" banking model will remain a relatively inefficient way for
banks to manage risks generated by lending and other bank­
ing activities. Regulators, as well as industry practitioners, are
interested in securitization m arket reforms aim ed at helping
banks obtain funding, optimizing risk m anagem ent, and encour­
aging liquidity and econom ic growth. In the longer term , the
2007-2009 crisis may end up being viewed more as a construc­
tive test of the credit transfer m arket than its undoing.
4.2 HOW CREDIT RISK TRANSFER
CAN BE USEFUL *•
Banks have long had several ways to reduce their exposure to
credit risk— both on an individual name and an aggregate basis.
Such credit protection techniques include the following.
• Purchasing insurance from a third-party guarantor/under-
w riter: W hen done on an individual obligor basis, this is
term ed a guarantee. This is often seen in the U.S. municipal
bond market.
• Netting of exposures to counterparties: This is done by look­
ing at the difference between the asset and liability values for
each counterparty and having in place documentation saying
that these exposures can be netted against each other. O ther­
wise, if a counterparty goes bankrupt, the value of the obliga­
tion that counterparty has to the bank vanishes while the bank
itself remains liable for any funds due to the counterparty.
• M arking-to-market/margining: This entails having an agree­
ment in place among counterparties to periodically revalue
a position and transfer any net value change between the
 BOX 4.1 SYNDICATION AND THE SECONDARY MARKET
For larger loan transactions, it is typical for banks to syndi­
cate loans to disperse the credit risk incurred through large
transactions. Banks can also sell off the loans they originate
(or otherwise own) in the secondary market.
Syndication com es into play for very large transactions. In
these cases, the lead bank originates the transaction and
makes arrangem ents to distribute the deal among a larger
group of investors. For these efforts, the bank earns a per­
centage fee. Typically, the lead bank will hold about 20% of
the loan for its own book.
There are two basic types of syndicate arrangem ents: firm
com m itm ent and b e st efforts. With firm com m itm ents, the
counterparties so that the net exposure is minimized. This
requires relatively sophisticated system s and has historically
been seen in the m arket for exchange-traded derivatives.
• Requiring collateral be posted: Collateral can offset credit
losses in the event of default. Note that there are instances
when the circum stances precipitating the default could nega­
tively im pact the value of the collateral. For exam ple, with an
oil com pany offering barrels of crude as collateral, the prob­
ability of the com pany defaulting increases as the price of oil
falls (this is known as w rong way risk).
• Term ination/Put option: A t inception, the counterpar­
ties agree to a set of trigger events that, if realized, would
require the unwinding of the position using a pre-determ ined
m ethodology (often the mid-market valuation). Such trig­
gers could be dow ngrades, metrics based on balance sheet/
income statem ent items, and so on. In the case of a put
option, the lender has the right to force early term ination at a
pre-determ ined price.
• Reassignm ent of a credit exposure to another party in the
event of some predefined trigger (e.g ., a ratings dow ngrade).
The strategies discussed above are effective but require specific
agreements between the counterparties to enact. For this and
other reasons, they may not easily fit the needs/goals of the coun­
terparties. Critically, they are limited in that they do not isolate
credit risk from the underlying positions for redistribution to a
broader class of investors. Nor do they effectively "slice and dice"
risk to enable the fine tuning of positions or credit portfolios.
C redit derivatives (e.g ., CD Ss) were form ulated precisely to
enable this fine tuning. C redit derivatives are off-balance sheet
instrum ents that facilitate the transfer of credit risk2 between
two counterparties (the beneficiary who sells the risk and the
2 Based upon some reference asset.
banks guarantee the obligor will receive a set dollar amount
and any failure of the bank to recruit additional investors will
result in the bank taking a larger portion of the loan onto its
own books. For best efforts, the am ount raised is based upon
how well the bank does in generating interest in the deal and
there is no guarantee that the target am ount will be raised.
Syndicated loans form the backbone of the secondary mar­
ket for bank loans, as the originating bank is obligated to
ensure the ability of investors to trade the loan after initial
distribution. A s the secondary m arket (as well as the market
for credit derivatives) has grown, pricing has becom e more
transparent and liquidity has increased.
guarantor who buys the risk) without having to sell the given
position. Credit derivatives perm it the isolation of credit risk
(e.g ., in a loan or a bond) and transfers that risk without incur­
ring any funding or client m anagem ent issues. They are to credit
what interest rate and foreign exchange derivatives were to
m arket risk (because these innovations isolated m arket risk from
funding and liquidity risk concerns).
C redit derivatives com e with their own set of challenges. Each
of the counterparties is obliged to understand the full nature of
the risk transfer: how much risk is transferred, the nature of that
risk, how the trigger events are defined, any periodic paym ent
obligations, the obligations and rights for each counterparty
in trigger scenarios, and so on. They also need to understand
when the contract is enforceable and when (if ever) it is not.
There are also issues of system ic concentration risk— even prior
to the 2007-2009 financial crisis, regulators were concerned
about the relatively small num ber of liquidity providers in the
credit derivatives m arkets. They feared this nascent market
could face disruption if any of the major participants w ere to
experience distress (in isolation or in concert). It is interesting
to note, however, that the single-name and index C D S m arkets
operated relatively sm oothly at the height of the credit crisis
under the leadership of the International Swaps and Derivatives
Association (ISDA).
Risk transfer and securitization enables institutions to effec­
tively tailor pools of credit-risk exposures by facilitating the
sale and repackaging of risk. Securitization is also a key source
for funding consum er and corporate lending. According to the
International M onetary Fund (IM F), the issuance of securitized
loans soared from nearly nothing in the early 1990s to almost
USD 5 trillion in 2006. Trading volum es collapsed following the
subprim e crisis, however, especially for m ortgage-backed C D O s
and C LO s. O nly credit card receivables, auto loans, and lease-
backed securities remained relatively unaffected.
Chapter 4 Credit Risk Transfer Mechanisms ■ 63
With the huge expansion in the issuance of corporate bonds by a treasury bond: The resulting interest rate spread will tend to
since 2012, there has been a revival in the m arket for securitized increase as the obligor's credit quality declines. New technologies,
corporate loans. This is because their C LO structure is transpar­ innovations, and markets are increasing the transparency of credit
ent for investors and the collateral is reasonably easy to value. pricing across the full range of the spectrum and thus this concept
is becoming increasingly critical to risk management.
The Securities and Exchange Com m ission, in conjunction with
U.S. federal banking regulators, finalized Section 15G of the
Securities and Exchange A ct in 2014. This imposed risk retention
4.3 THE MECHANICS OF
provisions on asset-back securities, including C LO s. Specifically,
the rules require securitizers to retain, without recourse to risk
SECURITIZATION
transfer or m itigation, at least 5% of the credit risk.3 These pro­
Securitization involves the repackaging of loans and other assets
visions were designed to align securitizers' interests with those
into new securities that can then be sold in the securities mar­
of investors, requiring the form er to "have skin in the g a m e ."4
kets. This elim inates a substantial amount of risk (i.e., liquidity,
When properly executed in a robust, liquid, and transparent mar­ interest rate, and credit risk) from the originating bank's balance
ket, credit derivatives contribute to the process of credit price dis­ sheet when com pared to the traditional buy-and-hold strategy.
covery (i.e., they clarify and quantify the market value for a given The securitization process is illustrated in Figure 4.1.
type of credit risk). In addition to putting a number to the default
The securitization process begins with the creation of a corpora­
risk incurred by many large corporations, CD S prices also offer a
tion called a special purpose vehicle (SPV). The SPV then pur­
means to monitor default risks in real time (as opposed to peri­
chases loan portfolios from several banks to create investm ents
odic credit rating assessments). The hope is that improvements in
products (e.g ., C LO s). SPVs are mainly funded by several classes
price discovery will eventually lead to enhanced liquidity, along
of bonds, arranged by seniority and/or credit rating, along with
with a more efficient market pricing of credit spreads for the full
a relatively small equity tranche. This equity tranche, which is
spectrum of instruments with credit risk exposure.
the most junior tranche, will usually provide less than 10% of an
Historically, it has been true that corporate bond markets per­ SPV's total funding.
form price discovery. However, bonds blend interest rate and
The trend toward securitization began in 1968 with the birth of
credit risk (and som etimes liquidity risk) together. Moreover, the
the Governm ent National M ortgage Association (G N M A , also
corporate bond market is only useful to understand the credit
known as Ginnie M ae).6 Consum er A B S s in the United States
risk for those companies that issue bonds— which is generally lim­
and residential m ortgage-backed securities (RMBS) in the U.K.
ited to the largest public com panies.5 On the other hand, credit
em erged in the 1980s. The 1990s saw the developm ent of com ­
derivatives can potentially help in pricing the credit risk em bed­
mercial m ortgage backed securities (CM BS) in the United States
ded in privately traded high-yield loans and loan portfolios.
Between 2000 and 2007, there was a surge in the issuance of
C redit risk in a mature credit m arket goes beyond default risk very com plex, risky, and opaque C D O s in the U.S. private label
to include risks arising from credit spread fluctuations. These
risks affect the valuation of all associated instruments subject to SPV (Special Purpose Vehicle)
credit risk (e.g ., bonds, derivatives, and loans). Accordingly, the Uses of Funds Sources of Funds
traditional "cred it risk" evolves to the "m arket risk of credit risk"
(for certain liquid assets). Collateralized Equity
Assets ^Liabilities
O f course, pricing credit risk and regarding it as a variable with a
non-stationary value is incorporated (at least to an extent) in tradi­
tional bond analysis. Consider a corporate bond duration-hedged

3 Pub. L. No.111 -203, 124 Stat. 1376(2010). Section 941 of the Dodd-
Frank Act. For further information, see: https://www.sec.gov/rules/
final/2014/34-73407.pdf.
4 The U.S. Court of Appeals for the District of Columbia Circuit, 17-5004,
February 9, 2018 - Loan Syndication and Trading Association (LSTA) vs.
the Securities Exchange Commission and Board of Governors of the Fiqure 4.1 Securitization of financial assets.
Federal Reserve System, 1:16-cv-00652.
5 Corporate bonds that offer enough liquidity and market activity to 6 GNMA is the primary mechanism for securitizing government-insured
facilitate credit risk analysis generally are from large corporations. and government-guaranteed mortgage loans.

64 ■ Financial Risk Manager Exam Part I: Foundations of Risk Management

 UK's first RMBS deal
issued

Chrysler Financial
issues first private
auto loan-backed First
ABS (May) private-
------------ ------------ n
r

U.S. private label label U.S.

^r MBS issuance RMBS deal
Sperry Corporation First subprime- since 2008
exceeds govt
issues first ABS, backed RMBS deal issued
sponsored issuance
backed by computer found in ABS
for first time
leases (March) market
J V.
r -------------------------- n
First CMBS deal First Continental r ^ More than 2,000
GNMA issued by Fidelity European ABS deal First ABS-backed downgrades of
issues first r \ Mutual Life issued CDO issued securitizations take
U.S. govt Bank of America V______________________ J place; 500 exceed
guaranteed issues first private- C \ 10 notches
label RMBS pass­ Freddie Mac issues UK's first auto-ABS First synthetic
pass­
through first CMO deal issued CDO issued Nov.
through
I
■
2005 2007 ■

♦ ♦ 4 ------ 4 ♦ ---------------- ♦
1977 1981 1983 1985 1987 1990 1997 1999 2006 2010
>» July 2007
»
r

Fannie Mae First credit card- Early 1990s

issues its first backed ABS issued _________ a_________ Start of
Freddie Mac V" / CLO issuance starts Global
pass-through
issues first V__________________ J Financia
pass-through Imperial Savings Crisis
Association issues
first CDO U.S. subprime
------------------------- V ------------------------- ;
mortgage issuance
comprises more
than 20% of all U.S.
mortgage issuance

Fiqure 4.2 Milestones in the development of the securitization markets.7

Source: IMF Staff. Reprinted by permission of the International Monetary Fund.

securitization m arket. Figure 4.2 summarizes the major mile­ The shift toward the O TD business model seem ed to offer the
stones in the developm ent of the securitization m arkets (as financial services industry many benefits.8
depicted by the IMF). • O riginators benefited from greater capital efficiency and
enhanced funding opportunities, as well as lower earnings
4.4 FROM BUY-AND-HOLD TO volatility (at least in the short term ), because the O TD model
seem ingly dispersed credit risk and interest rate risk across
ORIGINATE-TO-DISTRIBUTE
many m arket players.

Starting in the 1980s, certain banking activities shifted • Investors benefited from a w ider array of investm ents, allow­
from the traditional buy-and-hold strategy to a new ing them to diversify their portfolios and better sync their
originate-to-distribute (OTD) business model. C red it risk that risk/return profiles with their goals and preferences.
would have once been retained by banks on their balance • Borrowers benefited from the expansion of available credit
sheets was sold, along with the associated cash flows, to inves­ and product options, as well as from the lower borrowing
tors in the form of A B S s and sim ilar investm ent products. In costs resulting from these benefits.
part, the banking industry's enthusiasm for the O TD model was
driven by the Basel capital adequacy requirem ents. Specifically,
banks sought to optim ize their use of capital by moving capital­ 7 Segoviano, M., Jones, B., Lindner, P., & Blankenheim, J. (2013,
November). Securitization: Lessons Learned and the Road Ahead(Rep.).
consuming loans off their books. Accounting and regulatory
Retrieved https://www.imf.org/external/pubs/ft/wp/2013/wp13255.pdf
standards also tended to encourage banks to focus on generat­
8 See Report of the Financial Stability Forum on Enhancing Market and
ing the upfront commissions associated with the securitization Institutional Resilience (Rep.). (2008, April 7). https://www.fsb.org/wp-
process. content/uploads/r_0804.pdf

Chapter 4 Credit Risk Transfer Mechanisms ■ 65

However, benefits of the O TD model progressively
eroded as risks accum ulated in the years leading up 1. Loan Origination
to the financial crisis. And while there is widespread Compensation was tied to high loan
disagreem ent regarding the O TD model's relative volumes and high commission
mortgages, not subsequent loan
contribution to the crisis, there is a consensus that performance or suitability.
it created moral hazard by lowering the incentives
for lenders to monitor the creditworthiness of bor­
4. Investors 2. Securitization
rowers. There is also agreem ent that too few safe­
As monetary policy turned highly High fee-earning, complex, and
guards were in place to offset this moral hazard. accommodative, the search for yield opaque product issuance soared,
intensified; banks also retained requirinq advanced financial
Nevertheless, leading up to the financial crisis, banks contingent exposure to structured engineering and large quantities of
deviated from, rather than followed, the O TD busi­ investment vehicles with high underlying loans.
rollover risk.
ness model. Instead of acting solely as intermediaries
(i.e., transferring risk from mortgage lenders to capi­
3. Credit Rating Agencies
tal market investors), many banks took on the role of Some securitized products were
the investor.9 In the mortgage market, for exam ple, awarded higher ratings than
fundamentals suggested, and
relatively little credit risk was transferred. Instead, correlations were underestimated;
//
many banks retained or even acquired a consider­ Ratings shopping" may have resulted
in upwardly biased ratings.
able amount of securitized mortgage credit risk.

Risks that should have been broadly dispersed Fiaure 4.3 The self-reinforcing securitization chain.11
under the O TD model were instead concentrated Figure reprinted by permission of the International Monetary Fund.
in entities primarily established to skirt m anda­
tory capital requirem ents. Banks and other financial institutions • There were misaligned incentives along the securitization
achieved this by establishing highly levered off-balance sheet chain, driven by the pursuit of short-term profits. This was
A B C P conduits and structured investm ent vehicles (SIVs). the case among many originators, organizers, m anagers, and
distributors. Investor oversight was w eakened by com pla­
Banks m isjudged the risks (e.g ., reputation risk) contained in the
cency, as m arket growth beckoned many to "le t the good
com m itm ents made to SIV investors. They also (falsely) assumed
tim es roll." The com plexity of these instruments and a lack
that there would be a substantial ongoing access to liquidity
of understanding among investors also served as barriers to
funding and that m arkets in these assets would be sufficiently
m arket discipline and oversight.
liquid to support securitization.
• The risks em bedded in securitized products were not transpar­
Firms that were selling their credit exposures found them selves
ent. Investors had difficulty assessing the quality of the under­
retaining a growing pipeline of credit risk. Furtherm ore, they did
lying assets and the potential correlations between them.
not adequately measure and manage the risks that would m ate­
rialize if assets could not be sold. Some levered SIVs suffered • There was poor securitization risk m anagem ent, particularly

from significant liquidity and maturity m ism atches, making them regarding the identification, assessm ent, handling and stress
testing of m arket, liquidity, concentration, and pipeline risks.
vulnerable to a classic bank run (or rather a shadow bank run).
• There was an overreliance on the accuracy and transparency
These problem s shed light on the need to strengthen the foun­
of credit ratings. This was problem atic because rating agen­
dations of the O TD m odel. The factors that exacerbated these
cies failed to adequately review the granular data underlying
w eaknesses included bank leverage, faulty origination practices,
securitized transactions and underestim ated the risks of sub­
and the fact that many financial firms chose to retain (rather than
prime C D O structuring.12
fully transfer) the credit risk em bedded in the securities they
originated. Am ong the issues that needed to be addressed were Figure 4.3 summarizes this self-reinforcing securitization chain
the fo llo w ing.10 that am plified system ic risk during the crisis by allowing massive
leverage and risk concentration in the financial sector.
9 According to the Financial Times (July 1, 2008), 50 percent of AA-rated
asset backed securities were held by banks, ABCP conduits and SIVs.
As much as 30 percent was simply parceled out by banks to each other,
while 20 percent sat in conduits and SIVs. 11 E. H. Neave, Modern Financial Systems: Theory and Application,
Hoboken, NJ: John Wiley & Sons, 2010.
10 Segoviano, M., Jones, B., Lindner, P., & Blankenheim, J. (2013,
November). Securitization: Lessons Learned and the Road Ahead(Rep.). 12 See M. Crouhy, R. Jarrow, and S. Turnbull, "The Subprime Credit
Retrieved https://www.imf.org/external/pubs/ft/wp/2013/wp13255.pdf Crisis of 2007," Journal o f Derivatives, Fall 2008, pp. 84-86.

66 ■ Financial Risk Manager Exam Part I: Foundations of Risk Management

W hile operating at a fraction of its pre-crisis 2500 -.
size, the securitization m arket is on the
rebound. M BSs, particularly those issued by
2000
U .S. governm ent agencies, continue to
-

dom inate the landscape in term s of the European 1 ■ U.S .2

volum e of outstanding securities, new issu­
1500 -
ances, and trading. The m arkets for other
asset-backed securities, such as those
related to consum er lending, have held 1000 -

their ground since the crisis and have

grown in recent years. A s for C D S s, while
500 -
the notional am ount outstanding has fallen
from a peak of USD 61.2 trillion in the first
half of 2008 to only USD 8.1 trillion in the 0
second half of 2 0 1 8 .13 However, the volum e 2003 2004 2005 2006 2007 2008 2009 2010 2011 2012 2013 2014
of contracts cleared by central counterpar­ Fiqure 4.4 Total private European and U.S. securitization issuance15
ties (C C P) has risen and in the second half (in billions U.S. dollars).
of 2018 accounted for 55% of all
Sources: Association for Financial Markets in Europe; Bloomberg; IMF staff calculations; and the
co n tra cts.14 Securities Industry and Financial Markets Association.

Figure 4.4 shows the total private European Note: Figures for 2014 are annualized based on data to September.
and U.S. securitization issuance from 2003 1 European securitization includes asset-backed securities (ABS), collateralized debt obligations,
to 2014. A s of 2018, securitization issuance mortgage-backed securities, small and medium enterprise securitizations, public finance initia­
tives, and wholesale business securitizations.
is near the level observed in 2003.
2 U.S. securitization includes ABS, commercial mortgage-backed securities, and residential
The dust has not entirely settled on the mortgage-backed securities.
regulatory environm ent. Some measures
Source: IMF Staff. Reprinted by permission of the International Monetary Fund.
are still being drafted, some are in various
stages of im plem entation, and others are facing the possibility W hile it is im portant to be cognizant of the potential risks posed
of repeal. This regulatory uncertainty serves as an obstacle to by credit derivatives, the case favoring a thriving m arket in these
securitization's com eback. It remains to be seen if, once im ple­ financial instrum ents is com pelling. The paradigm of active
m ented, these new measures will be enough to prevent the credit m anagem ent has not been replaced by a new paradigm .
formation of a similar constellation of incentives, actors, and The dem and for instruments that efficiently transfer credit risk
circum stances that plagued the securitization process before and improve the effectiveness of risk m anagem ent continues to
the crisis. prevail, and the O TD model of banking based on the transfer
and dispersion of credit risk continues to carry the promise of
furthering system ic financial stability.
13 Bank of International Settlements, Credit default swaps, by type
o f position. Accessed June 2019: https://stats.bis.org/statx/srs/table/
15 Segoviano, M., Jones, B., Lindner, P., & Blankenheim, J. (2013,
d10.1?p=20182&c=
November). Securitization: Lessons Learned and the Road Ahead(Rep.).
14 Ibid. Retrieved https://www.imf.org/external/pubs/ft/wp/2013/wp13255.pdf

Chapter 4 Credit Risk Transfer Mechanisms 67

The following questions are i to help candidates understand the material. They are not actual FRM exam questions.

QUESTIONS
True/False Questions
4.1 The securitization mechanism underlying the subprim e 4.3 C redit Default Swaps allow the transfer of credit risk w ith­
C D O m arket played a central role in bringing about the out impacting funding or relationship m anagem ent.
2007-2009 global financial crisis (G FC ).
A. True
A. True B. False
B. False 4.4 In the originate-to-distribute (O TD) business m odel, there
4.2 The securitization of securities backed by assets such as is little incentive for lenders to monitor the creditw orthi­
car loans, credit card receivables, and equipm ent leases ness of borrowers.
remained a viable activity during and after the G F C . A. True
A. True B. False
B. False

Multiple Choice Questions

4.5 In a typical securitization, the sources of funds are mainly 4.8 Over-the-counter CD Ss helped transfer credit risk in the
several classes of bonds arranged by ratings and a rela­ loan book, but also generated n ew __ of a system ic nature
tively large equity tranche. A. credit spread risk
B. counterparty credit risk
A. True
C . interest rate risk
B. False
D. None of the above
4.6 W hich of the following cannot be used to transfer credit
risk from a bank's balance sheet? 4.9 C redit risk includes
A. C redit derivatives A. the risk of default.
B. the risk of upgrades and dow ngrades.
B. C redit default swaps
C . Securitization C . credit spread risk.

D. US governm ent bond futures D. All the above

4.7 W hich technique below does not contribute to credit risk

m itigation?
A. Bond insurance
B. Buy-and-hold
C . Netting
D. Collateralization

Short Concept Questions

4.10 D escribe the securitization process.

4.11 Fiow do the SEC 's risk retention provisions force banks to
have "skin in the gam e"?

68 ■ Financial Risk Manager Exam Part I: Foundations of Risk Management

The following questions are i to help candidates understand the material. They are not actual FRM exam questions.

ANSWERS
4.1 False 4.7 B. Buy-and-hold

The crisis may have had more to do with failings of the Buy-and-hold is an asset acquisition strategy and
pre-crisis securitization process than with the underlying would in fact contribute to the accum ulation of credit
principle of credit risk transfer. exposures.

4.2 True 4.8 B. Counterparty credit risk

More straight-forward securitizations survived the G F C , Even prior to the 2007-2009 financial crisis, regulators
whereas more com plex instrum ents (e.g ., C D O s squared) were concerned about the relatively small number of
are unlikely to be revived. liquidity providers in the credit derivatives m arkets. They

4.3 True feared this nascent m arket could face system ic disruption
if any of the major participants were to experience dis­
CD Ss do not require funding per se, nor do they require
tress (in isolation or in concert).
any participation from the reference creditor.
4.9 D. All the above
4.4 True
All of these are derived from the creditw orthiness (or the
In the O TD m odel, the originating financial institution
perceived creditworthiness) of the borrower
does not suffer any losses in the event of a default.
4.10 A nsw er: See Figure 4.1 and Section 4.3
4.5 False
4.11 The rules require securitizers to retain, without recourse
Equity tranches typically com prise less than 10% of total
to risk transfer or m itigation, at least 5% of the credit
funding.
risk.
4.6 D. U.S. governm ent bond futures

G overnm ent bond futures offer a mechanism to transfer

interest rate risk, not credit risk.

Chapter 4 Credit Risk Transfer Mechanisms ■ 69

Modern Portfolio
Theory and Capital
Asset Pricing
Model
Learning Objectives
A fter com pleting this reading you should be able to:

Explain modern portfolio theory and interpret the Interpret beta and calculate the beta of a single asset
M arkowitz efficient frontier. or portfolio.

Understand the derivation and com ponents of the C A PM .
D escribe the assum ptions underlying the C A PM .
Interpret the capital m arket line.
Calculate, com pare, and interpret the following
perform ance m easures: the Sharpe perform ance index,
the Treynor perform ance index, the Jensen perform ance
index, the tracking error, information ratio, and
Sortino ratio.

A pply the CAPM in calculating the expected return on

an asset.

71
Anticipating changes in the financial m arkets is an im portant
com ponent of risk m anagem ent. Because future m arket m ove­
ments are inherently uncertain, one must rely on models to m ea­
sure and quantify risks.
This chapter reviews two key theoretical m odels for m arket risk:
modern portfolio theory (MPT) and the capital asset pricing
model (CAPM ). It also dem onstrates how they are related (as
well as their place in risk m anagem ent).
M arket risk has attracted a great deal of academ ic research
since the 1950s due to the abundance of available data on
traded securities. A s a result, m arket risk m odels have been
em pirically tested in various global m arkets.
These m odels have several simplifying assum ptions that allow
them to deliver insights into the key factors and their interre­
lationships, without getting bogged down by excess com plex­
ity. In this sense, a "g o o d " financial model is one that helps
to separate the major explanatory variables from the noisy
A
background.
The stance taken herein aligns with Milton Friedm an's edict that
predictive power is the sole criteria to gauge the success of a
m odel.*2 To that end, even a very sim ple model can be "success­
ful" if it provides reasonably accurate forecasts and adds value
to the decision-making process. Despite the criticism directed at
risk m anagem ent m odels following the 2007-2009 financial
crisis— which saw m odels fail due to errors in selection, im ple­
m entation, and over-interpretation— m odels and their underly­
ing theories are still essential to modern risk m anagem ent. W hat
the crisis taught is that, while m odels are im portant tools, what
is even more im portant is how they are im plem ented.
5.1 MODERN PORTFOLIO THEORY
Harry Markowitz's Ph.D . dissertation put forth the foundation of
modern risk analysis.3
A Logically, a reduction in risk should result in lower expected
The Fed and O CC refer to a model as a "quantitative method system
or approach that applies statistic, economic, financial or mathematical
theories, techniques and assumptions to process input data into quanti­
tative estimates."
See United States, Board of Governors of the Federal Reserve System,
Office of the Comptroller of the Currency. (2011, April 4). SR 11-7:
Guidance on Model Risk Management. Retrieved from https://www
.federalreserve.gov/supervisionreg/srletters/sr1107.htm
2 M. Friedman, "The Methodology of Positive Economics," in Essays in
Positive Economics (Chicago: University of Chicago Press, 1953).
3 H. M. Markowitz, "Portfolio Selection," Journal o f Finance 7, 1952,
pp. 77-91. Markowitz would eventually win the Nobel Prize for Econom­
ics based upon this work.
72 ■ Financial Risk Manager Exam Part I: Foundations of Risk Management
M arkowitz dem onstrated that a "rational investor" (i.e., an
investor who is risk averse and seeks to maximize utility)4 should
evaluate potential portfolio allocations based upon the associ­
ated means and variances of the expected rate of return distri­
butions. The theory also assumes
• Capital m arkets are perfect, meaning that:
• There are no taxes or transaction costs;
• All traders have costless access to all available inform a­
tion; and
• Perfect com petition exists among all m arket participants
• Returns are normally distributed.
The assumption of normally distributed returns allows investor
utility choices (as well as investm ent portfolios) to be stated sim ­
ply in term s of the mean (i.e., perform ance) and variance (i.e.,
risk). With all else being equal, investors prefer a higher mean
return and a lower variance.
Investors seek to reduce the variance of their portfolio returns
by diversifying their investm ents. Diversification is accom ­
plished by investing in a portfolio of assets whose constituents
have values that do not move in lock-step with one another
(i.e., are uncorrelated). Specifically, diversification allows inves­
tors to offset specific risk exposures associated with individual
assets.
According to M arkowitz, the level of investm ent in a particular
financial asset should be based upon that asset's contribution to
the distribution of the portfolio's overall return (as measured by
the mean and variance). An asset's perform ance is not judged in
isolation, but rather in relationship to the perform ance of the
other portfolio assets. In other words, what m atters is the covari­
ability5 of the asset's return with respect to the return of the
overall portfolio.
Portfolio diversification enables (at least in theory) the zero-cost
reduction of risk exposures to individual assets. Therefore, inves­
tors should receive no com pensation for taking on the specific
risk (also known as the idiosyncratic risk) of any asset.
returns. If the asset w eights are appropriately selected , how­
ever, the resulting diversification can enable the optim ization
4 Markowitz made specific reference to the Von Neumann-Morgenstern
utility theorem, which postulates that under certain behavioral assump­
tions, an agent presented with a set of risky outcomes will seek to maxi­
mize the expected value of a given utility function defined across the
range of potential outcomes.
5 The overall variance is equal to the weighted sum (using the portfolio
weights) of the covariances.
(i.e., maximization) of returns for any given level of risk. Plotting
the optimal returns for each level of risk results in the efficient
frontier, which is represented by the curved solid line in Figure 5.1.
Each point on this curve represents the portfolio of assets that is
expected to offer the highest return for the given level of risk.
In Figure 5.1, portfolio P offers the best return for any portfolio
with the same level of risk. M eanwhile, portfolio K can be cat­
egorized as being suboptimal because there are portfolios that
will offer better returns for the same level of risk (i.e., all the
portfolios that lie vertically between portfolio K and the efficient
frontier).
Along the efficient frontier, the only way to achieve a higher
expected rate of return is by increasing the riskiness of the port­
folio. Conversely, it is only by reducing the expected return that
a less risky portfolio can be achieved. Note that the dotted line
in the plot represents the most inefficient portfolios (e.g ., port­
folio L) where the investor achieves the lowest expected return
for each level of risk.
This concept extends to the entire scope of investable assets
(at least in theory). Portfolio M (called the m arket portfolio)
assumes that the m arket achieves equilibrium and accordingly
includes all of the risky assets in the econom y w eighted by their
relative m arket values. In practice, stock m arket indices are used
to represent the m arket portfolio.
For the United States, a proxy for the m arket portfolio may be
the S&P 500 index or the wider-based Russell 2000. M eanwhile,
the FT S E 100 and the Euro Stoxx 50 are used for the U .K. and
European m arkets (respectively).
Following the theory, diversification means that a security's
specific (i.e., idiosyncratic) risk should not be heavily (or at all)
Chapter 5 Modern Portfolio Theory and Capital Asset Pricing Model
considered when it is being priced by the m arket. However, the
role of diversification "a la M arkowitz" has been challenged in
recent years. Note that the average correlation of stock returns
has increased from around 25% in the 1970s to between 30%
and 40% in 2018.
Correlations across asset classes have also increased substan­
tially, even in normal m arket conditions. One com m only cited
reason for this increase is the huge increase in basket trading via
index-tracking mutual funds and exchange traded funds (ETFs).
Through these vehicles, large baskets of assets com posed of
benchm ark indices are traded sim ultaneously and independently
of analyst recom m endations concerning the relative perfor­
mance of these assets.
Q uantitative asset m anagem ent techniques have been pro­
posed to adapt to this new environm ent. These techniques
consist of identifying risk regimes and optimizing portfolio
allocations for each specific risk regim e. For exam ple, there
may be periods in which m arket participants are worried and
uncertain about the future. M arkets adjust quickly to these situ­
ations, resulting in higher m arket volatility and credit spreads.
These periods tend to be followed by quieter periods with
lower volatility and lower credit spreads. If an asset m anager
anticipates a high-risk regim e, she can switch her portfolio to a
more conservative selection of investm ents. This may include
an increased allocation toward low-risk assets, such as money
m arket funds. Conversely, if a m anager anticipates a low-risk
regim e, she can switch to a more aggressive asset allocation
of equities, em erging m arkets, com m odities, high yield bonds,
and so on. Each asset allocation is optim ized to generate the
highest return for the regime with which it is associated. These
approaches com bine risk m anagem ent techniques with optimal
portfolio selection to control the volatility of investm ent portfo­
lio returns.
5.2 THE CAPITAL ASSET
PRICING MODEL
W illiam Sharpe (1964) and John Lintner (1965) furthered M PT
theory by incorporating overall capital m arket equilibrium .6 Sp e­
cifically, Sharpe and Linter broke down the risk of an individual
asset into specific risk (i.e., risk that can be diversified away) and
system atic risk (i.e., risk that cannot be elim inated in the same
manner). In their analyses, Sharpe and Lintner made several
6 W. F. Sharpe, "Capital Asset Prices: A Theory of Market Equilibrium
under Conditions of Risk," Journal o f Finance 19, 1964, pp. 425-442.
J. Lintner, "Security Prices, Risk and Maximal Gains from Diversification,"
Journal o f Finance 20, 1965, pp. 587-615.
■ 73
crucial assum ptions,7 some of which they inherited from
Markowitz's MPT:
• A ccess to information for all m arket participants, meaning
that all information is freely available and instantly absorbed;
• No transaction costs, taxes, or other frictions;
• Allocations can be made in an investm ent of any partial
am ount (i.e., perfect divisibility);
• All participants can borrow and lend at a common risk-free
rate; 8 and
• A ny individual investor's allocation decision cannot change
the m arket prices.
The C A PM model shows that m arket equilibrium is achieved
when all investors hold portfolios consisting of the riskless
asset and the m arket portfolio. Each investor's portfolio is
just a com bination of these tw o , with the proportional allo ca­
tion betw een them being a function of the individual investor's
risk ap p etite.
Accordingly, the expected return on a risky asset is determ ined
by that asset's relative contribution to the m arket portfolio's
total risk. This measure of system atic risk is named beta and is
calculated as:
co v(Rj, Rm)
(5.1)
Rj and RM are (respectively) the returns on asset / and the m arket
portfolio, while cr, and crM are their associated standard devia­
tions. M eanwhile, p jM is the correlation between the returns on
asset / and those on the m arket portfolio.9
An asset's contribution to the overall risk of the m arket portfo­
lio is given by the ratio of the covariance of its and the market
portfolio's rates of return to the variance of the m arket portfolio.
Note that the weighted sum across all covariances equals <Jm
(i.e., the m arket portfolio's total risk):
N
2 x /COv(Rig Rm) = a h (5.2)
/=1
Note that each asset's relative w eight is given by x„ N is the
N E(Rm) ~ r
total num ber of assets in the m arket portfolio, and = 1.
/=1
1 These assumptions have all been relaxed by various researchers
throughout the years.
8 For example, it is generally assumed that one can earn a risk-free rate
of interest by investing in US government obligations.
9 CAPM dictates that total risk o f can be disaggregated into the system­
atic, crfp}M and the specific o f (1 — p fM) risk components. For example,
if piM = 0.5 then the systematic risk component is 0.25 o f and the
specific risk component is 0.75 of.
74 ■ Financial Risk Manager Exam Part I: Foundations of Risk Management
Starting with Equation (5.2), dividing both sides of the
equation by and using the definition of f3 in (5.1), the
following result is
N
2 xi & = 1
;= 1
Note that beta measures the relative co-m ovem ents of security
/ with the m arket, and therefore the weighted sum of the betas
for all assets in the m arket portfolio equals one. In other words,
the beta of the m arket portfolio is one by construction.
From an investor's perspective, beta represents the portion of
an asset's total risk that cannot be diversified away and for
which investors will exp ect com pensation. Put more sim ply, the
higher the beta, the higher the risk (and therefore the higher the
expected rate of return).10*
Under this set of assum ptions, the expected rate of return over
a given holding period on a given asset / is
E m = r + /3,[E(Rm) - r] (5.3)
Here, E(R,) is the expected return of asset / over the hold­
ing period and r is the rate of return on the risk-free asset.
The m arket risk premium per unit of beta is E(R M) - r. Finally,
f3j[E{RM) - r] is the expected return premium above the risk-free
rate (as required by investors).
The m arket risk premium is the difference between the
expected rate of return of the m arket portfolio and the risk-free
rate: [E(R M) - r]. This premium could be given by the difference
between the rate of return on a broad m arket index (e.g ., the
S&P 500) and a risk-free rate (e.g ., the three-month U.S. Trea­
sury Bill).
In theory, E(R m) should represent the portfolio of all risky assets
in the m arket. In practice, however, a "broad enough" index of
traded shares is used as a proxy. Note that broadness is subjec­
tive and there continues to be substantial debate am ongst
econom ists and investors alike over what is the exact m arket risk
prem ium .11
Rewriting Equation (5.3) in term s of cr„ a M, and p jM gives
E m = r + c iPiJ - ^ ----- ] (5.4)
cM
10 An unlevered beta is the beta of a company without taking debt into
account. In other words, the unlevered beta removes the financial effects
of leverage. Unlevered Beta = Levered (equity) Beta/[1 + (1 - tax rate)
(Debt / Equity)].
11 For an updated empirical estimation of the market risk premia of
different countries, see the website of Professor Aswath Damodaran:
http://pages.stern.nyu.edu/~adamodar/New_Home_Page/datafile/
ctryprem.html
This equation shows that excess expected
return is the product of the system atic com po­
nent of risk (i.e ., cr,p,M) and the unit price of risk
E(R m) ~ rN
( i.e .,------------).
O'M

Figure 5.2 shows the capital m arket line, defined

as the linear relationship between the expected
rate of return and system atic risk.

The capital m arket line intersects the y-axis at

the risk-free interest rate r. In addition to being
defined by the return on a riskless asset, r also
reflects the expected return on any asset with
zero beta. Given their relative positions against
the capital m arket line, assets A , B, and C are
defined as an inferior asset, a beta-efficient
asset, and a superior asset (respectively). By def­
inition, the m arket portfolio M is beta-efficient
(with beta equal to 1).
Fiqure 5.2 The capital market line.
For asset A , a portfolio with an equivalent beta
can be constructed by investing in a combination of the market 2 0 1 5 .1
13 However, the historical average does not dictate what
portfolio and the risk-free a sse t.12 Such a portfolio, laying on the the exp ected premium should be going forw ard. Instead, it is
capital m arket line, will have a higher expected rate of return determ ined by factors such as tax rates, exp ected changes in
than that of asset A . With asset C , its yield is superior to what interest rates, and broader econom ic concerns.
can be achieved using only the m arket portfolio and the risk-free
For exam ple, Duff and Phelps increased its recommended market
asset. CAPM theory asserts that investors would increase their
risk premium from 5.0% to 5.5% at the end of 2018, citing
allocations to asset C , driving up its price and decreasing its
(among other reasons) increased performance in the equity
expected return. Sim ilarly, investors would decrease their alloca­
m arkets.14 Because the prevailing one-year U.S. T-bill rate was
tions to asset A , driving down its price and increasing its
2.6% on Decem ber 31, 2018, a stock with a beta of 0.6 would
expected return. This reallocation by investors would continue
therefore go from an expected return of 5.6% (= 2.6 +
until both assets fell on the capital m arket line (meaning that the
(0.6 X 5.0)) to 5.9% (= 2.6 + (0.6 X 5 .5 )).15
m arket has reached equilibrium).
Stocks with betas higher than 1 are considered aggressive
Note that beta can take on positive or negative values, depend­
(because they are more volatile than the market), whereas those
ing on how an asset's returns relate to those of the m arket port­
with betas lower than 1 are considered defensive (because they
folio. For exam ple, there are specific securities that are designed
are less volatile than the market). For exam ple, many utility com ­
to replicate short positions in the m arket and are therefore
panies in the United States are extrem ely defensive and have
expected to have negative beta. A risk-free asset will have a
betas of around 0.5.
beta of zero because its returns are com pletely uncorrelated to
the returns on the m arket portfolio. The m arket portfolio obvi­ In practice, beta analysis for any individual security is im plicitly
ously has a beta of 1 (because it is perfectly correlated with itself based upon that security's volatility (i.e ., total risk) as m easured
and has the same variance). by a,, c t m, and the correlation of its returns with those of the

Historically, the realized m arket premium (the m odifier realized

differentiates it from the e x p e c te d premium) has varied
greatly. In the United States, the arithm etic average of the
premium (taken against T-bills) was 7.92% betw een 1928 and
19
Note that holding in the risk-free asset can be negative as well—this
would correspond to borrowing funds at the risk-free rate and investing
them into the market portfolio.
19
Damodaran, 2016, "The Cost of Capital: The Swiss Army Knife of
Finance," Working Paper, http://people.stern.nyu.edu/adamodar/
pdfiles/papers/costofcapital.pdf
14 Duff and Phelps, 2019, "Valuation Insights," First Quarter 2019.
15 Note that these analyses are done by investment banks to help guide
corporate finance analyses, as CAPM is used to guide valuation of new
ventures and other corporate actions.

Chapter 5 Modern Portfolio Theory and Capital Asset Pricing Model ■ 75

m arket. Exp licitly, beta is estim ated by
J.P. Moragan versus SPY
sim ple linear reg ressio n:16

T" b;(/?Mt rt) + 6/t (5.5)

where R(t and are the respective

rates of return for security / and the
y = 0.3639x-0.0014 *
m arket portfolio, rt is the short-term ,
R2 1
= 0.4571
8
risk-free rate, and eit is a residual value
(all taken at some tim e t). The regression
param eters are a,- (i.e., the intercept) and
CD
b(- (i.e ., the slope and the estim ate of /3(). err
iA
Note that the em pirical model (5.3) is the
o>
u
m arket model and is based on observa­ X
tions, w hereas the C A PM described in
(5.3) is based on expectations.
A7

Figure 5.3 shows the estim ated beta for

J.P. Morgan's stock, based on the monthly
rates of return for the period between June
2008 and May 2019. The beta is estimated
as the slope coefficient for a regression line
of the firm's excess return and that of the
A Q M a rke t Excess Return
market. The regression line points to a
Fiqure 5.3 Raw beta computation for J.P. Morgan.
raw, unadjusted beta19 of 0.36. This means
that a 1% change in market excess returns
return corresponds to a 0.36% in excess
rate set at the wrong level. Note that a hurdle rate set too high
returns for J.P. Morgan. can result in missed opportunities, whereas a rate set too low
Since its developm ent, CAPM has becom e an im portant tool in may result in sub-par investm ents. Either way, such errors can
understanding the behavior of prices in capital m arkets. Beta is negatively im pact beta-adjusted returns.
also highly im portant to corporate m anagers focusing on creat­
Lastly, note that the original CAPM was developed for discrete
ing shareholder value.
tim e intervals (e.g ., one-year or one-month horizons). Subse­
For instance, many corporations require a minimum return rate quently, Merton (1972) extended the model to continuous time
of return on the investm ent to assess the desirability of new fram ework by assuming that trades are continuously executable
ventures. This hurdle rate is often based on beta factor analyses, and price changes are smooth (i.e., no jum ps in prices).
which are essentially how a firm understands the market's exp ec­
tations for its relative return (or how the m arket would view the
relative return of the proposed venture/project). A failure to 5.3 P E R F O R M A N C E M EA S U R ES
properly understand investor expectations can lead to a hurdle
In a world where the m arket is in equilibrium and is expected
to remain in equilibrium, no investor can achieve an abnormal
return (i.e., an expected return greater than that return predicted
16 Note that this is a simple reformulation of Equation 5.3 that subtracts
the risk-free rate from both sides and thereby lowers the intercept but by the CAPM risk-return relationship). Each asset (or portfolio of
does not affect the slope of the regression line. assets) yields an identical rate of risk-adjusted return. In term s of
17 The calculation is done without considering the effect of dividends; Figure 5.2, all securities will lie on the capital market line.
log returns were used for the equities and the one-year U.S. T-bill rate
O f course, this is not the case in the real world. First, it is not
netted against those figures.
known exactly how expected values are determ ined. W hile they
18 The proxy for the market was the ETF SPY, which is designed to track
the S&P.
can be estim ated, such estim ations are always subject to m ea­
surem ent errors. Second, m arkets are rarely in equilibrium . And
19 An unadjusted raw beta is calculated solely on the basis of histori­
cal data. If the historical beta is adjusted (say to reflect mean reversion once they reach equilibrium , deviations from equilibrium are
properties) then it is called an adjusted beta. likely to occur alm ost instantaneously. In the real world, stocks

76 ■ Financial Risk Manager Exam Part I: Foundations of Risk Management

and portfolios may yield a return in excess of, or below, the
return with fair com pensation for the risk exposure.
This is the reason why portfolio m anagers rely on indices to
measure the perform ance of a given stock or portfolio relative
to the CAPM equilibrium risk-return relationship.
This section com pares several perform ance indices and
illustrates how they are used. The focus is on the three trad i­
tional measures of portfolio perform ance based on C A PM :
(1) the Sharpe reward-to-volatility ratio, (2) the Treynor
reward-to-volatility ratio, and (3) the Jensen perform ance
index. Also presented are some additional indices proposed
in academ ic literature to measure perform ance. Regardless of
the measure used, the overall idea is the sam e: To get higher
average returns one must assume a greater amount of risk.
Sharpe Performance Index
A s previously discussed, the capital m arket line is given by:
E(Rm) ~ r „
E(R P) = r + --------------------(Tp
O'M
E(Rp) and a P are the expected return and the standard deviation of
the return, respectively, for an efficient portfolio P. Meanwhile, r is
the risk-free rate and E(R M) and crM are, respectively, the expected
return and the standard deviation for the market portfolio.
The capital m arket line's slope ( ------------j is the fair equi-
V o'M / of return (Rit - rt) on the m arket portfolio's excess rate of return
librium com pensation. A s can be seen it measures expected
excess return per unit of volatility.
The investm ent perform ance index proposed by Sharpe (SPI) is
where E(P/) and <77 are the expected return and the standard
deviation, respectively, for the rates of return on any asset or
portfolio /.
An SPI greater than the slope of the capital m arket line indicates
a superior perform ance to what is expected in equilibrium . On
the other hand, an SPI below the slope of the capital m arket line
indicates an inferior perform ance.
Treynor Performance Index
The Treynor perform ance index (TPI) is
TPI =
E(R ,) ~ r
A
TPI is like SPI in the sense it m easures the risk premium E(R,) - r
per unit of risk. However, the two m easurem ents differ in the
Chapter 5 Modern Portfolio Theory and Capital Asset Pricing Model
choice of risk index. SPI uses the standard deviation of the rates
of return, <x,, while TPI uses the beta of the asset or portfolio /.
For a well-diversified portfolio, beta is w idely accepted as an
appropriate measure of risk.
The derivation of TPI from CAPM is straightforward. According
to C A PM :
E(R,) = r + /3iIE (R m) ~ r]
where E(R,) is the expected return on the risky asset or portfolio
/, and (3i is the asset's system atic risk m easure. Then:
E(Ri) ~ r
= E(R m) - r
A
Thus, in equilibrium it is expected that this ratio will be constant
across all risky assets and portfolios and equal to the excess
expected return on the market portfolio E(R M) — r (also called
the alpha m easure). Any TPI greater than E(R m) — r is consid­
ered to have a positive alpha (indicting superior perform ance),
while a TPI below E(R M) - r would indicate a negative alpha and
inferior perform ance.
Jensen's Performance Index
Jensen's perform ance index (JPI) is like TP I, as both measures
assume investors hold well-diversified portfolios.
By running a tim e-series regression of the portfolio excess rate
(RMt ~ rt), one can estim ate the beta of portfolio /:
(Rit - rt) = a, + fii(RMt ~ rt) + e,t
where a , and fa are the regression coefficients and e/t is the
deviation of / from the regression line in period t. Taking the
mean on both sides, the residual disappears as the average
deviation, e,, is always zero by construction:
Ri — r = a/ + /3i(R m ~ r)
According to C A P M , one expects a , to be zero in equilibrium .
Hence the JP I, also known as Jensen's Alpha, concentrates on
the alpha of the regression.
If a/ is significantly different from zero and is positive, then the
perform ance of / is considered superior, while it is considered
inferior if a , is negative.
Link Between the Treynor and Jensen's
Performance Measures
The JP I is given by a /# the y-axis intercept of the regression line:
R, - r = a, + fa(RM - r)
■ 77
dividing through by /§,:
r a, _
~ + (Rm ~ d
Pi
The left-hand side of the equation is the TPI. Because superior
— ai
perform ance implies TPI > [RM - r), then — must be positive.
f t
Because Pi > 0 for virtually all assets, it follows that a/ > 0.
/\
Therefore, as long as /3/ > 0, a superior perform ance as m ea­
sured by TPI implies a superior perform ance by JP I, and vice
versa. However, the relative ranking of portfolios by the two
perform ance indices may differ.
Tracking Error, Information Ratio,
and the Sortino Ratio
SPI m easures the perform ance of a portfolio over tim e by
sim ply looking at the portfolio's absolute perform ance. An
alternative approach, adopted by many professionals and
investors, is to m easure perform ance relative to a target
portfolio or benchm ark. In the follow ing section, three dif­
ferent m easures of perform ance relative to a benchm ark are
discussed: (1) tracking error, (2) inform ation ratio, and (3) the
Sortino ratio.
Tracking Error
The tracking error (TE) is the measure of the difference between
a portfolio's returns and those of a benchm ark it was meant to
mimic or to beat. The first way to calculate T E is simply:
Rp ~ R b
W here RP is the return of the portfolio under consideration, and
R b is the return of the benchm ark portfolio.
78 ■ Financial Risk Manager Exam Part I: Foundations of Risk Management
A nother common way to measure tracking error is to calculate
the standard deviation of the differences in the portfolio and the
benchm ark returns over tim e:
/ S (R p - Rb)2
V N -1
where N is the number of return periods m easured.
Information Ratio
The information ratio (IR) is like SPI. W hile SPI is the excess
return of an asset or portfolio over the risk-free rate divided by
the standard deviation of returns, the IR is the active return20
relative to the benchm ark portfolio divided by the standard
deviation of the active return, where the active return is RP - RB:
In _ E (R P r b)
lr\ . -
~
V v a r(R p - RB)
The information ratio is thus an alternative to T E .
Sortino Ratio
The Sortino ratio (SR) is a modification of SPI. Both ratios m ea­
sure the risk-adjusted return of an asset or portfolio. However, if
the primary focus is on downside risk, then SR is considered to
be an im provem ent over SPI:
RP - T___________
^ 2 " ,m i n < 0 , Rpf - T}2
The denom inator is the downside deviation, as measured by the
standard deviation of returns below the target. T is the target or
required rate of return for the investm ent strategy, also known
as MAR or minimum accepted rate of return. T may be set to
the risk-free rate or another hurdle rate.
For example, if the selected benchmark provides an annual return of
9 f J
6 % (Rb) and the active management portfolio provides an annual return
of 7.5% (Rp) then the active annual return {RP - Re} is 1.5%.
The following questions are i to help candidates understand the material. They are not actual FRM exam questions.

QUESTIONS
5.1 Is the m arket portfolio the only efficient portfolio that can 5 .1 0 If crA = 20% and a B = 40% and a portfolio if form ed with
be form ed? half the money invested in each stock, then ap must be

5.2 W hat are beta measures? A. 30%.

A. The volatility of the security
B. The joint volatility of any two securities in a portfolio
C. The volatility of a security divided by the volatility of
the m arket index
D. The relative co-m ovem ent of a security with the mar­
ket portfolio
5.3 W hat is the price per unit of beta risk?
A. E(Ri)
B. E(R m) - r
C. r
D. E(Rm)
5.4 W hat are the betas of three stocks in a perfect m arket in
equilibrium ?
5.5 The riskless rate of interest is r = 5% and the m arket
portfolio is characterized by E(R m) = 13% and crM = 15%.
CAPM implies that the expected return of stocks A , B, and
C are
A. E(R a ) = - 3 % , E(Rb) = 5%, E(RC) = 21%
B. E(Ra) = - 5 % , E(R b) = 3%, E(RC) = 21%
C. E(Ra) = 3%, E(R b ) = 5%, E(R C) = 16%
D. None of the above
5.6 If JP I is zero, then TPI detects no excess return.
A. True
B. False
5.7 If fund A is mean-variance inefficient in relation to fund B,
then fund B is expected to outperform fund A according
to SPI.
A. True
B. False
5.8 The rate of return on stock A and stock B will be the same
each month if they have the same beta.
B. between 10% and 40% .
C. between 20% and 40% .
D. between 20% and 60% .
5.11 W hat are the major assum ptions needed to establish
CAPM (as made by Sharpe and Linter)?
5 .1 2 It has been said that the prices of risky assets in a perfect
capital m arket are determ ined as if there was only a single
investor. Is this an accurate statem ent? Explain.
5 .1 3 W hat is the relationship between CAPM and the market
model?
5 .1 4 In a perfect capital m arket, all stocks have the same risk
premium. Is this statem ent consistent with C A PM ? Explain.
5 .1 5 Define system atic risk and nonsystem atic risk.
5 .1 6 According to C A P M , the higher the variance of a security,
the higher its expected return.
A. True
B. False
5 .1 7 Assum e the riskless interest rate is r = 5% and the mar­
ket portfolio is characterized by an expected return
of E(R m) = 13% and a standard deviation of return of
ct /vj = 15%. The expected return on a zero-beta security is
7%. Is the m arket in equilibrium ?
5 .1 8 The beta of a security estim ated from historical returns
is equal to the true beta of the security. True or false?
Discuss.
5 .1 9 Prove that the covariance of stock i with the m arket port­
folio is equal to the sum of the covariances of stock i with
all the n stocks included in the m arket portfolio multiplied
by the corresponding proportions x,.

A. True
B. False

5.9 If r = 4% and E(R m) = 10%, then a stock with a beta of

1.3 is expected to yield
A. 10.0%.
B. 6.0% .
C. 7.8% .
D. 11.8%.

Chapter 5 Modern Portfolio Theory and Capital Asset Pricing Model ■ 79

The following questions are i to help candidates understand the material. They are not actual FRM exam questions.

ANSWERS
5.1 No is based on expected and unobserved variables. It also
provides a method of decom posing asset returns into
5 .2 D. The relative co-m ovem ent of a security with the mar­
two com ponents: a system atic (or market) com ponent
ket portfolio
and a residual (or non-market) com ponent:
5 .3 B. E(R m) - r
rP = aP + b PrM + e P
E(R m) - r is the excess return of the m arket portfolio
where rP = RP - r is the excess return of the portfolio
over the risk-free rate.
return RP over the risk-free rate r and rM = RM - r is the
5 .4
excess return of the m arket portfolio R m over the risk­
P a = - 1 , P b = 0 and p c = 2 free rate r.
5 .5 A . E(R a ) = - 3 % , E(R b) = 5%, E(RC) = 21%
The residual com ponent eP is uncorrelated with the
In equilibrium stocks are on the same security m arket excess return rM. The system atic com ponent is
m arket line: beta multiplied by the m arket excess return. The mar­

E(R,) = r + [E(R m) - r] p, ket model thus appears to be a natural fram ework for
estim ating beta.C A PM is an equilibrium pricing m odel,
5 .6 True
which suggests that each asset is priced so that its
5 .7 True expected return com pensates for its contribution to the
5 .8 False m arket portfolio risk. The asset's expected return is thus
found to be proportional to its beta. For a well-diversi­
The realized return is random. CAPM predicts that the
fied portfolio, an asset's risk contribution will approxi­
expected rates of return for stocks A and B should be the
mate its risk contribution to the m arket portfolio.
sam e.

5 .9 D. 11.8% 5.14 No, the risk premiums for different stocks will not be the
sam e. It is, according to the C A PM :
5 .1 0 B. Between 10% and 40%
coviRj, R m)
5.11 (E(R m) ~ r)

• Investm ents are perfectly divisible;

where cov(R„ R m) is the covariance between the returns
• They are no transaction costs and/or taxes;
of asset i and the returns of the m arket portfolio M.
• Full and costless information is available to all investors;
5.15 System atic, or undiversifiable, risk is that portion of the
• The lending and borrowing rates are equal, and are
risk that is associated with m arket fluctuations and there­
the same for all investors; and
fore cannot be reduced by diversification.
• Each investor can borrow or lend any amount at the
Non-system atic, or diversifiable, risk is that portion of risk
m arket rate.
that can be elim inated by combing the security in ques­
5 .1 2 The statem ent is tru e if, in addition to a perfect capital
tion with others in a diversified portfolio.
m arket, it is assumed that investors are risk averse and
select their optimal investm ent by the mean-variance
Ri,t = a i + EjRMit + eit
criterion. Under these conditions, CAPM applies and all a? = bfah + al
investors select the same m arket portfolio, regardless of the first term is the system atic risk and the second one
their risk aversion and initial wealth. denotes the non-systematic risk
5 .1 3 These models are frequently confused because they both
5.16 False:
dem onstrate a relationship between every asset and
the m arket portfolio.The m arket model is an empirical E(R m) ~ r
E(Ri) = r + ------ Cov(R„ RM)
model based on realized rates of return, whereas CAPM om

80 ■ Financial Risk Manager Exam Part I: Foundations of Risk Management

The following questions are intended to help candidates understand the material. They are not actual FRM exam questions.

A security may have a high variance of returns but 5.19

n
still have a low exp ected return because of its low
Cov(R„ Rm) = ^ Xj Cov{Rj, Rj)
(or even negative) covariance with the m arket i= 1
portfolio.
Proof:
5.17
E{Rj) = r + [E(R m) - r] ft
E m ~ 2 x i R j

/= 1
f3; = 0 means that in equilibrium E(R,) = r = 5%
Cov(R„ Rm) = E(R,Rm) - E(R;)E(Rm)
The m arket is not in equilibrium .
Com bining the two equations:
5.18 This statem ent is false. The beta of a security obtained
from past data is only an estim ate of the true beta, which Cov(R„ Rm) = ' Z x j m . R j ) - E(R,)E(Ri)]
is unknown. The estim ate is subject to statistical estim a­ )=1
tion errors and the true beta, at best, can be said to fall
= 2 XjCoviR,, Rj)
within a confidence interval with a given probability (the
i= 1
confidence level).
= x p f + 2 xj CoviR,, Rj)
i=\
j* i

Chapter 5 Modern Portfolio Theory and Capital Asset Pricing Model ■ 81

The Arbitrage
Pricing Theory
and Multifactor
Models of Risk and
Return
Learning Objectives
A fter com pleting this reading you should be able to:

Explain the arbitrage pricing theory (APT), describe its Explain m odels that account for correlations between
assum ptions, and com pare the A P T to the C A PM . asset returns in a multi-asset portfolio.

D escribe the inputs (including factor betas) to a Explain how to construct a portfolio to hedge exposure to
m ultifactor model. multiple factors.

Calculate the expected return of an asset using a D escribe and apply the Fam a-French three factor model in
single-factor and a m ultifactor model. estim ating asset returns.

83
A s explained in C hapter 5, the capital asset pricing model
(CAPM ) is a single-factor model that describes an asset's
expected rate of return as a linear function of the market's risk
premium above a risk-free rate. Beta is the coefficient (i.e., the
slope) of this relationship.
The A rbitrage Pricing Theory (APT) is based on the reasoning
behind C A PM . However, it explains an asset's expected rate of
return as a linear function of several m arket factors. The single
factor in CAPM (i.e., the market's expected risk premium) is
derived from a theoretical model with assumptions about inves­
tor behavior. In contrast, A P T only assumes that there are no
arbitrage opportunities.
6.1 THE ARBITRAGE PRICING THEORY
A P T suggests that multiple factors can help explain the
expected rate of return on a risky asset. These factors may
include indices on stocks, bonds, and com m odities, as well
as m acroeconom ic factors. However, the model does not say
which of these factors adds to the explanatory power of the
relationship.
A P T was initially proposed in 1976 by Professor Steve R o ss.1
Unlike C A P M , A P T does not assume investors hold efficient
portfolios (as defined within the mean-variance fram ework) and
does not assume risk aversion. Instead, A P T has three underly­
ing assumptions.
1. A sset returns can be explained by system ic facto rs.2
2. By using diversification, investors can elim inate specific risk
from their portfolios.
3 . There are no arbitrage opportunities among well-diversified
portfolios. If any arbitrage opportunities were to exist,
investors would exploit them away.
According to APT, the return on a security is given by:
R, = E(Rj) + j8„[/i - £(/,)]+ • • • + p u<[IK ~ £(/*)] + e,
where:
R-, is the rate of return on security / (/ = 1, 2, . . . , N) with
expected return E (/?,-);
Ik — E(lk) is the difference between the observed and expected
values in factor k (it is also known as the surprise factor);
1 S. Ross, "The Arbitrage Theory of Capital Asset Pricing," Journal o f
Economic Theory 13 (3), 1976, 341-360.
2 Note that APT does not assume that asset returns are normally
distributed.
3 N being the number of securities.
84 ■ Financial Risk Manager Exam Part I: Foundations of Risk Management
(3lk is a coefficient measuring the effect of changes in factor lk
on the rate of return of security /; and
e,- is the noise factor (i.e., the idiosyncratic factor).
A P T was later tested by Roll and Ross (1980) and Chen, Roll,
and Ross (1986).4 Chen, Roll, and Ross found that the following
set of m acroeconom ic factors were im portant in explaining the
realized average rates of return on stocks traded on the New
York Stock Exchange (N YSE):
• The spread between long-term and short-term interest rates
(reflecting shifts in tim e preferences);
• Expected and unexpected inflation;
• Industrial production (reflecting changes in cash flow exp ec­
tations); and
• The spread between high-risk and low-risk corporate bond
yields (reflecting changes in risk preferences).
Roll exam ined the im pact of diversification in a multi-factor
w o rld .5 He noted that well-diversified portfolios are volatile, and
that the volatility of a long portfolio is approxim ately half of the
average volatility of its constituent assets.6 Roll concluded that
this was indicative of system atic risk drivers that limit the effects
of diversification within an asset class. W ithout these risk drivers,
a diversified portfolio would have much sm aller volatility.
Roll also noted that w ell-diversified portfolios exhibit high
correlations when constrained to the same asset class,
w hereas there is much less correlation when portfolios are
diversified across m ultiple asset classes. This suggests the
existence of m ultiple system atic factors (otherwise there
would be higher correlations across various asset classes/
countries/sectors).
The basic prem ise of A P T is that investors can create a zero-
beta portfolio with zero net investm ent. If such a portfolio
yields a positive return, however, then a sure profit can be
realized through arb itrage. The fundam ental result, as proved
by Ross (1976), is that the absence of arbitrage opportunities
(6.1)
requires the exp ected return on all w ell-diversified portfolios
to satisfy
E(R P) = E(RZ) + M E d , ) - E(RZ)]+ • • • +/3PK[E(IK) - E(RZ)] (6.2)
4 R. Roll and S. Ross, "An Empirical Investigation of the Arbitrage Pricing
Theory," Journal o f Finance 35 (5), 1980, 1073-1103; N. Chen, R. Roll,
and S. Ross, "Economic Forces and the Stock Market," Journal o f
Business 59 (3), 1986, 383-403.
5 R. Roll, "Volatility, Correlation, and Diversification in a Multi-Factor
World," The Journal o f Portfolio Management, 2013, 11-18.
6 For example, from 2001 to 2010 the monthly total returns on the S&P
500 had an annualized volatility of 16%, whereas the average volatility
for the S 8cP's constituents was 36% during the same period.
where In their fam ous paper, Fama and French (1996) present a three-
factor model that captures these facto rs.7 Their model extends
RP is the return on a well-diversified portfolio with expected
CAPM by adding two additional facto rs:8
return E(RP);
1. Small Minus Big (SMB) (i.e., the difference between returns
/3pk is the facto r loading for the portfolio P related to
from small stocks and those from large stocks); and
factor k;
2. High Minus Low (HML) (i.e., the difference between the
E(Rz) is the expected rate of return on the zero-beta port­
returns on stocks with high book-to-market values and
folio (i.e., the risk-free rate) such that C ov(lk, Rz) = 0, for
those of stocks that have low book-to-market values).9
k = 1, . . . ,K ; and
The three-factor model proposed by Fama and French is then:
E[lk) — E(RZ) is the risk premium associated with factor k.
E(Rp) — r = (3pm[E [R m) — r] + /3ps m b ^(SM B) + h ml E(H M L) (6.3)
A P T and CAPM refer to the expected rate of return on security
/. However, because the expected rate of return is unobservable, where
one must use the realized historical average instead. A s intro­
• E(Rp) is the expected return on portfolio P;
duced in Chapter 5, the em pirical proxy to CAPM is referred to
• r is the risk-free interest rate;
as the m arket model (see Equation 5.4).
• E(R m) ~ r, E(SM B), and E(HM L) are the exp ected
Many em pirical works prefer to use the A P T approach rather
prem ium s; and
than that of CAPM because the latter is a special case of the
• The factor sensitivities (3PM, P p^mb - ar|d P p,h ml are the
former. Note that CAPM is a one-factor model and thus the
coefficients for the tim e-series regression:
m arket index is the only variable used to explain the expected
return for any security. On the other hand, the A P T is a multi­ Rp — r = ap + P pm(R m ~ r) + P p s m b ^MB + (3P hmlH M L + e P (6.4)
factor model where several different indices can be used to
According to Fama and French, the slope of HM L is a for proxy
explain the variation in expected rates of return. A P T is often
relative distress: Strong (weak) firms with consistently high (low)
used to decom pose the factors' respective contributions to the
earnings have negative (positive) HM L slopes. They also show
expected return.
that the SM B factor captures the covariation in returns on small
An additional benefit of the A P T approach (as well as all fa c­ stocks (i.e., the small firm effect).
tor approaches) lies in how they help facilitate risk analyses.
Fama and French extended the model in 2015 by suggesting
Consider the case of a portfolio with n = 100 different equi­
two additional factors:
ties. To do a full volatility and correlation m atrix would require
1. Robust Minus W eak (RMW), which is the difference between
the calculation of n variances and „ covariances for a the returns of com panies with high (robust) and low (weak)
2
1002 100 operating profitability, and
total of 100 H-------- ------- = 5,050 calculations. With a fac­
-

2. Conservative Minus Aggressive (CM A), which is the differ­

tor model with M factors, the variance/covariance calculations
ence between the returns of com panies that invest conser­
M2 - M
fall to M -I------ ----- , along with n calculations of idiosyncratic vatively and those that invest aggressively.

variances (i.e., residual risks). For exam ple, if M = 3 then this Adding these two factors, Fama and French showed that the

9 -3 HM L factor is redundant.10
becom es 3 H---- _— = 6.
O ther versions of this model (e.g ., Carhart (1997)) include a
momentum factor (M OM ), which is the difference between

6.2 MULTIFACTOR MODELS

OF RISK AND RETURN
Em pirical studies of the single-factor m arket model
(i.e ., C A PM ) show that its exp lanatory pow er is rather low.
A dditional studies indicate the existence of other factors
related to firm attributes— including size, financial ratios (P/E,
cashflow /price, and debt/equity), revenue trends, and historical
returns— that are also correlated to average rates of return.
7 Fama and French called the additional explanatory factors beyond the
market index "anomalies" and added them to the market factor analysis.
8 A review of multi-factor models can be found in E. Elton and M. Gruber,
Modern Portfolio Theory and Investment Analysis, 8 th edition, Wiley, 1995.
9 For example, a book to market value ratio above one is preferred
by value managers because that means a firm is trading cheaply when
compared to its book value.
10 Most notably CMA, which had a -0.7 correlation with HML.

Chapter 6 The Arbitrage Pricing Theory and Multifactor Models of Risk and Return ■ 85
 Further, the analyst believes that the firm can generate an
Monthly Data From January 1990 to April 2019
extra 3.0% return annually because it has an advantage over its
Coca-Cola J.P. Morgan com petitors.

Value p-Val Value p-Val Accordingly, if the m arket forecast is

Alpha 0.08 0.82 0.16 0.71 • A 12.5% return on equities over the next year;

Beta 0 .5 3 0.00 1.45 0.00 • An SM B of 3.5% ;

SMB - 0 .7 4 0.00 - 0 .1 4 0.47 • An HML of 0.0% ; and

HML - 0 .1 0 0.51 1 .2 9 0.00 • A risk-free rate of 1.5%

The expected return for the com pany would be

Fiqure 6.1 Fama-French coefficients for Coca-Cola
and J.P. Morgan. E(RC) - r = a + /3cM[E(R M) - r] + /3C(SMBE(SM B)
+ P c.h ml E(HML)
stocks that have risen in value over the prior month (i.e., winners)
E(RC) - 1.5% = 3.0 + 0.25[12.5 - 1.5] + 1 .2 5 * 3 .5 - 0.75 * 0.0
versus those that have fallen in value (i.e., losers).
E(RC) = 11.63%

Box Example 6.1:

Consider two companies: Coca-Cola and J.P. Morgan. Using
monthly returns from January 2011 through April 2019, the three-
factor Fama-French coefficients are estimated in Figure 6 .1 .1
12
1 baskets of equities, made from subsets of the S&P 500, that are
The p-values suggest that while the alphas are insignificant, the
betas are significant at most of the typical confidence levels uti­
lized for inference (i.e., 90% through 99.9% ). For Coca-Cola, the
SM B factor is also significant and negative, indicating that when
small com panies outperform large ones, the value of Coca-
Cola's equity will probably be negatively im pacted (because
Coca-Cola is a large com pany). On the other hand, J.P. Morgan
does not have a significant dependence upon the SM B factor,
suggesting that the health of small com panies is not highly
im portant to a large, broad-based commercial bank. However,
Box Example 6.3:
State Street Global A dvisors has form ulated several tradable
designed to track specific indices. These equities are part of
the Standard and Poor's D epository Receipts (SPDR) Exchange
Traded Fund (ETF) fam ily and can be traded in the same way as
regular equities.
These tradable E T Fs can be used in an explanatory multi-factor
return model (in the same way as CAPM uses a broad m arket
index or Fam a-French relies upon the broad m arket and two rel
ative return indices).13
The nine sector SDPRs are in the following table.

J.P. Morgan does have a strong dependence on the HML factor.

Symbol Sector

XLB M aterials
Box Example 6.2:
X LE Energy
An analyst believes that a firm's Fama-French dependencies are
X LF Financials
Value XLI Industrials
Beta 0.25 X LK Technology
SMB 1.25 XLP Consum er Staples
HML - 0 .7 5 XLU Utilities

XLV Health Care

11 M. Carthart, 1997, "On Persistence of Mutual Fund Performance," XLY Consum er Discretionary
Journal o f Finance 52(1), 57-82. N. Jegadeesh and S. Titman, 1993,
"Returns to Buying Winners and Selling Losers: Implication for Stock
Market Efficiency," The Journal o f Finance 48(1), 65-90; and N. Jegadeesh
and S. Titman, 2001, "Profitability of Momentum Strategies: An Evaluation
13 The fact that the SPDR ETFs are tradeable makes this modeling
of Alternative Explanations," The Journal o f Finance 56(2), 699-720.
avenue compelling because it offers a clear way to take specific risk-
12 Data sourced from Yahoo Finance and K. Fama's website: http://mba. mitigating actions (e.g., by trading these indices against the target
tuck.dartmouth.edu/pages/faculty/ken.french/data_library.html and equity). SPDRs are fairly liquid and there is also an active market in their
regression performed in Excel. derivatives.

86 ■ Financial Risk Manager Exam Part I: Foundations of Risk Management

"his model is system atic risk. However, factor betas can be used to con­
9 struct a hedging strategy to elim inate system atic risk.
E (rs ~ rf) = as + 2 A E(r, “ r f)
/= 1 Each factor can be regarded as a fundam ental security and can
therefore be used to hedge the same factor that is reflected in
To look at a specific exam ple, consider the stock for J.P. Morgan.
a given security. For exam ple, a countervailing factor exposure
The model is fit such that all the coefficients were significant (i.e.,
in portfolio H can be used to hedge a specific type of risk in
can be statistically distinguished from zero).14 The fit was esti­
portfolio P.
mated using the five-day excess returns over the US Treasury
one-week rate from D ecem ber 1998 to June 2019. If the goal is to hedge out all the factor risks and create a zero-
beta portfolio, then we can take the opposite positions in each
J.P. Morgan of the factors so that the com bined portfolio contains no factor
exposures. If the goal is to leave a portfolio exposed to certain
Alpha
types of system atic risks, then not all factor exposures need to
Betas XLB be neutralized.
X LE
A parsimonious choice in the number of factors is essential,
X LF 1.000 as each needs to serve an institution's risk-adjusted return
XLI objectives. The selection of the appropriate system atic factors
X LK 0.223 depends (in part) on judgm ent and there is no single perfect set
of factors for all investors.
XLP - 0 .2 1 2
XLU A key challenge is determ ining how often a hedge needs to
be adjusted. Note that there is a tradeoff between the cost of
XLV
hedging and the need to keep the hedge aligned to the portfo­
XLY
lio. If the hedging strategy is not im plem ented on a continuous

To see how this might be used, consider an analyst that fore­ basis, then tracking errors will appear. If the hedging strategy

casts the returns over the next w eek as:
• X LF = 5%,
• X LK = - 4 .0 % , and
• XLP = 2.0% .
This would translate into an expected return of 3.86%
(= 1.000 X 5.0 + 0.223 X (- 4 .0 ) - 0.212 X (2.0)) for a
position in J.P. Morgan.
Determ ining portfolio risk using all the stocks in the S&P 500 (in
various portions) would require the calculation of about 125,000
different variances. By using these nine factors, that number falls
to less than 5,015. The latter is much more feasible and in prac­
tice should offer results that perform just as well (given the error
margins).
6.3 FACTOR ANALYSIS
IN HEDGING EXPOSURE
W hile idiosyncratic (i.e ., specific) risk can theoretically be
elim inated through diversification, the sam e is not true for
is updated too frequently, trading costs will be high and drag
down overall perform ance.
A nother challenge is model risk, which includes both factor
model error and the potential for errors in im plem entation.
Factor model errors occur when a model contains m athem ati­
cal errors or is based on m isleading/inappropriate assumptions.
For exam ple, a hedging strategy that is based on linear factor
m odels that fail to capture nonlinear relationships among the
factors will be flaw ed.
A no th er common error in model building is to assum e
stationarity in the underlying asset distribution, as often such
distributions can evolve over tim e. A d d itio nally, assum ptions
built into m odels may fail to hold in certain conditions, such as
during stressed m arkets. During the 2007-2009 financial crisis,
for exam p le, many m arket-neutral hedge funds perform ed
poorly.

15 Plus 500 calculations of the idiosyncratic variance, which will come

14 At the 95% confidence level. from each of the regressions.

Chapter 6 The Arbitrage Pricing Theory and Multifactor Models of Risk and Return ■ 87
The following questions are i to help candidates understand the material. They are not actual FRM exam questions.

QUESTIONS
6.1 A major disadvantage of A P T is that the theory gives no 6.8 If the return process for 100 firms is a four-factor m arket
insights into what the m acroeconom ic factors might be. m odel, then the number of param eters to be estim ated is
A. 6 .
A. True
B. False
B. 100.
C. 386.
6.2 A P T assumes asset returns are normally distributed.
D. 406.
A. True
6.9 Em pirical studies of the single-factor m arket model show
B. False
the explanatory power of the model is rather high. True or
6.3 A P T requires that investors make decisions based on false? Discuss.
mean and variance.
6.10 Roll noted that well diversified portfolios are nonetheless
A. True highly correlated if the holdings are concentrated within
B. False the same asset class. True or false? Explain.

6.4 W hat is the basic idea of A P T? 6.11 Fama and French (1996) added two risk factors beyond
6.5 The A P T model is derived from the m arket index to explain past average rates of return.
W hich of the following ratios is a risk factor in the Fama-
A. a theoretical model of optimal portfolio selection.
French em pirical model?
B. an extension of the concept of C A PM . A. E B IT D A to total sales
C. arbitraging a few known risk factors in the m arket. B. Current assets to current liabilities
C. Net profit to total assets
D. investors holding efficient portfolios.
D. Book-to-m arket values
6.6 Chen, Roll, and Ross (1986) tested the A P T model and
6.12 In their later work, Fama and French (2015) added two
found several explanatory variables for the average rate of
more factors. W hich of the following is a basis for one of
return on stocks traded on the N YSE. Which of the follow ­
these new risk factors?
ing is not an explanatory variable in their em pirical test?
A. O perating profitability
A. Expected and unexpected inflation
B. Current assets to current liabilities
B. The yield spread between high and low risk corporate
C. Net profit to total assets
bonds
D. Last month perform ance
C. The yield spread between long and short maturity
bonds 6.13 Factor betas in a well-diversified portfolio provide a means
D. The change in money supply in the econom y for constructing a hedging strategy to reduce system atic
risk. True or False? Discuss.
6.7 If a portfolio has 80 securities, the number of covariances
that should be estim ated is
A. 6,320.
B. 6,400.
C. 3,160.
D. 80.

88 ■ Financial Risk Manager Exam Part I: Foundations of Risk Management

The following questions are intended to help candidates understand the material. They are not actual FRM exam questions.
ANSWERS
6.1 True
These factors may include indices on stocks, bonds, and
com m odities, as well as m acroeconom ic factors. How­
ever, the model does not say which of these factors adds
to the explanatory power of the relationship.
6 .2 False
A P T has three underlying assumptions.
1. A sset returns can be explained by system ic factors.
2 . By using diversification, investors can eliminate
specific risk from their portfolios.
3 . There are no arbitrage opportunities among well-
diversified portfolios. If any arbitrage opportunities
were to exist, investors would exploit them away.
6 .3 False
See the previous explanation.
6 .4 The basic idea of A P T is that investors can create a
zero-beta portfolio with zero net investm ent. If such a
portfolio yields positive return, then a sure profit can be
realized by arbitraging. In the real world, any existing
arbitrages would be exploited away.
6 .5 B. an extension of the concept of C A PM .
A rbitrage Pricing Theory (APT) is based on the reasoning
behind C A PM . It differs in that it is a multi-factor model.
6.6 D. The change in money supply in the econom y
The explanatory variables were
• The spread between long-term and short-term inter­
est rates (reflecting shifts in tim e preferences);
• Expected and unexpected inflation;
• Industrial production (reflecting changes in cash flow
expectations); and
• The spread between high-risk and low-risk corporate
bond yields (reflecting changes in risk preferences).
Chapter 6 The Arbitrage Pricing Theory and Multifactor Models of Risk and Return
6.7 C. 3,160.
If there are N different securities, then the number of
correlations equals N(N - 1)/2
6.8 D. 406.
The number of param eters to be estim ated is
MN + M(M — 1)/2 for M common factors and N firms.
6.9 False
Em pirical studies of the single-factor m arket model (i.e.,
CAPM ) show that its explanatory power is rather low.
6.10 True
Roll noted that well-diversified portfolios exhibit high
correlations when constrained to the same asset class,
whereas there is much less correlation when portfolios
are diversified across multiple asset classes.
6.11 D. Book-to-m arket values
HML is the difference between the returns on stocks with
high book-to-market values and those of stocks that have
low book-to-market values.
6.12 A. O perating profitability
Fama and French extended the model in 2015 by sug­
gesting two additional factors:
1. RMW, which is the difference between the returns of
companies with high (robust) and low (weak) operating
profitability; and
2. C M A , which is the difference between the returns of
com panies that invest conservatively and those that
invest aggressively.
6.13 True
Each factor can be used to hedge the same factor that is
reflected in a given security.
89
 Learning Objectives
A fter com pleting this reading you should be able to:
Explain the potential benefits of having effective risk data
aggregation and reporting.
D escribe the im pact of data quality on model risk and the
model developm ent process.
D escribe key governance principles related to risk data
aggregation and risk reporting practices.
Identify the governance fram ew ork, risk data architecture
and IT infrastructure features that can contribute to effec­
tive risk data aggregation and risk reporting practices.
D escribe characteristics of a strong risk data aggrega­
tion capability and dem onstrate how these characteristics
interact with one another.
D escribe characteristics of effective risk reporting
practices.
D escribe the role that supervisors play in the monitor­
ing and im plem entation of the risk data aggregation and
reporting practices.
91
7.1 INTRODUCTION
Effective risk analysis requires sufficient and high-quality data.
This makes data a major asset in today's w orld, and it should be
treated as such.
Risk analyses can be m ade using the internal data of an organi­
zation (e .g ., transaction data within a financial institution or the
specific costs of raw m aterials for a m anufacturing com pany).
The m ajor concern with this type of data is w hether it is kept
in an organized w ay so that it can be used for analysis. Statisti­
cal techniques for analyzing this data are w ide ranging and
can include tools such as m achine learning and artificial intel­
ligence (Al).
Data can also come from outside the organization (e.g ., exter­
nal data on the econom y or on a specific industry). Financial
institutions need data on past inflation rates, changes in money
supply, major interest rates, exchange rates, and so on. Some
external data can be collected from public sources, whereas
other types of data may have to be purchased from vendors.
BOX 7.1 DATA IN MODEL RISK
Data acquisition plays an im portant role in model risk.
Financial institutions rely on m odels to guide their day-
to-day operations and to analyze their risk exposures. As
a result, even the sm allest of model errors can have dire
consequences.
Model risk can be decom posed into four com ponents:1
input risk, estimation risk, valuation risk, and hedging risk.
Note that data acquisition is especially pertinent when
considering input risk. M odels depend on the quality of
data because it is used to create statistical estim ators of
their param eters. As the adage goes: "garbage-in,
garbage-out".
For many years, financial firm s collected data on either a depart­
mental or business activity basis. G enerally, these efforts were
not well coordinated or m anaged. Different departm ents often
used different data sources, resulting in duplication in some
cases. A lot of data was neglected and even destroyed (e.g .,
data loss can occur when moving from one com puter system to
another). In the 1960s and 1970s, data were stored on paper
cards or com puter tapes. Later storage devices included floppy
disks and hard disk drives, neither of which were com patible
with the older generation of system s.
1 Crouhy, Galai, and Mark, Risk Management, McGraw Hill, 2002,
page 586.
92 ■ Financial Risk Manager Exam Part I: Foundations of Risk Management
A special com m ittee of the Basel Com m ittee on Banking Super­
vision (BCBS) exam ined bank data collection, data storage, and
data analysis practices. That com m ittee uncovered many prob­
lems within the industry and subsequently published a special
report on risk data m anagem ent. It concluded that data quality
in the banking industry was inadequate to aggregate and report
risk exposures across business lines, legal entities, and at the
bank group level.
In recognition of these inadequacies, the B C B S published a set
of 14 principles to guide banks as they overhauled their risk data
aggregation and reporting capabilities (BC BS 239).2 The BC BS
defines risk data aggregation as the "process of defining, gath­
ering, and processing risk data according to [a firm's] risk report­
ing requirem ents to enable the bank to measure its perform ance
against its risk tolerance/appetite."
The principles and supervisory expectations outlined in BC BS
239 apply to risk m anagem ent data and m odels. These prin­
ciples cover governance/infrastructure issues, risk data aggrega­
tion procedures and needs, reporting, and considerations for
supervising authorities.
Banks have struggled to com ply with B C B S 239 and the o rig i­
nal tim eline to achieve full com pliance was not m et by any
bank. This is largely due to the highly com plex nature of the IT
reengineering involved in bringing the various system s into
com pliance as well as the dynam ic nature of the p rin cip les.3
Th e exponential increase in the application of Al techniques
on large data sets has also m ade com pliance with B C B S 239
more challenging.
Section 7.2 explains how effective risk data aggregation and
reporting can allow organizations to measure risk across an
enterprise.4 Section 7.3 describes the key B C B S governance
principles.5 Section 7.4 identifies the data and IT infrastructure
features that contribute to effective data aggregation and
reporting. Section 7.5 describes specific characteristics of a
strong risk aggregation capability as well as the interactions
between those characteristics. Finally, section 7.6 describes the
characteristics of effective risk reporting practices and the need
for forward looking capabilities to give preem ptive signals of
potential risk exceedances.
2 Principles for effective risk data aggregation and risk reporting!Rep.).
(2013, January). Retrieved https://www.bis.org/publ/bcbs239.pdf
3 See Basel Committee on Banking Supervision, June 2018, Progress
in adopting the Principles for effective risk data aggregation and risk
reporting (RDARR): https://www.bis.org/publ/bcbs443.pdf
4 The specific costs and benefits of enterprise risk management (ERM)
will be discussed in Chapter 10.
5 Best practices in corporate governance were discussed in Chapter 2.
7.2 BENEFITS OF EFFECTIVE
RISK DATA AGGREGATION AND
REPORTING
If a firm fully adheres to the B C B S principles, its risk m anag­
ers will have less uncertainty regarding the accuracy, integrity,
com pleteness, tim eliness, and adaptability of the data they use.
Simply put, risk m anagem ent benefits from having high-quality
risk data at all levels of the organization.
Designing and im plem enting an effective risk data aggrega­
tion and reporting capability enhances tactical and strategic
decision-making processes. This reduces the chance of losses
and im proves risk-adjusted returns.
Banks need to leverage the relevant risk information and care­
fully consider what data can be obtained (and at what cost). It
can be challenging for risk m anagers to process and refine fast
moving big data6 into usable risk information. It is essential that
decision-m akers have confidence in the quality of the underlying
data. If the information is inaccurate or incom plete, m anage­
ment may not be able to make sound risk decisions.
Advances in data analytics (e.g ., machine learning) are being
used to collect, analyze, and convert large volumes of unstruc­
tured data7 into usable information. This makes it easier for orga­
nizations to avoid information overload and enables them to turn
vast amounts of data into a strong com petitive advantage.8
Rigorous model validation also plays a critical role in risk man­
agem ent.9 In the United States, model developers must com ply
with regulatory guidance on model vetting. The Federal Reserve
provides com prehensive guidance for banks on effective model
risk m anagem ent.101This guidance calls for a "rigorous assess­
ment of data quality . . . as well as the proper docum enta­
tio n ."11 Model developers need to dem onstrate that the data
6 Big data is data that are so big and complex that traditional data pro­
cessing techniques are inadequate.
7 This is data without a pre-defined data model or otherwise lacking a
pre-defined approach to organization.
8 COSO, "Enterprise Risk Management: Integrating Strategy with Per­
formance," June 2017. (See Principle 18: Leverages Information and
Technology.)
9 Crouhy, Galai, and Mark, The Essentials o f Risk Management (2nd edi­
tion), Chapter 15, McGraw Hill, 2014, offers a more complete discussion
on model risk management.
10 United States, Board of Governors of the Federal Reserve System,
Office of the Comptroller of the Currency (2011), "Supervisory Guidance
on Model Risk Management (SR 11-7)." Retrieved from https://www.
federalreserve.gov/supervisionreg/srletters/sr1107a1 .pdf
11 Basel Committee on Banking Supervision, January 2013, "Principles
for effective risk data aggregation and risk reporting."
Chapter 7 Principles for Effective Data Aggregation and Risk Reporting
they use are suitable as well as consistent with both the theory
behind the model and the chosen m ethodology.
B C B S 239 was a major driver in the rise of the chief data officer
(CD O ) function. The C D O is typically responsible for standardiz­
ing a firm's approach to data m anagem ent. Note that data stan­
dardization efforts have grown well beyond reference data to
include financial products data and accounting d a ta .12 If inde­
pendent departm ental applications and m ethodologies are
based on consistent standards, the data that flows up through
an organization's structure will provide a reliable, accurate, and
m anageable view of the institution's total risk profile.
If this is not the case, however, important connections among dif­
ferent dimensions of an organization's business will not be trans­
parent. An exam ple of such data risk is the case where customers
with credit products in different business lines (e.g ., a mortgage
and a credit card) are not recognized as the same customer due
to the absence of standardized custom er identification codes.
An operational process that allows flawed data to enter the sys­
tem may eventually cause failures in the aggregate. An exam ple
of such a failure can be seen in the role of erroneous/fraudulent
m ortgage application data in precipitating the 2007-2008 col­
lapse of the U.S. housing m arket. Note that this flawed data,
which concerned loan suitability, was subm itted by individuals
one application at a tim e yet at an unusually high frequency.
7.3 KEY GOVERNANCE PRINCIPLES
BOX 7.2 PRINCIPLE 113
Governance — A firm's risk data aggregation capabilities
and risk reporting p ra ctices should be subject to strong
governance arrangem ents consistent with other principles
and guidance established by the Basel Com m ittee.
A strong governance fram ework (see Principle 1 in Box 7.2)
com bined with a well-designed risk data and IT infrastructure14
12 The Financial products Markup Language (FpML) is one such exam­
ple. FpML defines a taxonomy and structure of financial derivative
products using the extensible Markup Language (XML) standards. For
example, FpML includes structural definitions not only for derivatives,
but also for the underlying financial instruments and assets to which
financial derivatives contracts must necessarily refer.
13 Basel Committee on Banking Supervision, January 2013, "Principles
for effective risk data aggregation and risk reporting." Reprinted by
permission.
14 Infrastructure describes the actual components of a system. Architecture
describes the design of the components and their relationships. For exam­
ple, a system is built on an infrastructure that has a specific architecture.
■ 93
(see Principle 2 in Box 7.3) is necessary to ensure BC BS 239
com pliance. Furtherm ore, independent validation is necessary
to ensure risk data aggregation and risk reporting (RDARR)
capabilities "are functioning as intended and are appropriate for
the [firm's] risk p ro file ."15
A s of m id-2019, most banks are still finding it difficult to im ple­
ment the B C B S 239 principles. It is therefore critical that the
board and senior m anagem ent understand the limitations pre­
venting effective RDARR and rem edy any shortcom ings. If risk
data are the blood of a financial enterprise, then data integra-
1A
tion constitutes its circulatory system . A bank with a limited
ability to integrate data will have difficulties in satisfying the
Basel principles.
A key challenge is collecting data from the various internal and
external sources and feeding it into risk analytics system s. Typi­
cally, risk m anagem ent applications do not access these data
sources directly. Instead, the information is copied, extracted,
translated, and loaded into a financial data warehouse. This
approach prevents the execution of com putationally intensive
analytical processes from degrading the perform ance and
response tim es of operational system s.
Effective (i.e., fully or largely compliant) risk data governance is
achieved by im plem enting policies that set "out a clear delinea­
tion of roles, incentive schem es, and responsibilities for risk data
m anagem ent (including dedicated staff responsible for defining
risk data exp ectatio n s)."*17
Conversely, a hallmark of ineffective (i.e., non-compliant) risk
governance is "a lack of structured policies and fram eworks to
consistently assess and report risk data activities to the board
and senior m anagem ent."18
The board has an im portant governance role related to RDARR.
It should, in addition to reviewing and approving a bank's
RDARR, ensure that the appropriate resources are available.
RDARR policies should be review ed, and revised if necessary,
after major acquisitions or changes in strategy.
15 Basel Committee on Banking Supervision, January 2013, "Principles
for effective risk data aggregation and risk reporting."
16 Data integration involves the extracting, translating, associating,
merging, constructing, and loading of data from physical data sources
into a data store based on a given set of logical and physical models.
17 Basel Committee on Banking Supervision, June 2018, "Progress
in adopting the Principles for effective risk data aggregation and risk
reporting (RDARR)."
18 Ibid.
94 ■ Financial Risk Manager Exam Part I: Foundations of Risk Management
7.4 DATA ARCHITECTURE AND IT
INFRASTRUCTURE
BOX 7.3 PRINCIPLE 219
Data architecture and IT infrastructure — A bank should
design, build, and maintain data architecture and IT infra­
structure which fully supports its risk data aggregation
capabilities and risk reporting p ra ctices not only in normal
tim es but also during tim es of stress or crisis, while still
m eeting the other Principles.
Firm s should establish in teg rated risk data arch itectu res.
Roles should be clearly sp e cifie d , including the resp o n sib ili­
ties fo r ensuring "a d e q u a te controls throug hout the lifecycle
of the data and for all asp ects of the tech n o lo g y
in fra stru c tu re ."20
There is no uniform blueprint in place for a B C B S 239-com pliant
infrastructure and solutions are specific to each institution. The
optimal approach ensures that all people and system s within the
banking group are working with the same data, the same m od­
els, and the same assum ptions.212
Firms should create information on data characteristics. This
could be in the form of various data m odels. The four primary
types of data m odels include: sem antic data, conceptual data,
logical data, and physical data.
Sem antic data models address the agreed-upon meaning of ele-
ments in the model. Conceptual models confirm human
understanding of the system and its objectives.23 Physical data
1o
Basel Committee on Banking Supervision, January 2013, "Principles
for effective risk data aggregation and risk reporting." Reprinted by
permission.
20 ibid.
21 S. Ludwig and M. Gujer (2016), "The Art of Adaptable Architecture—
Implementing BCBS 239." Retrieved from https://www.fisglobal.com/
solutions/institutional-and-wholesale/commercial-and-investment-
banking/-/media/fisglobal/files/whitepaper/the-art-of-adaptable-
architecture.pdf
22 Semantic model standardization initiatives improve the efficiency
and quality of enterprise financial risk management as well as support
industry-wide and global financial data standards. Usually accompany­
ing a semantic model is a documented understanding of the behavior of
elements acting on other elements.
23 Conceptual models take on a high-level design of the groupings of
informational elements, structures, and processes that interact with each
other.
models translate the data requirem ents and properties
expressed in the logical model into a specific im plem entation on
an IT hardware/software vendor system platform .24
In summary, banks with effective (i.e., fully or largely compliant)
data architecture and IT infrastructure have consolidated their
"data categorization approaches and structures as well as inte­
grated data taxo n o m ies."25
Conversely, banks with ineffective (i.e., non-compliant) data
architecture and IT infrastructure lack the "appropriate pro­
cesses and controls to ensure that the risk reference data is
updated following changes in business activities."26
7.5 CHARACTERISTICS OF A
STRONG RISK DATA AGGREGATION
CAPABILITY
Firm s need to monitor their data on an ongoing basis to ensure
its accuracy and integrity (see Principles 3 and 4 in Box 7.4). Risk
data should be com plete, reconciled with sources, and include
all material risk disclosures at a granular level. Classifications
and categorizations are necessary to present com plete and
m anageable information to executive m anagem ent. If classifica­
tions are too broad, however, information loss and data distor­
tion can occur.
Banks should also be "ab le to produce aggregate risk inform a­
tion on a tim ely b a sis"27 (see Principle 5 in Box 7.4). The
degree of tim eliness required depends on the risk area being
m onitored. For exam p le, data used to m easure risk on the
trading floor will need to generate risk inform ation on a tim e ­
lier basis when com pared to risk inform ation on a corporate
loan. Inform ation system s dedicated to trading rooms must
24 A physical data model can generate the specific operations, proce­
dures, and data loads to create a functioning database instance of the
logical data model.
25 Basel Committee on Banking Supervision, June 2018, "Progress
in adopting the Principles for effective risk data aggregation and risk
reporting (RDARR)." This report also mentions as an example "a data
dictionary and a single data repository or data warehouse for each risk
type identified and constructed"
26 Ibid. The report also mentions as an example of this "a lack of a for­
malized escalation process to communicate poor data quality to senior
management".
27 Basel Committee on Banking Supervision, January 2013, "Principles
for effective risk data aggregation and risk reporting."
Chapter 7 Principles for Effective Data Aggregation and Risk Reporting
accom m odate a w ide variety of sp ecific and potentially com ­
plex financial instrum ents. Th ese risks need to be evaluated
quickly and frequently for the purposes of m anaging a trading
book or a portfolio.
Trading system s apply sophisticated analytical valuation and
pricing algorithm s to portfolio positions. They typically use
data structures, custom ized either by vendors or designed by
in-house developm ent team s, to record the details of financial
instrum ent contracts. Com prom ises in tim eliness are often made
due to the need to extract and map data from different trading
system s into other system s that can integrate, sum m arize, and
report on the consolidated data.
Furtherm ore, risk data aggregation practices need to be adapt­
able (see Principle 6 in Box 7.4). An exam ple of adaptability
would be the ability to integrate a hypothetical stress scenario
with other parts of the portfolio to produce an aggregated
enterprise risk measure. A daptability would also include the
capability to incorporate changes in an upcoming regulatory
fram ework (e.g ., an update to Basel capital regulatory rules) and
the ability to com bine that with historical data to produce an
overall risk measure.
The B C B S notes that an effective (i.e., fully or largely compliant)
capability to aggregate risk data features "appropriate data e le­
ment certification, data quality docum entation, data quality
assurance m echanism s, assessm ent of data quality per risk type,
and docum ented and effective controls for manual
p ro cesses."28
Conversely, ineffective (i.e., with com pliance gaps) risk data
aggregation capabilities may feature "deficiencies in data qual­
ity controls . . . ; [lack of properly established] data quality rules
such as minimum standards for data quality reporting thresh­
olds; absence of a designated authority [oversight] . . . ; lack of
an effective escalation model . . . ; and w eaknesses in [quality
control]" as well as ". . . overreliance on manual . . . processes
without proper docum entation [and policy] . . . , lack of reconcili­
ation for certain key reports . . . and no variance analysis . . . ,
inability to promptly [also without automation] source risk data
from foreign subsidiaries . . . , lack of standardization of refer­
ence d a ta ."29
28 Basel Committee on Banking Supervision, June 2018, "Progress
in adopting the Principles for effective risk data aggregation and risk
reporting (RDARR)."
29 ibid.
■ 95

BOX 7.4 PRINCIPLES 3 TO 630
Principle 3:
Accuracy and Integrity — A bank should be able to gen­
erate accurate and reliable risk data to m eet normal and
stress/crisis reporting accuracy requirem ents. Data should
be aggregated on a largely autom ated basis to minimize
the probability of errors.
Principle 4:
Completeness — A bank should be able to capture and
aggregate all material risk data across the banking group.
Data should be available by business line, legal entity, asset
type, industry, region, and other groupings, as relevant for
the risk in question, that perm it identifying and reporting
risk exposures, concentrations, and emerging risks.
Principle 5:
Timeliness — A bank should be able to generate aggre­
gated and up-to-date risk data in a tim ely manner while
also m eeting the principles relating to accuracy and integ­
rity, com pleteness, and adaptability. The precise timing
will depend upon the nature and potential volatility of
the risk being m easured as well as how critical it is to the
overall risk profile of the bank. The precise timing will also
depend on the bank-specific frequency requirem ents for
risk m anagem ent reporting, under both normal and stress/
crisis situations, set based on the characteristics and over­
all risk profile of the bank.
Principle 6:
Adaptability — A bank should be able to generate aggre­
gate risk data to m eet a broad range of on-demand,
ad hoc risk m anagem ent reporting requests, including
requests during stress/crisis situations, requests due to
changing internal needs, and requests to m eet supervisory
queries.
7.6 CHARACTERISTICS OF EFFECTIVE
RISK REPORTING PRACTICES
Banks also have significant progress to make when it com es to
the B C B S 239 principles on effective risk reporting practices.
The B C B S notes that "risk m anagem ent reports should be accu­
rate and precise to ensure a bank's board and senior
Basel Committee on Banking Supervision, January 2013, "Principles
Q A
for effective risk data aggregation and risk reporting." Reprinted by
permission.
96 ■ Financial Risk Manager Exam Part I: Foundations of Risk Management
m anagem ent can rely with confidence on the aggregated infor­
mation to make critical decisions about risk "31 (see Principle 7
in Box 7.5).
For instance, the ability to use m odels to aggregate risk
depends upon having those m odels be fully vetted to ensure
that the results are accurate within a given level of specificity.
Banks should also establish accuracy and precision requirem ents
for their risk reports that reflect the criticality of decisions made
using risk information.
Risk reports also need to be com prehensive and cover all risk
types (see Principle 8 in Box 7.5). These risks include the Pillar 1
and Pillar 2 risks.32
Risk reports need to be clear and useful as well as m eet the
needs of their users (see Principle 9 in Box 7.5). The BC BS notes
that "reports should include an appropriate balance between risk
data, analysis and interpretation, and qualitative explanations."33
These reports should be purposeful, in the sense that they should
be tailored towards a specific audience (e.g., a trading unit or a
lending unit). For exam ple, risk reports for a board of directors
should not be difficult to interpret at an aggregate level.
Risk reporting frequency is a function of the risk type and pur­
pose of each risk report (see Principle 10 in Box 7.5). During
tim es of stress, report frequency may increase to keep pace
with unusually fast-moving m arkets. Additionally, there may be
situations where rapid risk analyses are required to facilitate
decision-m aking. In short, all these situations should be planned
for ahead of tim e (to the extent such preparation is possible).
However, there may be unavoidable limits on reporting fre­
quency. For exam ple, in cases where forward-looking stochastic
cash flow sim ulations are used, the volum e of data produced
can be significantly larger than that of the input data. Having
too much output data can negatively im pact a firm's ability to
perform the necessary quality checks.
The generation of many scenario iterations can also affect the
frequency of risk reports.34*Com bining multiple analyses and
model iterations requires consistent contexts and synchronized
31 ibid.
32 Pillar 1 risks include market risk, credit risk, and operational risk.
Pillar 2 risks include business risk, reputation risk, and strategic risk.
Chapter 1 describes and differentiates among the key classes of risks.
33 Basel Committee on Banking Supervision, January 2013, "Principles
for effective risk data aggregation and risk reporting."
34 The cycle of sample, process, and review and act upon results repeats
itself, often daily, producing yet more results datasets. In addition to the
need to manage these results datasets, there is a need for the annota­
tion and attribution of scenario assumptions corresponding to the data
in the results data repository.

BOX 7.5 PRINCIPLES 7 TO 1135
Principle 7:
Accuracy — Risk m anagem ent reports should accurately
and precisely convey aggregated risk data and reflect risk
in an exact manner. Reports should be reconciled and
validated.
Principle 8:
Com prehensiveness — Risk m an ag em en t rep o rts
should co ver all m aterial risk areas w ithin the o rg a n iza­
tio n . T h e depth and sco p e of th ese rep o rts should be
co n siste n t with the size and co m p le xity of the bank's
o p eratio n s and risk p ro file, as w ell as the req u irem en ts
o f the re cip ie n ts.
Principle 9:
Clarity and usefulness — Risk m anagem ent reports should
com m unicate information in a clear and concise manner.
Reports should be easy to understand yet com prehensive
enough to facilitate informed decision-m aking. Reports
should include meaningful information tailored to the
needs of the recipients.
Principle 10:
Frequency — The board and senior m anagem ent (or
other recipients as appropriate) should set the frequency
of risk m anagem ent report production and distribution.
Frequency requirem ents should reflect the needs of the
recipients, the nature of the risk reported, and the speed
at which the risk can change, as well as the importance
of reports in contributing to sound risk m anagem ent and
effective and efficient decision-making across the bank.
The frequency of reports should be increased during tim es
of stress/crisis.
Principle 11:
Distribution — Risk m anagem ent reports should be distrib­
uted to the relevant parties while ensuring that confidenti­
ality is m aintained.
scenario param eters that are easily applied to independent
model runs. Lack of such scenario consistency will result in
im portant aspects of the diversification across scenarios being
lost. In turn, this can destroy a model's ability to determ ine the
volatility of the aggregate results.
Another key requirem ent is creating an agreed-upon set of
report distribution lists, with an eye toward making sure that
or
Basel Committee on Banking Supervision, January 2013, "Principles
for effective risk data aggregation and risk reporting." Reprinted by
permission.
Chapter 7 Principles for Effective Data Aggregation and Risk Reporting
reports are provided to all relevant decision-m akers (see Prin­
ciple 11 in Box 7.4). A distribution list also needs to recognize
the degree of confidentiality of the information contained within
specific sections of the overall report.
In summary, effective reporting capabilities feature routine risk
reports having useful information and providing preem ptive
analyses and dynam ic features. A drill down of risk data from
these reports can enable rigorous analyses across different risks
and be accessed with an easy-to-use interface.
Conversely, ineffective risk reporting capability would have the
opposite features (not all are required and this list is far from
com prehensive): static/inflexible, lacking ability to answer even
sim ple drill down questions, and difficult to understand.
CONCLUSION
The original goal of the Basel Com m ittee was to ensure that
firms developed strategies to m eet the B C B S 239 principles by
2016. However, we still have a long way to go.
The Risk Data N etw ork (RDN) periodically releases progress
reports on im plem entation of the B C B S 239 p rincip les.36 In
these reports, supervisors rate firm s' current perform ance on
achieving com pliance with the RDARR principles (see A p p e n ­
dix 1 for details). These ratings are affirm ed by a 2016 survey
conducted by M cKinsey and the Institute of International
Finance (IIF)— which revealed that despite significant invest­
m ents, banks are still struggling to com ply with the p rinciples.37
A study from PwC showed higher performance for compliance
with Principles 7-11 (risk reporting) com pared to Principles 3-6
(data aggregation). M eanwhile, Principles 1 (governance) and 2
(data architecture and infrastructure) have poor com pliance rates.
Although these principles are focused on internal risk reporting,
some supervisors have indicated regulatory and stress-testing
results would also help to inform the process when assessing
bank com pliance. More recently, the European Central Bank has
stated that financial and regulatory reporting is part of BC BS
239 com pliance. Though many banks have asked, regulators
have not come forward with clearer guidelines for com pliance.
The regulators continue to em phasize that ascertaining com pli­
ance with B C B S 239 is a subjective exercise and that the stan­
dards for each bank are accordingly bespoke.
36 The Working Group on SIB Supervision (WGSS) was transformed into
the RDN.
37 H. Harreis, A. Tavakoli, T. Ho, J. Machado, K. Rowshankish, and
P. Merrath, (2017, May). "Living with BCBS 239." Retrieved from
https://www.mckinsey.com/business-functions/risk/our-insights/
living-with-bcbs-239
■ 97
 Levels of Compliance and Banks by Principle (2016 vs 2017)
30

25

20

15

10

0
Governance &
Risk Data Aggregation Capabilities Risk Reporting Practices
Infrastructure

□ Fully compliant □ Fully compliant

2016 supervisor's H Largely compliant 2017 supervisor's □ Largely compliant
assesments : S3 Materially non-compliant assesments : LH Materially non-compliant
E2 Non-compliant □ Non-compliant

Fiqure 7.1 Levels of compliance with RDARR principles.

Source: Progress in Adopting the Principles for Effective Risk Data Aggregation and Risk Reporting, June 2018, Basel Committee
on Banking Supervision. Reprinted by permission of the Bank for International Settlements.

P1 P2 P3 P4 P5 P6 PI P8 P9 P10 P11

2017 2.90 2.73 2.60 2.90 2.87 2.90 2.73 3.03 3.03 2.97 3.33

2016 2.83 2.60 2.60 2.93 2.73 2.90 2.77 3.00 3.10 2.97 3.37

Change 0.07 0.13 0 - 0 .0 3 0.13 0 - 0 .0 3 0.03 - 0 .0 7 0 - 0 .0 3

Fiqure 7.2 Internal bank gap analysis.

BOX 7.6 PRINCIPLES 12 TO 1438
Principle 12:
Review — Supervisors should periodically review and evaluate
a bank's compliance with the eleven Principles above.
Principle 13:
Remedial actions and supervisory measures — Super­
visors should have and use the appropriate tools and
resources to require effective and tim ely remedial action
by a bank to address deficiencies in its risk data aggrega­
tion capabilities and risk reporting.
APPENDIX 1
Compliance Levels of 30 Banks
In Figure 7.1, the small changes in the average com pliance rat­
ings (on scale of 1 to 4) with B C B S 239 between 2016 and 2017
illustrate the minimal progress observed in the Principles' imple
m entation. The scale ranges from being "fully com pliant" (a rat­
ing of 4) to "non-com pliant" (a rating of 1). The scores for the
fth Principle are shown in Figure 7.2. For exam ple, Principle 1
was rated 2.83 in 2016 and 2.90 in 2017.

Principle 14:
Home/host cooperation — Supervisors should cooperate
with relevant supervisors in other jurisdictions regard­
ing the supervision and review of the Principles, and the
im plem entation of any remedial action if necessary.

38 Basel Committee on Banking Supervision, January 2013, "Principles

for effective risk data aggregation and risk reporting."

98 ■ Financial Risk Manager Exam Part I: Foundations of Risk Management

The following questions are i to help candidates understand the material. They are not actual FRM exam questions.

QUESTIONS
7.1 B C B S 239 concerns An additional requirem ent that has em erged since the
A. conducting scenario analysis. original B C SBS 239 principles were published is the
B. liquidity requirem ents in banks. expectation that B C B S 239 principles should also apply to
C. how to deal with data in a bank. banks' regulatory reporting.
D. details of how to im plem ent the Graham -Dodd A ct A. True
B. False
7.2 Is the following statem ent True or False?
7.5 Please provide an exam ple of com pliant risk data gover­
The original tim eline to achieve full com pliance with BCBS
nance in B C B S 239.
239 was not met by any bank.
A. True 7.6 Please provide an exam ple of effective risk reporting in
B. False B C B S 239.

7.3 Is the following statem ent True or False? 7.7 W hy was the original tim eline to achieve full com pliance

There is a uniform blueprint in place for B C B S 239 com pli­ with B C B S 239 not met by any bank?

ant infrastructures. 7.8 W hat are the characteristics of a strong risk data aggrega­
A. True tion capability?
B. False
7.9 Explain how model risk is affected by data quality.
7.4 Is the following statem ent True or False?

Chapter 7 Principles for Effective Data Aggregation and Risk Reporting ■ 99

The following questions are i to help candidates understand the material. They are not actual FRM exam questions.
ANSWERS
7.1 C. how to deal with data in a bank.
The principles and supervisory expectations outlined in
B C B S 239 apply to risk m anagem ent data and m odels.
These principles cover governance/infrastructure issues,
risk data aggregation procedures and needs, reporting,
and considerations for supervising authorities.
7.2 True
Banks have struggled to com ply with B C B S 239 and the
original tim eline to achieve full com pliance was not met
by any bank.
7 .3 False
Solutions are specific to the individual institution.
7.4 True
The European Central Bank has stated that financial and
regulatory reporting is part of B C B S 239 com pliance.
7.5 Policies are in place that set "out a clear delineation of
roles, incentive schem es, and responsibilities for risk data
m anagem ent (including dedicated staff responsible for
defining risk data exp ectatio n s)."39
7.6 Effective reporting capabilities feature routine risk
reports having useful information and providing
39 Basel Committee on Banking Supervision, January 2013, "Principles
for effective risk data aggregation and risk reporting."
100 Financial Risk Manager Exam Part I: Foundations of Risk Management
preem ptive analyses and dynamic features. A drill down
of risk data from these reports can enable rigorous analy­
ses across different risks and be accessed with an easy-
to-use interface.
7.7
• The underestim ation of the com pliance
efforts required due to the com plexity of the
problem s,
• The exponential increase in the application of Al tech­
niques on large data sets, and
• C ost considerations.
7.8
• To ensure accurate and reliable risk data,
• To capture and aggregate all material risk data
(com pleteness),
• To Produce aggregate risk information on a tim ely
basis (tim eliness), and
• To G enerate ad hoc reports on data and risk
analyses in response to m anagem ent needs
(adaptability).
7.9 The quality of any model is heavily dependent on the
accuracy of the input data. If the quality of data that
feeds the model is garbage, then the adage garbage-in,
garbage-out applies. Data errors can significantly alter
estim ated model param eters.
Enterprise Risk
Management and
Future Trends
Learning Objectives
A fter com pleting this reading you should be able to:

D escribe Enterprise Risk M anagem ent (ERM ) and com pare D escribe risk culture, explain characteristics of a strong
an ERM program with a traditional silo-based risk m anage­ corporate risk culture, and describe challenges to the
ment program. establishm ent of a strong risk culture at a firm.

Com pare the benefits and costs of ERM and describe the
motivations for a firm to adopt an ERM initiative.
Explain best practices for the governance and im plem en­
tation of an ERM program.
D escribe im portant dim ensions of an ERM program and
relate ERM to strategic planning.
Explain the role of scenario analysis in the im plem enta­
tion of an ERM program and describe its advantages and
disadvantages.
Explain the use of scenario analysis in stress testing pro­
grams and in capital planning.

101
8.1 ERM: WHAT IS IT AND WHY DO
FIRMS NEED IT?
Earlier chapters of this book have focused on specific risk types
(e.g ., credit risk, m arket risk, or operational risk). This approach
has also been adopted by banking regulators, who require
banks to hold minimum capital against credit, m arket, and oper­
ational risk (e.g ., Pillar I of Basel III).1 Looking at risk within risk
types and specific business portfolios makes it easier to:
• Define and measure risk (e.g ., most financial models deal
with specific risks),
• A ggregate risk within business lines, and
• Hedge risk using derivative instrum ents, which tend to be risk
specific.
However, it is also im portant to com pare exposures to one
another. Doing so allows firm s to prioritize risk m anagem ent
and understand how risk-type and business line exposures add
up to their total exposure. A t the enterprise level, risks may
negate each other (e.g ., through netting and diversification) or
BOX 8.1 CROSS-OVER RISKS—THE
NORTHERN ROCK EXAM PLE
A perceived weakness in one risk m anagem ent area (e.g .,
credit risk) can reveal weakness in another area (e.g ., fund­
ing liquidity). Northern Rock discovered this to its detri­
ment during the initial stages of the 2007-2009 global
financial crisis.
The fast-growing bank had developed a strategy that left
it highly dependent on investors and wholesale m arkets—
rather than custom ers' deposits— for its funding. It tried
to manage this funding concentration risk by diversifying
geographically beyond its home m arket in the United
Kingdom by tapping funding m arkets in continental
Europe and the United States.
H ow ever, th at approach left the institution vu ln erab le
to the global storm in funding m arkets th at erup ted
when investo rs began shunning banks p erceived as
having risky lending stra te g ie s (as w e d iscu ssed in
C h a p te r 5). N orthern Rock o fficials later claim ed that
this kind o f global funding m arket shutdow n was
"u n fo re s e e a b le ."1
2
1 Regulators are also concerned with many other risks facing a bank and
try to make sure banks consider them by applying Pillar II, the supervi­
sory review process.
2 House of Commons, Treasury Committee, "The Run on the Rock,"
January 2008, p.16.
102 ■ Financial Risk Manager Exam Part I: Foundations of Risk Management
exacerbate each other (e.g ., through risk concentrations, conta­
gion, and cross-over risks).
Enterprise risk m anagem ent (ERM ) applies the perspective and
resources at the top of the enterprise to manage the entire port­
folio of risks and account for them in strategic decisions.3 ERM
improves upon silo-based risk m anagem ent by giving executives
an integrated, enterprise-level view of risk. This feature makes
ERM an im portant supplem ent to the more limited perspective
available from specific business lines or risk-type functions. It
also focuses attention on the largest threats to a firm's survival
and core functionality.
A nother im portant feature of ERM is that it supports a con­
sistent approach to enterprise risks throughout a firm, from
the boardroom to the business line. This consistency can be
achieved through a robust risk culture and an adherence to
enterprise risk appetites and governance. Firms that lack this
consistency may see one business unit reject an opportunity due
to its risk, while similar opportunity is em braced by another unit.
This chapter explains how ERM evolved to help firm s manage
risk efficiently, identify overlooked enterprise risks, m anage
risk concentrations, and understand how different risk types
interact (Figure 8.1). It also introduces the key ERM dim ensions
1. Helps firms define and adhere to enterprise risk
appetites
2 . Focuses oversight on most threatening risks
3 . Identifies enterprise-scale risks generated at business
line level
4 . M anages risk concentrations across the enterprise
5 . M anages em erging enterprise risks (e.g ., cyber risk,
A M L (anti-money laundering) risk, reputation risk)
6 . Supports regulatory com pliance and stakeholder
reassurance
7 . Helps firms to understand risk-type correlations and
cross-over risks
8 . O ptim izes risk transfer expenses in line with risk scale
and total cost
9 . Incorporates stress scenario capital costs into pricing
and business decisions
1 0 . Incorporates risk into business model selection and
strategic decisions
Fiqure 8.1 Top ten b en efits of ERM .
3 Enterprise risks, meanwhile, are those risks large enough to make
enterprise outcomes fall materially short of enterprise goals.
and tools, including risk culture indicators and enterprise-w ide (CRO s)— responsible for all types of risk— and began to use
stress testing. universal risk m etrics (e.g ., Value-at-Risk (VaR)) to com pare and
aggregate risks across the firm.

In the m id-1990s, derivatives disasters (e.g ., Barings Bank)

8.2 ERM—A BRIEF HISTORY
showed how institutions lacking robust risk m anagem ent fram e­
works could be destroyed by one out-of-control individual. A t
The need for ERM 's holistic approach to risk seem s alm ost self-
the same tim e, banks expanded the scope of credit risk man­
evident, so why is it still a work in progress? The answer lies
agem ent from a focus on the credit ratings of obligors to the
in the difficulty of the task and in how risk m anagem ent has
active m anagem ent of enterprise credit portfolios (e.g ., through
evolved at the firm and industry levels.
the use of credit derivatives).
Risk m anagem ent is usually fully integrated within small firms,
By the late 1990s, banks had begun to track and measure oper­
even if it is not necessarily well developed. But as firms grow,
ational risks. A t the same tim e, some institutions began trading
they create specialist risk functions to improve their m anage­
new types of transferable risk (e.g ., w eather risk and political
ment of specific risks. (This is what was discussed in earlier
risk). In the same way that VaR had helped firms build an overall
chapters.)
perspective of m arket risk, new global risk com m ittees and risk
These risk types may initially be managed independently of one transfer tools helped firm s to build an overarching perspective
other, with some firm s operating separate risk m anagem ent of enterprise risk across business lines and risk types.
functions across their lines of business. O ver tim e, firm s may try
In the early days of global risk m anagem ent, many firm s had
to move beyond this siloed risk m anagem ent structure. For
trouble setting up integrated ERM program s across large
exam ple, they may bring their risk m anagers together to
enterp rises. Th en , as now, firm s preferred to devolve responsi­
improve risk m anagem ent skills, ensure all key risks are covered,
bility for risk to the business line (where risk can be controlled
and increase purchasing power in the risk transfer m arkets.4
at the source). However, firm s keep com ing back to ERM
This kind of enterprise-level rationalization becam e more urgent because m anaging risk dem ands a portfolio m anagem ent
after a wave of financial m arket liberalization in the 1970s p ersp ective.
increased price volatilities and created new derivative instru­
By the early 2000s, some of the benefits of an ERM view were
ments across interest rate, com m odities, foreign exchange, and
beginning to be realized (Table 8.1). However, the global finan­
other m arkets. By the 1990s, financial institutions realized that
cial crisis of 2007-2009 revealed many w eaknesses in risk man­
they needed to manage their derivatives portfolios and underly­
agem ent practices. Am ong these included
ing econom ic exposures in a more integrated fashion.
• A failure to properly apply aggregate risk m easures,
First banks, and then large corporations, began to build global
risk m anagem ent divisions. They appointed chief risk officers • An inability to spot enterprise risk concentrations across busi­
ness lines, and

• An inability to see risks within certain business m odels.

4 A precursor example is the growth of the specialist insurance pur­
chaser in US corporations and the evolution of this role into a more inte­ The years following the crisis saw a greater regulatory em phasis
grated enterprise-level insurance "risk manager" during the 1950s and on ERM tools such as risk appetite and risk capacity (Chapters 2
1960s. During this period, large U.S. corporations began to centralize
and 3), data aggregation and reporting (Chapter 7), enterprise-
and rationalize insurance purchases, hitherto spread over many business
divisions and activities. Pooling risk with other entities through an insurer level scenario analysis, and risk culture (the latter two being key
can be an expensive way to transfer risk for firms with good claims topics in this chapter).
records. The "top-of-the-firm" perspective made it clearer that larger
firms could choose between transferring an insurable risk to an external A survey conducted by Deloitte showed that the share of finan­
insurer or using their own capital to cover a portion of the risk through cial institutions with active ERM programs more than doubled
the use of self-insurance, captive insurance companies, and similar
between 2006 and 2016 (i.e., from 35% to 73% ).5 During that
mechanisms. Setting up a captive to retain risk meant understanding—
rather than outsourcing—the risk and incentivized firms to capture risk same tim efram e, the percentage of institutions with a C R O rose
data. This in turn spawned new ideas about how to mitigate risk at the to 92%.
business line level. The term "risk manager" first began to be used
in relation to this widened role of the corporate insurance purchaser.
Though insurance risk managers had a very different role to that of
today's bank risk manager, there is one striking parallel: integrating risk 5 Deloitte Touche Tohmatsu Limited, Global Risk Management Survey,
management at the enterprise level changed how the firm saw and 10th Edition, https://www2.deloitte.com/insights/us/en/topics/risk-
managed risk. management/global-risk-management-survey.html

Chapter 8 Enterprise Risk Management and Future Trends ■ 103

Table 8.1 ERM versus Traditional Silo-based Risk Management
Traditional Risk Management
Risk view ed in business line, risk-type, and functional silos
Risk m anagers work in isolation
Many different risk m etrics that cannot be com pared (apples to
oranges)
Risk aggregated, if at all, within business lines and risk types.
Difficulty seeing the aggregate risk picture
Each risk type managed using risk-specific transfer instruments
Each risk m anagem ent approach (e.g ., avoid/retain/m itigate/
transfer) often treated separately, with strategy rarely being
optim ized.
Impossible to integrate the m anagem ent and transfer of risk
with balance sheet m anagem ent and financing strategies
8.3 ERM: FROM VISION TO ACTION
So far, this chapter has covered ERM 's evolution and basic goals.
But how is ERM organized in practice?6 This depends a lot on
the size and type of firm, but it helps to think of ERM practices
across five dimensions (Table 8.2).
1. Targets: T h e se include the en terp rise's risk ap p e tite and
how it relates to its strate g ic goals (discussed in C h a p ­
te r 2). Risk ap p e tite is linked to o perational m echanism s,
such as global lim it fram ew o rks and incentive co m p en sa­
tion schem es. O ne goal of ERM is to set the right targ ets
and m ake sure th ey are not in co nflict with o ther stra te ­
gic goals.
2. Structure: The organizational structure of an ERM program
includes the role of the board, the global risk com m ittee
and other risk com m ittees, the C R O , and the corporate
governance fram ework described in C hapter 3. The goal of
ERM is to make each structure sensitive to the enterprise-
scale risks faced by the firm, including indirect losses.
6 In organizational terms, ERM programs are often implemented through
the senior management risk committee. Other risk committees, such as
the Credit Risk committee, may adopt ERM initiatives. Meanwhile, some
non-financial firms that lack elaborate risk committee structures may
set up ERM committees that help coordinate ERM activities with their
respective business lines.
104 ■ Financial Risk Manager Exam Part I: Foundations of Risk Management
ERM View
Risk viewed across business lines, functions, and risk types,
looking at diversification and concentration
Risk team integrated using global risk m anagem ent com m ittee
and chief risk officer
Developm ent of rational risk m anagem ent fram eworks and
cross-risk universal m etrics (e.g ., VaR and scenario analysis) to
integrate risk view (i.e., apples to apples)
Tools and integrated fram eworks make it possible to more
accurately measure and track enterprise risk. Potentially, risk is
aggregated across multiple risk types.
Possibility of cutting risk transfer costs firm -wide and integrated
(e.g ., multi-trigger) instruments
Each risk m anagem ent approach is view ed as one com ponent
of a total cost of risk, ideally measured in a single currency.
Com ponent choice is optim ized as far as possible in risk/reward
and cost/benefit term s expressed in that currency.
Risk m anagem ent is increasingly integrated with balance sheet
m anagem ent, capital m anagem ent, and financing strategies.
Table 8.2 Five Key ERM Dimensions
ERM Dimension Examples
Targets En terp rise goals: Enterprise risk appetite,
enterprise limit fram ew orks, risk-sensitive
business goals and strategy formulation
Structure H ow w e organize E R M : Board risk
oversight, global risk com m ittee
Risk Officer; ERM subcom m ittee; reporting
lines for ERM ; reporting structures
Metrics H ow w e m easure en terprise risk:
Enterprise-level risk m etrics, enterprise
stress testing, aggregate risk m ea­
sures (Value-at-Risk, Cash-Flow-at-Risk,
Earnings-at-Risk, etc.), "total cost of risk"
approaches, enterprise level risk mapping
and flagging, choice of enterprise-level
risk limit metrics
ERM Strategies H ow w e m anage ER M : Enterprise level
risk transfer strategies, enterprise risk
transfer instruments, enterprise moni­
toring of business line m anagem ent of
enterprise-scale risks
Culture H ow w e do things: "tone at the to p ",
accountability for key enterprise risks,
openness and effective challenge, risk-
aligned com pensation, staff risk literacy,
whistle-blowing mechanisms
 3. Identification & Metrics: No amount of thoughtful target
setting or ERM reorganization will help if a firm cannot
identify enterprise-scale risks and measure their severity,
impact, and (ideally) frequency. This chapter discusses key
ERM metrics such as enterprise-level scenario analysis and
stress testing. O ther metrics include aggregate risk m ea­
sures such as VaR, total-cost-of-risk m ethodologies, risk-spe­
cific m etrics, and whole-of-firm risk mapping and flagging
mechanisms. Here, the goal of ERM is to make sure the firm
has the right fam ily of metrics to capture enterprise risks.
4. ERM strategies: Firms also need to articulate specific
strategies for managing enterprise-scale risks at either the
enterprise level or through the business lines. This includes
the fundam ental decisions to avoid, m itigate, or trans­
fer risks, along with the choice of enterprise risk transfer
instrum ents.
5. Culture: If targets, structure, and metrics are the bones of
the ERM strategy, then culture is the flesh and blood. In
short, a strong risk culture is built from a pervasive sense of
common goals, practices, and behaviors.
It is tem pting to rank a firm's com m itm ent to ERM in term s of
identifiable ERM attributes across these five dim ensions.
However, the success of ERM is governed by the how these five
dim ensions interact with each other. For exam ple, appointing a
C R O might either lead to im portant im provem ents in enterprise
stress testing or be a cynical re-badging exercise that changes
nothing. M eanwhile, an im provem ent in stress testing and other
risk m etrics might not lead to im provem ents in risk m anagem ent
if a firm lacks a healthy risk culture.
Furthermore, many ERM programs that look well established may
not be comprehensive. For example, surveys suggest that only
around half of CRO s review the impact of compensation plans on a
firm's risk appetite and culture— arguably a critical ERM function.7
The true test for ERM is w hether its growing adoption leads to a
decrease in negative surprises and mishaps. So far, empirical
research has yielded am biguous results. Some researchers have
identified positive results from adopting ERM (e.g ., in term s of
bank default swap spreads),8 while others have so far failed to
find evidence of tangible benefits.
7 Deloitte, Global Risk Management Survey, 10th edition; p. 6 and p. 18.
The Deloitte survey is available at https://www2.deloitte.com/insights/
us/en/topics/risk-management/global-risk-management-survey.html
8 S. A. Lundqvist and A. Vilhelmsson, "Enterprise Risk Management
and Default Risk: Evidence from the Banking Industry," Journal o f Risk
and Insurance, vol.85, no.1, 2018, pp.127-157, with a discussion of the
literature around ERM and value creation on pp. 130-132. See also
M. K. McShane et al., "Does Enterprise Risk Management Increase Firm
Value?" Journal o f Accounting, Auditing and Finance, October 2011.
Chapter 8 Enterprise Risk Management and Future Trends
The am biguity in the research data probably stem s from the dif­
ficulty in identifying em pirical markers of successful ERM adop­
tion and the relatively short tim e series available to researchers.
In addition, ERM is continually evolving. For exam ple, there
has been a much greater em phasis placed on risk culture in the
years since the crisis.
In the years ahead, the financial industry will continue to gather
data and refine its m ethodology for back-testing the results of
ERM adoption.
8.4 WHY MIGHT ENTERPRISE RISK
DEMAND ERM: FOUR KEY REASONS
Perhaps the biggest argum ent for ERM is that an enterprise-
level perspective is the best w ay to prioritize risks and optim ize
risk m anag em ent.9 A risk that looks small at the business line
level can develop into a threat to the w hole enterp rise. C o n ­
versely, a risk that looks threatening at a business line level
m ight look trivial in the co ntext of the diversified enterprise
risk portfolio.
Top to Bottom—Vertical Vision
Large risks often begin their life a long way from the board
room. As an exam ple, consider the case of a car manufacturer.
Suppose that a poor design or sourcing decision is m ade, and a
potentially dangerous car part is installed. The risk is engineered
into countless cars and therefore threatens the enterprise, its
suppliers, and their insurers through recall and com pensation
costs, lost sales, and reputational harm.
We can see som ething sim ilar happening in the "product fac­
tories" of financial institutions. For exam ple, m isconduct issues
have plagued large financial firms in recent years. In these firms,
selling a poor investm ent product may not seem like a critical
threat at the business line level when the business is young. As
the business grows, however, that threat can rise dram atically
over tim e.
For both financial and non-financial firm s, the rem edy might
be som ething simple (e.g ., tweaking the design or spending
marginal amounts on better com ponents) or som ething painful
(e.g ., closing a product line and firing the line manager). It might
also mean recognizing that the risk is being driven by poor
9 See Brian W. Nocco and Rene M. Stulz, Ohio State University, "Enter­
prise Risk Management: Theory and Practice," Journal o f Applied Cor­
porate Finance, Vol. 18, Number 4, Fall 2006.
■ 105
target setting by senior m anagem ent. W hatever the rem edy,
ERM is the process of:
• Recognizing the potential threat to the whole enterprise aris­
ing from the risky design/production decision, and
During the global financial crisis of 2007-2009, many firms
found them selves with concentrations of m ortgage risk in both
specific geographies and risky product types (e.g ., negative
amortizing m ortgages).

• Picking up on early signs that things are going wrong to Firm s cannot always avoid concentrations. For exam ple, insur­

reduce the leveraging effect of tim e. ers and bankers have been wary of concentrating their key sys­
tem s, infrastructure, and data with cloud com puting providers.
ERM brings risk decisions, across tim e and space, in line with the
1n
However, large security investm ents made by cloud providers
enterprise's stated risk appetite.
mean that going to the cloud could offer one way to manage
cyber risk and strategic technology risk. Firms must manage

Are There Potentially Dangerous such risk tradeoffs.

Concentrations of Risk within the Firm? Ultim ately, ERM includes the recognition and m anagem ent of
concentration risks according to a firm's risk appetite.
Line m anagers look after specific business lines and therefore it
can be difficult for them to spot risk concentrations across the
enterprise. C redit concentrations, for exam ple, are the big red Thinking Beyond Silos
lever of the credit portfolio. If a bank loans too much to one
Conversely, there are major diversification benefits that can only
person (i.e., name concentration), the bank risks a big hit. If too
be understood at the enterprise level, particularly in term s of
many borrowers belong to the same industry, a sector downturn
risk type.
could w reak havoc.
Acknow ledging risk-type diversification reduces the aggre­
Hidden concentrations often build up across many different
gate risk capital a firm needs to hold. It also helps to transform
businesses because line m anagers cannot see the connections.
"badly behaved" risk portfolios, including many kinds of opera­
In banking, for exam ple, an institution may lend to one firm in its
tional risk, into loss distributions closer to a normal bell-shaped
corporate loan division and then create a counterparty exposure
curve (Figure 8.2).
with the same firm in its derivatives division. Many kinds of con­
centration risk can creep across enterprises. Exam ples include A t the same tim e, thinking beyond silo-based risk m anagem ent
the following. helps firms to understand how risk types can interact to worsen
enterprise threats. For exam ple, enhanced consum er protection
• G eographical and industry concentrations. Exam ples include
in the United States since the global financial crisis has created
where a manufacturer's production facilities or a bank's core
significant cross-over risks between credit risk, legal risk, and
IT is located within a given region, or where a financial firm
reputational risk. A s a result, banks are under growing pressure
is over-exposed to default risk in a local econom y or type of
to make sure they are not deceiving custom ers or engaging in
industry.
abusive acts.
• P roduct concentrations. For exam ple, a derivative or retail
product might be mispriced in multiple divisions. Likewise, ERM can help firms understand how risk can cross over
between risk types during tim es of stress (as noted in Box 8.1).
• Su p p lier concentrations. An exam ple would be a firm that
has too great of a dependency on a link in its global supply
chain or, in the case of financial institutions, on technology Don't Insure the Kettle
suppliers or data/risk analysis providers.
Consum ers are nearly always right to turn down offers of insur­
ance for inexpensive goods. For exam ple, if a kettle catches fire,
it is the home insurance they need to worry about and not the
10 One complication is that business line short-term priorities are often replacem ent cost of the kettle.
set at the top of the firm. For example, the business line might be try­
ing to save money on product components to boost its reported profit Firms have been applying the same logic at the enterprise level
margin. It might be trying to make headquarters' sales targets, through since the 1960s by using m echanisms such as self-insurance and
whatever means. ERM is therefore also about managing agency risk and
captive insurance to retain portions of property, liability, and
the firm's risk culture, including how to build structures within the firm
that balance the need for aggressive short-term goals against the need other risks. Note that around 20% of firms with between USD
to stay in line with long-term risk appetite. 1 billion and USD 5 billion in revenue have a captive insurance

106 ■ Financial Risk Manager Exam Part I: Foundations of Risk Management

Figure 8.2 Th e e n te rp rise risk portfolio g e n e ra te s diversification b enefits.
unit; that percentage rises to over 50% for firm s with at least
USD 10 billion in revenue. Risk retention decisions are best
made at the enterprise level, where the aggregate level of risk
exposure can be understood.
The process of understanding an enterprise risk and then man­
aging a portion of it in-house is happening again today with
cyber risk. So far, only around 12% of firms using captives
em ploy them to provide cyber coverage. However, 23% of them
1Q _
plan to do so by 2020. This growth will be driven by firms
improving their understanding of cyber risk, such as through
enterprise risk assessm ents of cyber dependencies and vulnera­
bilities, and then applying quantitative m etrics to assess the
financial im pact of cyber events.
This dem onstrates a general truth: firms that understand enter­
prise risk can translate this understanding into dollar savings
(Figure 8.3). The process is most obvious in the case of insurable
risks, but it is true for financial risks as well. As firms understand
11 Aon Risk Solutions, Global Risk Management Survey 2017, p. 92.
Captives also help firms to centrally gather information about their risks,
check their risk taking against their risk appetite, and to build more
effective risk management across multiple business lines and activities.
12 Aon Risk Solutions, Global Risk Management Survey 2017, p. 89.
Chapter 8 Enterprise Risk Management and Future Trends
their true exposures (i.e., considering enterprise netting
and diversification effects) they can retain the right level of
exposure and target resources towards the real, enterprise-
threatening risks.
8.5 RISK CULTURE: WITHOUT THIS,
NOTHING
Risk culture can be thought of as the set of goals, values, beliefs,
procedures, custom s, and conventions that influence how staff
create, identify, m anage, and think about risk within an enter­
prise, including im plicit and explicit beliefs. A nother well-known
definition is that "risk culture can be defined as the norms and
traditions of behavior of individuals and of groups within an
organization that determ ine the way in which they identify,
understand, discuss, and act on the risks the organization con­
fronts and the risks it ta k e s ."13
1 *3
See IIF, Reform in the Financial Services Industry: Strengthening Prac­
tices for a More Stable System, December 2009, Appendix III. Various
definitions by unnamed banks are provided in APRA, "Risk Culture,"
Information Paper, October 2016, p. 15: http://www.apra.gov.au/
Crosslndustry/Documents/161018-lnformation-Paper-Risk-Culture.pdf
■ 107
 Severe Risk— Unknown Loss Distribution

Transfer the Risk (USD) Study the Risk

O nce Risk Is Understood

Tran sfer U nexpected Loss Portion (Cost USD)
Keep Exp ected Loss Portion (Save USD)
Continue to Study Risk

Mitigate Severity

Keep Exp ected Loss Minimize Tran sfer C osts (Save Further USD)

Fiqure 8.3 U n d erstan d in g e n te rp rise risk save s m oney— and e n te rp rise s.

Risk culture sounds intangible, but a strong risk culture is a firm's Risk culture is a difficult to address because it is m ultilayered
surest handle on ER M 14 in the same way that a strong safety cli­ (Figure 8.4). Individuals arrive at an en terp rise with th eir own
mate minimizes accidents in physical industries.15 risk m indsets th at are driven by th eir p erso n alities, d em o ­
g rap h ics, professional stan d ard s, personal e xp e rie n ce s, and
In the aftermath of the global financial crisis of 2007-2009, supervi­
so on. T h ey then absorb m any of the risk-related behaviors
sory reports focused on risk culture as a driver of risk management
and p ractices of th eir local group (e .g ., business line sales
failure in large financial institutions. Other culture-driven scandals
targets) and m ake risk decisions as part of th at local social
emerged in the post-crisis years, including the mis-selling of con­
environm ent.
sumer financial products (e.g., the UK payment protection insur­
ance scandal), the manipulation of financial markets (e.g., Libor In turn, this can lead to a gap between the stated targets of the
rate manipulation), money laundering, and embargo breaches. organization (e.g ., risk appetite and values) and behavior by its
em ployees. This behavior may be driven by short-term or self-
The banks involved in these scandals paid massive penalties and
centered goals, with rules being broken or side-stepped. Fur­
suffered discounting on their share prices while litigation contin­
therm ore, it is not easy to improve risk culture across the whole
u ed .16 It is therefore not surprising that around 70% of surveyed
enterprise if a firm has no way to assess its progress.
financial institutions say that establishing and em bedding risk
culture across the organization is a high p riority.17

# • Enterprise Thinking
14 O. Karlsson et al., "Are CEOs Less Ethical Than in the Past?,"
Strategy+ Business, issue 87, May 15, 2017: https://www.strategy-business. Enterprise • Group/Enterpimse
Dynamics
com/feature/Are-CEOs-Less-Ethical-Than-in-the-Past?gko=50774
15 See summary of effect of "safety climate" on industrial accidents in Group Thinking
E. Sheedy and B. Griffin, "Empirical Analysis of Risk Culture in Financial Group Recruitment of
Individuals to a Group
Institutions: Interim Report," Risk Culture Project MacQuarie University,
version: November 2014, p. 7.
-# 9 - . • Recruitment Criteria
16 For example, for the costs of misconduct cases as a drag on bank I PI Cl IVI Q U 3 I • Mindset Promoted by
share prices, see European Systemic Risk Board, "Report on Misconduct Firm
Risk in the Banking Sector," June 2015, p. 16, Chart 7.
17 For example, Deloitte, Global Risk Management Survey, 10th edition,
published 2017, p. 27: https://www2.deloitte.com/insights/us/en/topics/ Fiqure 8.4 Risk culture is a se rie s of o verlap p in g
risk-management/global-risk-management-survey.html layers.

108 ■ Financial Risk Manager Exam Part I: Foundations of Risk Management

Table 8.3 Risk Culture— Illustrative Key Risk Culture Indicators

Indicator Trend Tracking

Leadership Tone Does board and executive com pensation support the firm's core values? Do m anagem ent's actions
support or undermine the risk m essage? Can the board be shown to monitor and com m unicate how
business strategy fits with risk appetite?

Accountability and Are there clear expectations on monitoring and accountability for key risks? Are escalation processes
Risk Monitoring used?

O penness and Is there evidence that opposing views from individuals are valued? Are there regular assessm ents of
Effective Challenge "openness to dissent"? Is risk m anagem ent given stature?

Risk-Aligned Are com pensation and perform ance m etrics supportive of the firm's risk appetite and desired culture?
Com pensation

Risk A ppetite Do key staff m em bers know the firm's enterprise risk appetite? Can they answer straightforward
Knowledge questions about its application to business decisions?

Risk Literacy/Com m on Do staff use a common language to describe risk and its effects? Are training program s available and
Language attended?

Risk Information Flows Can the firm see information flowing up and across the firm in a way that captures and highlights
enterprise-scale risks? And is there a clear link to specific discussions and decisions?

Risk/Reward Decisions Has the firm tested w hether senior executives respond to benchm ark risk/reward questions consistently
with each other and with the firm's risk appetite?

Risk Stature Do the key ERM staff have the right stature and direct communication with the Board? W ho hires and
fires them ?

Escalation and W histle Do key staff m em bers understand when and how they can escalate a suspected enterprise risk? When
Blowing were escalation procedures last used? Is there a whistle-blowing mechanism and is it used?

Board Risk Priorities Can the board name the top ten enterprise risks faced by the firm ? Can it name the key industry disas­
ters associated with these risks?

Action Against Risk Has the firm disciplined em ployees who have acted against its risk appetite and ethical stance? Does the
O ffenders staff believe action will be taken even if a risk violation leads to a profit rather than a loss?

Risk Incident and Near Can the firm show how it has identified culture issues in risk incidents and the measures taken in
Miss Responses response?

Measuring a Mindset 1. Accountability,

Financial firm s are increasingly exp ected to be able to form a
view of risk culture within their institutions and of the degree to
which their risk culture helps them adhere to their risk ap p e­
tite s .18 O ne approach is to identify what are called key risk
culture indicators.
In an effort to reduce the risk posed by system ically im portant
financial institutions, the Financial Stability Board (FSB) has
sp ecified 19*four key risk culture indicators:
2. Effective com munication and challenge,
3. Incentives, and
4. Tone from the top.
Table 8.3 builds on this to offer a longer series of indicators for
discussion purposes. Some of these are informal and clearly cul­
tural (e.g ., encouraging openness in risk dialogue). O thers are
really part of a firm's organizational structure, but still signal a
healthy environm ent (e.g ., a whistle blower needs a way to blow
the whistle).

18 See APRA, Risk Culture, Information Paper, October 2016, p. 5: http://
www.apra.gov.au/Crosslndustry/Documents/161018-Information-Paper-
Risk-Culture.pdf and FSB, Guidance on Supervisory Interaction with
Financial Institutions on Risk Culture, 7 April 2014, p. 5.
19 These are not meant to be exhaustive. FSB, Guidance on Supervisory
Interaction with Financial Institutions on Risk Culture, 7 April 2014, p. 5.
Note that this is a short illustrative list and does not reflect any
regulatory checklist. For consistency, the first four items follow
(in the broadest term s only) the indicators set out by the FSB.
W hile firms focus on internal culture indicators, the firm's wider
environm ent is also im portant. Environm ental factors driving

Chapter 8 Enterprise Risk Management and Future Trends ■ 109

Table 8.4 External Risk Culture Drivers
External Drivers— Examples
Econom ic cycles (e.g ., credit cycle, industry cycle)
Industry practices/guidelines
Professional standards
Regulatory standards
Country risk/corruption indices
risk culture may include industry norms, professional norms, and
even phenom ena such as credit cycles (Table 8.4).
Many firm s have begun system atically assessing culture using
risk culture indicators and other internal evidence (e.g ., surveys,
interviews, and focus groups with staff).20 For exam ple, surveys
may ask staff how they rate the risk culture of their business line
with regard to certain key characteristics, and how they and
their colleagues behave in regard to risk/control decisions.
There are m ethodologies for transform ing questionnaire results
and other sets of quantitative key risk culture indicators into an
overall risk culture score. However, while these indicators track
changes in the quality of risk culture, they do not quantify the
size of the losses associated with risk culture failings.
Some supervisors are digging deeper. For exam ple, the Nether­
lands' DNB has conducted a series of detailed assessm ents of
individual financial institutions on topics related to risk culture
using insights from organizational psychologists, among other
experts. The exercise brought to light "fundam ental risks . . . in
behavior and culture" in 34 of 54 assessm ents between 2010
and 2015 .21
20 One example of the application of questionnaires and focus
groups to gauge key characteristics related to risk culture can
be found in the activities of the UK's Banking Standards Board, a
private sector subscription-funded body created to promote high
standards of behavior: https://www.bankingstandardsboard.org.uk
Results from their 2017/18 Annual Review can be found here: https://
www.bankingstandardsboard.org.uk/annual-review-2017-2018/
assessment-findings and a description of the BSB approach is here:
https://www.bankingstandardsboard.org.uk/the-uk-banking-standards-
board-an-outcome-based-approach-to-assessing-organisational-culture
A further detailed example of a researcher-driven survey of business line
risk culture in three large banks can be found in E. Sheedy and B. Griffin,
Empirical Analysis of Risk Culture in Financial Institutions: Interim Report,
Risk Culture Project: Macquarie University, version: November 2014.
21 DeNederlandscheBank (DNB), Behaviour and Culture in the Dutch
Financial Sector.
A brief survey of how regulators around the world are approaching
risk culture can be found in S. Chaly et al., Misconduct Risk, Culture,
and Supervision, Federal Reserve Bank of New York, December 2017,
pp. 12-16.
110 ■ Financial Risk Manager Exam Part I: Foundations of Risk Management
Discussion—Five Culture Clashes
There are several problem s standing in the way of a robust risk
culture.
1. Risk indicator or risk lever? The industry desperately wants
to identify risk indicators that can be used to prove it is
steadily improving risk culture. But if indicators are used
as levers to change behavior (e.g ., if survey results affect
the perform ance assessm ents of senior m anagers), could
the indicators them selves becom e com prom ised? It's a lot
easier to manage (or manipulate) an indicator than it is to
manage risk culture.
2. Education for everyo n e? Firms can and should create com ­
mon enterprise languages of risk by defining risk m anage­
ment term s, concepts, and common procedures as well as
key ERM roles (e.g ., the Board, C R O , and business line lead­
ers).22 O ne large financial institution w ent so far as to create
a fictional character in a web-based game to bring risk­
taking decisions to life and improve risk communication
(which apparently provoked "m ixed responses").23 But so-
called education for everyone includes the board. A t the
end of the day, can the board list the top ten enterprise
risks and explain how these relate to the firm's risk appetite?
3 . Tim e and sp a ce: Do the same cultural attitudes exist in all
parts of the firm and how do they change over tim e?
• Em pirical evidence suggests risk culture is mainly form ed
in the local business lines, rather than at enterprise
level.24 It's easy for business lines to develop distinct risk
cultures under the exam ple of local team leaders.
• Conversely, if signs em erge from multiple business lines
that som ething is wrong, (e.g ., similar "near m isses"
in term s of conduct issues), does the firm have m echa­
nisms to pick up these signals? O r are they all dealt with
individually?
4 . Culture cycle: Arguably, it is only during tim es of stress
that the enterprise's real risk culture becom es visible. A s a
result, risk cultures that look robust today may not survive
real-life crises. W hile regulators want risk m anagers to carry
real w eight within firms to withstand this kind of buffeting,
no
For example, see IFC (World Bank Group), Risk Culture, Risk Gover­
nance, and Balanced Incentives: Recommendations for Strengthening
Risk Management in Emerging Market Banks, 2015, p.13.
23 T. Palermo, M. Power, and S. Ashby, "Navigating Institutional Com­
plexity: The Production of Risk Culture in the Financial Sector," Journal
o f Management Studies, 54:2, March 2017, p.167.
24 E. Sheedy and B. Griffin, "Empirical Analysis of Risk Culture in Finan­
cial Institutions: Interim Report, Risk Culture Project," Macquarie Univer­
sity, version: November 2014, pp.16-17.
 Scenario Analysis: Advantages and Disadvantages
Advantages
No need to consider risk frequency beyond "plausibility"
Scenarios can take the form of transparent and intuitive
narratives.
Challenges firms to imagine the worst and gauge the effects
Can allow firms to focus on their key exposures, key risk types,
and the ways in which risk develops over time
Allow s firms to identify warning signals and build contingency
plans
Does not depend on historical data; can be based around
either historical events or forward-looking hypothetical events
Firms can make scenario analysis as sophisticated or straightfor­
ward as they like, outside regulator defined program s.
Stress test results can influence risk appetite, risk limits, and
capital adequacy.
history suggests this w eight lessens as m em ories of the last
crisis fade into the past.
5. Curse o f data: In the years ahead, firms will be able to
gather massive amounts of data about risk culture from sur-
vey/focus group evidence, risk culture indicator scores, and
human resources data (e .g ., the number of sick days25
taken). They can then com bine this data with a w ider set of
risk data to spot patterns. However, m anagers may need to
deploy machine learning technologies to hunt down
insights and warning signs in such large data sets.
8.6 SCENARIO ANALYSIS: ERM'S
SHARPEST BLADE?
sen sitivity testing involves changing one param eter or variable
in a risk model to see how sensitive the model result is to the
alteration (and thereby identifying key variables). On the other
hand, stress testing includes changing one or more key variables
to explore risk model results under stressful conditions.
Scenario analysis involves imagining a whole scenario, develop­
ing a coherent narrative that explains why the variables change,
and assessing the effects of this on the firm's risk portfolios.
25 "Sick days" or "sick leave" is time off from work that employees can
utilized to address illness or various health issues without losing pay.
Chapter 8 Enterprise Risk Management and Future Trends
Disadvantages
Difficult to gauge probability of events; does not lead to the
quantification of risk
Unfolding scenarios can becom e com plex with many choices.
Firms may not stretch their im aginations (e.g ., scenarios might
underestim ate the im pact of an extrem e loss event or omit
im portant risk exposures).
O nly a limited number of scenarios can be fully developed— are
they the right ones?
Are they the right warnings and plans, given the scenario selec­
tion challenge?
The scenarios chosen are often prom pted by the last major
crisis; im aginative future scenarios may be dismissed as
im probable.
Scenario analyses vary in term s of quality and sophistication.
Their credibility and assum ptions can be difficult to assess.
Usefulness depends on accuracy, com prehensiveness, and the
forward-looking qualities of the firm's stress test program.
W hile scenario analysis may be entirely qualitative, firm s are
building increasingly sophisticated quantitative m odels to
assess the im pact of each scenario on their portfolios and
businesses.
Scenario analysis, along with stress and sensitivity testing, have
risen to becom e the preem inent risk identification tools for
many ERM program s. This is a result of the w eaknesses in prob­
abilistic risk metrics (e.g ., VaR) that were revealed by the global
financial crisis of 2 0 0 7 -2 0 0 8 .26
W hen m arkets begin to behave abnorm ally, risk factor relation­
ships break down to produce m arket movements and loss levels
that seem inconceivable based on VaR calculations. For exam ­
ple, amid m arket turmoil in August 2007, Goldm an Sachs' chief
financial officer David Viniar said that his firm was "seeing things
that were 25-standard deviation moves, several days in a ro w ."27
This is where scenario analysis com es in. It helps firm s think
through the enterprise im pact of abnormal events and events
for which there is no historical data. But it also has its own set of
advantages and disadvantages (Table 8.5).
26 See Chapter 1. Moreover, unlike most scenario analysis, it can be dif­
ficult to understand why the VaR calculation comes up with a particular
VaR number.
27 P. T. Larsen, "Goldman Pays the Price of Being Big," August 13, 2007,
available at: https://www.ft.com/content/d2121cb6-49cb-11dc-9ffe-000
0779fd2ac
■ 111
Table 8.6 Historical Credit Scenarios— Examples
Historical Credit Scenarios— Examples
1997 -A sian crisis
1998 -Russian debt moratorium
2001 -9/11 m arket effects
2007 -U S subprim e debt crisis
2008 -Lehm an Brothers counterparty crisis
2010 -European sovereign debt crisis
Scenario Analysis Before the Global
Financial Crisis
Scenario analysis has been a significant risk m anagem ent tool
in banking since well before the global financial crisis. Pre-crisis,
banks tended to pick their own short selection of historical and
hypothetical scenarios from a list of events (e.g ., those listed in
Figure 8.5) to run against their portfolios.
Judgm ents are inevitable when building scenarios. For each his­
torical scenario, the bank considers which key variables to apply
to its own current portfolios and how far to pursue the narrative.
For exam ple, should a simulation of the the 1998 Russian debt
default event (noted in Table 8.6) also include the related near­
collapse of Long-Term Capital M anagem ent?28
A fter the crisis, it becam e apparent that banks often failed
to consider factors such as the cum ulative exposures across
multiple business lines, how different risks interacted with one
another, and how the behavior of m arket participants might
change under stress. Regulators also pointed to the mildness of
many of the hypothetical scenarios.
Post-Crisis Trends in Scenario Building
Since the global financial crisis, regulators around the w orld29
have begun to insist that larger, system ically im portant banks
dem onstrate that they can withstand more severe, dynam ic, and
realistic scenarios. Regulators in the United States, for exam ple,
oblige larger banks to apply regulator-defined m acroeconom ic
stress scenarios— specified in term s of variables such as drops in
GDP, em ploym ent, equity m arkets, and housing prices— across
their enterprise exposures.
28 As well as credit scenarios, banks develop scenarios that demonstrate
risk across interest rate, equity, foreign exchange, and commodity mar­
kets as well as key operational risk events such as cyber attacks, natural
catastrophes, or even the effects of a flu pandemic.
29 For example, the U.S. Federal Reserve and the Bank of England.
112 ■ Financial Risk Manager Exam Part I: Foundations of Risk Management
The US stress tests began with an initial Supervisory Capital
Assessm ent Program (SC A P), which was conducted in May 2009
as part of the healing process toward the end of the global
financial crisis.30 The results from SC A P helped reassure markets
about the stability of the banking system . From 2011 onward, as
part of the Dodd-Frank A ct, the Federal Reserve began con­
ducting two separate annual stress test exercises:
• Dodd-Frank A ct stress tests (D FAST), which are conducted in
the m iddle of the year for all banks with assets above USD 10
billion; and
• Com prehensive Capital Analysis and Reviews (C C A R ), which
are conducted at the end of the year for banks with assets
above USD 50 billion.31
D FA ST and C C A R apply the same supervisor-devised scenarios.
However, D FA ST is more prescriptive, applies more limited capi­
tal action assum ptions, and is less dem anding in term s of report­
ing. Both D FA ST and C C A R also oblige banks to generate their
own scenarios to com plem ent the supervisory scenarios.
The Federal Reserve generates three supervisor-devised mac­
roeconomic scenarios, that are differentiated by what they are
designed to mimic:
• Baseline: Corresponds to the consensus forecast among
major bank econom ists,
• A d v e rse : A m oderately declining econom y, and
• Severely A d v e rse : Severe, broad global recession/depression
and an associated decline in dem and for long-term fixed-
income investm ent.
C C A R obliges banks to project how these scenarios drive their
income statements and balance sheets over a nine-quarter horizon.
This complex process requires the dynamic projection of revenues,
provisions, credit losses related to defaults and downgrades, man­
agement rules for new loan issuances, regulatory ratios, and so on.
C C A R firms must also submit detailed capital plans that include:
• Assessm ents of expected sourcing and use of capital over
the planning horizon,
30 Macroeconomic stress testing first tended to focus on market and
credit risk impacts. Banks and other financial institutions are now also
often expected to conduct liquidity stress testing and to meet key stan­
dards (e.g., the Basel III liquidity coverage ratio).
31 More precisely CCAR is mandatory for firms designated as either sub­
ject to Large Institution Supervision Coordinating Committee Oversight
(selected based upon the Fed's judgement that such firms potentially
pose "elevated risks" to the US banking system) or "large and complex"
firms—the latter defined as (per the US code of Federal Regulations, part
225 section 8 ) firms that " (1) have USD 250 billion or more in total con­
solidated assets, (2) have average total nonbank assets of USD 75 billion
or more, or (3) are U.S. global systemically important bank holding com­
panies." Altogether, 18 firms participated in the 2018 CCAR exercise.
 • Com m on equity Tier 1 capital ratio: 4.5%
• Tier 1 risk-based capital ratio: 6%
• Total risk-based capital ratio: 8%
• Tier 1 leverage ratio: 4%
Fiq u re 8.5 Minimum capital ratios (2018).•323
*
BOX 8.2 WHERE DOES ERM END
AND CAPITAL PLANNING BEGIN ?
This can be a difficult line to draw, as illustrated by C o C o s.
CoCos are bonds issued by a financial institution that are
written down or convert into common equity if the firm gets
into trouble. The idea is that CoCos ease the bank's obliga­
tions and cash outflows when it is in a tight spot. Most exist­
ing C oC os focus on accounting triggers (e.g., the level of
Tier 1 capital). However, the trigger mechanism could also
be some market-based event (e.g., a drop in an institution's
share price).
Since the global financial crisis of 2007-2009, regulators
have favored C o C o s as a shock-absorbing funding instru­
ment. Note that C o C o s are effectively a form of insurance
(i.e., ERM risk transfer) that can be triggered by a multi­
plicity of underlying risk events (e.g ., credit, operational,
and system ic risks). Furtherm ore, because C o C o s becom e
less valuable after a major shock, they can help banks
structure risk-sensitive bonuses that increase executive
exposure to the downside and therefore potentially lead
to an im provem ent in risk culture. O ne great advantage of
this kind of enterprise risk transfer is that the source of the
risk does not need to be defined in advance.
• Descriptions of the firm's process and m ethodology to gauge
capital adequacy,
• Capital policy, and
• Discussions of any expected business plan changes that are
likely to m aterially im pact capital adequacy/liquidity.
For each scenario, banks must show that they maintain minimum
capital ratios (Figure 8.5), how they will raise capital if necessary,
and their intentions in term s of dividend distribution, share buy­
backs, and so forth. For exam ple, one way to hedge potential
capital shortages over the planning horizon is to issue contin­
gent convertible bonds (CoCos), which are described in detail in
Box 8.2.
32 Federal Deposit Insurance Corporation. Regulatory Capital Rules:
Regulatory Capital, Implementation of Basel III, Capital Adequacy,
Transition Provisions, Prompt Corrective Action, Standardized
Approach for Risk weighted Assets, Market Discipline and Disclosure
Requirements, Advanced Approaches Risk-Based Capital Rule, and
Market Risk Capital Rule.
Chapter 8 Enterprise Risk Management and Future Trends
1. C C A R macroeconomic scenarios unfold over several
quarters (rather than being simply point-in-time shocks).
2 . The scenarios drive a series of interlinked factors cov­
ering a variety of risks (e.g ., credit risk, m arket risk,
and operational risk).
3 . The risk variables are not held static. Therefore, all
sorts of underlying risk factors (e.g ., probability of
default and loss given default) and m arket impacts
(e.g ., credit spreads and margining) need to be
adjusted as the scenario unfolds.
4 . In turn, banks can allow for their capital planning as
the scenario unfolds.
5 . Im portantly, imposing a standard set of scenarios on
the largest banks allows regulators to see system ic
effects and com pare bank risk exposures.
Fiq u re 8 .6 Five key improvements driven by CCAR.
If a bank cannot show it satisfies minimum capital ratios under
stressed conditions, it must review the business plans of its vari­
ous units and lower its risk appetite.
The com plexity of the C C A R exercise dwarfs most banks' his­
toric stress testing program s. In the 2018 exercise, for exam ple,
the 28 variables used by the regulators to describe the three
scenarios included changes in gross dom estic product, the
unem ploym ent rate, housing and commercial real estate price
indices, stock m arket volatility (i.e., the VIX), and various interest
rate m easures (e.g ., the three-month Treasury bill rate and BBB
no
corporate bond yields).
For each scenario , banks project the behavior of all risk factors
affecting their portfolios over a nine-quarter horizon. These
additional risk factors (e .g ., the slope of the interest-rate term
structure and com m odity prices) can num ber in the hundreds!
It has not been easy for banks in the United States to build
scenario analysis programs that m eet supervisor objectives.
However, the exercises have driven five key ERM im provem ents
(outlined in Figure 8.6). From a regulatory point of view, reac­
tions to each scenario can now be assessed at an industry level
to improve the stability of the financial system .
C C A R has also transform ed internal bank-driven stress test­
ing. Specifically, banks have had to invest in building an
33 Federal Reserve, "2018 Supervisory Scenarios for Annual Stress Tests
Required under the Dodd-Frank Act Stress Testing Rules and the Capital
Plan Rule," February 2018: https://www.federalreserve.gov/newsevents/
pressreleases/files/bcreg20180201 a 1 .pdf
■ 113
infrastructure to generate dynam ic projections (e.g ., revenue,
incom e, losses from defaults) and to track changes in their bal­
ance sheets, key capital ratios, and liquidity ratios. Critically,
these exercises have obliged banks to bring many business
functions together to discuss and enable the im plem entation of
these tests (which is a key ERM exercise in itself).
Stress Testing in Europe: Future
Directions
Regulators around the world have also developed their own
stress testing program s. Som e, such as the European Banking
Authority (EB A ), have seen less im m ediate success than the
authorities in the United States.34 Com pared to the C C A R , the
EBA 's testing program is more static, less sophisticated, and
allows for less latitude in term s of altering risk and business
strategies as scenarios unfold. This is because the E B A applies
stress tests to a w ider range of banks than C C A R .
The big improvements in European stress testing may be
driven not by the EBA's supervisor-led stress tests, but by new
approaches to bank supervision under the European Central
Bank's Supervisory Review and Evaluation Process (SREP). These
new approaches will examine how banks explore the sustain­
ability of their business models under stress, including capital and
liquidity adequacy, using industry best practices as a guide. Stress
testing and scenario analysis will be key tools in this process.
In the years ahead, banks are likely to move away from a lim­
ited num ber of rather determ inistic scenario tests toward a
much more dynam ic-stochastic approach. This approach will
apply simulation techniques to explore many different scenarios
playing out over tim e, including m acroeconom ic and g eo p o liti­
cal shocks.
For exam p le, we can im agine a bank setting out its own core
range of m acro/geopolitical shocks (e .g ., a sharp slowdown in
the C hinese econom y or a fall in oil prices). These shocks act
on risk drivers such as interest rates and credit default swap
(CDS) spreads.
The relationship between the scenario and the risk factors can
be specified in a variety of ways. For exam ple, the relationship
between a shock to oil prices (part of the scenario) and G D P
growth rate (a risk factor) might be based on the judgm ent of
business leaders or on statistical analysis of the historical record.
G enerating thousands of scenarios will allow each bank to pro­
duce a full distribution of outcom es for key perform ance indica­
tors (KPIs) such as expected profits, regulatory capital, RW As,
34 The first 2010 stress tests were much criticized.
114 ■ Financial Risk Manager Exam Part I: Foundations of Risk Management
and credit losses. For some purposes, a bank might focus on
the average outcom e across the sim ulations (perhaps taken to
be the base case scenario). M eanwhile, others might focus on
the w orst or very w orst outcom es (i.e., adverse and severely
adverse scenarios).
These simulation results also help banks to conduct reverse stress
testing. Specifically, they can identify the full range of worst out­
comes (i.e., the tail of the distribution) in terms of bank KPIs. Then
they can look at the scenarios that gave rise to these worst-case
tail risks and how the shocks turned into losses. This process shines
a light on the business lines and portfolios that contribute to a
worst-case loss and highlights the risk factors that matter most.
A firm can also identify the worst business environm ents for
specific business lines and look at the sensitivity of various KPIs
(e.g ., loan losses) to the fam ily of risk drivers.
Many banks around the world continue to regard stress testing
as a largely regulatory com pliance function. They do not use the
results in their day-to-day planning processes.
However, a new generation of stress testing technologies offers
banks advantages beyond com pliance. Specifically, they can use
the results to:
• Specify their risk appetites and limit fram eworks,
• Perform a "reasonableness check" on business and capital
planning,
• Develop early warning signals, and
• Put in place contingencies to manage credit, funding, and
liquidity shocks.
8.7 ERM AND STRATEGIC DECISIONS
Enterprise risk m anagers need to be involved in strategy form u­
lation. The banking industry can provide many exam ples where
business strategies (e.g ., increased lending volume through low­
ered standards or rapid growth through successive acquisitions)
did not take ERM into account.
The latest industry thinking encourages firm s to apply ERM to
forge a stronger link between risk and reward in corporate plan-
ning and strategy.
The latest stochastic stress testing techniques offer a practi­
cal tool for thinking through a strategy's ERM im plications. For
exam ple, a bank can explore the risk effects of growing a port­
folio of lending to a given industry sector. The bank could learn
35 "CO SO Enterprise Risk Management: Integrating with Strategy and
Performance," June 2017, section 3, pp. 13-16.
that the plan helps to diversify its risk and absorb shocks. A lter­
natively, the strategy may add to risk concentrations or increase
dependence on a key m acroeconom ic driver.
M eanwhile, scenario simulation technology makes it poten­
tially much easier to explore positive scenarios. For exam ple,
a bank may find that it would benefit from a decline in oil
prices because it had previously reduced lending to oil produc­
ers in favor of manufacturers who stand to benefit from lower
input costs.
In this way, m acroeconom ic stress test results are set to becom e
part of general business planning activities (e.g ., growth plans,
strategic risk m anagem ent, and balance sheet and capital man­
agem ent). But could new approaches to ERM help shape other
kinds of strategic decisions?
M acroeconom ic factors are not the only drivers of strategic risk.
Banks, and all kinds of firm s, need to assess strategic risks aris­
ing from changes in factors such as technology, social behavior,
and new kinds of com petition. These kinds of strategic risk are
very challenging because, by definition, they do not have histori­
cal parallels (as opposed to som ething like a fall in G D P).
However, new approaches to scenario building could help. For
exam ple, they can offer firm s a way to model the im pact of
strategic shocks across the corporate balance sheet and offer
better ways to turn exp ert judgm ents into a rigorous scenario
selection process.
Strengthening a w ider set of corporate strategic decisions is
vitally im portant. A study exam ining loss of enterprise value in
public com panies in the United States between 2002 and 2012
showed: "strategic blunders were the primary culprit a rem ark­
able 81 percent of the tim e ."36 As destroyers of shareholder
value, strategic errors far outranked the classic risk m anagem ent
problem s (e.g ., major operational mishaps, fraud, corporate
governance failures) as well as external shocks (e.g ., natural
catastrophes and political and regulatory upheavals).
8.8 CONCLUSION: RISK
MANAGEMENT AND THE FUTURE
Risk m anagem ent is a relatively young discipline. C hapter 1
noted that the global financial crisis of 2007-2009 had acceler­
ated recognition by risk m anagers of the multi-dimensional
nature of risk, the connections between risk types, and (espe­
cially) the need to integrate the application of statistical science
O/
C. Dann et al., "The Lesson of Lost Value," strategy + business,
November 2012, available at: https://www.strategy-business.com/
article/00146?gko=f2c51
Chapter 8 Enterprise Risk Management and Future Trends
with business judgm ent. These three them es also point to where
risk m anagem ent is heading in the future.
1. Risk is multidimensional and requires holistic thinking
Risk m anagers now recognize the need to deploy a range
of risk m etrics to capture the many dimensions of risk. So
far, the key advance has been in developing new form s of
scenario analysis and stress testing to supplem ent summary
statistics (e.g ., VaR).
However, scenario analysis has its own deficiencies. In the
future, there will be more em phasis on overcom ing these
shortcom ings through the developm ent of better simulation
technologies and more rigorous scenario selection m eth­
odologies. Future stress testing will also be more dynam ic,
stretching over periods of one to three years, and it will
be incorporated into a firm's capital planning process. The
results will help determ ine risk appetite and ensure that
business models are sustainable and can survive severely
adverse scenarios.
Holistic thinking on risk requires a sophisticated approach to
uncertainty. Alm ost a century ago, econom ists explored
w hether risk and uncertainty are the same concept. The
debate focused on how certain we can be about our statisti­
cal estim ators and predictive capabilities. New research is
em erging on how we can measure uncertainty about the risk
factors and probabilities that generate risk, a dimension
researchers call am biguity.37 Decision makers may be averse
to am biguity when they exp ect good returns and therefore
dem and a premium— potentially m easurable in the financial
m arkets— for accepting am biguous risks.38 Into the future, a
more rigorous approach to characterizing statistical risk,
uncertainty, and am biguity (and measuring their effects)
should improve decision making right up to board level.
Moving to a more holistic approach has also led banks to
em brace the im portance of risk culture. The way an institu­
tion thinks and talks about risk drives enterprise behavior. It
also affects how the results of enterprise-wide stress testing
are interpreted at the board level, including w hether a bank
is capable of "thinking the unthinkable" and dealing ratio­
nally with am biguous decisions.
37 For example, see M. Brenner and Y. Izhakian, "Asset Pricing and
Ambiguity: Empirical Evidence," November 2017 (forthcoming: Jour­
nal o f Financial Economics). For a more general introduction to this
research area see J. Etner et al., "Decision Theory Under Uncertainty,"
Documents de Travail du Centre d'Econom ie de la Sorbonne, Novem­
ber 2009.
OQ
Conversely, they might favor the ambiguity associated with estimates
of losses. However, the empirical research into decisions under ambigu­
ity is ongoing.
■ 115
 BOX 8.3 BEHAVIORAL CO N CEPTS—A SELECTIO N 39
In recent decades, behavioral science has introduced many
concepts that help explain why risk decisions may not
always be rational and efficient. These concepts include the
following.
Anchoring and referencing: This is the use of mental reference
points to contextualize a decision (e.g., such as using an existing
price point to determine whether a new price point is attractive
or not). The anchor may influence the decision-making process
in an irrational way. Furthermore, the various reference points in
a collection of related decisions may lack coherence.
Feedback effects: The presence or absence of frequent,
positive feedback can irrationally influence the ability of deci­
sion makers to stick to a decision.
Framing: How a choice is fram ed can push a decision maker
toward one decision or another. For exam ple, a consum er
may be willing to hunt for a 50% savings on a phone case
(saving them selves USD 10) but be unwilling to make the
same effort to save the USD 10 when buying a USD 200
phone (because it represents a sm aller percentage of the
purchase price).
Groupthink: This describes the tendency of individuals within
groups to overcom e their doubts about a risky decision (or
keep quiet) in favor of the group consensus. The consensus
may itself have been shaped by a dom inant individual, poorly
set targets, or selective reading of am biguous evidence.
Herding: Herding is the tendency of investors to copy the
actions of others, both when investing and when reducing
losses in a volatile market. Herding effects in risk m anagem ent
can lead to too many investors using the same risk metrics or
setting the same stop-losses, leading to sharp market sell-offs.
Holistic thinking about risk and risk m anagem ent is the way
forward. It would be wrong, however, to set up a direct
opposition between silo-based risk m anagem ent and
holistic ERM . The new em phasis on ERM su p p lem en ts con­
tinuing efforts to improve our quantitative, granular under­
standing of specific risks.
2. Risk jumps across risk types in business models and
markets
Scenario stress testing is helping banks to understand how
risk develops over an extended period (i.e., a year or more)
while jum ping across risk types. This kind of thinking must
also be incorporated into business strategy form ulation.
Prior to the global financial crisis of 2007-2009, too many
institutions pursued growth using business m odels based
39 Many of these points are covered in more detail in R. H. Thaler,
"Mental Accounting Matters," Journal o f Behavioral Decision Making,
12: 183-206, 1999.
116 ■ Financial Risk Manager Exam Part I: Foundations of Risk Management
Home bias: This describes the tendency of investors to invest
in dom estic securities rather than building a globally diversi­
fied portfolio, perhaps because of the uncertainties attached
to foreign m arkets.
Loss aversion: Experim ents show that for most people the
potential for losses outweighs potential gains of sim ilar m ag­
nitude. This can lead a decision maker to favor a result that
is presented as certain, while foregoing the chance of larger
but riskier wins. Loss aversion does not always lead to conser­
vative risk decisions. It can also encourage decision makers
to take irrationally risky decisions to preserve some chance of
avoiding a loss. (W hether a decision is fram ed as a loss or as
a potential gain is also therefore im portant.)
Mental accounting: People seem to account for money
within separate categories that are treated differently, as
if the m oney was not com pletely fungible across accounts.
For exam ple, consum ers m ight spend more if they use a
credit card com pared to using cash. Investors m ight invest
the m oney from an inheritance differently than money from
a gam bling win. They may also be reluctant to "clo se " a
mental account if it involves declaring a loss or m istake.
Loss aversion and other behavioral phenom ena, such as
the treatm ent of "sunk" costs, often further distort mental
accounting.
Ostrich effect: This describes the irrational tendency to
avoid observing bad news that might precipitate uncom fort­
able decisions or actions. For exam ple, an investor might
pay more attention to booming stock m arkets than flat or
falling m arkets. (Conversely, an investor that pays too much
attention to each individual loss can suffer from irrational
loss aversion.)
on high leverage or naive assum ptions about the robustness
of third-party credit assessm ents. Many tim es, growth plans
were form ulated without input from the risk function or the
chief risk officer. The future risk function must play a criti­
cal role in setting a firm's risk appetite, analyzing the risks
of each business model (often with the help of worst-case
scenario sim ulations), explaining how risks may interact,
and planning for contingencies. Firms need to decide in
advance on the key warning indicators and the actions that
will then be considered.
This may prove particularly im portant with the growth of
digital businesses that are driven by machine learning and
new data stream s, or those using cognitive technologies to
offer risk-related services to custom ers.
3. Numbers and judgment
The revolution in computing power and data science, seen
through the rise of cloud-based on-demand analytical
resources and machine learning technologies, seem s likely
to transform risk analysis. For the m om ent, progress seem s
relatively slow com pared to the customer-facing digital rev­
olution. However, that is partly a function of legacy system s
and the difficulty in changing the ways of doing things. In
the years ahead, risk managers will be able to command
new stream s of integrated enterprise data and use machine
learning technologies to identify patterns and correla­
tions in large diverse bodies of data that presently seem
intractable. It will also becom e easier to collect information
live during business processes, improving vigilance and
predictive analytics (as well as classic risk models). The key
challenge here will be to keep the risk decisions transpar­
ent, even when they are largely autom ated, and subject to
human review. W ithout this transparency, machine learning
and autom ated decision making simply offer a pumped-up
version of model risk.
M eanwhile, behavioral science, a relatively new field,
has begun to explain why investors (and risk managers)
Chapter 8 Enterprise Risk Management and Future Trends
som etim es deviate from the seem ingly rational decisions
assumed by traditional econom ists. Its findings include the
herding effect (where investors seem to follow each other
like a herd of sheep) and home bias (where investors prefer
investing in their home country rather than building diver­
sified global portfolios) (See Box 8.3). These phenomena
need to be incorporated more rigorously into risk m anage­
ment, alongside a better understanding of how people
react to risk events.
It follows that the risk m anagers of the future will operate at the
intersection of risk, data science, new understandings of human
behavior, and business judgm ent. Risk m anagers will need to
think holistically and apply new approaches to shape their firm's
business strategy. They will also need to make sure their firms
react to risk signals even when the signals are am biguous and
the risk m etrics uncertain. This implies a need for many new
skills and capabilities, alongside a new standing within enter­
prises. It is an exciting, if som etim es daunting, vision.
■ 117
The following questions are i to help candidates understand the material. They are not actual FRM exam questions.

QUESTIONS
8.1 W hat are advantages and disadvantages of scenario 8.16 C C A R does not oblige banks to generate their own sce­
analysis? narios to com plem ent the supervisory scenarios.
A. True
8.2 W hat are three types of US Federal Reserve generated
B. False
supervisory devised m acroeconom ic scenarios?
8.17 For each scenario, Banks project C C A R scenarios over a
8.3 W hat is C C A R (Com prehensive Capital Analysis and
five-quarter horizon.
Review)?
A. True
8.4 W hat are some of the key im provem ents driven by C C A R B. False
over standard stress testing?
8.18 C o C o s focus solely on accounting triggers, such as the
8.5 W hat are CoCos? level of Tier 1 capital.

8.6 Define what is meant by risk culture? A. True

8.7 Provide exam ples of key benefits of enterprise risk man­
agem ent (ERM ).
8.8 Provide exam ples of the kinds of concentration risk that
can creep across enterprises.
8.9 Provide exam ples that com pare ERM with traditional silo-
based risk m anagem ent.
B. False
8.19 Reverse stress testing calls for identifying the full range of
"worst outcomes" then picking the scenarios that gave rise to
these worst tail risks and how the shocks turned into losses.
A. True
B. False
8.20 Northern Rock was the victim of poor trading liquidity risk

8.10 Provide exam ples of ERM dim ensions. m anagem ent.

A. True
8.11 Provide exam ples of key risk culture indicators (KRCIs). B. False
8.12 Provide exam ples of external risk culture drivers. 8.21 The ostrich effect describes the tendency of investors to
8.13 Define and explain each of the following term s: invest in dom estic securities.
A. True
• Anchoring and referencing
B. False
• Feedback effects.
8.22 C C A R is
• Framing
A. requiring all banks to engage in sensitivity testing.
• Groupthink B. required of all relevant banks over an asset threshold.
• Herding C. requiring all commercial banks to perform scenario
analysis.
• Home bias
D. relevant to investm ent banks only.
• Loss aversion
8.23 ERM looks at an integrated view of
• Mental accounting
A. m arket and credit risks only.
• Ostrich effect B. all the risks covered by Basel III.
8.14 Risk that looks threatening at the business line level might C. all the risks, including business risk, strategic risk, and
look trivial in the context of the diversified enterprise risk liquidity risk.
portfolio.
8.24 External risk culture drivers include
A. True A. econom ic cycles.
B. False B. industry practices.
8.15 Risk retention decisions are best made at the enterprise C. professional standards.
level, where the aggregate level of risk exposure can be D. regulatory standards.
understood. E. country risk.
A. True F. all of the above.
B. False G. none of the above.

118 ■ Financial Risk Manager Exam Part I: Foundations of Risk Management

The following questions are i to help candidates understand the material. They are not actual FRM exam questions.

ANSWERS
8.1
Advantages
No need to consider risk fre­
quency beyond "plausibility"
Scenarios can take the form
of transparent and intuitive
narratives
Challenges firms to "im agine
the w orst" and gauge the
effect
Can allow firms to focus on
their key exposures and risk
types and the way risk devel­
ops over time
8.4
1. C C A R m acroeconom ic scenarios unfold over several
Disadvantages
quarters (rather than sim ply a point-in-time shock).
Difficult to gauge probability 2. The scenarios drive a series of interlinked factors cov­
of event; does not lead to
ering a variety of risks such as credit risk, m arket risk,
the quantification of risk
operational risk, and so on.
Unfolding scenarios can 3. The risk variables are not held static and all sorts of
becom e com plex with many
underlying risk factors (probability of default, loss given
choices
default) and m arket im pacts (credit spreads, margining,
Firms may not stretch their etc.) need to be adjusted as the scenario unfolds.
imaginations
4. In turn, the bank can allow for its capital planning as
the scenario unfolds.
Only a limited number 5. Im portantly, imposing a standard set of scenarios on
of scenarios can be fully
the largest banks allows regulators to see system ic
developed— are they the
effects and com pare bank risk exposures.
right ones?

Allow s firms to identify w arn­ Are they the right warnings

8.5 C o C o s are bonds issued by a financial institution that are
ing signals and build contin­ and plans, given the scenario written down or convert into common equity if the firm
gency plans selection challenge? gets into a precarious position.

Does not depend on his­
torical data: can be based
around either historical
events or forward-looking
hypothetical events
Firms can make scenario
analysis as sophisticated or
straightforward as they like,
outside regulator defined
programs
The scenarios chosen are
often prom pted by the last
major crisis; im aginative
future scenarios may be dis­
missed as im probable
Scenario analyses vary in
term s of quality and sophis­
tication. Their credibility and
assum ptions can be difficult
to assess.
8.6 Risk culture can be thought of as the values and norms of
behavior that surround risk taking and risk m anagem ent.
It includes the tendency within the firm to com ply with
best-practice risk m anagem ent.
8.7
• Identifies enterprise-scale risks generated at business
line level
• Focuses oversight on most threatening risks

Stress test results can inform Usefulness depends on accu­ • M anages:

risk appetite, risk limits, and racy, com prehensiveness, • Risk concentrations across the enterprise, and
capital adequacy and forward-looking qualities • Em erging enterprise risks (e.g ., cyber risk)
of stress test program
• Supports regulatory com pliance and stakeholder
8.2 reassurance

1. Baseline: representing a consensus econom ic forecast/ • Helps firms to understand risk-type correlations and
outlook; cross-over risks
2. A dverse: corresponding to a declining econom y; and • O ptim izes risk transfer expenses in line with risk scale
3 . Severely A dverse: severe global recession along with and total cost
decline in dem and for long-term fixed income assets.
• Incorporates:
Note: The adverse and severely adverse scenarios
• Stress scenario capital costs into pricing, and
describe hypothetical m acroeconom ic environm ents that
• Risk into business model selection and strategic
test bank resilience.
decisions.
8 .3 From 2011 onward, as part of the Dodd-Frank A ct, the 8.8
Federal Reserve began conducting annual stress test
• G eographical concentrations,
exercises. C C A R is a specific an annual stress test exer­
• Industry concentrations,
cise required for large banks.

Chapter 8 Enterprise Risk Management and Future Trends ■ 119

The following questions are i to help candidates understand the material. They are not actual FRM exam questions.
• Product concentrations, and
• Supplier concentrations
8.9
Traditional Risk ERM View
Management
Risk view ed in business line, Risk viewed across busi­
risk-type, and functional silos ness line, functions and risk
types, taking account of
diversification
Risk m anagers work in Risk team integrated using
isolation global risk m anagem ent
com m ittee and C R O
Many different risk metrics Developm ent of rational risk
that cannot be com pared m anagem ent fram eworks
(apples to oranges) and cross-risk universal m et­
rics to integrate risk view
Risk aggregated, if at all, Tools and integrated fram e­
within business lines and risk works make it possible to
types. Difficulty seeing the more accurately measure and
aggregate risk picture track enterprise risk
Each risk type managed Possibility of cutting risk
using particular risk-specific transfer costs through
transfer instruments whole-of-firm and integrated
instruments
Each risk m anagem ent Each risk management
approach— avoid/retain/miti- approach viewed as one
gate/transfer— often treated component of a total cost of
separately with strategy as a risk. Com ponent choice, opti­
whole rarely optim ized mized as far as possible in risk/
reward and cost/benefit terms
Impossible to integrate the Risk m anagem ent increas­
m anagem ent and transfer ingly indistinguishable
of risk with balance sheet from balance sheet, capital
m anagem ent and financing m anagem ent and financing
strategies strategies
8.10 See Table 8.2
ERM Dimension Examples
Targets Enterprise goals: Enterprise risk appetite,
enterprise limit fram ew orks, risk-sensitive
business goals and strategy formulation
Structure How we organize ERM : Board risk over­
sight, global risk com m ittee
Risk O fficer; ERM subcom m ittee; report­
ing lines for ERM ; reporting structures
120 ■ Financial Risk Manager Exam Part I: Foundations of Risk Management
ERM Dimension Examples
Metrics How we measure enterprise risk:
Enterprise-level risk m etrics, enterprise
stress testing, aggregate risk m ea­
sures (Value-at-Risk, Cash-Flow-at-Risk,
Earnings-at-Risk, etc.), "total cost of risk"
approaches, enterprise level risk m ap­
ping and flagging, choice of enterprise-
level risk limit metrics
ERM Strategies How we manage ERM : Enterprise level
risk transfer strategies, enterprise risk
transfer instrum ents, enterprise moni­
toring of business line m anagem ent of
enterprise-scale risks
Culture How we do things: "tone at the to p ",
accountability for key enterprise risks,
openness and effective challenge, risk-
aligned com pensation, staff risk literacy,
whistle-blowing mechanisms
8.11
Indicator Trend Tracking
Leadership Tone Does board and executive com pensa­
tion support the firm's core values? Do
m anagem ent actions support or under­
mine the risk m essage? Can the board
be shown to monitor and com m unicate
how business strategy fits with risk
appetite?
Accountability and Are there clear expectations on risk
Risk Monitoring monitoring and accountability for key
risks? A re escalation processes used?
O penness Is there evidence that opposing views
and Effective from individuals are valued? Are there
Challenge regular assessm ents of "openness to
dissent"? Is risk m anagem ent given
stature?
Risk-Aligned Are com pensation and perform ance
Com pensation m etrics supportive of the firm's risk
appetite and desired culture?
Risk A ppetite Do key staff know the firm's enterprise
Knowledge risk appetite? Can they answer straight­
forward questions about its application
to business decisions?
Risk Literacy/Com - Do staff use a common language to
mon Language describe risk and its effects? Are train­
ing programs available and taken up?
The following questions are i to help candidates understand the material. They are not actual FRM exam questions.
Indicator Trend Tracking
Risk Information Can the firm see risk information flow ­
Flows ing up and across the firm that captures
and highlights enterprise-scale risks
and is there a clear link to specific dis­
cussions and decisions?
Risk/Reward Has the firm tested w hether senior
Decisions executives respond to benchm ark risk/
reward questions consistently with each
other and with the firm's risk appetite?
Risk Stature Do the key ERM staff have the right
stature and direct communication with
the Board? W ho hires and fires them ?
Escalation and Do key staff m em bers understand when
W histle Blowing and how they can escalate a suspected
enterprise risk? W hen were escalation
procedures last used? Is there a w histle­
blowing mechanism and is it used?
Board Risk Can the board name the top ten enter­
Priorities prise risks faced by the firm ? Can it
name the key industry disasters associ­
ated with these risks?
Action Against Can the firm show a record of action
Risk O ffenders taken against those acting against its
risk appetite and ethical stance? Do
staff believe action will be taken even if
contravention of the risk appetite leads
to profit rather than loss?
Risk Incident Can the firm show how it identified
and Near Miss culture issues in risk incidents and m ea­
Responses sures taken?
8.12
• Econom ic cycles (e.g ., credit cycles),
• Industry practices/guidelines,
• Professional standards,
• Regulatory standards, and
• Country risk/corruption indices
8.13 See Box 8.3
8.14 True
Diversification at the enterprise level can reduce overall
risk so long as the constituent pieces are not strongly
correlated.
Chapter 8 Enterprise Risk Management and Future Trends
8.15 True
O therw ise situations could arise where business lines
are offsetting risks that might already be offset by other
businesses.
8.16 False
Both D FA ST and C C A R also oblige banks to gener­
ate their own scenarios to com plem ent the supervisory
scenarios.
8.17 False
C C A R obliges banks to project how these scenarios drive
their income statem ents and balance sheets over a nine-
quarter horizon.
8.18 False
The trigger mechanism could also be some m arket-based
event (e.g ., a drop in an institution's share price).
8.19 True
The purpose of reverse stress testing is to force m anage­
ment to visual potential scenarios that could generate
critical levels of losses.
8.20 False
The Northern Rock collapse arose from a failure to man­
age funding liquidity risk.
8.21 False
It describes the irrational tendency to avoid observing
bad news that might precipitate uncom fortable decisions
or actions.
8.22 B. required of all relevant banks over an asset threshold.
C C A R is conducted at the end of the year for banks with
assets above USD 50 billion.
8.23 C . all the risks, including business risk, strategic risk, and
liquidity risk.
Enterprise risk m anagem ent (ERM ) applies the perspec­
tive and resources at the top of the enterprise to manage
the entire portfolio of risks and account for them in stra­
tegic decisions.
8.24 A . all of the above
See Table 8.4.
121
 Learning Objectives
A fter com pleting this reading you should be able to:
Analyze the key factors that led to and derive the lessons
learned from case studies involving the following risk factors:
Interest rate risk, including the 1980s savings and loan
crisis in the US.
Funding liquidity risk, including Lehman Brothers,
Continental Illinois, and Northern Rock.
Implementing hedging strategies, including the
M etallgesellschaft case.
Model risk, including the N iederhoffer case, Long Term
Capital M anagem ent, and the London W hale case.
Rogue trading and misleading reporting, including the
Barings case.
Financial engineering and com plex derivatives, includ­
ing Bankers Trust, the O range County case, and
Sachsen Landesbank.
Reputational risk, including the Volkswagen case.
Corporate governance, including the Enron case.
C yber risk, including the SW IFT case.
123
This chapter briefly exam ines case studies of fam ous financial
disasters. The purpose of these case studies is to show how
various risk factors can m aterialize and, when ignored, esca­
late into m ajor disasters. Th ese cases are classified by the risk
factors involved. In each case, however, m ultiple risk factors
sim ultaneously caused and exacerb ated the crisis, leading to
m ajor losses.
The first section focuses on how interest rate risk led to the U.S.
savings and loan (S&L) crisis in the mid-1980s. Section 9.2 ana­
lyzes a couple of cases involving funding liquidity risk. Sections 9.3
and 9.4 cover strategic risk and model risk, respectively.
Rogue trading, discussed in Section 9.5, can cause major
financial institutions to collapse (as seen in the case of Barings
Bank). Section 9.6 deals with the hidden risks of financial engi­
neering and the com plexity of financial structures. Section 9.7
illustrates the dam ages that can arise from reputation risk,
and Section 9.8 focuses on one of the most notorious cases of
corporate governance failure (i.e., Enron). Finally, cyber risk is
discussed in Section 9.9.
9.1 IN T ER ES T RATE RISK
O ver the last century, interest rate risk has caused the failure
of individual firm s as well as entire industries within the financial
services sector. One notable exam ple can be found in the col­
lapse of the U.S. S&L industry in the 1980s.
To m itigate interest rate risk, firm s must manage their balance
sheet structure such that the effect of any interest rate m ove­
ment on assets remains highly correlated with the effect on
liabilities. This must be the case even in volatile interest rate
environm ents. Such a correlation can be partially achieved using
classical duration matching tools. More sophisticated m ethods
involve the use of interest rate derivative products such as caps,
floors, and swaps.
The Savings and Loan Crisis
The U.S. S&L industry prospered throughout most of the
twentieth century thanks to regulations qoverninq interest paid
on deposits (i.e., Regulation Q )1 and an upward-sloping yield
curve. In particular, the upward-sloping yield curve meant that
the interest rate borrowers paid on a ten-year residential m ort­
gage (a typical product offered by S&Ls) exceeded the rates on
the short-maturity savings and tim e deposits that were an S&L's
A
From 1933 until 2011, Regulation Q restricted interest payments on
deposit accounts. For example, banks were not permitted to pay inter­
est on demand deposits.
124 ■ Financial Risk Manager Exam Part I: Foundations of Risk Management
main source of funding. In the banking industry's vocabulary,
S&Ls simply had to "ride the yield curve" to make money.
However, rising inflation in the late 1970s prom pted the Fed to
im plem ent a restrictive m onetary policy, which led to a signifi­
cant increase in short-term interest rates. The increase in short­
term rates pushed up funding costs for S&Ls, wiping out the
interest rate spread they depended on for their profit margin.
The spike in their short-term funding costs (which were needed
to finance long-term fixed-interest rate m ortgages) meant that
S&Ls generated negative net interest margins on many of their
long-term residential m ortgage portfolios.
The failure of the S&Ls to manage their interest rate risk helped
to spark a long-running crisis in the United States, which gath­
ered force through the 1980s as S&Ls desperately sought to
repair their balance sheets with new business activities and
higher-margin (but riskier) lending. However, these efforts
resulted in the industry losing even more money through poorly
controlled credit and business risks. Between 1986 and 1995,
1,043 out of 3,234 S&Ls in the United States failed or were
taken over. The number of remaining S&Ls eventually fell to
few er than 2,200 and the crisis necessitated what was (at the
time) one of the world's most expensive banking system bail­
outs: USD 160 billion. This bailout was funded by the Am erican
taxpayers.
9.2 FU N D IN G LIQ U ID IT Y R ISK
Funding liquidity risk can stem from external market conditions
(e.g ., during a financial crisis) or from structural problems within
a bank's balance sheet. Most often, however, it stems from a
combination of both. The collapse of Bear Stearns and Lehman
Brothers at the height of the 2007-2009 financial crisis, along
with the near collapse of Long Term Capital M anagem ent (LTCM)
a decade earlier, offer exam ples of funding liquidity crises that
were prompted by unexpected external conditions and exposed
vulnerabilities inherent in the institutions' business models.
Liquidity Crisis at Lehman Brothers
During the late 1990s and early 2000s, investm ent bank Lehman
Brothers invested heavily in the securitized U .S. real estate mar­
ket. The 150-year-old institution pioneered an integrated busi-
ness model in which it sold m ortgages to residential custom ers,
turned portfolios of these loans into highly rated securities, and
then sold these securities to investors.
2 To this end, in the early years of the millennium, Lehman had acquired
several mortgage lenders, including subprime lender BNC Mortgage.
The real estate m arket in the United States started to sour in
2006 and housing prices started falling following a years-long
boom. During this tim e, however, Lehman continued to build up
its real estate securitization business. Critically, the bank also
continued to increase the am ount of m ortgage-related assets it
held as longer-term investm ents for its own account (rather than
simply acting as a middleman during the securitization
process).3
A s part of this aggressive growth strategy, Lehman also began
to make outsized bets on U.S. commercial real estate. But if the
firm's business model came to look like a risky bet on the U.S.
housing m arket, it was ultim ately Lehman's leverage ratio and
funding strategy that threatened to turn this investm ent position
into a disaster.
Banks are naturally highly leveraged entities (i.e., they take on a
large am ount of debt rather than issue equity to fund their activ­
ities). In the run up to the crisis, however, Lehman (like other
investm ent banks in the boom years) pursued leverage to
excess. By 2007, the bank had an assets-to-equity ratio of
approxim ately 31:1. M eanwhile, the bank's funding strategy
(i.e., the way it borrowed money to grow its operations) intro­
duced a fatal elem ent of fragility. Specifically, Lehman began
borrowing huge amounts of money on a short-term basis
(e.g ., borrowing daily from the repo markets) to fund relatively
illiquid long-term real estate assets. This meant that the firm
had to depend heavily on the confidence of its funders and
counterparties if it was to continue to borrow the funds
necessary to stay in business.4
During the second half of 2007, it becam e evident that the
U.S. housing bubble had burst and that the subprim e m ortgage
m arket was in deep trouble. A s a result, confidence began to
erode in firms heavily invested in subprim e securities. In Ju ly
of that year, Bear Stearns (another highly leveraged subprime-
linked firm) had to support two of its hedge funds following
steep losses caused by their subprim e m ortgage exposures. In
March 2008, these w eaknesses caused Bear Stearns to collapse
after its repo lenders and bank counterparties lost confidence in
the firm's ability to repay its debts. J.P. Morgan then bought the
fallen firm at a fraction of its prior m arket value.
3 "Mortgage-related assets on Lehman's books increased from USD 67
billion in 2006 to USD 111 billion in 2007, " The Financial Crisis Inquiry
Report, Financial Crisis Inquiry Commission, January 2011, p. 177.
4 When investment banks came under close regulatory scrutiny in
2007-2008, they found it tempting to play down their leverage:
"According to the bankruptcy examiner, Lehman understated its lever­
age through 'Repo 105' transactions—an accounting maneuver to
temporarily remove assets from the balance sheet before each report­
ing period." The Financial Crisis Inquiry Report, Financial Crisis Inquiry
Commission, January 2011, p. 177.
Next investors turned their attention to Lehman. Specifically, they
began to question how accurately the firm had valued its real
estate-based assets. Market confidence, so critical to the firm's
funding strategy (and therefore its liquidity), was ebbing fast. As
the crisis mounted, many of Lehman's major counterparties began
to demand more collateral for funding transactions, others began
reducing their exposure, and some institutions simply refused to
deal with the firm. Attem pts to organize an industry rescue or to
sell the firm to another large bank ultimately failed. In the early
hours of Septem ber 15, 2008, Lehman Brothers was forced to file
for bankruptcy, inciting months of panic and uncertainty in the
global financial m arkets.5
Liquidity Crisis at Continental Illinois
The case of Continental Illinois Bank is an exam ple of how inter­
nal credit portfolio problem s can precipitate a funding liquidity
crisis. In this case, these problem s were exacerbated by w eak­
nesses in the institution's funding strategy.
Continental Illinois was once the largest bank in Chicago. Start­
ing in the late 1970s, the bank began pursuing an aggressive
growth strategy that saw its commercial and industrial lending
jum p from USD 5 billion to over USD 14 billion in the five years
prior to 1981. During that tim e, the bank's total assets grew
from USD 21.5 billion to USD 45 billion.
The first sign of Continental's problem s surfaced with the clos­
ing of Oklahom a-based Penn Square Bank. This sm aller bank
had issued loans to oil and natural gas com panies in Oklahom a
during the boom of the late 1970s. If a loan was too large for
it to service, Penn Square would pass it on to a larger institu­
tion such as Continental Illinois. But as oil and natural gas prices
decreased after 1981, some firms began to default on their
debt. In 1982, Penn Square becam e insolvent and regulators
stepped in to close the bank.
By then, Continental held more than USD 1 billion in loans to
Penn Square's oil and gas custom ers, and therefore suffered
heavy losses as defaults rose. W hile many other banks also suf­
fered credit losses during this period, Continental was unusual in
that it had only a tiny retail banking operation and a relatively
small amount of core deposits. Therefore, it relied primarily on
federal funds and floating large issues of certificates of deposit
(CDs) to fund its lending business.6
W hen Penn Square failed, Continental found itself increasingly
unable to fund its operations from the U.S. m arkets. A s a result,
5 Report of Anton Valukas, "Examiner to the United States Bankruptcy
Court, Re Lehman Brothers Holdings Inc.," March 11, 2010.
6 Federal funds, or "fed funds" are a form of interbank lending.
Chapter 9 Learning from Financial Disasters ■ 125
it began to raise money at much higher rates in foreign w hole­
sale money m arkets (e.g ., Jap an ). But when rumors about C o nti­
nental's worsening financial condition spooked the international
markets in May 1984, the bank's foreign investors quickly began
to w ithdraw their deposited funds. Continental Illinois was con­
fronted with a full-blown liquidity crisis as depositors withdrew
USD 6 billion in only ten days. Regulatory authorities eventually
stepped in to prevent a domino effect on other banks, which
they feared might put the entire U.S. banking system at risk.
Northern Rock— Liquidity
and Business Models
The 2007 failure of m ortgage bank Northern Rock is a more
recent illustration of liquidity risk arising from structural w eak­
nesses in a bank's business m odel. In this case, a com bination of
an excessive use of short-term financing for long-term assets
and a sudden loss of m arket confidence triggered a funding
liquidity crisis that rapidly led to disaster.7
Northern Rock was a fast-growing medium-sized m ortgage
bank based in the United Kingdom . The bank had been growing
assets at around 20% per year for several years by specializing in
residential m ortgages, and it continued to expand aggressively
in the m arketplace into the first quarter of 2007. The bank's
rate of growth was supported by a business model and funding
strategy that was unusual among U .K. banks. Specifically, the
bank relied on an originate-to-distribute approach, by which it
raised money through securitizing m ortgages, selling covered
bonds, and making use of the wholesale funding m arkets. As
a result, Northern Rock relied much more heavily on investors
and w holesale m arkets and less on retail deposits for funding in
comparison to many of its U .K. peers.
The bank hoped to m itigate potential weaknesses in this fund­
ing strategy by diversifying its funding m arkets geographically.
For exam ple, it tapped m arkets in continental Europe and the
Am ericas as well as in the United Kingdom .8 As it turned out,
however, the bank had overestim ated the benefits of
geographical diversification.
After years of a strong economy and rising housing prices,
widespread doubts about mortgage-related assets began to sur­
face among investors early in 2007. These doubts were initially
7 In the summer of 2008, California's IndyMac also suffered a bank run.
IndyMac's problems were more conventional as they largely involved
weak underwriting and difficulties in finding buyers for the mortgages
that the bank had originated.
8 See comments by Adam Applegarth, ex-CEO of Northern Rock, to
the House of Commons, Treasury Committee, "The Run on the Rock,"
January 2008, p. 15.
126 ■ Financial Risk Manager Exam Part I: Foundations of Risk Management
triggered by rising default rates in the U.S. subprime market
but soon spread globally to asset-backed securities (ABS) as an
investment class, then to institutions that invested in or depended
on these securities and eventually to the interbank markets.
W hen the interbank funding m arket froze in early August 2007,
all of Northern Rock's global funding channels seized up
sim ultaneously in a scenario that the bank's executives later
claimed was "unfo reseeab le." Ironically, earlier in the summer
of 2007, the bank had announced increased interim dividends
after U .K. regulators approved a Basel II w aiver that allowed the
bank to adopt so-called "advanced approaches" for calculating
credit risk that looked likely to reduce its minimum regulatory
capital requirem ents.9
W hen Northern Rock becam e unable to fund itself through
interbank loans, U .K. authorities began to discuss various strate­
gies to relieve the bank's difficulties. News of the Bank of En g ­
land's planned support operation for Northern Rock leaked,
setting the scene for a run on deposits in m id-Septem ber. The
panic was exacerbated by the tight rules then in effect for com ­
pensating d ep o sitors,101and calm only (slowly) returned after
U .K. authorities publicly promised that deposits would be
repaid. Northern Rock eventually accepted em ergency govern­
ment support and then public ownership.
Lessons Learned
A s a result of the 2007-2009 crisis, the U.S. Federal Reserve
began to m andate liquidity stress testing programs for the larg­
est banks. These programs are aimed at ensuring that banks
have liquidity and funding strategies that will survive system-
wide stress scen ario s.11 In essence, the challenge of managing
funding liquidity risk lies partly in optimizing the bank's borrow­
ing sources and their com position. This optim ization is often
accom plished by managing the contractual maturities of assets
and liabilities, either directly or synthetically, using derivatives
such as interest rate swaps. Like most com plicated decisions,
however, asset/liability m anagem ent (ALM) decisions are driven
by trade-offs.
• There is a trade-off between funding liquidity and interest
rate risk: W hen funding liabilities have shorter duration than
9 Though the timing of the waiver later embarrassed the bank and its
regulators, it was not a significant factor in the loss of confidence in
the bank.
10 At the time, private depositors were fully guaranteed only up to
£2,000, with a further guarantee of 90% of sums up to a ceiling of
£33,000.
11 For the so-called "C-Lar" program, see S. Nasiripour, "Fed Begins
Stress Tests on Bank Liquidity," Finandal Times, December 13, 2012.
 loan assets, the bank is exposed to less interest rate risk and
more funding liquidity risk. The opposite is true when liabili­
ties have longer duration com pared to loan assets.
• There is also a trade-off between cost and risk mitigation.
To m itigate funding liquidity risk in a positively sloped yield
curve environm ent, institutions can increase the maturity of
their funding liabilities. However, this will clearly cost more
than cheaper shorter-duration funding.
Banks may also m itigate funding liquidity risk by reducing the
maturity of their assets (e.g ., commercial loans), but this is not
always possible because asset maturity is often driven by bor­
rower dem and, the nature of a bank's business, and its com peti­
tive environm ent.
A s it is not possible to perfectly coordinate liquidity, firms also
need em ergency liquidity cushions to ensure they can meet
their com m itm ents. The larger and better quality the cushion,
the lower the risk. However, this risk reduction com es at a cost,
as highly liquid and m arketable assets yield lower returns than
less liquid assets. C red it lines also command a cost, even if the
funds are not drawn. Again, banks must consider the significant
tradeoff between pursuing a risky funding liquidity strategy and
the cost of that strategy com pared with less risky strategies and
liquidity reserves. It follows that all the com ponents of an ALM
policy are linked (i.e., interest rate risk m anagem ent, funding
liquidity risk m anagem ent, profit planning, product pricing, capi­
tal m anagem ent, and fundam ental business strategies) and must
be part of a holistic and integrated approach to balance-sheet
m anagem ent.
9.3 CONSTRUCTING AND
IMPLEMENTING A HEDGING
STRATEGY
Developing and im plem enting effective hedging strategies can
be both beneficial and challenging. This is true not just for banks
and other financial institutions but for non-financial firms as well.
The function(s) or individual(s) responsible for developing hedg­
ing strategies need access to relevant information (e.g ., market
data or corporate information), and oftentim es advanced (or at
least apppropriate) statistical tools. O ne necessary step in this
process involves selecting appropriate models to use for both
pricing and hedging. These are som etim es developed in-house
but oftentim es are acquired from external vendors, as are the
data used in the m odeling, estim ation, and hedging process.
Regardless of what tools or data are eventually selected, it is
critical that the risk m anagem ent function has a deep under­
standing of their proper uses and limitations.
The choice of w hether to use static or dynam ic hedging
strategies is a key tactical decision. A static strategy involves
the purchase of a hedging instrum ent that very closely matches
the position to be hedged and is typically held for as long
as the underlying position is kept (or at least for a set period
of tim e).
A static strategy has the advantage of being relatively easy to
im plem ent and monitor. A dynam ic strategy, on the other hand,
involves adjusting the hedge through a series of ongoing trades
to contiuously (or frequently) calibrate the hedge position to the
(changing) underlying exposure. A s such, a dynam ic strategy
typically involves greater managerial effort to im plem ent and
monitor, and may involve higher transaction costs. Note that a
static approach focuses on the result of the strategy at the hori­
zon, whereas dynam ic hedging tries to rebalance the strategy
over short intervals of tim e (e.g ., on a daily basis).
Firms that im plem ent dynam ic hedging strategies must have
the appropriate models and expertise to trade in the markets
and effectively monitor their positions. This, however, will not
necessarily preclude these firms from making m istakes in the
im plem entation and communication of a risk m anagem ent
strategy. The following section illustrates this by exam ining a
dynam ic strategy put in place by M etallgesellschaft Refining &
M arketing, Inc. (M GRM ).
Metallgesellschaft— How a Dynamic
Hedging Strategy Can Go Wrong
MGRM was a U.S. subsidiary of M etallgesellschaft A G , an indus­
trial conglom erate based in Frankfurt, Germ any. In 1993, MGRM
entered into long-term, fixed-price contracts to deliver oil prod­
ucts (primarily gasoline and heating oil) to end-user custom ers.
Because M GRM could not change its prices after these contracts
were signed, it was exposed to the risk of rising energy prices.
Lacking a liquid m arket for appropriate long-term futures
contracts would allow it to hedge its price risk, M GRM im ple­
m ented a dynam ic hedging strategy that used short-dated
energy futures contracts. This strategy required that the hedg­
ing instrum ents (i.e., the futures contracts) be "rolled forw ard"
each month as they expired. The derivative position was
adjusted monthly to reflect the changing am ount of oustanding
contracts to be hedged in order to preserve a one-to-one
hedge. "Such a strategy is neither inherently unprofitable nor
fatally flaw ed, provided top m anagem ent understands the pro­
gram and the long-term funding com m itm ents necessary to
make it w o rk," according to Culp and Miller (1995).12
12 C. Culp and M. Miller, "Blame Mismanagement, Not Speculation, for
Metall's Woes," European Wall Street Journal, 1995, April 25.
Chapter 9 Learning from Financial Disasters ■ 127
The type of dynam ic hedging strategy im plem ented by M GRM
is known as a rolling h e d g e , and it can be profitable when
assets for im m ediate delivery are priced higher (i.e ., the spot
price) than assets for future delivery (i.e ., the futures price).
This type of pricing curve situation is known as backw ardation.
W hen the firm rolls the hedge position in a m arket character­
ized by backw ardation, the contract that is about to expire
is sold at a price that is higher than that of the replacem ent
longer-delivery contract and thus there is a resulting rollover
profit. However, this type of strategy can result in losses when
the opposite price relationship exists (a situation known as
co n ta n g o ).
MGRM therefore was exposed to curve risk (i.e., the risk of
shifts in the price curve between backwardation and contango).
Additionally, the firm was exposed to basis risk resulting from
deviations between short-term prices and long-term prices.
Spot oil prices fell significantly in 1993, from nearly USD 20 a
barrel mid-year to less than USD 15 a barrel by year-end. This
led to USD 1.3 billion in margin calls on M G RM 's long futures
positions that had to be met in cash. W hile MGRM had unreal­
ized econom ic gains on its original short forward contracts, it
had a (temporary) substantial negative cashflow. The problem
was exacerbated when the oil price curve changed shape,
moving from backwardation to contango. M GRM 's parent
com pany, which had been told the position was hedged and
therefore did not exp ect a negative cashflow, ordered the
hedges liquidated in D ecem ber 1993. This resulted in large
paper losses being turned into large realized lo sses.13
Hedging Considerations
Another im portant aspect of a hedging strategy is the time
horizon over which it is im plem ented. A s described in the dis­
cussion of static and dynamic hedging strategies, horizons can
be fixed (e.g ., quarter-end or year-end) or rolling. Regardless of
the choice of horizon, perform ance evaluations and investm ent
horizons should be aligned.
Accounting issues and potential tax im plications need to be
considered when devising a hedging strategy. Accounting
rules related to derivatives and hedging can be quite com plex
and are subject to change. A derivative and the underlying
position it is intended to hedge must be perfectly matched
13 The decision by management to liquidiate the hedges, while under­
standable, might not have been the best course of action. According
to Culp and Miller, at least three other possible actions should have
been considered: obtaining additional financing to keep the program
intact, finding another firm willing to buy the program from MGRM, or
unwinding the contracts with the original customers.
128 ■ Financial Risk Manager Exam Part I: Foundations of Risk Management
(e.g ., regarding dates and quantities) in order for them to be
reported together in operational profit without the need to
report an accounting profit or loss. W ithout such a m atching, the
International Financial Reporting Standards (IFRS) require that
the hedge's mark-to-market profit (or loss) be recorded. If the
hedge is at least 80% effective, the resulting profit or loss can
be recorded in the firm's operational or gross profit. O therw ise,
the financial position will be recorded as a financial expense,
while the underlying position will be recorded as an operational
expense.
How derivatives are accounted for will directly im pact not only
how they are reported in a firm's quaterly and annual financial
reports but on a firm's profit and loss (P&L) statem ent as w ell.
The MGRM case highlights the discrepancy between eco­
nomic and accounting hedging, and between hedging the P&L
or hedging the cashflows. Although M GRM was nearly fully
hedged in econom ic term s, it was fully exposed in accounting
term s and was therefore not prepared to absorb liquidity risk.
The choice of the derivatives used in a hedging strategy may
have very different tax im plications and this can have a big
im pact on the cash flows of a firm . Tax treatm ent may also
vary from country to country and can som etim es result in a
multinational corporation finding it advantageous to hedge
positions related to business in one country by using derivatives
in another country. Getting com petent professional guidance
on tax m atters is therefore critical when developing and im ple­
menting a hedging strategy.
For any strategy to be successful, it must be effectively im ple­
m ented. This is especially im portant because m arkets can move
and prices can change, making what had initially appeared
to be an attractive hedging opportunity unattractive. During
im plem entation, firms must be ready to adapt to changing
conditions with the same care and thoroughness that w ent into
the original strategy design. O nce im plem ented, however, the
firm must take special care to monitor the positions with respect
to their fit with the overall strategy and their ongoing effective­
ness as hedges.
9 .4 M O D E L R ISK
Sophisticated financial products often rely on valuation
m odels to determ ine their prices. Models can be theoretical
(e.g ., CAPM ) or they can be statistically based (e.g ., the term
structure of interest rates). Institutions are exposed to risks
arising from the use of models when pricing these financial
products. Model risk can stem from using an incorrect m odel,
incorrectly specifying a m odel, and/or using insufficient data and
incorrect estim ators.
O ne way a model can be problem atic is if its underlying assum p­
tions are flawed (e.g ., assum ptions about the underlying asset
price or interest rate process). For exam ple, a bond pricing
model might incorporate an assumption of a flat yield curve,
when in fact the curve is upward-sloping and unstable. This type
of risk is both common and dangerous and can be among the
most difficult risks to detect. Unfortunately, the annals of finance
history are filled with exam ples of strategies based on faulty
assum ptions, as well as other types of flawed m odels, processes,
and controls. W hat follows are a few relatively well-known exam ­
ples to illustrate this point.
Wrong Assumptions—The Niederhoffer
Put Options
Victor N iederhoffer was a star trader who ran a very success­
ful and well-established hedge fund. O ne strategy of the fund
involved writing large quantities of uncovered (i.e., "naked")
deep out-of-the-money put options on the S&P 500 Index and
collecting the option premiums. O f course, because these were
deep out-of-the-money, the premiums collected from these
options were quite small. An assumption underlying this strat­
egy was that a one-day m arket decline of more than 5% would
be very rare. In fact, if m arket returns were normally distributed,
a fall of this m agnitude would be virtually im possible.
The strategy was undone, however, when the stock market fell
by over 7% in one day in O ctober 1997. The sharp drop in U.S.
equity prices followed a large overnight decline in the Hang Seng
Index, which in turn was the result of a crisis developing in Asian
markets. On the back of this shock, liquidity in the markets dried
up. As a result, the fund was unable to meet over USD 50 million
in margin calls and its brokers liquidated Neiderhoffer's positions
for pennies on the dollar, effectively wiping out the fund's equity.
The lesson from this case is that one can construct a strategy with
options that will produce a small profit over an extended period.
Nevertheless, in such strategies there can be a small probability
for a major loss. In other words, com petitive financial markets
rarely offer a "free lunch."
Long Term Capital Management
and Model Risk: When "Normal"
Relationships Breakdown
The dem ise of Long Term Capital M anagem ent (LTCM) in
August and Septem ber of 1998 was notable due to the size
of the fund's exposures and the pedigree of the individuals
involved. Founded in 1994 by John M eriwether, LTCM's prin­
cipals included form er Federal Reserve Board Vice-Chairm an
David Mullins, Nobel laureates Robert Merton and Myron
Scholes, several world-renowned academ ics, and experienced
traders from the fam ous Salomon Brothers' bond arbitrage
desk. Before its failure, LTCM had USD 4.8 billion in equity and
USD 125 billion in assets, making for a 25-to-1 leverage ratio.
LTCM's downfall was triggered in August of 1998, when the
governm ent of Russia declared a moratorium on its debt and
devalued its currency (i.e., the ruble). These actions caused
the value of LTCM's holdings to fall over 40% , a loss of nearly
USD 2 billion. Concerned about a potential system ic crisis, the
Federal Reserve Bank of New York brokered the rescue of LTCM
by a group of banks that agreed to inject USD 3.5 billion into
the fund in exchange for a 90% equity stake and control of its
m anagem ent.
How could LTCM have been so adversely affected by a single
m arket event? The reason lay in an arbitrage strategy the fund
em ployed that was based on market-neutral trading (also known
as relative-value trading). These strategies typically involve the
purchase of one asset and the sim ultaneous sale of another
and are designed to exploit relative m ispricings between the
assets. As a result, they generate profits when the price spread
between assets moves in the anticipated direction, regardless of
directional m ovem ents in the overall m arket.
Many of LTCM's strategies, based on extensive and intensive
em pirical research by top-level academ ics and practitioners at
the firm , appeared safe at first glance. The firm made its trades
based on the assumption that the spreads between sovereign
and corporate bonds in various countries were too wide and
would eventually revert to their "norm al" levels. For instance,
LTCM would purchase UK corporate bonds and sell (or "short")
appropriate UK governm ent bonds to capture a perceived
relative-value opportunity. O ther trades were m otivated by the
fact that several European countries were scheduled to join the
European Econom ic and M onetary Union (EMU) and conver­
gence of sovereign bond yields was anticipated. Trades of this
type might involve, for instance, buying Spanish or Italian gov­
ernm ent debt and selling Germ an bunds. A s long as the yield
spread narrowed, these positions would make money regardless
of m ovem ents in absolute p rices.14
The limited returns from these low-risk strategies came under
increasing pressure as more traders entered the market to take
advantage of the same perceived opportunities. To boost per­
form ance (measure by return on equity), LTCM used leverage.
With a 25-to-1 leverage ratio, for exam ple, LTCM could turn a
1% return on assets into a 25% return. This was aided by LTCM's
14 In some cases, such as when the prevailing spread is negative, the
speed of narrowing is also a key factor.
Chapter 9 Learning from Financial Disasters ■ 129
ability to obtain large amounts of financing, collateralized by the
bonds it invested in. Part of the fund's ability to access such large
loans was due to its strategies being widely perceived as low-risk
in nature.
LTCM 's failure reflected its inability to anticipate the dram atic
increase in correlations and volatilities and the sharp drop in
liquidity that can occur during an extrem e crisis. LTCM also
succum bed to an internal liquidity crunch brought on by large
margin calls on its futures holdings. Ironically, LTCM 's strate­
gies were valid in the medium term , and as the crisis ended,
the banks that took over LTCM realized substantial profits.
Trading Models
Basing m odels, or strategies, on relationships that exist dur­
ing benign m arket conditions makes them vulnerable to failure
during extrem e, or crisis, situations. The events of A ugust 1998
in Russia made many m arket participants fearful of the pos­
sibility of other sovereign defaults. These fears triggered an
investor exodus from em erging m arkets and other risky assets
into liquid and less-risky assets like US and Germ an govern­
ment debt. This flight to quality caused the spreads between
"safe haven" assets, like US treasuries, and riskier assets, like
em erging m arket bonds and corporate high-yield bonds, to
diverge sharply. These same fears caused the relative yields
between Germ an and Italian debt to widen (because Germ an
bunds were thought to be safer than Italian bonds) along with
credit spreads across a range of asset classes.
A s spreads w idened, many relative-value trades began to lose
money and lenders began to dem and the posting of additional
collateral. This forced many hedge funds to either sell assets
at fire-sale prices to raise funds to m eet the margin calls or to
abandon their arbitrage plays. Liquidity evaporated from many
m arkets, especially em erging m arkets, and volatility increased.
The breakdown in the historic correlation and volatility patterns
assumed in LTCM 's m odels led to most of its losses. The factors
that were most relevant during the m arket turmoil included the
following.
• U.S. Treasury interest rates and stock prices fell in tandem
because investors had deserted the stock m arket and
started purchasing U.S. governm ent bonds in a flight to
quality. In normal m arkets, stock returns and interest rates
are negatively correlated (i.e., when interest rates fall, stock
prices rise).
• Liquidity vanished in many markets sim ultaneously and made
the unwinding of positions exceedingly difficult. Portfolios
that seem ed to be well-diversified across m arkets began to
130 ■ Financial Risk Manager Exam Part I: Foundations of Risk Management
behave as if they were highly concentrated in a single m arket,
and market-neutral positions becam e directionally exposed
(usually to the wrong side of the market).
Risk Measurement Models and Stress
Testing
LTCM made heavy use of a Value-at-Risk (VaR) model as part of its
risk control. VaR is a measure of the worst-case loss for an invest­
ment (or set of investments) given normal market conditions over
a specific time horizon and at a given confidence level.
LTCM felt that it had structured its' portfolio so that the fund's
risk should not have exceeded that of the S&P 500. The prob­
lems encountered at LTCM shed light on how assumptions made
when calculating regulatory VaR calculations do not necessarily
apply to hedge funds.
• The tim e horizon for econom ic capital should be the tim e it
takes to raise new capital, liquidate positions in an orderly
manner, or the period over which a crisis scenario will unfold.
Based on the experience of LTCM , ten days is clearly far too
short a tim e horizon to determ ine a hedge fund's VaR.
• Liquidity risk is not factored into traditional static VaR m od­
els. Such models assume that normal m arket conditions pre­
vail and that markets exhibit perfect liquidity.
• Correlation and volatility risks (i.e., the risk that the realized
correlations and volatilities significantly deviate from exp ecta­
tions) can be captured only through stress testing. This was
probably the w eakest point of LTCM's VaR system .
Federal Reserve Bank of New York President William
McDonough Federal Reserve Bank of New York testified before
1c
Congress that:
We recognize that stress testing is a d evelo p in g d isci­
pline, b u t it is clear that adequate testing was not done
with re sp e c t to the financial conditions that p recip ita ted
Long-Term Capital's problem s. E ffective risk m anage­
m ent in a financial institution requires not only m odeling,
but m odels that can te st the full range o f financial trans­
actions across all kinds o f a d verse m arket d evelo p m en ts.
During the run-up to its collapse, LTCM experienced daily vola­
tility of more than USD 100 million, more than tw ice the level it
envisioned. Furtherm ore, despite estim ating its ten-day VaR to
15 McDonough, W. J. (1998, October 1). Statement by William J.
McDonough Before the United States House Committee on Bank­
ing and Financial Services. Lecture, Washington, D.C. Retrieved from
https://www.newyorkfed.org/newsevents/speeches/1998/mcd981001
.html
be USD 320 million, LTCM suffered losses of over USD 1 billion.
Simply put, LTCM 's risk model had fatal flaws that ultimately
contributed to the firm's dem ise.
Model Risk and Governance—
The London Whale
During the first half of 2012, J.P. Morgan Chase lost billions of
dollars from an exposure to a massive credit derivatives portfo­
lio in its London office. The following case study of the event
was com piled using word-for-word extracts from the 300-page
report produced by a subsequent investigation by the U.S.
Sen ate.16
Setting the Scene
"JP Morgan Chase & Com pany is the largest financial holding
com pany in the United States, with USD 2.4 trillion in assets. It
is also the largest derivatives dealer in the world and the largest
single participant in world credit derivatives m arkets. Its princi­
pal bank subsidiary, JP Morgan Chase Bank, is the largest U.S.
bank. JP Morgan Chase has consistently portrayed itself as an
expert in risk m anagem ent with a "fortress balance sheet" that
ensures taxpayers have nothing to fear from its banking activi­
ties, including its extensive dealing in derivatives. But in early
2012, the bank's C h ief Investm ent O ffice (CIO ), which is charged
with managing USD 350 billion in excess deposits, placed a
massive bet on a com plex set of synthetic credit derivatives that,
in 2012, lost at least USD 6.2 billion.
The C IO 's losses were the result of the so-called "London
W hale" trades executed by traders in its London office— trades
so large in size that they roiled world credit m arkets. Initially
dism issed by the bank's C h ief Executive O fficer as a "tem p est in
a te ap o t", the trading losses quickly doubled and then tripled
17
despite a relatively benign credit en viro n m e n t. . . "
The Risk Exposure Grows
". . . In 2006, the C IO approved a proposal to trade in syn­
thetic derivatives, a new trading activity. In 2008, the C IO
16 "JP Morgan Chase Whale Trades: A Case History o f Derivatives
Risks and A buses," United States Senate Permanent Subcommittee
on Investigations, Carl Levin, Chairman and John McCain, Ranking
Minority Member, March 15, 2013 Hearing. For the company's own
account of the debacle, see Report o f JPMorgan Chase & Co Manage­
ment Task Force Regarding 2012 CIO Losses, January 16, 2013.
17 Senate report, p. 1.
began calling its credit trading activity the Synthetic Credit
Portfolio (SCP).
Three years later, in 2011, the SCP's net notional size jum ped
from USD 4 billion to USD 51 billion, a more than tenfold
increase. In late 2011, the SCP bankrolled a USD 1 billion credit
derivatives trading bet that produced a gain of approxim ately
USD 400 million. In D ecem ber 2011, JPM organ Chase instructed
the C IO to reduce its Risk W eighted A ssets (RWA) to enable the
bank, as a whole, to reduce its regulatory capital requirem ents.
In response, in January 2012, rather than dispose of the high risk
assets in the SC P — the most typical way to reduce RW A— the
C IO launched a trading strategy that called for purchasing addi­
tional long credit derivatives to offset its short derivatives posi­
tions and lower the C IO 's RW A in that manner. That trading
strategy not only ended up increasing the portfolio's size, risk,
and RW A, but also, by taking the portfolio into a net long posi­
tion, elim inated the hedging protections the SCP was originally
supposed to p ro vid e ."18
Operational Risk
"In its first four years of operation, the SCP produced positive
revenues, but in 2012, it opened the year with losses. In January,
February, and March, the num ber of days reporting losses far
exceeded the num ber of days reporting profits, and there was
not a single day when the SCP was in the black. To minimize its
reported losses, the C IO began to deviate from the valuation
practices it had used in the past to price credit derivatives. In
early January, the C IO had typically established the daily value
of a credit derivative by marking it at or near the m idpoint price
in the daily range of prices (bid-ask spread) offered in the mar­
ketplace. Using m idpoint prices had enabled the C IO to com ply
with the requirem ent that it value its derivatives using prices
that were the "m ost representative of fair valu e". But later in the
first quarter of 2012, instead of marking near the m idpoint, the
C IO began to assign more favorable prices within the daily price
range to its credit derivatives. The more favorable prices
enabled the C IO to report sm aller losses in the daily profit/loss
(P&L) reports that the SCP filed internally within the b a n k ."19
". . . by March 16, 2012, the SCP had reported year-to-date
losses of USD 161 million, but if m idpoint prices had been used,
those losses would have swelled by at least another
USD 432 million to a total of USD 593 m illion."20
18 Senate report, p. 3 and 4.
1Q
Senate report, p. 96.
20 Senate report, p. 96.
Chapter 9 Learning from Financial Disasters ■ 131
 . . O ne result of the CIO 's using more favorable valuations was
that two different business lines within JPM organ C hase, the
C IO and the Investm ent Bank, assigned different values to iden­
tical credit derivatives holdings. Beginning in March 2012, as
C IO counterparties learned of the price differences, several
objected to the C IO 's values, resulting in collateral disputes
peaking at USD 690 million. In May, the bank's Deputy Chief
Risk O ffic e r . . . directed the C IO to mark its books in the same
manner as the Investm ent Bank, which used an independent
pricing service to identify the m idpoints in the relevant price
ranges. That change in valuation m ethodology resolved the col­
lateral valuation disputes in favor of the C IO 's counterparties
and, at the same tim e, put an end to the m ism arking."21
Corporate Governance: Poor Risk Culture
"In contrast to JPM organ Chase's reputation for best-in-class
risk m anagem ent, the whale trades exposed a bank culture in
which risk limit breaches were routinely disregarded, risk metrics
were frequently criticized or dow nplayed, and risk evaluation
models were targeted by bank personnel seeking to produce
artificially lower capital requirem ents.
The C IO used five key m etrics and limits to gauge and control
the risks associated with its trading activities, including Value-at-
Risk (VaR). During the first three months of 2012, as the C IO
traders added billions of dollars in com plex credit derivatives to
the SCP, the SC P trades breached the limits on all five risk m et­
rics. In fact, from January 1 through April 30, 2012, C IO risk lim­
its and advisories were breached more than 330 tim e s."222
3
". . . The SCP's many breaches were routinely reported to JP M ­
organ Chase and C IO m anagem ent, risk personnel, and traders.
The breaches did not, however, spark an in-depth review of the
SCP or require im m ediate remedial actions to lower risk.
Instead, the breaches were largely ignored or ended by raising
the relevant risk lim it."
Model Risk: Fudging VaR Models
". . . C IO traders, risk personnel, and quantitative analysts fre­
quently attacked the accuracy of the risk m etrics, downplaying
the riskiness of credit derivatives and proposing risk m easure­
ment and model changes to lower risk results for the SCP. In the
case of the C IO VaR, after analysts concluded the existing model
was too conservative and overstated risk, an alternative C IO
21 Senate report, p. 6 .
22 Senate report, p. 7.
23 Senate report, p. 7.
132 ■ Financial Risk Manager Exam Part I: Foundations of Risk Management
model was hurriedly adopted in late January 2012, while the
C IO was in breach of its own and the bankwide VaR limit. The
bank did not obtain O C C approval as it should have to use
the model for the SCP. The C IO 's new model im m ediately
lowered the SCP's VaR by 50%, enabling the C IO not only to
end its breach, but to engage in substantially more risky deriva­
tives trading. Months later, the bank determ ined that the model
was im properly im plem ented, requiring error-prone manual data
entry and incorporating formula and calculation errors. On May
10, the bank backtracked, revoking the new VaR model due to
its inaccuracy in portraying risk, and reinstating the prior
m o d e l."24 (See Figure 9.1)
9.5 ROGUE TRADING AND
MISLEADING REPORTING
Barings, 1995
Profits are typically seen as a good thing, particularly at finan­
cial firms. The collapse of Barings Bank, caused by the actions
of Nick Leeson, should serve as a warning that outsized profits
can also be an indicator of unrecognized risk and should be met
with as much inquisitiveness as happiness.
In 1992, Nick Leeson moved to Singapore and becam e the local
head of operations for Barings Bank, a centuries-old British
financial institution founded in 1762. As part of his role, Leeson
executed client trades on the Singapore International M onetary
Exchange (SIM EX). Expanding his remit, he received authori­
zation to execute an arbitrage trading strategy designed to
exploit price disparities between Nikkei futures contracts listed
on the SIM EX and those listed on the Osaka Securities Exchange
(O SE). Rather than follow this arbitrage strategy, which involved
offsetting trades in the two m arkets, Leeson instead built
speculative positions by buying in one m arket and holding onto
the contracts. His approach quickly generated huge losses.
In addition to his trading authorization, Leeson also controlled
the Singapore back office and he used this dual-role to hide
his losses. Using a reconciliation account, Leeson converted an
actual 1994 loss of G B P 200 million into a reported sizable profit
of G B P 102 million. Deepening his subterfuge, Leeson managed
to have the reconciliation account excluded from the reports
sent to the main office in London.
By late 1994, the outsized amount of Leeson's profits began to
attract the attention of Barings' risk controllers. Their inquiries to
Leeson's superiors were rebuffed, however, who cited Barings'
"unique ability to exploit this arb itrage." (It's possible that the
24 Senate report, pp. 7 and 8 .
 im possible for Leeson to have made
- e-^iAi these profits in the manner he claim ed,

s <
CD
“O
O
- 92-Jdv
as that would have required trading
four tim es that week's total volum e for
- 6l-Jdv the Nikkei futures contracts on both the
\ S IM E X a n d the O S E.
/ 03 - Zl-Jdv
I By the tim e Barings discovered Leeson's
l T3 - 5-Jdv rogue trading, the losses he had accum u­
o - 6z-*m
lated had grown too large and the bank
> was forced to liquidate. Eventually, IN G,
L - 33-JeiAI C£ a Dutch bank, acquired Barings Bank for
03
> the ignominious sum of G B P 1.
-5L-J61AI

A main lesson from the Barings collapse

- 2-->m
Q) is that reporting and monitoring of posi­
13
- o tions and risks (i.e., back-office opera­
C£ tions) must be separated from trading
- ez-q^d >
03

13
(i.e., front-office operations). Another
-91-qaj 0 basic lesson is that outsized or strangely
1 consistent profits (think Bernie Madoff
- 6-q^d
I as well) should be independently investi­
- z-q^d CD gated and rigorously monitored in order
13
O to verify that they are real, generated in
- 92-uer C£
03 accordance with the firm's policies and
>
- 6L-uer 13 procedures, and not the result of nefari­
+-»
CD

O ous or unacceptably risky activities. More

- Zl-uer Q_
CD
C£ broadly, it is incum bent upon risk m anag­
- g-uep ers to determ ine if the reported business
profits seem logical with respect to the
- 6Z-^Q positions held.

- ZZ-^Q Note that Barings' downfall could have

been avoided under regulations im ple­
- s l -^ q
mented just a few years later. In addition
- 8 ° 0a to setting capital adequacy requirem ents
for m arket risk, the Basel Com m ittee set
L-00a
o o o o o o o o o o limits on concentration risks. Linder the
o o o o o o o o o o
o o** o o«■* o o««* o** o o o
o
«■
*
o o o o o o o o o 1996 am endm ent, banks are required
o o o o o o o o o o
o o o o o o o o o o to report risks that exceed 10% of their
o o o o o o o o o o
o o CNJ o o CNJ
capital and cannot take positions that
00 00
CNJ

F ia u re 9.1 VaR for the CIO: "old" versus "new" VaR model.25
extra bonuses his superiors received on the back of Leeson's
reported profits may have clouded their judgem ent.) The risk
controller's suspicions were raised again in January 1995 after
Leeson reported a one-week profit of G B P 10 million in January
1995, and once more their concerns were dism issed. Had his
superiors investigated the source and plausibility of the profits,
simple calculations would have shown that it would have been
exceed 25% of their capital. Had these
rules been in effect in 1994, or had the
bank developed and enforced prudent
guidelines similar to these rules, Barings would have been
prohibited from amassing such large positions and one of the
world's most infamous rogue trading scandals might have been
avoided.26
Large trading volum es and revenues typically result in large
bonuses for senior m anagers. In turn, this com pensation fram e­
work encourages m anagers to trust the traders that report to

Chapter 9 Learning from Financial Disasters ■ 133

them . Their reports may not be given proper scrutiny by risk
managers or other key individuals who might be able to prop­
erly question the veracity of the purported profits. One diffi­
culty is that traders can use their superior knowledge of pricing
m odels, or claims of profound m arket insights, to confound their
internal critics.
The antidote to this problem is for senior m anagers to engage
with a healthy skepticism m odels and strategies that claim to
deliver above-m arket returns and to insist that all models be
transparent and independently vetted. It should be rem em bered
that im m ediate revenues from a transaction (e.g ., ten-year credit
default swap) cannot be recognized as econom ic profit. Rather,
a transaction's profitability depends on its perform ance over its
life. Unfortunately, accounting procedures can be used to misre-
port profits for risky derivative instrum ents.
9.6 FINANCIAL ENGINEERING
Forwards, swaps, and options are the main building blocks of
financial engineering. They can be used separately to hedge
specific risks or be com bined to form com plex structures that
m eet client needs.
Derivatives allow investors and institutions to break apart (i.e.,
segment) risks. Conversely, derivatives can be used to manage
risks on a joint basis. For exam ple, consider a U.S. fund manager
holding a bond denominated in euros. The fund manager is
exposed to interest rate risk in the euro fixed-income market and
to currency risk from changes in the dollar/euro exchange rate.
The manager can hedge both risks with a currency swap. Alterna­
tively, he or she can hedge the foreign exchange exposure sepa­
rately through a currency forward or option. The fund manager
could also avoid the trouble of hedging only the currency exp o­
sure by entering into a so-called quanto swap. Under this struc­
ture, he or she would receive the coupon of the bond in dollars at
a prearranged exchange rate and pay the U.S. Libor floating rate.
The financial engineers responsible for devising com plex instru­
ments do so to satisfy the risk-return appetites of their clients.
But financial engineering is not by itself risk m anagem ent,
and in the world of derivatives the line between hedging and
speculation can be blurry. Firms may be tem pted to enter into
com plex transactions that enhance im m ediate portfolio returns.
However, enhancing returns alm ost always means taking on
more risk in some form or other. This risk may com e in the form
of an unlikely but potentially very severe future loss. Too often,
the em bedded risk is not fully understood by firms entering
into com plex derivative transactions. O r it may be the case that
these risks are not fully com m unicated to senior m anagers and
other stakeholders.
134 ■ Financial Risk Manager Exam Part I: Foundations of Risk Management
The Risks of Complex Derivatives
Back in the early 1990s, Bankers Trust (BT) proposed that clients
Procter & Gam ble (P&G) and Gibson G reetings enter com plex
leveraged swaps to achieve lower funding costs. In the swap
with P&G, for exam ple, BT would pay a fixed rate to P&G for
five years, while P&G would pay a floating rate, which was the
commercial paper rate minus 75-basis points if rates remained
stable. But, through a com plex form ula, the floating rate
would increase considerably if rates rose during the period; for
exam ple, an increase of 100-basis points in rates produced a
1,035-basis point spread over the commercial paper!
In 1994, the Fed increased the federal funds rate by 250-basis
points, causing colossal losses for both P&G and Gibson G ree t­
ings. Both com panies sued BT for m isrepresenting the risk
em bedded in these com plex swap transactions. BT never quite
recovered from the ensuing reputational dam age and was
eventually acquired by Deutsche Bank.
The Case of Excess Leverage and
Complex Financial Instruments:
Orange County
Repos27 allow investors to finance a significant portion of their
investm ents with borrowed money (i.e., leverage). But using
leverage means that the profit or loss on any position is
m ultiplied; even a small change in m arket prices can have a
significant im pact on the investor.
Leverage, through the use of repos, was part of the undo­
ing of California's O range County. In the early 1990s, O range
County treasurer Robert Citron had managed to borrow USD
12.9 billion through the repo m arket. This enabled him to accu­
mulate around USD 20 billion of securities even though the fund
he managed had only USD 7.7 billion in invested assets.
Citron used the borrowed funds to purchase com plex inverse
floating-rate notes whose coupon paym ents decline when
interest rates rise (as opposed to conventional floaters, whose
paym ents increase in such a circum stance). In the favorable
upward-sloping curve environm ent in the years before 1994,
Citron was able to increase the return of the fund by 2% com ­
pared to similar pools of assets. However, over the course of
1994, the Federal Reserve raised interest rates by 250-basis
points. As interest rates rose, the m arket value of his positions
dropped substantially, generating a loss of USD 1.5 billion by
D ecem ber 1994. A t the same tim e, some of the fund's lenders
Q"7
Repos (also called repurchase agreements) are a way to borrow cash
by agreeing to sell securities to a counterparty and then repurchase
them at (slightly) higher price shortly thereafter.
stopped rolling over their repo agreem ents. Ultim ately, O range
County was forced to file for bankruptcy.
This debacle was caused by a combination of excessive lever­
age and a risky (and eventually wrong) interest-rate bet em bed­
ded in the securities bought by the fund. Citron later adm itted
he did not understand either the position he took nor the risk
exposure of the fund.
Firms need to understand the risks that are inherent in their
business m odels. Senior m anagem ent then needs to deploy
robust policies and risk m easures tying risk m anagem ent, and
particularly the use of derivatives, to risk appetite and overall
business strategy as it has been com m unicated to stakeholders.
M anagem ent and boards should always ask where the risks are
hiding and under what circum stances could they produce a loss.
The Case of Investing in AAA Tranches
of Subprime CDOs: Sachsen
Prior to the 2007-2009 financial crisis, some of the biggest buyers
of U.S. subprime securities were European banks. Among these
institutions were publicly owned banks in Germ any called the
Landesbanken. W hile these instruments offered an attractive risk
premium, they also required understanding and pricing expertise.
Landesbanks traditionally specialized in lending to regional
small- and medium-sized com panies. However, during the boom
years some began to open overseas branches and develop
investm ent banking businesses. O ne of the most notorious
exam ples was the Leipzig-based Sachsen Landesbank.
Sachsen opened a unit in Dublin tasked with setting up vehicles
to hold large volum es of highly rated U.S. m ortgage-backed
securities. W hile these vehicles were technically off the parent
bank's balance sheet, they benefited from the guarantee of
Sachsen itself.
W hile this operation was highly p ro fitab le,28 it was sim ply
too large when com pared to the size of Sachsen's balance
sheet. W hen the subprim e crisis struck in 2007, the rescue
operation w iped out Sachsen's capital and the bank had to be
sold to Landesbank Baden-W urttem berg (i.e ., another Germ an
state bank).
28 See P. Honohan, "Bank Failures: The Limitations of Risk Modelling,"
Working paper, 2008, for a discussion of this and other bank failures.
Honohan says that reading Sachsen's 2007 Annual Report suggests
that, "The risk management systems of the bank did not consider this
[funding liquidity commitment] as a credit or liquidity risk, but merely
as an operational risk, on the argument that only some operational
failure could lead to the loan facility being drawn down. As such it
was assigned a very low risk weight attracting little or no capital."
(Honohan, p. 24)
9.7 REPUTATION RISK
A firm 's reputation is based on the b elief that it can and will
fulfil its prom ises to counterparties and creditors, and that
the enterprise is a fair dealer and follow s ethical practices.
In recent years, however, concern about reputation risk has
becom e more prom inent with the rapid growth of social net­
w orks. Rum ors can spread quickly on the internet and destroy
reputations in a m atter of hours. Com panies are also under
growing pressure to dem onstrate their com m itm ent to envi­
ronm ental, social, and governance-related best practices. A s a
result, the reputational dam age for unethical conduct can be
very severe.
Volkswagen Emission Cheating Scandal
A major scandal to hit the Germ an autom aker Volkswagen
involved regulatory testing. In Septem ber 2015, the United
States Environm ental Protection A gency (EPA) announced that
Volkswagen had program m ed certain emissions controls on its
diesel engines to be activated only during regulatory testing
but not during real-world driving. Thus, while nitrogen oxide
levels would m eet U.S. standards during regulatory testing,
they greatly exceeded these standards when the cars were
actually on the road. From 2009 through 2015, Volkswagen put
this programming in place in over ten million cars worldwide
(500,000 in the United States alone). Volkswagen executives
in Germ any and the United States form ally acknow ledged the
deception on a Septem ber conference call with the EPA and
California officials.
The dam age to Volkswagen, the world's biggest carmaker, was
significant. The share price of the com pany fell by over a third
as the scandal unfolded and the firm faced billions of dollars
in potential fines and penalties. Numerous lawsuits were filed.
Its reputation, particularly in the im portant US m arket, took a
severe hit. The reputational effect extended beyond the com ­
pany itself as Germ an governm ent officials expressed concerns
that the value of the im prim atur "M ade in G erm any" would be
diminished because of Volkswagen's actions.
9.8 CORPORATE GOVERNANCE
Corporate governance was the topic of C hapter 3. This chapter
has already illustrated some corporate governance failures with
J.P. Morgan Chase and "The London W hale" in Section 9.4 and
the Volkswagen emission cheating scandal in Section 9.7. This
section exam ines the bankruptcy of the energy giant Enron
in 2001.
Chapter 9 Learning from Financial Disasters ■ 135
Enron
Enron was form ed in 1985 follow ing the heavily leveraged
m erger of InterNorth and Houston Natural G as. A s the result
of deregulation, however, the firm lost the exclusive rights
to its pipelines. In order to survive, Enron devised a new and
innovative business strategy to becom e a so-called "g as b ank."
This strategy involved buying gas from various suppliers and
selling it to a netw ork of consum ers at guaranteed am ounts
and prices. In return for assum ing the associated risks, Enron
charged fees for these transactions. A s part of this process,
Enron created a m arket for energy derivatives w here one had
not previously existed .
Enron was named "Am erica's Most Innovative Com pany" in
1995 by Fortune and won this prestigious award for six consecu­
tive years. The firm's shares were worth alm ost USD 90.56 at its
peak in August 2000. That year Enron had 20,000 em ployees
and revenues of nearly USD 101 billion.
Enron constantly pushed for deregulation of the energy
m arket, which would give the firm greater flexib ility to pur­
sue its business m odel. The energy m arket in California was
a prom inent exam ple of this push that ultim ately led to much
criticism as Enron played a key role in the 2000-2001 California
electricity crisis.
California had previously capped its retail electricity prices after
experiencing a shortage of electricity, which it attributed to mar­
ket m anipulations. By taking power plants offline during tim es of
peak dem and, Enron could raise power prices by up to 2,000% .
Because the California governm ent had capped retail electric­
ity prices, Enron's actions squeezed revenue margins across the
industry and eventually led to the bankruptcy of Pacific Gas and
Electric Com pany (i.e., one of the largest power com panies in
the United States) in 2001.
Enron itself declared bankruptcy in D ecem ber 2001. The larg­
est corporate bankruptcy in U.S. history when it occurred, the
firm's collapse has been w idely discussed in academ ic, practitio­
ner, and popular press forum s. It is now clear what w ent wrong
Enron was a poster child of corporate governance failure and
poor risk m anagem ent.
Many in Enron's senior m anagem ent acted in their own self-
interest and against the interests of shareholders (i.e., this is
known as agency risk). For exam ple, Enron chairman and C E O
Ken Lay was charged with "falsifying Enron's publicly reported
financial results and making false and misleading public
136 ■ Financial Risk Manager Exam Part I: Foundations of Risk Management
representations about Enron's business perform ance and finan­
cial co n d itio n ."29
However, Enron's board also failed to fulfill its fiduciary duties to
the shareholders. For exam ple, the board was aware of and
allowed the C F O to becom e the sole m anager of a private
equity fund that did business with Enron. A s it turned out, how­
ever, the private equity fund lacked econom ic substance.30
Most damning, Enron also used "creative" (i.e., fraudulent)
accounting practices to hide flaws in its actual financial perfor­
m ance. As one exam ple, note that Enron transferred its stock to
a special purpose vehicle (SPV) in exchange for either cash or
notes.31 The SPV classified the Enron stock as an asset on its
balance sheet. In turn, Enron guaranteed the S P V s value to
reduce its credit risk.323Im portantly, Enron failed to adequately
disclose the lack of an arm's length relationship between the
com pany and the SPV.
Another exam ple of Enron's duplicity is a schem e by which the
firm would build a physical asset and then im m ediately declare a
projected mark-to-market profit on its books. It would do this
even though it had not yet made any money from the physical
asset. If the revenue from the asset was less than the projected
am ount, then Enron would simply transfer the asset to an SPV.
The financial loss would therefore go unreported and Enron
could write off unprofitable activities without impacting the bot­
tom line. In short, Enron becam e adept at hiding the financial
losses of its operations using a variety of deceptive
no
techniques.
Enron outsourced its audit function to Arthur A ndersen, form erly
one of the Big Five accounting firms. Andersen either failed
to catch or explicitly approved many of fraudulent accounting
practices that led to Enron's collapse. O nce the scandal came to
29 SEC, (2004, July 8 ), Retrieved from https://www.sec.gov/news/
press/2004-94.htm
30 See https://scholarship.law.upenn.edu/cgi/viewcontent.cgi?article=
1009&context=fisch_2016
31 See Segal, T. (2019, June 28). Enron Scandal: The Fall of a Wall
Street Darling. Retrieved from https://www.investopedia.com/updates/
enron-scandal-summary/
32 The SPV was capitalized entirely with Enron stock. The danger is that
if the value of Enron's stock declines, the credit risk of the SPV increases.
33 Primbs, Michael and Wang, Clara, "Notable Governance Failures:
Enron, Siemens and Beyond" (2016). Comparative Corporate Gover­
nance and Financial Regulation. Paper 3 https://scholarship.law.upenn.
edu/cgi/viewcontent.cgi?article=1009&context=fisch_2016
light, Andersen was forced to surrender its accounting licenses
to the Securities and Exchange Com m ission (SEC ). This was
effectively a death sentence for the firm.
Aftermath
In the United States, the Sarbanes-O xley A ct (SOX) of 2002 was
a key legislative reform that resulted from the Enron debacle,
along with associated changes in stock exchange and account­
ing rules. SO X created the Public Com pany Accounting O ver­
sight Board (P C A O B ),34 which has assumed an im portant role in
promoting good corporate governance and financial disclosure.
A s indicated in Chapter 3, boards and audit com m ittees increas­
ingly rely on the chief risk officer (CRO ) to integrate corporate
governance responsibilities with existing risk m anagem ent
responsibilities to improve overall risk governance.
9.9 CYBER RISK
C yber risk has becom e a critically im portant consideration in
recent years. Banks' system s can be hacked, their A TM s can be
used to steal money and client inform ation, custom er identities
can be stolen and m isused, and so on. Financial institutions are
spending billions of dollars every year on their system s to make
them safer. These system s must be protected from the outside
world as well as from internal misuse. Threats to the banking
system from cyberattacks are also a major concern to inter­
national regulatory bodies, such as the Bank for International
Settlem ents (BIS) and the International M onetary Fund (IM F), as
well to local regulators.
34 The PCAOB promulgates auditing standards and has the power to
investigate.
The SWIFT Case
SW IFT is the world's leading system for transferring funds
electronically among banks processing billions of dollars in
transactions every day. In fact, SW IFT is considered so reliable
that transactions which normally take days (in order to prevent
fraud) are instead com pleted in seconds.
In April 2016, an article published in the New York Tim es
revealed that hackers had used the SW IFT network to steal
USD 81 million from the account of Bangladesh Bank (the
central bank of Bangladesh) at the New York Fed. The heist
involved malware that sent unauthorized SW IFT m essages
instructing funds to be moved to an account controlled by the
hackers. Then, the malware deleted the database record of the
transfer and disabled transaction confirmation m essages that
would have revealed the theft.
CONCLUSION
Factors such as adverse m acroeconom ic activity, increased
com petition, and evolving technologies can cause major losses
for financial instructions. This chapter, however, reviewed major
losses that stem m ed from factors beyond normal business risk.
W hile each case study describes a unique situation, understand­
ing the m istakes com m itted by others should help in designing
better risk m anagem ent system s across the enterprise. All this
goes beyond, and is even more im portant than, simply calculat­
ing the regulatory or econom ic capital requirem ents.
35 See Crouhy, Galai, and Mark, " 'What's in a Name?' Risk," Enterprise
Wide Risk Management Supplement (November 1997), pp. 36-40.
Chapter 9 Learning from Financial Disasters ■ 137
The following questions are i to help candidates understand the material. They are not actual FRM exam questions.

QUESTIONS
9.1 W hat does it mean to ride the yield curve? 9.8 LTCM was purported to have had an experienced team
and operated strategies that were perceived as having
9.2 The S&L crisis of the 80s was mainly due to
minimal risk. So, what were the reasons for the collapse of
A. S&Ls failing to manage their interest rate risk.
LTCM in Septem ber 1998? Explain.
B. increased com petition among S&Ls.
C. increased com petition from commercial banks. 9.9 W hich of the financial disasters was not affected by
D. econom ic recession. increased correlations in the m arkets?
A. LTCM
9.3 Explain what the major factors leading to Lehman Brothers
collapse in Septem ber 2008 w ere.
B. M etallgesellschaft
C . The subprim e crisis
9.4 Liquidity risk, which brought the dem ise of Lehman Broth­
D. The London W hale
ers and Continental Illinois, was not caused by
9.10 In the "London W hale" case it is m entioned that ". . . the
A. expanding the business too fast.
SCP trades breached the limits on all five risk m etrics. In
B. reliance on short-term financing.
fact, from January 1 through April 30, 2012, C IO risk limits
C. changes in regulation that required more liquidity
and advisories were breached more than of 330 tim es."
reserves.
How can the inaction of the bank's m anagem ent be
D. worsening m acroeconom ic conditions.
explained?
9.5 In the Northern Rock case one of the lessons is that there
is a tradeoff between funding liquidity and interest rate
9.11 Explain the term "flight to quality" and explain how it

risk: W hen funding liabilities have shorter duration than relates to a financial crisis.

loan assets, the bank is exposed t o ____________ interest rate 9.12 W hat is model risk?
risk a n d ____________ funding liquidity risk. 9.13 G ive some fam ous exam ples of rogue trading.
A. lower, higher
9.14 The Enron failure was due to
B. lower, lower
A. liquidity risk.
C. higher, higher
B. foreign currency risk.
D. higher, lower
C . com m odity risk.
9.6 Rumors about a possible intervention by the Bank of Eng­ D. governance risk.
land contributed to the default of Northern Rock.

A. True
B. False
9.7 In which of the following cases did the firm default due to
fraud?
A. M etallgesellschaft Refining and Marketing
B. Northern Rock Bank
C. Victor N iederhoffer
D. None of the above

138 ■ Financial Risk Manager Exam Part I: Foundations of Risk Management

The following questions are i to help candidates understand the material. They are not actual FRM exam questions.
ANSWERS
9.1 Maintain positive spreads between interest rates earned
on longer-term assets (e.g ., loans) and interest paid on
shorter-term liabilities (e.g ., deposits).
9.2 A. S&Ls failing to manage their interest rate risk.
Interest rate risk led to the US savings and loan (S&L)
crisis in the mid-1980s.
9.3 Concerns about the valuation of the firm's real estate-
based assets led to a loss in m arket confidence. Counter­
parties began to reduce their exposure significantly and
the firm could not roll over its debt. A ttem pts to orga­
nize an industry rescue failed.
9.4 C. changes in regulation that required more liquidity
reserves.
In each case, the liquidity crisis was brought on by
changing conditions in the w ider econom y and the credit
m arkets.
9.5 A. lower, higher
Banks must consider the significant tradeoff between a
short-term funding strategy with low rates but frequent
rollovers (and thus more liquidity risk) and a long-term
funding strategy with higher rates (and thus higher costs)
but less frequent rollovers.
9.6 True
W hen Northern Rock becam e unable to fund itself
through interbank loans, UK authorities discussed vari­
ous strategies to relieve the bank's difficulties. News of
the Bank of England's planned support operation for
Northern Rock leaked, setting the scene for a run on
deposits between Septem ber 14 and Septem ber 17.
9.7 C. None of the above
The fraud exam ples included Barings Bank and Enron.
9.8 LTCM failed because its models did not anticipate the
vicious circle of losses that would arise as volatilities
increased, correlations between various instruments and
m arkets approached 1, and liquidity vanished. LTCM also
succum bed to a liquidity crunch caused by large margin
38 Frierson, R. D. (2013, June 7). Re: Docket No. 1457 and RIN
7100-AD-95 on Large Bank Assessments [Letter to United States Senate
Committee on Homeland Security and Governmental Affairs].
Chapter 9 Learning from Financial Disasters
calls on its futures holdings. Ironically, LTCM's strategies
actually were valid in the medium term , and as the crisis
ended, the banks that took over LTCM realized a sub­
stantial profit.
9.9 B. M etallgesellschaft
M etallgesellschaft was hurt by change in the shape of the
price curve.
9.10 Fail ure in corporate governance and poor risk culture.
Specifically, the whale trades showed that breaches in
risk limits were frequently ignored, risk m etrics were
often criticized or dow nplayed, and risk m odels were
misused by em ployees to set capital requirem ents that
were artificially low.38
9.11 W hen investors are worried about the econom ic and
m arket environm ent, they tend to rebalance their
portfolio by investing heavily in "secure" assets from
"safe heaven" countries (e.g ., the United States). As
a consequence, the yield on US securities goes down
during a financial crisis, whereas interest rates in other
countries go up.
9.12 Trading of financial securities, especially derivative prod­
ucts, relies heavily on mathematical m odels. Trading
losses can be the consequence of model errors due to
incorrect assum ptions about the underlying asset price
process, errors in the calibration of key input param eters
such as volatility and correlations, and errors in the deri­
vation of the hedge ratios.
Note that when m arkets becom e illiquid (e.g ., during a
financial crisis), even the best model might not be able
to help in hedging the risk of a trading position because
traders might not be able to execute the hedge in the
market.
9.13 Barings
9.14 D. governance risk.
Enron was a poster child of corporate governance failure
and poor risk m anagem ent.
■ 139
 Learning Objectives•*
A fter com pleting this reading you should be able to:

• D escribe the historical background and provide an over-
view of the 2007-2009 financial crisis.
• D escribe the build-up to the financial crisis and the factors
that played an im portant role.
Explain the role of subprim e m ortgages and collateralized
debt obligations (CD O s) in the crisis.
• D escribe trends in the short-term wholesale funding mar-
kets that contributed to the financial crisis, including their
im pact on system ic risk.
# D escribe responses taken by central banks in response to
the crisis.

Com pare the roles of different types of institutions in the

financial crisis, including banks, financial interm ediaries,
m ortgage brokers and lenders, and rating agencies.

141
10.1 INTRODUCTION AND OVERVIEW
The cascade of events that came be known as the G reat Finan­
cial Crisis of 2007-2009 (G FC ) began with a downturn in the
U.S. subprim e m ortgage m arket in the sum m er of 2007
(Box 10.1). The years preceding the crisis saw an exceptional
boom in credit growth in the United States, a massive housing
price bubble, and an excess of leverage in the financial system
that had been building since the previous credit crisis of
2 0 0 1 -2 0 0 2 .2 The boom years had also been accom panied by a
wave of financial innovations related to securitization, which
expanded the capacity of the financial system to generate credit
assets but outpaced its capacity to manage the associated risks.
Unlike previous U.S. credit crises, the G F C affected investors all
over the world. Massive losses spread from subprim e m ortgages
in the United States to other segm ents of the credit m arket.
Banks began to experience large losses and liquidity problems
amid growing uncertainty about the valuation of credit assets.
As a result, banks stopped lending to one another. Governm ents
around the world intervened by offering liquidity support facili­
ties and recapitalizing insolvent banks in an effort to encourage
bank lending. Many banks failed entirely or were taken over.
February 2008 saw the nationalization of troubled U .K. m ort­
gage lender Northern Rock, a victim of the first bank run that
nation had experienced in 140 years. The following month, U.S.
investm ent bank Bear Stearns was absorbed by J .R Morgan
Chase in a deal brokered by the U.S. Treasury D epartm ent and
the Federal Reserve.
The crisis also brought the asset-back commercial paper (ABCP)
and repo markets to a halt, causing numerous hedge funds to
freeze redem ptions or fail. Many special investm ent vehicles
(SIVs) and conduits were also wound down. C redit losses w orld­
wide eventually exceeded USD 1 trillion.
The peak of the subprim e crisis cam e in Septem ber 2008, which
saw a cascade of events.
• Lehman Brothers declared bankruptcy, leading to an im m edi­
ate acute reduction in the interbank borrowing m arket. Banks
with excess cash were unwilling to lend money to banks look­
ing for liquidity in the overnight repo m arkets.
• The last two major investm ent banks in the United States,
Morgan Stanley and Goldm an Sachs, were converted to bank
1 Some analysts point to the role that US government policy had in pre­
cipitating the G FC, see for example Peter J. Wallison's Dissent from the
Majority Report o f the Financial Crisis Inquiry Commission.
Between 2002 and 2007, debt as a percent of national income rose
from 375% to 475% while at the same time average housing prices
increased at 1 1 % per year, a record rate.
142 ■ Financial Risk Manager Exam Part I: Foundations of Risk Management
BOX 10.1 SUBPRIME MORTGAGE
MARKET PRE-CRISIS
Subprim e m o rtg a g es1
3 are residential home loans made to
borrowers with poor credit. In the United States,
consum er credit quality is m easured with a FIC O sco re.4
Factors that can drive down a FIC O score include a limited
credit history, a large amount of outstanding debt, or a
history of delinquent paym ents. The exact definition of a
subprim e borrower can vary, and some lenders even
consider borrowers with relatively high credit scores as
subprim e if their m ortgages have low down paym ents.
Broadly speaking, subprim e m ortgages have more default
risk than prime m ortgages and therefore pay higher
interest rates.
There is another key category of borrowers term ed Alt-A.
These are borrowers that have reasonably strong credit
ratings but lack essential docum entation needed to verify
their assets and income.
Subprim e m ortgages becam e very popular in the United
States in the years preceding the financial crisis. According
to form er Fed chairman Ben Bernanke, "[fjrom 1994 to
2006, subprim e lending increased from an estim ated USD
35 billion, or 4.5 percent of all one-to-four fam ily m ort­
gage originations, to USD 600 billion, or 20 percent of
originatio ns."5
By early 2007, total outstanding subprim e m ortgage debt
was estim ated at USD 1.3 trillion.6
holding com panies and becam e regulated by the Federal
Reserve. This move gave them access to the Fed's liquidity
facilities.
• Fannie Mae and Freddie Mac were nationalized. A IG was
brought back from the brink of collapse via a USD 150 billion
capital infusion by the U.S. Treasury and the Federal Reserve.
• In Europe, many countries had to step in to provide massive
support to their banks. Dutch financial conglomerate Fortis was
3 M. Crouhy, D. Galai, and R. Mark provide an extended discussion on
subprime mortgages in The Essentials o f Risk Management, 2nd Ed.,
McGraw Hill, 2014, Ch. 12.
4 FICO is an acronym for Fair Isaac Corporation, the developer of the
methodology.
5 "FRB: Speech-Bernanke, Fostering Sustainable Homeownership," Fed-
eralreserve.gov, March 14, 2008. Chairman Bernanke was referencing
data from the website https://www.insidemortgagefinance.com/lnside
Mortgage Finance
6 Statement of Scott M. Polakoff, Deputy Director Office of Thrift Super­
vision, before the Committee on Banking, Housing and Urban Affairs,
U.S. Senate, March 22, 2007. https://www.banking.senate.gov/imo/
media/doc/polakoff.pdf
 broken up and sold. Iceland's largest commercial bank, and
subsequently the entire Icelandic banking system, collapsed.
• Many government budgets in Europe were stretched thin due
to the massive cost of the bank rescues, a situation that contrib­
uted to a subsequent European sovereign debt crisis in 2010.7
• There was a fundam ental spillover from the financial crisis to
the w ider global econom y. This resulted in a massive loss of
wealth and high unem ploym ent around the world.
10.2 HOW IT ALL STARTED8
Growth in housing dem and and concom itant m ortgage financ­
ing was fueled (in part) by the low interest rate environm ent that
existed in the early 2000s.9 This dem and helped drive substan­
tial increases in housing p rices.101Low interest rates also spurred
investors, including institutional investors, to look for invest­
ments that offered yield enhancem ent. They found this yield in
subprim e m ortgages, which typically carry premiums of up to
300-basis points over the rates charged to prime borrowers.
Subprim e loans also becam e increasingly in dem and for securiti­
zation. Through this process, securitizers:
• Created pools of below investm ent-grade assets;
• Bifurcated the cashflows by model-driven certainty; and
• Packaged the "safest" cashflows into investm ent-grade
secu rities.11
This encouraged banks to develop or grow an originate-to-
distribute (O TD) business model (see Chapter 4).
Subprim e m ortgages becam e an increasingly large share of
the overall m ortgage m arket, rising from 7% of total m ortgage
originations in 2001 to 20% in 2006 (Table 10.1).
7 Countries such as Greece, Portugal, and Ireland were forced to take
rescue packages from the International Monetary Fund and the Euro­
pean Central Bank.
8 This section borrows from Crouhy, Jarrow, and Turnbull, "The Sub­
prime Credit Crisis of 2007," Journal o f Derivatives, Fall 2008.
9 In 2007, in the United States, 50 million, or two-thirds of homeowners,
had mortgages, with 75.2% being fixed rate mortgages and the remain­
ing 24.8% with adjustable-rate mortgages (ARMs). These figures come
from the Mortgage Bankers Association, August 15, 2007.
10 The Fed funds rate was 1% in June 2003. It started to slowly increase
in June 2004 and was 5.25% by June 2006. It was reduced to 4.75% on
September 18, 2007.
11 As a very simple illustration, consider a pool of bonds that in one
year's time is scheduled to deliver USD 100, with a "worst-case loss"
of USD 35. Then USD 65 could be said to be a very reliable minimally
expected cashflow and the claim on this amount would be packaged
and sold as a high-grade asset; the claims on the other USD 35 would
also be packaged and sold as high-yielding paper.
Chapter 10 Anatomy of the Great Financial Crisis of 2007-2009
Table 10.1 Percentage of Total Mortgage Loans,
which are Subprime, by Year of Origination
2001 7%
2002 8
2003 9
2004 11
2005 14
2006 20
Sources: B&C Lending Fedral Reserve Bank of St. Louis; EIR.
Many subprim e m ortgages were structured with low tea ser rates
for the first few years (which were then followed by much higher
rates once the teaser period ended). Many of these m ortgages
were interest-only over the teaser period as w ell, meaning that
no principal paym ents were required.
Som e borrowers used subprim e lending to purchase a house in
which they intended to live, whereas others were merely specu­
lating on rising home prices. For either type of borrower, a loan
could typically be refinanced into another sim ilar m ortgage once
the teaser rate period ended (as long as housing prices rose). If
refinancing was not possible, a speculator could sim ply default
on the m ortgage.
Under the O TD m odel, losses on subprim e m ortgages were
borne not by the banks that initially made the loans, but by the
investors that eventually owned them . This reduced the incen­
tive for the originating banks to conduct the appropriate due
diligence (e.g ., proper credit assessm ents on the borrowers and
rigorous collateral valuation on the homes being purchased)
before extending credit.
Many subprim e m ortgages were securitized into collateralized
debt obligations (CD O s) during this tim e. These credit risk trans­
fer instrum ents played a major role in the subsequent sub-prime
m ortgage m eltdown.
Delinquencies on adjustable-rate subprim e m ortgages rose
m arkedly in 2007 and by August of that year, the rate of serious
delinquencies was approaching 16% (roughly triple its level in
m id-2005).12 By May 2008, this figure had risen to 2 5 % ,13
12 B. S. Bernanke (2007, October 17), "The Recent Financial Turmoil and
its Economic and Policy Consequences (Speech)," New York. Retrieved
July 13, 2008.
13 B. S. Bernanke (2008, May 19), "Mortgage Delinquencies and Fore­
closures (Speech)." Columbia Business School's 32nd Annual Dinner,
New York City. Retrieved May 19, 2008.
■ 143
leading to a massive number of ratings dow ngrades14 for sub­
prime m ortgage securitized products.
There are several reasons for why delinquencies rose signifi­
cantly after mid-2005.
• In a subprim e m ortgage transaction, the inherent credit
quality of the borrower is typically w eak and the m ortgage
is often under-collateralized. Spotty income and paym ent
histories, as well as high debt-to-income ratios, are typical of
subprim e borrowers.
• Traditionally, first-time home m ortgages required a 20%
down paym ent. In 2005, 43% of first-time home buyers paid
zero down paym ent,15 significantly reducing the collateral
cushion in case housing prices declined.
• A s m entioned previously, many subprim e m ortgages
included teaser rates. For exam ple, a 2/28 adjustable-rate
30-year m ortgage would typically have a teaser rate for the
first two years, after which it would reset to a (potentially)
much higher rate (i.e., a short-term rate or index plus a sev­
eral hundred-point spread) for the remaining 28 years. This
was not much of a problem as long as a borrower could refi­
nance the m ortgage before the reset date. But if the bor­
rower could not refinance and if interest rates increased, the
monthly m ortgage costs could rise very quickly. As it turned
out, interest rates did start to increase, with the rate on the
three-month Treasury bill rising from less than 1.0% in April
2004 to over 4.0% in N ovem ber 2 0 0 5 .16 O ther m ortgage fe a­
tures, such as interest-only teaser periods, made this issue
even w orse.
• The ability to refinance m ortgages ahead of the reset date
was a common assumption am ongst subprim e borrowers.
However, this ability declined significantly when housing
prices began to fall sharply in 2006. Furtherm ore, subprim e
m ortgage balances quickly began to exceed the market
value of the homes that collateralized the loans, increasing
the incentive for borrowers to default.
• The heavy demand for subprim e m ortgage products encour­
aged questionable practices by some lenders. Som e bor­
rowers were steered into subprim e m ortgages although
they qualified for m ortgages with more attractive term s.
M eanwhile, other borrowers ended up with m ortgages they
14 It should be noted that the market was heavily dependent upon the
rating agencies to provide an explicit risk analysis of these securities,
which in turn translated to a high implicit impact on market valuation.
15 N. Knox, "43% of First-time Home Buyers Put No Money Down," USA
Today, 2006, Jan. 17.
16 Board of governors of the Federal Reserve system, H.15 Selected
Interest rates.
144 ■ Financial Risk Manager Exam Part I: Foundations of Risk Management
were not qualified to hold and could not afford. M eanwhile,
increasingly risky products entered the subprim e market,
including N IN JA loans (i.e., no incom e, no job, and no assets)
and liar loans (which required such a scant amount of docu­
mentation that borrowers could safely lie on their applica­
tions). In an attem pt to take advantage of the lax lending
standards and increasingly w eak controls, some borrowers
and m ortgage brokers subm itted false docum entation that
enabled some borrowers to receive funding under fraudulent
term s. This situation was exacerbated by the com pensation
structure for most m ortgage brokers, which incentivized
increasing the volume of loans originated and not necessarily
the long-term perform ance of those loans. In fact, there were
few (if any) consequences to a broker if an originated loan
eventually defaulted. Originating brokers therefore had very
little incentive to conduct proper due diligence.
10.3 THE ROLE OF FINANCIAL
INTERMEDIARIES
Banks moved assets to be securitized off their balance sheets to
structured investm ent vehicles (SIVs), also called conduits. SIVs
are a lim ited-purpose, bankruptcy remote com panies used by
banks to purchase assets. They are typically funded with
short-term commercial paper as well as some medium-term
notes and capital.
Securitization involves taking a portfolio of existing assets and
repackaging their associated cash flows into claims on tranches.
Bonds are issued against these tranches and the proceeds are
used to purchase the collateral assets.
To appeal to investor dem and, the different tranches are typi­
cally structured to have a desired credit rating (with most
tranches being rated as investm ent grade). A waterfall structure
is introduced to differentiate the credit risk associated with the
claims on the different tranches. The tranches are established in
order of safety, beginning with Senior A A A debt (often referred
to as super senior), Junio r A A A , A A , A , BBB, BB, and so on. To
ensure that the super senior tranche receives a A A A rating, a
surety wrap was som etim es u sed .17
In theory, the O TD m odel, coupled with extensive use of secu­
ritization, would distribute risk more broadly throughout the
financial system . This in turn would make banks less sensitive
to credit crises, reduce system ic risk, and give banks additional
funding sources to support their lending.
17 A surety wrap is supplied by a monoline insurer who is obligated to
make interest and principal payments in the event of default.
The crisis, however, exposed flaws in this theory. O ver the
period from 2003 to 2007, banks appear to have used securiti­
zation to keep their credit exposures to A AA -rated tranches to
generate extra yield without increasing their regulatory capital
minimums under Basel II.
For exam ple, a residential m ortgage attracts a risk-weighted
asset (RWA) of 50%. M eanwhile, a A A A -rated tranche of secu­
ritization is only subject to an RW A of 20% (because an asset
with such a rating is presumed to be at low risk of default). The
A A A rating also served to greatly reduce incentives for investors
to investigate and perform proper due diligence on the pool.
Accordingly, investors thought they could increase their returns
without adding risk by purchasing C D O s, rather than lower
yielding corporate bonds or sim ilar assets. A s explained in the
following section, they were wrong.
10.4 ISSUES WITH THE RATING
AGENCIES
A s part of a C D O structuring process, the equity holders (known
as the C D O trust partners) would pay credit rating agencies to
rate the various liabilities of the C D O . Because C D O trusts were
aware of the requirem ents and assum ptions underlying these
ratings, they were able to structure the paym ent waterfalls and
associated liabilities in such a way as to obtain a high percent­
age of A A A -rated bonds.
The assum ptions used in this rating process were based on his­
torical data. However, this data did not reflect the changes in
the asset characteristics that were taking place at the tim e (e.g .,
the growing number of N IN JA loans, liar loans, and subprim e
m ortgages with 100% loan-to-value ratios).
Rating agencies also relied on data received from the issuers
and arrangers, who were bundling the m ortgages and perform ­
ing due diligence. In spite of w idespread knowledge of declin­
ing lending standards and increasing fraud, the rating agencies
them selves did not perform any additional due diligence or
monitoring of the data.
It is also im portant to note that subprim e m ortgage loans
were too new in the m arketplace to offer long-term data that
could inform risk analyses. Therefore, many of the initial ratings
assigned to these securitizations (typically the senior tranches
that were given A A A ratings) were likely faulty from the outset.
Despite these analytical flaws, there were strong incentives for
agencies to provide the required ratings. These agencies are paid
to monitor the C D O over its life. But if the C D O trust did not
get formed because too few bonds were A A A -rated, the agency
would miss out on this profitable and continual cash stream.
Chapter 10 Anatomy of the Great Financial Crisis of 2007-2009
10.5 A PRIMER ON THE SHORT-TERM
W HOLESALE DEBT MARKET
There are two main instrum ents that constitute the short-term
wholesale debt m arket: repurchase agreem ents and commercial
paper (CP). Both m arkets shut down early in the crisis as market
participants started to doubt the quality of the collateral.
Repurchase agreem ents (also known as repos) are used by many
financial institutions, including banks, brokerage firm s, and
money m arket funds. A standard repo involves
• The sale of an asset; and
• An agreem ent to buy the asset back at a slightly higher price
at a later tim e.
The seller of the security receives cash at the outset of the repo
and can thus be viewed as a borrower in a collateralized loan
transaction (with the security serving as the collateral). The
buyer of the security, who gives cash at the outset of the repo
and then receives a higher sum at the end of the term of the
repo, can be considered a lender (with the higher sum repre­
senting principal plus interest).
Various types of securities can be used as collateral in repo
transactions, ranging from governm ent bonds and high-quality
corporate bonds to tranches of securitizations. The quality of
the collateral greatly influences the size of the haircut (i.e., the
percent reduction from the initial m arket value the lender is will­
ing to give the borrower), with higher (lower) quality collateral
having sm aller (larger) haircuts. For exam ple, a haircut of 10%
means that a borrower can borrow USD 90 for each USD 100
pledged collateral. A haircut is intended to protect the lender
from recovering less than the full value of the loan amount in the
event they need to sell the collateral after a default.
Repos are excluded from the bankruptcy process. This means
that if one counterparty fails, the other may term inate the trans­
action unilaterally and either keep the cash or sell the collateral.
In unsecured CP financing, short-term debt is issued but is not
backed by any specific assets. Because there is no specific col­
lateral that a lender can seize in the event of default, unsecured
CP issuers generally have very high credit quality. If a C P issuer's
credit quality deteriorates, such as through a rating dow ngrade,
there is usually an orderly exit through margin calls.
Asset-back commercial paper (A BCP) is a special case of CP
where the issuer finances the purchase of the assets by issuing
CP, with the assets serving as collateral.
The dem and for collateral increased in the years preceding the
crisis, driven by the growth of the O T C derivatives m arkets and
an increasing reliance on short-term collateralization by financial
■ 145
institutions. This demand was (in part) satisfied by
the issuance of A A A -rated securitization tranches.
According to statistics from the Federal Reserve
Bank of New York, the total primary dealers' inven­
tory of repos increased from USD 1.6 trillion in 2000
to over USD 4.5 trillion in 2 0 0 8 .181
9

10.6 THE LIQUIDITY CRUNCH

HITS
Note that SIVs were typically funded short-term and
relied on being able to regularly roll over short-term
debt to finance their longer dated assets.

As m ortgage-backed securities began to lose value, Fiqure 10.1 Libor-O IS sp read .

however, the credit quality of many SIVs declined. Source: Carpenter and Demiralp, 2011, "Volatility, Money Market Rates, and the
This led to the rapid downgrading of the credit Transmission of Monetary Policy," Finance and Economics Discussion Series: 2011-22,
ratings of the A B C P issued by these SIVs and an Federal Reserve Board.

increasing skepticism about pledged collateral

value, which prevented a growing number of SIVs
from rolling over their A B C R Sim ultaneously, liquidity in the
subprim e-related asset m arkets disappeared. A t the same tim e, credit spreads on all credit assets increased
substantially, lowering the m arket price of the credit assets. This
Note that until the m iddle of 2007, counterparty credit risk was
led to a system atic increase in haircuts, from zero pre-crisis to
not priced by the m arket. There was hardly any difference (i.e.,
more than 45% when Lehman failed in Septem ber 2008 (see
only 2- to 5-basis points) between the unsecured overnight
Figure 10.2).
index swap (OIS) rate and the swap rates for all reset periods
1o qo
(i.e., three months, six months, one year). Gorton (2009) gives an illustration of the dynamics that began
with a liquidity crisis and ended up in a solvency crisis, especially
Starting in June of that year, m arket participants began to worry
for highly levered institutions that relied heavily on short-term
not only about the value of asset-backed securities but also
wholesale funding (repos).
about how much exposure banks and other financial institutions
had to the subprim e m arket.20 As a result, the O lS-swap spread For exam ple, consider a bank with USD 100 in assets. In turn,
exploded (as shown in Figure 10.1). It remained high during the these assets are backing USD 40 in long-term debt, USD 50 in
crisis, jum ped again when Lehman Brothers failed, and did not repo financing, and USD 10 in equity. Suppose repo haircuts
come back to pre-crisis levels.21 increase from zero to 20% , dropping repo financing from USD
50 to USD 40. The bank is now short of funding by USD 10. In
a normal m arket, the bank could simply sell USD 10 in assets.
18 Adrian et al, 2009, "Federal Reserve Bank of New York Current Issues
Its new balance sheet would look like the following: USD 90
in Economics and Finance," Volume 15, Number 4, August 2009.
in assets backing USD 40 in long-term debt, USD 40 in repo
19 Banks repriced their swap books with only one interest rate term struc­
ture curve (e.g., the three-month swap rate curve). This all changed in financing, and USD 10 in equity.
mid-2007, when market participants started to price counterparty credit
However, if there is a sim ultaneous sell off in the m arkets, the
risk and credit spreads on all credit assets went up substantially. Banks
switched to a new methodology called bi-curve, which uses one interest m arket value of the assets can fall precipitously. If the value of
rate curve to derive coupons and another for discounting cash flows. the bank's assets falls below USD 90, then the equity is wiped
20 Since the 1970s monoline insurance providers had an important role in out and the bank becom es insolvent.
municipal finance. In the years preceding the financial crisis, much of the
growth of the monolines came in structured credit products such as asset-
backed bonds and CDOs. Initially monolines carried enough capital to
earn a AAA rating which removed the need for them to post collateral.
22 G. Gorton (2009), Slapped in the Face by the Invisible Hand: Banking
01
Since 2007 the pricing of O TC derivatives incorporates the risk of in the Panic o f 2007, Yale University and the National Bureau of Eco­
default of the counterparty (CVA— counterparty valuation adjustment) nomic Research http://citeseerx.ist.psu.edu/viewdoc/download?doi=10
and Basel III imposes a capital charge against counterparty credit risk. .1.1.189.1320&rep=rep1 &type=pdf

146 ■ Financial Risk Manager Exam Part I: Foundations of Risk Management

 50

45

40

30
U)
CD
03
4 —
*
c 25
u
CD

Q)
Q_ 20

Fig u re 10.2 A v e ra g e rep o haircut on stru ctured d eb t.

Source: Gorton and Metrick (2009).

By the sum mer of 2007, the short-term wholesale funding mar­
kets started to freeze, including both the A B C P m arket and the
repo m arket. Investors stopped rolling maturing ABCP, forcing
banks to repatriate SIV assets onto their balance sheets. With
the significant increase in repo haircuts, institutions that relied
on repo financing were unable to roll their short-term funding.
A t that point, there were only three outcom es: bailout, merger,
or bankruptcy.
First of all, they are difficult to value even when there isn't an
ongoing crisis. Th eir liability structure and cashflow w aterfalls
tend to be co m p lex and contain different typ es of collateral
and interest rate trig g ers. A lso , even if they share a basic
securitization fram ew o rk, each structured product is unique.
T h e re fo re , the m odel(s) used to sim ulate the cashflow s for
each bond must be custom ized to fit the unique aspects of
the structure.

This is exactly the scenario that led to the failure of Bear
Stearns, m ortgage banks Northern Rock in the United Kingdom ,
IndyM ac in California, and Lehman Brothers. Note that all these
institutions satisfied Basel minimum regulatory capital require­
ments before they failed.
Relying heavily on short-term wholesale funding can be danger­
ous, as it can disappear overnight.
Th e assets in the collateral pool must also be valued. In the
case of A B S trusts, this can require the valuation of thousands
of subprim e m ortgages, with a w ide variety of borrow er char­
acteristics and loan term s. C D O s may contain securities issued
by A B S trusts, w hile C D O -sq uared structures contain secu ri­
ties issued by other C D O s. Som e asset pools contain synthetic
A B S credit default sw aps. All of these com plex instrum ents
m ust be valued.

M odeling the cashflow s to the tru sts can be fu rth er co m p li­

10.7 VALUATION UNCERTAINTY
AND TRANSPARENCY ISSUES*
Previous sections showed how a wave of uncertainty over the
valuation of asset-backed structured products exacerbated the
crisis by effectively freezing the short-term debt m arkets. But
what made these products so problem atic?
cated by the fa ct th at they are often d e p e n d e n t on the future
values and cred it ratings of the co lla te ra l. All future values
and cred it ratings m ust th erefo re be estim ated in order to
estim ate the value to d ay. T h e fa ct th at th ere is often little
data availab le, even to so p h isticated in vesto rs, on the d iffe r­
ent asset pools presents another challenge when it com es to
valu atio n .

Chapter 10 Anatomy of the Great Financial Crisis of 2007-2009 ■ 147

These products also had transparency issues. Many investors,
even seem ingly sophisticated investors, simply did not have the
in-house expertise to understand the com plex products they
were buying. Furtherm ore, they did not understand the poten­
tial risks that might arise from the assum ptions underlying the
valuation and credit rating m odels. Investors simply did not fore­
see how these assum ptions might fail under stressed conditions.
A s a result, they chose to be com pletely reliant on the rating
agencies for risk m easurem ent.
A t the same tim e, the valuation of illiquid assets was opaque.
With no readily available benchm ark prices, this lack of transpar­
ency made investors highly skeptical of reported prices when
assessing the credit risk of a counterparty.
The lack of transparency extended to types of products within
the SIVs, because banks may hold assets until they can be secu­
ritized and sold. Their exact holdings are, therefore, often
unknown to investors. 23
The total volume of outstanding com m itm ents that a financial
institution had given, including existing backstop lines of credit
the bank was com m itted to or loan com m itm ents for private
equity buyouts, was also hard to determ ine. Many banks also
had profitable money m arket franchises and these relationships
carried im plicit com m itm ents to these funds in the event they
experienced significant difficulties (e.g ., a run on the fund).
A wave of uncertainty, com bined with a lack of transparency,
triggered the subprim e crisis in the sum mer of 2007.
• In June 2007, Bear Sterns tried to rescue two hedge funds
that were threatened by losses from subprim e m ortgages.
The prime broker for one of the funds, Merrill Lynch, seized
USD 850 million in underlying collateral but had great dif­
ficulty selling any of it. Merrill's troubles showed how illiquid
the m arket for some these assets had becom e.
• In August 2007, BNP Paribas froze (i.e., barred investors from
making withdrawals from) three funds with USD 2.2 billion in
assets because of an inability to value the subprim e assets in
the funds.
The market becam e increasingly concerned that many of the
structured products that had been issued in recent years might
23 The amount of reported Level 3 asset, however, could offer a rough
guide. In 2006, the U.S. Financial Accounting Standards Board (FASB)
required firms to value their assets through a classification system.
Level 1 assets are those that can be valued according to observable
market prices. Level 2 assets are those that can be marked to market.
Level 3 asset values are determined based on models and unobservable
inputs. Their valuation can be rather subjective. Examples of Level 3
assets are MBS, private equity shares, complicated derivatives, foreign
stocks, and distressed debt.
148 ■ Financial Risk Manager Exam Part I: Foundations of Risk Management
be m ispriced. W orry spread beyond just the products them ­
selves, however, as the significant exposure of large financial
institutions to the subprime market was also called into question.
Shortly after these events, the m arkets for wholesale short-term
funding effectively shut down.
10.8 CENTRAL BANKS
TO THE RESCUE
In response to the growing crisis, the Federal Reserve and other
central banks from around the world came up with innovative
liquidity injection facilities. Between the fall of 2007 and the end
of 2008, the Fed created backstop facilities for a majority of the
asset classes that experienced stress during the crisis. Its actions
included
• Creating long-term lending facilities against high quality
collateral,
• O pening the discount w indow *•242
5to investm ent banks and
securities firms,
• Providing funds to be lent against high-quality illiquid asset-
backed securities,
• Providing funds to finance the purchase of unsecured CP and
ABCP,
• Providing liquidity to money m arket funds, and
q r
• Purchasing assets from Fannie Mae and Freddie Mac.
These actions were liquidity-targeted m easures. Consequently,
the size of central banks' balance sheets increased considerably.
The major governm ent interventions in the United States during
the crisis were the follow ing.26
• The Term Auction Facility (TAF), a program im plem ented in
D ecem ber 2007 and designed to provide funds to deposi­
tory institutions by auctioning funds against a wide range of
collateral
• The Primary Dealer C red it Facility (PD C F), which the allowed
the Fed to lend funds, via repos, to primary dealers
• The Econom ic Stimulus A ct of February 2008
24 The discount window is a Federal Reserve lending facility that helps
financial institutions manage short-term liquidity needs.
25 Fannie Mae and Freddie Mac were two U.S. government sponsored
enterprises that played a significant role in the mortgage markets.
O/
Viral Acharya, Thomas Philippon, Matthew Richardson, and Nouriel
Roubini, The Financial Crisis o f 2007-2009: Causes and Remedies, 2009,
NYU Salomon Center for the Study of Financial Institutions publication.
• A G overnm ent takeover of Fannie Mae and Freddie Mac in
Septem ber 2008
• The Troubled A sset Relief Program (TARP) in O cto b er 200827
10.9 SYSTEMIC RISK IN ACTION
System ic risk is the risk that events at one firm , or in one m arket,
can extend to other firms or m arkets. In turn, this can put entire
markets or econom ies at risk. System ic risk played a large role in
exacerbating the im pact of the crisis.
Note that in the A B C P and repo m arkets, collateral quality is
im portant in reducing the risk of a default by the borrower.
Lenders in these m arkets need to have confidence in the nature
and value of the assets used as collateral. A s the A B C P and repo
markets deteriorated, however, this confidence disappeared.
Lenders becam e increasingly concerned about w hether the
collateral contained subprim e m ortgages and w hether any of
the reported valuations could be relied upon. Due to the lack
of transparency in these m arkets, even borrowers without sub­
prime exposure sim ply could not roll over their debt.
It is often difficult to estim ate the price of illiquid assets even
under normal m arket conditions. For many in the sum mer of
27 On October 28, 2008, Bank of America, BNY Mellon, Citigroup, Gold­
man Sachs, J.P. Morgan Chase, Morgan Stanley, State Street, and Wells
Fargo received a total of USD 115 billion under the TARP program.
See United States., Government Accountability Office. (2009). The Trou­
bled A sset Relief Program March 2009 status o f efforts to address trans­
parency and accountability issues: Report to congressional Committees.
Washington, D.C.: U.S. Govt. Accountability Office, https://www.gao
.gov/assets/290/288105.pdf
Chapter 10 Anatomy of the Great Financial Crisis of 2007-2009
2007 (e.g ., BNP Paribas), it becam e im possible. M anagers of
money m arket funds, typically large purchasers of A B C P and
active participants in the repo m arkets, began to flee and to
seek refuge in Treasury bills.
Th e collapse of the A B C P and repo m arkets had numerous
repercussions. Many hedge funds, unable to roll over their
d eb t, w ere forced to sell assets. As hedge funds tend to hold a
w ide variety of assets, this im pacted many m arkets. O ne of the
first to be hit was the C D O m arket, which cam e under sig nifi­
cant selling pressure. Many funds though, feeling that prices
w ere artificially low or sim ply unable to practically liquidate
such holdings, resorted to liquidating other assets. To close
out existing positions, som e funds sold higher credit-rated
assets and bought lower credit-rated assets that w ere shorted.
This pushed the prices of the higher quality assets down and
the prices of the lower quality assets up. Som e quantitative
hedge funds that traded on pricing patterns w ere adversely
im pacted by this type of price reversal. Institutional investors
and hedge funds unwound carry trades at a loss in an effort to
reduce leverage.
A t the same tim e, banks began to hoard cash (in part) due to
the uncertainty around the m agnitude of possible drawdow ns
on the backstop credit lines they had extended to SIVs. A d d ­
ing to banks' concerns were outstanding com m itm ents to
underw rite leveraged buyouts. During the first part of August
2007, the three-m onth Libor (London interbank offered rate)
rose over 30-basis points. The reluctance to lend becam e
w idespread as credit standards tightened, negatively im pact­
ing hedge funds and other financial institutions, squeezing the
availability of m ortgages (both residential and com m ercial), and
restricting business lending. Thus, a financial crisis becam e an
econom ic crisis.
■ 149
The following questions are i to help candidates understand the material. They are not actual FRM exam questions.

QUESTIONS
10.1 Securitization didn't play a major role in the G F C . 10.9 In order to securitize m ortgages off their balance sheet,
A. True banks structured bankruptcy remote com panies called
B. False A. SUVs.
B. SIVs.
10.2 The G F C was contained in the United States and didn't
spread out to the rest of the world.
C. VIPs.
A. True 10.10 A s early as the sum mer of 2007, the short-term wholesale
B. False funding m arkets started to freeze. A s a consequence,
there was a significant increase in
10.3 Subprim e borrowers were required to pay a
A. the Libor-OIS spread.
down-paym ent of at least 10% to buy a house.
A. True B. repo haircuts.

B. False
C. A and B.
10.11 Between the fall of 2007 and the end of 2008, the Fed
10.4 The G reat Financial Crisis (G FC ) started
came up with several programs to inject liquidity into the
A. with the failure of Lehman Brothers.
financial m arket, including
B. in the high-tech sector.
A. TA F
C. in the subprim e m ortgage market.
B. P D C F
10.5 The G F C appears to have been triggered by
C. TARP
A. a liquidity crisis that led to a solvency crisis.
D. All of the above
B. a solvency crisis that led to a liquidity crisis.
E. None of the above
10.6 During the sum mer of 2007 banks, such as Northern
10.12 The Lehman Brothers collapse
Rock in the U .K ., started to run into funding problem s,
A. could have been easily predicted from the ratings of
because of the shutdown of
Lehman's debt instruments.
A. the asset back commercial paper (A BCP) market.
B. could have been predicted from the financial reports
B. the repo m arkets.
of the com pany.
C. A and B.
C. all of the above.
10.7 W hich major U.S. investm ent bank(s) was/were converted D. none of the above.
into bank holding com panies in 2008? Select all that
10.13 W hat are N IN JA loans?
apply.
10.14 Explain in a few words: W hat is the originate-to-distribute
A. Citibank
(O TD) business model?
B. J.P. Morgan
C. Goldm an Sachs 10.15 Describe in a few words the system ic im pact of the
D. Morgan Stanley default of a major O T C derivatives dealer such as
E. All of the above Lehman Brothers.

10.8 Subprim e borrowers started to default when

A. the value of their house fell below the nominal value
of the m ortgage loan.
B. banks stopped refinancing m ortgage loans after the
initial "teaser" period.
C. A and B.

150 ■ Financial Risk Manager Exam Part I: Foundations of Risk Management

The following questions are i to help candidates understand the material. They are not actual FRM exam questions.
ANSWERS
10.1 False
Securitization expanded the capacity of the financial sys­
tem to generate credit assets but outpaced its capacity
to manage the associated risks.
10.2 False
Unlike previous U.S. credit crises, the G F C affected inves­
tors all over the world.
10.3 False
In 2005, 43% of first-time home buyers paid zero down
paym ent.
10.4 C. in the subprim e m ortgage market
The cascade of events that came be known as the G reat
Financial Crisis of 2007-2009 (G FC ) began with a dow n­
turn in the US subprim e m ortgage m arket in the summer
of 2007.
10.5 A. a liq uidity crisis that led to a solvency crisis.
This is especially true for highly levered institutions which
relied heavily on short-term wholesale funding.
10.6 C. A and B
By the sum mer of 2007, the short-term wholesale fund­
ing m arkets started to freeze, including both the A B C P
m arket and the repo market.
10.7 C. Goldm an Sachs
D. Morgan Stanley
The last two major investm ent banks in the United
States, Morgan Stanley and Goldm an Sachs, were con­
verted to bank holding com panies and becam e regu­
lated by the Federal Reserve.
10.8 D. A and B
W hen housing prices fell, subprim e m ortgage balances
quickly began to exceed the m arket value of the homes
that collateralized the loans.
Teaser rates were not much of a problem if a borrower
could refinance the m ortgage before the reset date. But
if the borrower could not refinance, and if interest rates
increased, the monthly m ortgage costs could rise very
quickly.
Chapter 10 Anatomy of the Great Financial Crisis of 2007-2009
10.9 B. SI Vs.
An SIV is a lim ited-purpose, bankruptcy remote com pany
used by banks to purchase assets funded with short-term
commercial paper as well as some medium-term notes
and capital.
10.10 C . A and B
The OlS-swap spread exploded (as shown in Figure 10.1)
in the summer of 2007. It remained high during the crisis,
jumped again when Lehman Brothers failed, and never came
back to pre-crisis levels. A t the same time, there was system­
atic increase in haircuts, from zero pre-crisis to more than 45%
when Lehman failed in September 2008 (see Figure 10.2).
10.11 D. All of the above
• Term Auction Facility (TAF) is a program im plem ented
in D ecem ber 2007 and designed to provide funds to
depository institutions by auctioning funds against
a wide range of collateral. TA F was subsequently
expanded in March 2008, following the collapse of
Bear Stearns, to include other types of institutions.
• Primary D ealer C redit Facility (PD C F), created in
March 2008, through which the Fed lent funds via
repos to primary dealers.
• Troubled A sset Relief Program (TARP) was introduced
in O ctober 2008.
10.12 D. None of the above
Note that Lehman satisfied the Basel minimum regula­
tory capital requirem ents before it failed.
10.13 N IN JA Ioans refer to applicants who had "no incom e, no
job, and no assets."
10.14 In the originate-to-distribute business m odel, banks:
• Extend loans;
• Securitize the loans; and
• Sell the securities to investors.
10.15 Lehman's default triggered a cascade of defaults among
its counterparties, who could not get back their col­
lateral. Dealers which had no direct link to Lehman, but
were counterparties of failed direct counterparties of
Lehman, also defaulted.
■ 151
GARP Code
of Conduct
Learning Objectives
A fter com pleting this reading you should be able to:

D escribe the responsibility of each G A R P M em ber with D escribe the potential consequences of violating the
respect to professional integrity, ethical conduct, conflicts G A R P Code of Conduct.
of interest, confidentiality of inform ation, and adherence
to generally accepted practices in risk m anagem ent.

153
I. INTRODUCTORY STATEMENT
The G A R P Code of Conduct ("C o d e ") sets forth principles of
professional conduct for Global Association of Risk Professionals
("G A R P "), Financial Risk M anagem ent (FRM®) and Energy Risk
Professional (ERP®) certifications and other G A R P certification
and diploma holders and candidates, G A RP's Board of Trustees,
its Regional Directors, G A R P Com m ittee M em bers and G A RP's
staff (hereinafter collectively referred to as "G A R P M em bers")
in support of the advancem ent of the financial risk m anagem ent
profession. These principles promote the highest levels of ethi­
cal conduct and disclosure and provide direction and support
for both the individual practitioner and the risk m anagem ent
profession.
The pursuit of high ethical standards goes beyond following
the letter of applicable rules and regulations and behaving in
accordance with the intentions of those laws and regulations, it
is about pursuing a universal ethical culture.
All individuals, firms and associations have an ethical character.
Some of the biggest risks faced by firms today do not involve
legal or com pliance violations but rest on decisions involving
ethical considerations and the application of appropriate stan­
dards of conduct to business decision making.
There is no single prescriptive ethical standard that can be
globally applied. We can only exp ect that G A R P M em bers will
continuously consider ethical issues and adjust their conduct
accordingly as they engage in their daily activities.
This docum ent makes references to professional standards and
generally accepted risk m anagem ent practices.
Risk practitioners should understand these as concepts that
reflect an evolving shared body of professional standards
and practices. In considering the issues this raises, ethical
behavior must weigh the circum stances and the culture of the
applicable global community in which the practitioner resides.
II. CODE OF CONDUCT
The C ode is com prised of the following Principles, Professional
Standards and Rules of Conduct which G A R P M em bers agree to
uphold and im plem ent.
1. Principles
1.1 Professional Integrity and Ethical Conduct. G A R P M em ­
bers shall act with honesty, integrity, and com petence to
154 ■ Financial Risk Manager Exam Part I: Foundations of Risk Management
fulfill the risk professional's responsibilities and to uphold
the reputation of the risk m anagem ent profession. G A RP
M em bers must avoid disguised contrivances in assess­
ments, m easurem ents and processes that are intended to
provide business advantage at the expense of honesty and
truthfulness.
1.2 Conflicts of Interest. G A R P M em bers have a responsi­
bility to prom ote the interests of all relevant co n stitu en­
cies and will not know ingly perform risk m anagem ent
services directly or indirectly involving an actual or
potential conflict of interest unless full disclosure has
been provided to all affected parties of any actual or
ap p arent conflict of interest. W here conflicts are unavoid­
able G A R P M em bers com m it to their full disclosure and
m anagem ent.
1.3 Confidentiality. G A R P M em bers will take all reasonable
precautionary m easures to prevent intentional and uninten­
tional disclosure of confidential information.
2. Professional Standards
2.1 Fundamental Responsibilities.
• G A R P M em bers must endeavor, and encourage
others, to operate at the highest level of professional
skill.
• G A R P M em bers should always continue to perfect their
expertise.
• G A R P M em bers have a personal ethical responsibility
and cannot out-source or delegate that responsibility to
others.
2.2 Best Practices.
• G A R P M em bers will promote and adhere to applicable
"b est practice standards," and will ensure that risk
m anagem ent activities perform ed under his/her direct
supervision or m anagem ent satisfies these applicable
standards.
• G A R P M em bers recognize that risk m anagem ent does
not exist in a vacuum . G A R P M em bers com mit to consid
ering the w ider im pact of their assess ments and actions
on their colleagues and the w ider community and envi­
ronment in which they work.
2.3 Communication and Disclosure. G A R P M em bers issuing
any com m unications on behalf of their firm will ensure that
the com m unications are clear, appropriate to the circum ­
stances and their intended audience, and satisfy applicable
standards of conduct.
III. RULES OF CONDUCT
1. Professional Integrity and Ethical
Conduct
GARP Members:
1.1 Shall act professionally, ethically and with integrity in all
dealings with em ployers, existing or potential clients, the
public, and other practitioners in the financial services
industry.
1.2 Shall exercise reasonable judgm ent in the provision of risk
services while maintaining independence of thought and
direction. G A R P M em bers must not offer, solicit, or accept
any gift, benefit, com pensation, or consideration that could
be reasonably expected to com prom ise their own or anoth­
er's independence and objectivity.
1.3 Must take reasonable precautions to ensure that the
M em ber's services are not used for improper, fraudulent or
illegal purposes.
1.4 Shall not knowingly m isrepresent details relating to
analysis, recom m endations, actions, or other professional
activities.
1.5 Shall not engage in any professional conduct involving
dishonesty or deception or engage in any act that reflects
negatively on their integrity, character, trustworthiness, or
professional ability or on the risk m anagem ent profession.
1.6 Shall not engage in any conduct or com mit any act that
com prom ises the integrity of GARP, the (Financial Risk
Manager) FRM designation or the integrity or validity of
the exam inations leading to the award of the right to use
the FRM designation or any other credentials that may be
offered by GARP.
1.7 Shall endeavor to be mindful of cultural differences regard­
ing ethical behavior and custom s, and to avoid any actions
that are, or may have the appearance of being unethical
according to local customs. If there appears to be a conflict
or overlap of standards, the G A R P m em ber should always
seek to apply the higher standard.
2. Conflict of Interest
GARP Members:
2.1 Shall act fairly in all situations and must fully disclose any
actual or potential conflict to all affected parties.
2.2 Shall make full and fair disclosure of all m atters that could
reasonably be expected to impair their independence and
objectivity or interfere with their respective duties to their
em ployer, clients, and prospective clients.
3. Confidentiality
GARP Members:
3.1 Shall not make use of confidential information for inap­
propriate purposes and unless having received prior
consent shall maintain the confidentiality of their work,
their em ployer or client.
3.2 Must not use confidential information to benefit personally.
4. Fundamental Responsibilities
GARP Members:
4.1 Shall com ply with all applicable laws, rules, and regu­
lations (including this C ode) governing the G A R P
M em bers' professional activities and shall not knowingly
participate or assist in any violation of such laws, rules, or
regulations.
4.2 Shall have ethical responsibilities and cannot out-source or
delegate those responsibilities to others.
4.3 Shall understand the needs and com plexity of their
em ployer or client, and should provide appropriate and
suitable risk m anagem ent services and advice.
4.4 Shall be diligent about not overstating the accuracy or cer­
tainty of results or conclusions.
4.5 Shall clearly disclose the relevant limits of their specific
know ledge and exp ertise concerning risk assessm ent,
industry practices and applicable laws and regulations.
5. General Accepted Practices
GARP Members:
5.1 Shall execute all services with diligence and perform all
work in a manner that is independent from interested
parties. G A R P M em bers should collect, analyze and distrib­
ute risk information with the highest level of professional
objectivity.
5.2 Shall be fam iliar with current generally accepted risk man­
agem ent practices and shall clearly indicate any departure
from their use.
5.3 Shall ensure that com m unications include factual data and
do not contain false information.
5.4 Shall make a distinction between fact and opinion in the
presentation of analysis and recom m endations.
Chapter 11 GARP Code of Conduct ■ 155
IV. APPLICABILITY AND
ENFORCEM ENT
Every G A R P M em ber should know and abide by this C ode.
Local laws and regulations may also impose obligations on
G A R P M em bers. W here local requirem ents conflict with the
C o d e, such requirem ents will have precedence.
Violation(s) of this Code by may result in, among other things,
the tem porary suspension or perm anent removal of the G A RP
M em ber from G A RP's M em bership roles, and may also include
tem porarily or perm anently removing from the violator the right
to use or refer to having earned the FRM designation or any
other G A R P granted designation, following a formal determ ina­
tion that such a violation has occurred.

156 ■ Financial Risk Manager Exam Part I: Foundations of Risk Management

INDEX

A chief risk officer (CRO), 50-51

clarity, 97
accuracy, 96, 97
classic risk management process, 7
adaptability, 96
Coca-Cola, 86
airline risk management, 30-31
collateralized debt obligation (CDO), 62, 145
anchoring, 116
collateralized loan obligations (CLOs), 62
Anheuser-Busch, 29
commercial mortgage backed securities (CMBS), 64
arbitrage pricing theory (APT), 84-85
commercial real estate markets (CRE), 10
asset-back commercial paper (ABCP), 62, 145
Commodity Futures Trading Commission (CFTC), 46
asset/liability management (ALM), 126
completeness, 96
avoid risk, 8 , 26-27
Comprehensive Capital Analysis and Review
(CCAR), 44, 45, 112, 113
B comprehensiveness, 97
confidentiality, 154, 155
balancing risk and reward, 13-14
conflict of interest, 12, 154, 155
bank holding companies (BHCs)
Conservative Minus Aggressive (CMA), 85
banking industry, 13, 24
Continental Illinois bank, 125-126
bank operational risk, 6
corporate governance, 40, 42, 45-47, 135-136
bank's audit function, 54-55
Basel Committee on Banking Supervision (BCBS), 42 aftermath, 137
Enron, 136-137
board audit committee, 49-50
Corzine, Jon, 46
board risk management committee, 50
credit default swaps (CDSs), 62
brainstorming, 7
credit derivatives, 63
business comparison, 14
credit risk, 5, 64
business lies strategic risk, 6
limits, 51
business managers, 53
credit risk transfer mechanisms
buy-and-hold strategy, 65-67
buy-and-hold strategy, 65-67
collateralized debt obligations, 62
C collateralized loan obligations, 62
capital asset pricing model (CAPM), 73-76, 84, 85 credit default swaps, 62
performance measures, 76-78 originate-to- distribute, 65-67
central banks, 148-149 securitization, 64-65
Chicago Board of Trade (CBOT), 29 uses, 62-64
chief executive officers (CEOs), 41 cyber risk, 137
D complex derivatives, 134
complex financial instruments, 134-135
day-to-day applications, 14
excess leverage, 134-135
digital risk management, 15
Sachsen, 135
distribution, 97
funding liquidity risk
diversification, 73
Continental Illinois, 125-126
Dodd-Frank Act, 44-45
Lehman brothers, 124-125
Dodd-Frank Act Stress Test (DFAST), 44, 112
lessons learned, 126-127
Northern Rock, 126
E interest rate risk, 124
economic capital, 13 model risk, 128-129
effective risk analysis, 92 corporate governance, 132
effective risk data aggregation fudging VaR models, 132
benefits, 93 governance, 131
characteristics, 96-97 long term capital management, 129-130
data architecture and IT infrastructure, 94-95 operational risk, 131-132
key governance principles, 93-94 risk exposure grows, 131
Enron, 136-137 risk measurement models, 130-131
enterprise risk management (ERM), 14-15 setting the scene, 131
benefits, 1 0 2 stress test, 130-131
dangerous concentrations, 106 trading models, 130
dimensions, 104-105 wrong assumptions, 129
don't insure the kettle, 106-107 reputation risk, 135
history, 103-104 rogue trading, 132-134
risk culture, 107-111 SWIFT, 137

sharpest blade financial engineering, 134

post-crisis trends, in scenario building, 112-114
scenario analysis, 1 1 1 , 1 1 2
sensitivity test, 1 1 1
stress test, 114
strategic decisions, 114-115
thinking beyond silos, 106
vertical vision, 105-106
from vision to action, 104-105
equity investors, 24
ERM. See enterprise risk management (ERM)
complex derivatives, 134
complex financial instruments, 134-135
excess leverage, 134-135
Sachsen, 135
financial services holding companies (FSHCs), 44
Financial Stability Board (FSB), 47
firm-level vs. industry-level risk appetite, 25
firms, 66
corporate hedging, 32-33
modern imperative to manage risk, 22-24

European Banking Authority (EBA), 45, 114 hedging philosophy, 23-24

Exchange Traded Fund (ETF), 86 instruments, 23
expected loss (EL), 9, 11 principal derivatives markets, 22-23
Extreme Value Theory (EVT), 11 rightsizing risk management, 27-28
risk appetite, 24-26
risk management road map, 2 2
F risk mapping, 26
Federal Reserve Board (FRB), 44 risk transfer toolbox
feedback effects, 116 airlines, 30-31
financial disasters beer and metal, 29-30
constructing and implementing, 127 exchange-based derivatives, 28
hedging strategy, 128 foreign exchange risk, 31-32
Metallgesellschaft Refining & Marketing, 127-128 interest rate risk, 31-32
corporate governance, 135-136 trading mechanics, 28
aftermath, 137 strategy selection, 26-27
Enron, 136-137 foreign exchange risk, 31-32
cyber risk, 137 framing, 116
financial engineering, 134 frequency, 97

158 ■ Index
fundamental responsibilities, 155 liquidity crunch hits, 146-147
Fundamental Review of the Trading Book (FRTB), 42 originate-to-distribute, 143
funding liquidity risk, 5 short-term wholesale debt market, 145-146
Continental Illinois, 125-126 subprime crisis, 142
Lehman brothers, 124-125 subprime mortgage market pre-crisis, 142
lessons learned, 126-127 systemic risk, 149
Northern Rock, 126 valuation uncertainty and transparency issues, 147-148
Greenspan, Alan, 62
groupthink, 116
G
GARP Code of Conduct H
applicability, 156
hard numbers, 14
confidentiality, 155
hedging exposure, factor analysis, 87
conflict of interest, 155
hedging philosophy, 23-24
enforcement, 156
herding, 116
fundamental responsibilities, 155
high minus low (HML), 85
general accepted practices, 155
holistic thinking, 115-116
principles, 154
home bias, 116
professional integrity and ethical conduct, 155
home/host cooperation, 98
professional standards, 154
human agency, 1 2
general market risk, 4
Ginnie Mae. See Government National Mortgage Association (GNMA)
Glass-Steagall Act, 44 I
global financial crisis, 40 information ratio (IR), 78
governance Institute of Internal Auditors (IIA), 55
bank's audit function, 54-55 integrity, 96
implementing board-level risk interest rate risk, 31-32
board audit committee, 49-50 internal capital adequacy assessment process (ICAAP), 45
board risk management committee, 50 internal liquidity adequacy assessment process (ILAAP), 45
risk advisory director role, 50 International Monetary Fund (IMF), 63
incentives and risk-taking, 52-53 International Professional Practices Framework (IPPF), 55
infrastructure investment analysis, 14
best-practice risk management, 46-47
board and corporate, 45-46
J
interdependence of organizational units, 53-54
Jensen's performance index (JPI), 77
post-crisis regulatory response
Basel Committee on Banking Supervision, 42
Basel I, 42 K
Basel II, 42 key risk indicators (KRIs), 14
Basel III, 42 Knightian uncertainties, 8
industry restructuring, 44-45
net stable funding ratio, 42
L
Supervisory Review and Evaluation Process, 45
liquidity risk, 5
risk appetite, 50
long term capital management (LTCM), 129-130
chief risk officer (CRO), 50-51
loss aversion, 116
limits policies, 51-52
monitoring risk, 52
risk appetite statement, 47-49 M
Government National Mortgage Association (GNMA), 64 market liquidity risk, 5
Graham-Leach-Bliley Act, 44 market portfolio, 73
Great Financial Crisis of 2007-2009 (GFC) market risk, 4-5, 12
central banks, 148-149 limits, 51
financial intermediaries, 144-145 Markowitz, Harry, 72
issues with the rating agencies, 145 Mcdonald's financing and market risk, 31

Index ■ 159
mental accounting, 116 monitoring risk, 52
Metallgesellschaft Refining & Marketing (MGRM), 32, 33, 127-128 risk appetite statement (RAS), 47-49
mitigate risk, 8 , 27 Risk Data Network (RDN), 97
model risk, 128-129 risk management building blocks, 2
corporate governance, 132 balancing risk and reward, 13-14
fudging VaR models, 132 conflicts of interest, 1 2
governance, 131 enterprise risk management, 14-15
long term capital management, 129-130 human agency, 1 2
operational risk, 131-132 interactions between factors, 1 0 - 1 1
risk exposure grows, 131 knowns and unknowns, 8-9
risk measurement models, 130-131 process, 7-8
setting the scene, 131 quantitative risk metrics
stress test, 130-131 expected loss, 9
trading models, 130 expect the unexpected, 9-10
wrong assumptions, 129 risky relationships, 1 0
modern portfolio theory (MPT), 72-73 from unexpected to extreme, 1 0
moonwalking bears, 9 value-at-risk, 1 0
Morgan, J.P., 86 risk aggregation, 12-13
mortgage backed securities (MBS), 62 risk factor breakdown, 1 0 - 1 1
multi-faceted costs, 135 structural change, 1 1 - 1 2
multifactor models of risk and return, 85-87 timeline, 2, 3
typology
N banking industry, 2-4
business lies strategic risk, 6
Northern Rock, 126
credit risk, 5
nuclear war, 8
liquidity risk, 5
market risk, 4-5
O operational risk, 5-6
operational risk, 5-6 reputation risk, 6-7
orange county, 134-135 risk management cost/benefit analysis, 14
originate-to-distribute (OTD), 65-67, 143 risky relationships, 1 0
Osaka Securities Exchange (OSE), 132 Robust Minus Weak (RMW), 85
ostrich effect, 116 rogue trading, 132-134
Roll, R„ 84
P rolling hedge, 128
Ross, S., 84
pricing strategies, 14
Rumsfeld, Donald, 8
professional integrity and ethical conduct, 154, 155

S
Q
Sarbanes-Oxley (SOX), 41
quantitative asset management techniques, 73
savings and loan (S&L) crisis, 124
scenario stress test, 116
R securitization process, 64-65
referencing, 116 sharpe performance index (SPI), 77
remedial actions, 98 Singapore International Monetary Exchange
repos, 145 (SIMEX), 132
reputation risk, 6-7, 135 small minus big (SMB), 85
retain risk, 8 , 26 Sortino ratio (SR), 78
rightsizing risk management, 27-28 special purpose vehicle (SPV), 64
risk-adjusted return on capital (RAROC), 13-14 specific market risk, 4
risk aggregation, 12-13 Standard and Poor's Depository Receipts (SPDR), 86
risk appetite, 24-26, 46, 50 State Street Global Advisors, 86
chief risk officer (CRO), 50-51 strong risk data aggregation capability, 95-96
limits policies, 51-52 supervisory measures, 98

160 ■ Index
Supervisory Review and Evaluation Process (SREP), 42, 45
U
surprise factor, 84
underwater icebergs, 9
SWIFT, 137
U.S. Dodd-Frank Act, 42
syndication, 63
usefulness, 97
systemic risk, 149

T V
Value-at-Risk (VaR), 10, 12, 13
timeliness, 96
Volcker Rule, 44
tracking error (TE), 78
Volkswagen Emission Cheating Scandal, 135
trading liquidity risk. See market liquidity risk
transfer risk, 8, 27
Treynor performance index (TPI), 77 W
triaging risks, 7 wrong way risk, 63

Index ■ 161