Professional Documents
Culture Documents
EXAM PART I
Foundations of Risk Management
<S>GARP
2020
EXAM PART I
Foundations of Risk Management
Pearson
Copyright © 2020 by the Global Association of Risk Professionals
All rights reserved.
This copyright covers material written expressly for this volume by the editor/s as well as the com pilation itself.
It does not cover the individual selections herein that first appeared elsew here. Permission to reprint these has
been obtained by Pearson Education, Inc. for this edition only. Further reproduction by any means, electronic or
m echanical, including photocopying and recording, or by any information storage or retrieval system , must be
arranged with the individual copyright holders noted.
All tradem arks, service marks, registered tradem arks, and registered service marks are the property of their
respective owners and are used herein for identification purposes only.
Pearson Education, Inc., 330 Hudson Street, New York, New York 10013
A Pearson Education Com pany
w w w .pearsoned.com
ScoutAutomatedPrintCode
000200010272205677
EEB /K W
iv ■ Contents
Chapter 5 Modern Portfolio Chapter 7 Principles for
Theory and Capital Effective Data
Asset Pricing Model 71 Aggregation and
Risk Reporting 91
5.1 Modern Portfolio Theory 72
5.2 The Capital Asset Pricing 7.1 Introduction 92
Model 73 7.2 Benefits of Effective Risk
5.3 Performance Measures 76 Data Aggregation and Reporting 93
Sharpe Performance Index 77 7.3 Key Governance Principles 93
Treynor Performance Index 77
7.4 Data Architecture and IT
Jensen's Performance Index 77
Infrastructure 94
Link Between the Treynor and
Jensen's Performance Measures 77 7.5 Characteristics of a Strong
Tracking Error, Information Ratio, Risk Data Aggregation Capability 95
and the Sortino Ratio 78 7.6 Characteristics of Effective
Tracking Error 78 Risk Reporting Practices 96
Information Ratio 78
Conclusion 97
Sortino Ratio 78
Appendix 1 98
Questions 79
Compliance Levels of 30 Banks 98
Answers 80
Questions 99
Answers 100
Chapter 6 The Arbitrage
Pricing Theory
and Multifactor Chapter 8 Enterprise Risk
Models of Risk Management and
and Return 83 Future Trends 101
6.1 The Arbitrage Pricing Theory 84 8.1 ERM: What Is It and Why
6.2 Multifactor Models of Risk Do Firms Need It? 102
and Return 85 8.2 ERM— A Brief History 103
6.3 Factor Analysis in Hedging 8.3 ERM: From Vision to Action 104
Exposure 87
8.4 Why Might Enterprise Risk
Questions 88 Demand ERM: Four Key Reasons 105
Answers 89 Top to Bottom—Vertical Vision 105
Contents ■ v
Are There Potentially Dangerous 9.4 Model Risk 128
Concentrations of Risk within the Firm? 106 Wrong Assumptions—The Niederhoffer
Thinking Beyond Silos 106 Put Options 129
Don't Insure the Kettle 106 Long Term Capital Management
and Model Risk: When "Normal"
8.5 Risk Culture: Without This,
Relationships Breakdown 129
Nothing 107
Trading Models 130
Discussion—Five Culture Clashes 110
Risk Measurement Models and Stress
8.6 Scenario Analysis: ERM's Testing 130
Sharpest Blade? 111 Model Risk and Governance—
Scenario Analysis Before the Global The London Whale 131
Financial Crisis 112 Setting the Scene 131
Post-Crisis Trends in Scenario Building 112 The Risk Exposure Grows 131
Stress Testing in Europe: Future Directions 114 Operational Risk 131
8.7 ERM and Strategic Decisions 114 Corporate Governance: Poor
Risk Culture 132
8.8 Conclusion: Risk Management Model Risk: Fudging VaR Models 132
and the Future 115
9.5 Rogue Trading and
Questions 118 Misleading Reporting 132
Answers 119 Barings, 1995 132
9.6 Financial Engineering 134
The Risks of Complex Derivatives 134
Chapter 9 Learning from
The Case of Excess Leverage and
Financial Disasters 123 Complex Financial Instruments:
Orange County 134
The Case of Investing in AAA Tranches
9.1 Interest Rate Risk 124 of Subprime CDOs: Sachsen 135
The Savings and Loan Crisis 124 9.7 Reputation Risk 135
9.2 Funding Liquidity Risk 124 Volkswagen Emission Cheating Scandal 135
Liquidity Crisis at Lehman Brothers 124
9.8 Corporate Governance 135
Liquidity Crisis at Continental Illinois 125
Enron 136
Northern Rock—Liquidity and Business
Aftermath 137
Models 126
Lessons Learned 126 9.9 Cyber Risk 137
9.3 Constructing and Implementing The SWIFT Case 137
a Hedging Strategy 127 Conclusion 137
Metallgesellschaft—How a Dynamic
Hedging Strategy Can Go Wrong 127 Questions 138
Hedging Considerations 128 Answers 139
vi ■ Contents
Questions 150
Chapter 10 Anatomy of the
Answers 151
Great Financial Crisis
of 2007-2009 141
Chapter 11 GARP Code of
Conduct 153
10.1 Introduction and Overview 142
10.2 How It All Started 143
I. Introductory Statement 154
10.3 The Role of Financial
Intermediaries 144 II. Code of Conduct 154
1. Principles 154
10.4 Issues with the Rating
2. Professional Standards 154
Agencies 145
10.5 A Primer on the Short-Term III. Rules of Conduct 155
Wholesale Debt Market 145 1. Professional Integrity and Ethical
Conduct 155
10.6 The Liquidity Crunch Hits 146 2. Conflict of Interest 155
10.7 Valuation Uncertainty and 3. Confidentiality 155
Transparency Issues 147 4. Fundamental Responsibilities 155
5. General Accepted Practices 155
10.8 Central Banks to the
Rescue 148 IV. Applicability and Enforcement 156
10.9 Systemic Risk in Action 149 Index 157
Contents ■ vii
FRM
COMMITTEE
Chairman
Dr. Rene Stulz
Everett D. Reese Chair of Banking and M onetary Econom ics,
The Ohio State University
Members
Richard Apostolik Dr. Attilio Meucci, CFA
President and C E O , Global Association of Risk Professionals Founder, ARPM
Reviewers
Bernadette Minton, PhD, Arthur E. Shepard Endowed Patrick Steiner, FRM , Large Institution Supervision Coordinating
Professorship in Insurance and Chair, Departm ent of Finance, Com m ittee, Federal Reserve Bank of New York
The Ohio State University
Dan Pugh, FRM , C h ief Legal and Risk Officer, Corporate
David W. Wiley, M BA, C FA , President, W H W Investm ents, LLC Secretary, and Global Risk Manager, G S E Systems
Luca Blasi, FRM , A C M A , Head of the Valuation and Trading Jesus Gonzalez, FRM , Vice President, Director of M arket Risk
Control Unit, Prudential Regulatory Authority— Bank of England Analytics, BB&T
Attributions ■ ix
The Building
Blocks of Risk
Management
Learning Objectives
A fter com pleting this reading you should be able to:
Explain the concept of risk and com pare risk m anagem ent Interpret the relationship between risk and reward
with risk taking. and explain how conflicts of interest can im pact risk
m anagem ent.
D escribe elem ents, or building blocks, of the risk m anage
ment process and identify problem s and challenges that D escribe and differentiate between the key classes
can arise in the risk m anagem ent process. of risks, explain how each type of risk can arise, and
assess the potential im pact of each type of risk on an
Evaluate and apply tools and procedures used to measure organization.
and manage risk, including quantitative m easures, qualita
tive assessm ent, and enterprise risk m anagem ent. Explain how risk factors can interact with each other and
describe challenges in aggregating risk exposures.
Distinguish between expected loss and unexpected loss,
and provide exam ples of each.
1
Risk, in the most basic sense, is the possibility that bad things
1. The risk m anagem ent process
might happen. Humans evolved to manage risks such as wild
animals and starvation. However, our risk aw areness is not 2 . Identifying risk: knowns and unknowns
always suited to the modern world (as anyone who has taught 3 . Expected loss, unexpected loss, and tail loss
a child to cross the road knows). Behavioral science shows that
4 . Risk factor breakdown
we rely too much on instinct and personal exp erience, as biases
skew our thought processes. Furtherm ore, even the way we 5 . Structural change: from tail risk to system ic crisis
fram e risk decisions irrationally influences our willingness to 6 . Human agency and conflicts of interest
take risk. 7 . Typology of risks and risk interactions
Even so, surprisingly sophisticated exam ples of risk m anage 8 . Risk aggregation
ment can be seen in early history. In ancient tim es, merchants
9 . Balancing risk and reward
and their lenders shared risk by tying loan repaym ents to the
safe arrival of shipm ents using maritime loans (i.e., combining 1 0 . Enterprise risk m anagem ent (ERM)
loans with a type of insurance). The insurance contract sepa
Fiqure 1.1 Ten risk management building blocks.
rated from the loan contract as early as the fourteenth century
in northern Italy, creating the first standalone financial risk trans
fer instrum ent. From the seventeenth century onward, a more
m ethodical approach to the m athem atics of risk can be traced. 1.1 TYPOLOGY OF RISKS AND RISK
This was followed by the developm ent of exchange-based risk INTERACTIONS
transfer in the form of agricultural futures contracts in the eigh
teenth and nineteenth centuries (Figure 1.2). Risk is a wild animal, circling the camp fire in the dead of night.
But what kind of animal?
That m ethodical approach continued to evolve in the twentieth
century and beyond, with major advances in financial theory in Figure 1.3 sets out a typology of risks in the financial industry.1
2
the 1950s; an explosion in risk m anagem ent m arkets from the Given the variety of business models that firms pursue, corpo
1970s onwards; and the em ergence of new instrum ents, such rate risks take many form s. However, most firms face risks that
as cyber risk insurance, in the early twenty-first century. Risk can be categorized within the risk typology discussed in this
m anagem ent is an old craft but a young science— and an even chapter.
younger profession. This kind of typology has many uses. It can help organizations
drill down into the risk-specific factors within each risk type,
How we think about risk is the biggest determ inant of whether
map risk m anagem ent processes to avoid gaps, and hold staff
we recognize risks, assess them properly, measure them using
accountable for specific risk domains.
appropriate risk m etrics, and succeed in managing them .
Indeed, Figure 1.3 relates quite closely to how risk functions are
This introductory chapter looks at the definitions of risk, the
organized at many banks and large corporations, where there
classic risk m anagem ent process, the principal types of risk, and
are often particular functions for m arket risk, credit risk, etc.
the tools used to track risk and make decisions. We isolate ten
Many of these risk functions worked quite independently of one
risk m anagem ent building blocks along the way (Figure 1 .1 ).1
another until an effort to build a more unified risk m anagem ent
Most risk m anagem ent disasters are caused by failures in these approach began in the mid-1990s.
fundam ental building blocks, rather than the failure of some
Each key risk type dem ands a specific set of skills and its own
sophisticated technique. Centuries-old financial institutions
philosophical approach. For exam ple, most banks treat market
have been bankrupted because their risk m anagem ent proce
and credit risks as a natural part of their business. They recognize
dures ignored a certain type of risk, m isunderstood connections
that risk scales alongside reward and actively pursue risky assets
between risks, or did not follow the classic steps in the risk man
(e.g ., particular credit segm ents). An increase in operational risks,
agem ent process.
1 Not every risk practitioner will agree with our choice. The building
blocks are not discussed in order of importance, and not every firm
needs to develop a sophisticated approach to each building block, but For a more detailed description of financial risks see M. Crouhy,
we would argue that an awareness of each of our ten building blocks is a D. Galai, and R. Mark, The Essentials o f Risk Management, 2nd ed.
good place to start thinking about risk management. (Ch. 1, App.), McGraw Hill, 2014.
1921— Frank Knight explores 'Risk, Uncertainty and Profit'. 2009— Contingent convertible bonds (CoCos)
1950s-1960s— Large corporations self-insure; "risk m anager" 2010— Basel III ongoing (including liquidity risk)
used for widened insurance purchaser role.
2010— D odd-Frank A ct
1952— Diversification and modern portfolio m anagem ent:
Harry M arkowitz 2011 onw ards— Fast d evelo p m en t of cyb er risk tran sfer
m arket
1961-1966— Capital A sset Pricing M odel: W illiam Sharpe and
John Lintner 2016— Solvency II reform in effect for insurance industry
1970s— D ecade of m arket liberalization and price and interest 2017— Finalized Basel III reforms released
rate volatility
on the other hand, does not lead to greater reward, so banks types in turn, but first a word of warning. Risk typologies must be
avoid these risks when they can. Below we look at the key risk flexible because new risks are always em erging. A banking indus
try risk typology made in the early 1990s may have not consid
3 Note that the dates in this timeline are sometimes an approximation; ered rogue trading risk or even the entire operational risk class.
in particular, the development date of various OTC risk transfer instru As of 2020, "n ew " forms of operational risk are again climbing
ments can be open to debate.
Market
Risk
Trading Risk
Market Risk
IL
Gap Risk
Currency Risk
k —— — — _ — ——
Credit Risk r — — — — — — — — — — — — — — — —
I
r
Business,
Strategic &
*: Reputatuon Risks
I
L
up the risk manager's watch list: cyber risk (particularly the risk of M arket risk takes many forms depending on the underlying
hackers stealing and destroying data and compromising systems) asset. From a financial institution's perspective, the key forms
and data privacy risk.4* are equity risk, interest rate risk, currency risk, and com m odity
price risk.
Furtherm ore, the risk types interact with one another so that
risk flows. During a severe crisis, for exam ple, risk can flow from Each of these m arkets has its own risk m anagem ent tools and
credit risk to liquidity risk to m arket risk, (which was the case m ethodologies, and we give exam ples of corporate applications
during the global financial crisis of 2007-2009). The same can and strategies in C hapter 2. However, across all these m arkets,
occur within an individual firm : the "fat finger" of an unlucky m arket risk is driven by the following.
trader (operational risk) creates a dangerous m arket position
• G eneral m arket risk: This is the risk that an asset class will fall
(m arket risk) and potentially ruins the standing of the firm (repu
in value, leading to a fall in the value of an individual asset or
tational risk). That is why a sophisticated understanding of risk
portfolio.
types and their interactions is an essential building block of risk
• S p e cific m arket risk: This is the risk that an individual asset
m anagem ent.
will fall in value more than the general asset class.
Credit risk arises from the failure of one party to fulfill its financial Funding liquidity risk is the risk that covers the risk that a firm
cannot access enough liquid cash and assets to m eet its obli
obligations to another party. Some exam ples of credit risk include
gations. Funding liquidity risk threatens all kinds of firms. For
• A debtor fails to pay interest or principal on a loan (bank exam ple, many small and fast-growing firms find it difficult to
ruptcy risk); pay their bills quickly enough while still having sufficient funds to
• An obligor or counterparty is dow ngraded (downgrade risk), invest for the future.
indicating an increase in risk that may lead to an im m ediate
Banks have a special form of funding liquidity risk because their
loss in value of a credit-linked security; and
business involves creating maturity and funding mism atches.
• A counterparty to a m arket trade fails to perform (counter O ne exam ple of a mismatch is that banks aim to take in short
party risk), including settlem ent or Herstatt risk.5 term deposits and lend the money out for the longer term at a
C red it risk is driven by the probability of default of the obligor higher rate of interest. Sound asset/liability m anagem ent (ALM ),
or counterparty, the exposure am ount at the tim e of default, therefore, lies at the heartening of the banking business to help
and the am ount that can be recovered in the event of a default. reduce the risk. There are various techniques involved in A LM ,
These levers can all be altered by a firm's approach to risk m an including gap and duration analyses.6
agem ent through factors such as the quality of its borrowers, O f course, banks som etim es get it wrong, with disastrous con
the structure of the credit instrum ent (e .g ., w hether it is heavily sequences. Many of the banks that failed during the 2007-2009
collateralized or not), and controls on exposure. global financial crisis had built up large maturity mism atches and
The exposure am ount is clear with most loans but can be volatile were vulnerable to the wholesale funding market's perception of
with other kinds of transactions. For exam ple, a derivative trans their creditworthiness.
action may have zero credit risk at the outset because it has no M arket liquidity risk, som etim es known as trading liquidity risk,
im m ediate value in the m arket. However, it can quickly becom e is the risk of a loss in asset value when m arkets tem porarily
a major counterparty credit exposure as m arkets change and the seize up. If m arket participants cannot, or will not, take part in
position gains in value. the m arket, this may force a seller to accept an abnorm ally low
Traditionally, the probability of default of an obligor is assessed price, or take away the seller's ability to turn an asset into cash
through identifying and evaluating a selection of key risk factors. and funding at any price. M arket liquidity risk can translate into
For exam ple, corporate credit risk analysis looks at key financial funding liquidity risk overnight in the case of banking institutions
ratios, industry sectors, etc. M eanwhile, the risk in whole port too dependent on raising funds in fragile wholesale m arkets.
folios of credit risk exposures is driven by obligor concentration It can be very difficult to measure market liquidity risk. Measures
as well as the relationship between risk factors. The portfolio will of market liquidity in a normal market, for exam ple, might look at
be a lot riskier if: the number or volume of transactions and at the spread between
• It has a small number of large loans rather than many sm aller the bid-ask price. However, these are not necessarily good indi
loans; cators that a market will remain liquid during a time of crisis.
That is a deliberately broad definition, and it includes everything A sudden fall in customer demand, the failure to launch the right
from anti-money laundering risk and cyber risk to risks of terror kind of new product, or a misplaced major capital investment can
ist attacks and rogue trading. The outbreaks of rogue trading threaten a firm's survival. Responsibility for these risks lies with the
in the 1990s helped persuade regulators to include operational firm's general management. So what is the role of the risk manager?
risk in bank capital calculations.
The answer lies in three observations.
Looking beyond the banking industry, we might include many
1. First, the firm needs to define its appetite for risk in a holis
corporate disasters under the operational risk umbrella. These
tic manner that em braces the risk of significant business and
include physical operational mishaps and corporate governance
strategic decisions. Firms can be very conservative on credit
scandals, such as the crisis at energy giant Enron in 2001. The
risk and very entrepreneurial on business risk, but the logic
m anagem ent of operational risk is the primary day-to-day
for that divergence needs to be articulated.
concern for many risk m anagers outside the financial industry,
2. Second, the chief risk officer and supporting team may have
often through insurance strategies.
specific skills they can bring to bear in terms of quantifying
The definition and measurement of operational risk continues to be
aspects of business and strategic risk. Credit experts, for exam
problematic, however, especially in the financial industry (Box 1.1). ple, often become involved in managing supply chain risk.
As we discuss in a later chapter, new techniques such
Business and Strategic Risk as m acroeconom ic scenario analysis can be adopted to
improve business and strategic decisions.
Business risks lie at the heart of any business and includes all the
usual worries of firm s, such as custom er dem and, pricing deci 3. Third, business decisions generate large exposures in other risk
sions, supplier negotiations, and managing product innovation. management areas, such as credit and commodity price risk.
As a result, financial risk managers must be involved at the start
Strategic risk is distinct from business risk. Strategic risk involves
of business planning. For example, it may be impossible to fund
making large, long-term decisions about the firm's direction,
the construction of a power station without having some form
often accom panied by major investm ents of capital, human
of energy price risk management strategy in place. Meanwhile
resources, and m anagem ent reputation.
in the financial industry, expanding a credit business will increase
Business and strategic risks consume much of the attention of credit exposures and may necessitate the deliberate lowering
m anagem ent in non-financial firm s, and they are clearly also a of credit standards. Banks that fail to coordinate business, stra
key concern in financial firms. However, it is not obvious how tegic, and risk management goals do not survive for long.
they relate to the other risks that we discuss or fit within each
firm's risk m anagem ent fram ework.
Reputation Risk
Reputation risk is the danger that a firm will suffer a sudden fall
8 Basel Committee, Standardised Measurement Approach for Opera
tional Risk, March 2016: https://www.bis.org/bcbs/publ/d355.pdf. The in its m arket standing or brand with econom ic consequences
move built on earlier proposals in 2014. (e.g ., through losing custom ers or counterparties).
M oonwalking bears are nam ed after a viral video that shows To this ensem ble, we might add the age-old elephant in the
room. This is the risk that is easy to see, that everyone has
how people avidly w atching a basketball gam e failed to
see a bear im personator on the screen. This kind of risk can indeed spotted, but that it would be im polite to publicly
acknow ledge.
be seen during periods of com pressed yields in the debt
m arket: the evidence that risk is being bought too cheaply So u rce: A le x Brazier, Execu tive D irector fo r Financial Stability
is plain to see on every financial screen, but investors keep Stra teg y and Risk, Bank o f England, "M oonw alking Bears and
on buying. U nderw ater Ic e b e rg s," 26 A p ril 2018.
regularly advertised their brand as the one that doctors chose to Expected loss (EL) is the average loss a position taker might
sm oke. By the m id-1970s, dedicated researchers had turned this exp ect to incur from a position or portfolio. In theory, some
uncertainty into a quantified statistical health risk or "known portfolios attract losses that rarely depart far from this average.
A
know n": one in two long-term sm okers die from the habit. The losses from this kind of portfolio may be am enable to sta
tistical m easurem ent over a relatively short period of tim e with
Do the distinctions between the risk classes in Figure 1.5 m atter
a fair degree of confidence. They might vary, for exam ple, from
to financial risk m anagers? Yes. Risk managers take responsibil
year to year, but not by too much.
ity for all sorts of risk, not just those that can be m easured. They
must continuously search for Rumsfeld's "unknown unknowns," The EL of a portfolio can be calculated by identifying and esti
including risks that are hiding in plain sight (Box 1.3). They can mating values for the key underlying risk factors. In general, EL
not simply ignore Knightian uncertainties. In fact, they som e is a function of 1) the probability of the risk event occurring; 2)
tim es need to make sure their firms avoid or transfer them . the firm's exposure to the risk event; and 3) the severity of the
loss if the risk event occurs. In the case of the credit risk of a
W here they can, risk m anagers move poorly understood risks
loan, these becom e the borrower's probability of default (PD);
from the periphery of Figure 1.5 to a position nearer to the cen
the bank's exposure at default (EA D ); and the severity of loss
ter. A s cigarettes have dem onstrated, Knightian uncertainties
given default (LG D ). Thus, EL is simply:
can be more severe and prevalent than we initially suspect.
EL = EA D X LG D X PD
However, risk m anagers must never treat risks that cannot be
measured as if they are a known quantity. Uncertainty and am bi W here EL can be calculated with confidence, it can be treated
guity must be acknow ledged because they exist in much greater like a variable cost or predictable expense rather than a risk or
amounts for some risky activities than for others. O ur confidence uncertainty. The bank can make a profit simply by adding a price
in a risk measure shapes how the result should be applied in margin that covers the cost of the E L .*1
12*Here, the risk manager's
decision-m aking.11 role is primarily to measure the amount of E L and to make sure
the portfolio does not lose its predictable quality.
1 *3
This classic cycle is well documented in the literature, for example,
European Systemic Risk Board, Report on Commercial Real Estate and 14 Other firms such as Bankers Trust, a US merchant bank, had been
Financial Stability in the EU, December 2015, available at: https://www working to build global risk reports in the period, and many of the con
.esrb.europa.eu/pub/pdf/other/2015-12-28_ESRB_report_on_commer- cepts underlying VaR are older than the 1990s. J.R Morgan published
dal_real_estate_and_financiaLstability.pdf the methodology behind its VaR model in 1993/4.
risk factors m ight interact over tim e and under stress to gener 1.6 STRUCTURAL CHANGE: FROM
ate lo sse s.15
TAIL RISK TO SYSTEMIC CRISIS
In turn, each primary risk factor is driven by a more fundam ental
set of risk factors. For exam ple, the probability of default by a Som e risk events have a diabolical side that seem s designed to
firm may be driven by its strength or weakness in term s of key outwit the human mind. This may be because such events are
financial indicators, industry sector, m anagem ent quality, etc. very rare and extrem e or they arise from unobserved structural
changes in a market.
Breaking risk down into its key risk factors and understanding
their im portance as loss drivers— and their relationships with In com plex system s, such as the global clim ate or financial mar
each other and the w ider business environm ent— is a key activity kets, extrem ely rare events can happen over long tim e periods,
for risk managers and is our fourth building block. even if the system remains structurally stable. These risks, really
an extrem e version of unexpected loss, are difficult to find in the
A key question concerns how granular each risk factor analysis
data because (by definition) there are not a lot of them .
should be. Ideally, risk m anagers would like to understand every
significant risk factor and analyze each factor's im portance and Tail risk events might be rare, but a long enough time series of
dynamics through the data available. data should reveal evidence of their existence. W here data are
scarce, modern risk m anagem ent can som etim es apply statistical
To score the risk factor, the risk m anager may want to look at
tail risk techniques, utilizing a branch of statistics called Extrem e
its sub-factors. For exam ple, what is it that drives the credit risk
Value Theory (EVT) to help make tails more visible and to extract
variable of m anagem ent quality: m anagem ent's years of exp eri
the most useful inform ation.16
ence? O r what drives a firm's vulnerability to cyber risk: system s,
processes, or people? W hen the structure underlying a system changes, risk
increases. Large loss events may suddenly increase in fre
Finding the answers to such questions is im portant, but practi
quency or size. Risk factors m ight suddenly move in lock-
calities often impose their own limits. Analytical resources may
step. Entirely new sources of loss, in term s of risk typ e, may
not be available. The loss data that can be used to isolate and
appear. In this case, more historical data will not help and
statistically exam ine the power of each risk variable may be lim
"once-in-100-year" events m ight pop up once a decade until
ited in quantity, quality, or descriptive detail.
the structural problem is fixed , or proper risk m anagem ent pro
That being said, new stream s of data offering an undream t level cesses are adopted.
of granularity, analyzed by means of machine learning and m as
A change in events does not only affect tail risk— the amounts
sive cloud-based com putational power, may prove revolutionary
of EL and unexpected loss might change as w ell. Risk m anag
in the identification of discrete risk factors (Box 1.4).
ers are continuously trying to assess the risk in system s that are
changing in ways that might, or might not, matter.
CONFLICTS OF INTEREST *1 ters w orse, it made no sense to use notional amounts to com
pare the risks taken by, for exam ple, the US treasury trading
Structural change is not the only wild card in financial system s. desk and a desk dealing in a volatile com m odity.
Unlike natural system s, human system s are run by intelligent The advent of the derivatives m arkets in the 1970s made it
participants that can react to change in a self-reflective or even im perative to improve m arket risk m easures. Derivatives can be
a calculating manner. highly volatile and are an easy way to build up large risk exp o
For exam ple, consider a trader who carefully attem pts to pre sures. Their value and their risk are driven by factors only tan
dict the effects of a m arket reform. The trader's peers can try gentially related to the notional value of the instrum ent.
to second guess his or her predictions. Perhaps a regulator that Portfolios of derivatives are often designed so that the indi
helped draft the reform joins a financial consulting firm and vidual instrum ents offset each other's m arket risk. It therefore
advises the industry on how to circum vent the safeguard. makes no sense to treat the aggregate notional amounts in the
This type of behavior is true inside the firm as w ell. Those that portfolio as an indicator of portfolio risk.
understand how risk is generated and managed are in the best O ptions trading specialists developed their own m easures of
position to game it. They also often have the least incentive to risk, including delta (i.e., sensitivity of option value to a change
make the risk transparent: W hy would they broadcast the poten in the value of the underlying) and theta (i.e., the change in
tial for unexpected loss levels or tail risks? This is one reason option value as the option expiration date approaches). These
many financial firms em ploy three lines of defense: "G re e ks" w ere— and still are— invaluable risk measures on the
1. First line: Business line that generates, owns, and manages risk; options trading desk.
2 . Second line: Risk m anagers that specialize in risk m anage The G reeks are of limited help at an enterprise level, however,
ment and day-to-day oversight; and because they cannot be added together; nor do they imply the
same level of risk across m arkets (e.g ., delta in foreign exchange
3 . Third line: Periodic independent oversight and assurance,
versus com m odity m arkets). Large financial institutions needed a
such as an internal audit.
risk measure that was much more com prehensive.
The safeguards do not always work. Risk management systems
VaR was a popular risk aggregation measure in the years leading
always have loopholes and become obsolete quickly in the face of
up to the crisis. However, it was not calculated using a set m eth
industry innovations. For example, in a worrying number of rogue
odology, and there were at least three principal m ethodologies
trading cases in the banking industry, the trader had first worked
(and many ways to im plem ent them ). In fact, the concept of VaR
in the middle or back office and thus understood the loopholes
also involves many simplifying assum ptions.
in the risk management infrastructure. Sometimes traders and
business leaders deliberately undermine the credibility of risk Th e co ncep t proved alm ost too useful. It was quickly applied
management systems. Understanding the role of human agency, to m anage risk across much longer tim e horizons, across many
institutions and w hole industries, and across many different capital and regulatory capital are som etim es in alignm ent, but
risk typ es. often generate quite different numbers.
The shortcom ings of VaR as a risk measure were understood Econom ic capital provides the firm with a conceptually satisfying
well before the global financial crisis of 2007-2009, but the crisis way to balance risk and reward. For each activity, firms can com
brought these weaknesses to the forefront and led to a reaction pare the revenue and profit they are making from an activity to
against over-dependence on this risk m etric. VaR does, however, the amount of econom ic capital required to support that activity.
remain an im portant tool for risk m anagers.
A firm can then take these risk capital costs into account when it
Bank regulators have tried to improve the way VaR is calculated, prices a product and when it com pares the performance of differ
make its calculation across the industry more consistent and reli ent business lines. There are clear reasons to do this. For exam
able, and strengthen the role of supplem entary risk measures ple, Business A might attract significant costs every year in terms
such as expected shortfall (ES) and worst-case scenario analysis of EL but incur little in the way of unexpected losses. Business B,
(Box 1.5). on the other hand, might attract very little in the way of EL but
suffer from very large losses at the end of every business cycle.
The inherent drawbacks of VaR have encouraged risk managers
to adopt a broader approach to risk metrics. Aggregate risk m ea W ithout a sophisticated risk-adjusted analysis of profitability,
sures are useful in their place, but they inevitably fail to capture it will be difficult to com pare Business A and Business B. Most
key dimensions of risk and must be supplem ented with other likely, Business B will look very attractive during the benign part
approaches. Understanding risk aggregation and its strengths of the cycle. The firm might decide to cut product prices to
and weaknesses is our eighth risk m anagem ent building block. build up business volum e. This frequently results in unexpected
losses when the cycle turns. (Banking industries globally have
tended to behave in exactly this manner, exacerbating the ten
1.9 BALANCING RISK AND REWARD dency for whole econom ies to go from boom to bust.)
O ne of the great advantages of a VaR approach is that it helps To factor in the cost of risk of both expected and unexpected
the firm to com pare the risk exposures of different business losses, the bank can apply a classic formula for risk-adjusted
17
lines. Firms come to understand the expected and unexpected return on capital (or RA RO C):
loss levels associated with different activities. Furtherm ore, the R A R O C = R ew ard/Risk
firm can protect itself against these risks by making sure that its
risk capital— also known as econom ic capital— is large enough to W here, reward can be described in term s of After-Tax Risk-
Adjusted Expected Return, and risk can be described in term s of
absorb the unexpected risk.
econom ic capital.
In the banking industry, econom ic or risk capital is the amount
of capital the firm requires based on its understanding of its
econom ic risks. It is distinct from regulatory capital, which is cal 17 See M. Crouhy, D. Galai, and R. Mark, The Essentials o f Risk Manage
culated based on regulatory rules and m ethodologies. Econom ic ment, 2nd ed. (Ch. 17), McGraw Hill, 2014.
• Business com parison: R A R O C allows firms to com pare the 1.10 ENTERPRISE RISK
perform ance of business lines that require different amounts
MANAGEMENT (ERM): MORE THAN
of econom ic capital.
ADDING UP RISK?
• Investm ent analysis: A firm typically uses the RA R O C formula
that uses projected numbers to assess likely returns from O ne challenge to an effective firm-wide risk m anagem ent pro
future investm ents (e.g ., the decision to offer a new type of cess is that at many firms, business divisions manage their risk
credit product). RA R O C results based on past returns can in a silo e d approach (i.e., where each division m anages its own
also be used to determ ine if a business line is providing a exposures independently without considering the risk exposures
return above a hurdle rate dem anded by the equity investors of other divisions). Financial risk m anagers have long recognized
who are the providers of the firm's risk capital. that they must overcom e this silo-based risk m anagem ent pro
• Pricing strategies: The firm can re-examine its pricing strategy for cess to build a broad picture of risk across risk types and busi
different customer segments and products. For example, it may ness lines: enterprise risk m anagem ent (ERM ).
Other numbers track key risk indicators (KRIs), which are quantita
tive measurements that are used to assess potential risk expo
sures. For example, a staff turnover metric might act as a KRI for
a type of operational risk. In this case, the relationship of the risk
indicator to the risk under examination is often based on judg
ment. Decision-makers looking at risk metrics going up and down
sometimes fool them selves that they are watching risk itself,
when they are really watching a risk proxy of uncertain utility.
Through either judgm ent or calculation, businesses must bal
ance risk and reward. That makes RA R O C and sim ilar m ea dimensions of risk.
sures the ninth building block of risk m anagem ent.
Perhaps the biggest lesson of the 2007-2009 global financial cri ERM is no longer simply about aggregating risk across risk types
sis was that risk cannot be reduced to any single number. and businesses. It is about taking a more holistic approach to
the entire risk m anagem ent process and its relationship to stra
• It is multi-dimensional, so it needs to be approached from
tegic decisions. It is about the way the firm thinks about risk,
many angles, using multiple m ethodologies.
and in doing so establishes its corporate identity (Figure 1.7).
• It develops and crosses risk types, so even a wide view of risk
types— but at only one point in tim e— may miss the point.
• It dem ands expert judgm ent that is com bined with applica Using a Full Range
of Risk Analysis
tion of statistical science. Tools Looking at
Various Time
Measuring risk in econom ic capital term s is im portant for bal Horizons
ancing risk and reward. However, the key factor that saves an
institution may come from another risk analysis tool— perhaps
from worst-case scenario analysis or some new digital approach
(Box 1.7). Firms need a 360-degree view of risk and this can only
be built using a range of tools and a healthy am ount of curiosity.
For exam ple, insights might come from a risk m anager digging
deep and realizing the implications of a structural change in
Focusing on
a market. It might come from looking at the competition and People, How They
Communicate, and
realizing that behavior across the industry might precipitate a "The Way We Do
Things"
market crisis. O r it might come from a new risk indicator such
as a market-derived credit risk indicator that signals a change in Fiqure 1.7 ERM needs to think a bit bigger.
QUESTIONS
1.1 D escribe and provide exam ples of fundam ental risk fac • Second line: Business line that generates, owns and
tors and their sub-risk factors that drive the probability of m anages risk; and
a firm's default • Third line: Periodic independent m anagem ent over
1.2 W hat are the four com ponents of a risk m anagem ent sight and assurance such as internal audit.
process? A. True
B. False
1.3 Provide an exam ple of w hat is meant by basis risk.
1.18 Reverse stress testing applies its modeling capabilities to
1.4 W hat are two types of liquidity risk?
estim ate the size of potential losses.
1.5 W hat is meant by strategic risk? A. True
1.6 D escribe how risk m anagers becom e involved in business B. False
risk. 1.19 Frank Knight called variability that cannot be quantified at
1.7 W hat Is reputation risk? Provide exam ples in your answer. all as "unknown unknowns."
A. True
1.8 W hat is meant by econom ic capital? Contrast it with
B. False
regulatory capital.
1.20 The e x p e c te d shortfall is the expected loss in the tail of
1.9 W hat is the basic idea of R A R O C ? Provide the RA RO C
the distribution.
equation in your answer.
A. True
1.10 W hat are a few applications of R A R O C ? Provide exam B. False
ples in your answer
1.21 Business risk involves making large, long-term decisions
1.11 D escribe the 4:15 p.m . report about the firm's direction, often accom panied by major
investm ents of capital, human resources, and m anage
1.12 Provide a list of exam ples of risk m anagem ent that can
ment reputation.
be seen in early history.
A. True
1.13 Provide a list of the key risk m anagem ent building B. False
blocks.
1.22 Enterprise Risk M anagem ent is the m anagem ent of risk at
1.14 Provide a list of the four choices involved in the classic the business unit level.
risk m anagem ent process. A. True
1.15 Unsupervised machine learning can help the risk m anager B. False
identify the "unknown unknowns" through identifying 1.23 Securitization is a mechanism to transfer risk to a third
clusters and correlations without specifying the area of party.
interest in advance. A. True
A. True B. False
B. False
1.24 Business risk applies only to large non-financial corporates.
1.16 Banking regulators are encouraging tools that support A. True
using advanced analytical form ulas to calculate regulatory B. False
operational risk capital.
1.25 E S is
A. True
A. a statistical measure designed to quantify the mean
B. False
risk in the tail of the distribution beyond the cut-off of
1.17 The three lines of defense consists of: the VaR measure.
• First line: Risk m anagers that specialize in risk m anage B. the case where R A R O C fails to be greater than a
ment and day-to-day oversight; hurdle rate.
1.27 O perational risk includes 1.31 The purpose of econom ic capital is to absorb
A. legal risk. A. expected loss.
B. business risk. B. unexpected loss.
C. reputation risk. C . tail loss.
D. currency risk. D. all of the above.
ANSWERS
1.1 PD of a firm is driven by a firm's strength or weakness in 1.7 Reputation risk is the danger that a firm will suffer a sud
term s of key variables such as financial ratios, industry den fall in its m arket standing or brand with econom ic
sector, country, quality of data, and m anagem ent quality. consequences. Rumors can be fatal in them selves. For
Each fundam ental set of risk factors is driven by sub exam ple, a large failure in credit risk m anagem ent can
factors. For exam ple, m anagem ent years of experience is lead to rumors about a bank's financial soundness. Inves
a sub-factor of the m anagem ent quality variable. tors and depositors may begin to w ithdraw support in
the expectation that others will also w ithdraw support.
1.2 The risk m anager first attem pts to identify the risk then
Unethical behavior of m anagers in the firm can hurt its
next analyzes the risk. Subsequently the risk m anager
reputation.
assesses the im pact of any risk event and ultim ately man
ages the risk. In summary, the four com ponents are 1.8 Econom ic (risk) capital is the amount of capital the firm
1. Identify the risk, requires based on its understanding of its econom ic risks.
1.18 True because risk m angers work back from the reverse 1.31 B. unexpected loss.
stress test to try to understand how those losses were 1.32 D. should be monitored by the board.
Com pare different strategies a firm can use to manage its A pply appropriate m ethods to hedge operational and
risk exposures and explain situations in which a firm would financial risks, including pricing, foreign currency, and
want to use each strategy. interest rate risk.
Explain the relationship between risk appetite and a firm's A ssess the im pact of risk m anagem ent tools and instru
risk m anagem ent decisions. ments, including risk limits and derivatives.
21
It might seem obvious, given the discussion in C hapter 1, that
1. Identify risk appetite.
firms should manage financial risk. However, it is not that simple
• Identify key corporate goals and risks.
in the corporate world. Specifically, a firm must answer several
• Should we manage risk?
questions.
• Which risks should we m anage?
• Does managing risk make sense from the perspective of the • Create a risk appetite statem ent (broad term s).
firm's owners?
2 . Map risks, make choices.
• W hat is the precise purpose of a risk m anagem ent strategy? • Map risks.
• How much risk should the firm retain? W hat risks should • A ssess or measure risk/impact.
be m anaged? W hat instruments and strategies should be • Perform risk/reward analysis of risk m anagem ent
applied? strategy (RA R O C etc.)
• Prepare com parative cost/benefit of risk m anage
The wrong answers can turn risk m anagem ent itself into a major
ment tactics.
threat to the firm.
• Choose basic strategy/tactics.
Figure 2.1 lays out these issues as a road map. But while this • Create a risk appetite statem ent (detailed term s).
chapter follows this road map, the risk m anagem ent process
3 . O perationalize risk appetite.
itself is deeply iterative. For exam ple, once a firm understands
• Express risk appetite in operational term s.
the costs and com plexities of risk m anagem ent, it might revisit
• A ssess risk policies.
w hether it should be involved in the risk-generating business
• Set risk limit fram ework.
activity at all.
• Rightsize risk m anagem ent team .
• Resources, expertise, infrastructure
suppliers for critical com ponents, backup their data, and insure 5 . Re-evaluate regularly to capture changes in:
their warehouses. • Risk appetite/risk understandings/stakeholder
view points,
However, they have not always managed financial risks with the
• Business activity and risk environment (remapping), and
same intensity. So why do modern firms stress the im portance
• New tools, tactics, cost-benefit analyses.
of financial risk m anagem ent?
The answer lies in a potent mix of need and opportunity. Fiqure 2.1 Risk Management Road Map: Five
Milestones.
• N e e d : The need to manage financial risk grew significantly
from the 1970s as m arkets liberalized (e.g ., com m odities,
interest rates, and foreign exchange), price volatility shot up, Two decades of growth in the principal derivatives m arkets are
and the global econom y gathered steam . captured in Figure 2.2. The numbers behind this Figure include
• O pportunity: The growth in m arket volatility helped spawn trading as well as end-user risk m anagem ent. The distinct level
a fast-evolving selection of financial risk m anagem ent instru ing off of growth in some risk m arket categories has been driven
ments in the 1980s and 1990s, giving firms many more by a fall in speculative use, tightening bank regulation,1 and a
opportunities to manage their risk profiles. decline in interest rates and m arket volatility following the
2007-2009 financial crisis. A t the same tim e, there are other risk
Figure 1.1 in Chapter 1 showed the rapid growth in instrument
transfer m arkets (e.g ., cyber risk m anagem ent) that are continu
types after the 1970s that was fueled by theoretical advances
ing to grow rapidly.1
such as the Black-Scholes-M erton option pricing m odel. This
process continued with the more recent arrival of credit and
w eather derivatives in the 1990s along with the ongoing em er
1 For example, see A. Nag and J. McGeever, "Foreign Exchange, the
gence of cyber risk transfer instruments beginning in the twenty World's Biggest Market, Is Shrinking," Reuters, February 2016: https://
first century. www.reuters.com/article/us-global-fx-peaktrading-idUSKCN0VK1 UD.
Hedging Philosophy
— Total Contracts —Credit Default Swaps Foreign Exchange — Interest Rates
(CDS) Contracts Contracts Ju st because a risk can be hedged does not mean
Figure 2.2 OTC derivative notional volumes by risk type that it should be hedged. Hedging is simply a tool
Source: BIS Derivatives Statistics, see https://www.bis.org/statistics/about derivatives For exam ple, hedging can only stabilize earnings
stats.htm?m=6%7C32. Reprinted by permission. within a relatively short tim e horizon of a few years.
Hedging also has costs that are both transparent
(e .g ., an option prem ium ) and opaque (e .g ., the
Risks From Using Risk Management dangers arising from tactical errors and rogue trading). M ean
Instruments w hile, as Box 2.1 notes, equity investors who own firm s might
feel that risk is diversified aw ay in the context of their invest
Risk m anagem ent instruments allow firms to hedge econom ic
m ent portfolios.
exposures, but they can also have unintended negative conse
quences. They can quickly change a firm's entire risk profile (i.e., These theoretical and practical objections to hedging should
within days or hours) in ways that can either reduce risk or build lead firms to question w hether and how risk should be
The th eo retical argum ents against hedging rest on the idea Risk appetite describes the am ount and types of risk a firm is
th at m arkets are, in som e sen se, p e rfe ct and frictio n less. In willing to accept. This is in contrast to risk capacity, which
fa ct, there are m any m arket im p erfectio n s. H edging is often describes the maximum amount of risk a firm can absorb.2
intended to reduce the chance of financial d istress, which A recent trend among corporations is to use a board-approved
incurs both d irect costs (e .g ., bankruptcy costs) and m ajor risk appetite to guide m anagem ent and (potentially) to inform
o p p o rtu n ity costs. A firm hit by an u n exp ected m arket loss investors. But what exactly is a risk appetite in practical term s? It
will reduce its investm ent in other areas and m ove more is two things.
cautiously.
1. A statem ent about the firm's willingness to take risk in
Im proving revenue stability also sends an im portant m essage pursuit of its business goals. The detailed risk a p p etite
to potential d eb t investors who may be concerned about the sta tem en t is usually an internal docum ent that is subject to
firm 's soundness. D eb t investors usually get no upside from a board approval. However, attenuated versions can appear
firm 's revenue volatility. Th ey are only interested in w hether in some annual corporate reports.
the firm can fulfill its prom ises. That's also true for key custom
2. The sum of the mechanisms linking this top-level statem ent
ers and suppliers.
to the firm's day-to-day risk m anagem ent operations. These
In addition, hedging can make sense for investors if it is used m echanisms include the firm's detailed risk policy, business-
as a tool to increase the firm 's cash flow s (rather than to specific risk statem ents, and the fram ew ork of limits for key
reduce equity investor risk). For exam p le, firm s may need to risk areas.
offer their custom ers a stable price over the next three years,
The operational expression of the risk appetite statem ent should
which may be im possible w ithout hedging a key cost input.
also be approved by the board and needs to be congruent with
If hedging like this increases custom er dem and, then equity
a w ider set of risk-related signals that the firm sends to its staff
investors are happy.
(e.g ., incentive com pensation schem es).
Likew ise, a firm th at com m its to supply a product into a fo r
The banking industry, pushed by regulators and a series of cri
eign m arket in one year's tim e will need to hedge the relevant
ses, is perhaps at the forefront of developing risk appetite as a
currency to lock in profit m argins. For m anagers, perhaps the
concept. Box 2.2 describes how one leading global bank defines
m ost im portant operational benefit of hedging is the plan
its risk appetite and sets it to work.
ning b enefit. W ithout the use of hedging, the random uncer
tainty of a fluctuating currency can make planning alm ost There is a trend toward making corporate risk appetites more
im possible. explicit, both in term s of the kinds of risks deem ed acceptable
and in term s of forging a link to quantitative risk m etrics. How
Equity investors are also happy if the firm uses hedging to
ever, one fundam ental question concerns the meaning of the
reduce its tax bill (e.g ., by stabilizing revenues from one year to
phrase risk a p p etite, which is used to mean many different (if
the next). Again, hedging has the effect of increasing after-tax
related) concepts in the business literature (Box 2.3).
revenues.
Is risk appetite the total am ount of risk the firm could bear w ith
Finally, equity investors are not the only stakeholders, and cer
out becoming insolvent? O r is it the am ount of risk the firm is
tainly not the only decision-m akers. M anagers, regulators, and
taking today? O r the amount that it would be happy to bear at
general staff exp ect the firm to be financially sound and pro
any one tim e?
tected from sudden mishaps. Less legitim ately, m anagers may
use hedging to ensure their firm m eets key short-term targets In Figure 2.3, the answer is the latter. Here, the risk appetite is
(e.g ., stock analyst expectations) that affect their prestige and set well below the firm's total risk bearing capacity, and above
com pensation. Risk m anagers need to pay close attention to the amount of risk the firm is exposed to currently (labeled here
how derivatives can leverage agency risks. as the firm's risk profile). The dotted lines are upper and lower
trigger points for reporting purposes. These are designed to let
There are im portant argum ents for and against hedging, as
well as a variety of potential m otivations. Firm s need to explain
their rationale for hedging in term s of basic aims (e .g ., m an
aging accounting risk, balance-sheet risk, econom ic risk, or 2 For example, from a risk capacity perspective, a bank is not allowed to
lower its leverage ratio below 3% (where leverage ratio is a measure of
operational risk). They also need to be clear on the size of their the bank's tier 1 capital as a percentage of its assets + off balance-sheet
risk ap p etite. exposures).
the board know if risk taking looks unnaturally low or if there is a A nother key issue concerns consistency of risk appetite across
danger of breaching the agreed risk ap p etite.3 risk types. G enerally, firms regard them selves as more or less
"conservative " or "entrepreneurial" in their attitude toward
risk. However, this characterization should logically depend on
3 Our arguments in this paragraph, and the exhibit it refers to, fol the type of risk, and on the firm's risk m anagem ent expertise.
low the discussion in Deloitte, Risk Appetite Frameworks, How to
Spot the Genuine Article, 2014, page 8: https://www2.deloitte.com/
content/dam/Deloitte/au/Documents/risk/deloitte-au-risk-appetite- Performance," June 2017, volume 1. Note that the terminology around
frameworks-financial-services-0614.pdf. There are also useful discussions risk appetite— particularly capacity and tolerance— is not always used
in COSO, "Enterprise Risk Management: Integrating with Strategy and consistently across the literature.
exposures. Furtherm ore, may already be managing some risks against (e.g., the risk of natural catastrophes, physical mishaps,
(e.g ., cyber risk) much more explicitly and adeptly than the con and cyber incidents). Risk mapping should not ignore risks that
servative blue-chip firm across the road. are difficult to track in term s of exposure and cashflow. For
exam ple, a new business line might attract large, difficult to
Risk appetite is therefore part of a firm's wider identity and capa
quantify data privacy risks as well as foreign exchange exposures.
bilities. Firms must ask, "W ho are w e?" and "W ho do our stake
holders think we are?" well before they get to the point of trying
to operationalize a risk appetite. (Whether crafting a corporate 2.4 STRATEGY SELECTION: ACCEPT,
"mission statem ent" will help in this endeavor is another question.)
AVOID, MITIGATE, TRANSFER *•
In truth, forging a robust link between top-of-house risk ap p e
tite statem ents and the operational m etrics of risk appetite in O nce a risk m anager understands the firm's risk appetite and
a particular risk type or business line is a challenging task. As has m apped its key risks, then he or she can decide how to best
seen in C hapter 1, there is no single measure of risk, even within handle each risk.
a single risk type, that allows us to monitor risk at the business
First, risk m anagers must define the most im portant risk exp o
level and then easily aggregate this to the enterprise level.
sures and make some basic prioritization decisions. W hich risks
The result is that firms operationalize their risk appetite using a are most severe and most urgent?
m ultiplicity of m easures. For financial firms, this can include busi
Second, the firm needs to assess the costs and benefits of the
ness and risk-specific notional limits, estim ates of unexpected
various risk m anagem ent strategies.
loss, versions of value-at-risk (VaR), and stress testing. The level
of detail needs to reflect the nature of the risk and the sophisti • Retain: Firms will want to accept some risks in their entirety,
cation of the risk m anagem ent strategy. or to accept part of a loss distribution. Note that retained risks
are not necessarily small. For exam ple, a gold mining com
pany may choose to retain gold price risk because its investors
2.3 RISK MAPPING— HERE BE desire such an exposure. Alternatively, an input price risk that
The risk appetite statem ent tells a firm what the basic objective carefully considered decisions to retain risk.
is. But it also needs to map out its key risks at the cash flow level • A v o id : Firms may want to avoid the types of risk that they
and assess its size and timing over particular tim e horizons. regard as "unnatural" to their business. Some risks can only
Stop Loss Limits Loss threshold and associated action (e.g ., close out, Will not prevent future exposure, only limit
escalation) realized losses
Notional Limits Notional size of exposure Notional am ount may not be strongly related
to econom ic risk of derivative instrum ents,
especially options.
Risk Specific Limits Limits referencing some special feature of risk in These limits are difficult to aggregate; may
question (e.g ., liquidity ratios for liquidity risk) require specialized knowledge to interpret.
M aturity/Gap Limits Limit amount of transactions that mature or reset/ These limits reduce the risk that a large volume
reprice in each tim e period of transactions will need to be dealt with in a
given tim e fram e, with all the operational and
liquidity risks this can bring. But they do not
speak directly to price risk.
Concentration Limits Limits of concentrations of various kinds (e.g ., to These limits must be set with the understand
individual counterparties, or product type) ing of correlation risks. They may not capture
correlation risks in stressed m arkets.
G reek Limits Option positions need to be limited in term s of their These limits suffer from all the classic model
unique risk characteristics (e.g ., delta, gamma, vega risk) risks and calculation may be com prom ised at
trading desk level without the right controls
and independence.
Value-at-Risk (VaR) A ggregate statistical number VaR suffers from all the classic model risks and
may be m isinterpreted by senior m anagem ent.
Specifically, VaR does not indicate how bad a
loss might get in an unusually stressed m arket.
Stress, Sensitivity, These limits are based on exploring how bad things Varies in sophistication. D ependent on deep
and Scenario Analysis could get in a plausible worst-case scenario. Stress tests knowledge of the firm's exposures and market
look at specific stresses. Sensitivity tests look at the behavior. Difficult to be sure that all the bases
sensitivity of a position or portfolio to changes in key are covered (e.g ., there are endless possible
variables. Scenario modeling looks at given real-world scenarios).
scenarios (hypothetical or historical).
2.6 RISK TRANSFER TOOLBOX * A nother key difference cuts across instrument types: trading
m echanics. Is the instrum ent offered through one of the large
In many cases, the risk m anager will decide to transfer a portion exchanges, or is it a private bilateral O T C agreem ent between
of a financial risk to the risk m anagem ent m arkets. The range two parties? O T C and exchange-based derivatives have differ
of instruments available for hedging risk is can be categorized ent strengths and w eaknesses, particularly relating to liquidity
(broadly) into swaps, futures, forw ards, and options. and counterparty credit risk.
These instrum ents have different capabilities like the different Exchange-based derivatives are designed to attract trading
tools in a toolbox (Figure 2.6). liquidity. Not all succeed, but most can be traded easily at a
relatively low transaction cost. The downside of this approach
The use of these instrum ents requires firms to make key d eci
is like that of buying an off-the-rack suit: it is difficult for the risk
sions based on their specific needs. For exam ple, firm s must
m anager to find a perfect fit. For exam ple, a com m odity risk
decide how much they are willing to pay to preserve flexibility.
m anager may find the available futures contract does not cover
Note that a forward contract provides price stability, but not
the exact risk type, has a timing mismatch, or captures the price
much flexibility (because it requires the transaction to occur at
in the wrong location. These mism atches create basis risk.
the specified tim e and price). A call option provides both price
stability and flexibility, but it com es with its own added cost (i.e., More positively, exchange-based derivatives minimize counter
the option premium). party credit exposure through margin requirem ents and netting
Forward It is a tailored agreem ent to exchange an agreed upon quantity of an asset at a pre-agreed price at some
future settlem ent date. The asset may be delivered physically, or the contract may stipulate a cash settlem ent
(i.e., the difference between the agreed upon price and some specified spot or current price).
Swap It is an over-the-counter (O TC) agreem ent to swap the cash flows (or value) associated with two different
econom ic positions until (or at) the maturity of the contract. For exam ple, one side to an interest rate swap
might agree to pay a fixed interest rate on an agreed upon notional amount for an agreed upon period, while
the other agrees to pay the variable rate. Swaps take different forms depending on the underlying m arket.
Call Option The purchaser of a call option has the right, but not the obligation, to buy the underlying asset at an agreed
upon strike price, either at the maturity date (European option) or at any point during an agreed upon period
(Am erican option).
Put Option The purchaser of a put option has the right, but not the obligation, to sell the underlying asset at the agreed
upon strike price at the maturity date (European option) or at any point during an agreed upon period
(Am erican option).
Exotic Option There are many different options beyond the standard or plain vanilla puts and calls. These include Asian (or
average price) options and basket options (based on a basket of prices).
Swaption It is the right, but not the obligation, to enter a swap at some future date at pre-agreed term s.
Airline Risk Management: Turbulence the years after 2014, many of Am erican Airlines' com petitors
began cutting back on their hedging operations.
Ahead
But remaining unhedged is also a bet. Back in 2008, oil had
Airlines are heavily exposed to volatile je t fuel prices, with as
reached unexpected highs even as the world was enveloped in a
much as 15-20% of airline operating costs burnt in the air. In
financial crisis. That year, the airlines with the tightest hedging
their fiercely com petitive industry, airlines cannot easily raise
programs were the ones that looked clever.9*
passenger ticket prices in response to spikes in oil prices. This
is because ticket pricing follows consum er dem and rather than Airlines can try to get around this conundrum by hedging only
airline costs. a portion of their je t fuel costs, using options, or entering long
forward contracts on je t fuel. But options-based strategies, while
A s a result, the industry has used a sophisticated combination of
arguably the purest form of risk m anagem ent, can be expensive
swaps, call options, collars (i.e., calls and puts), current oil con
to put in place.
tracts, and other instrum ents to manage its price risks since the
mid-1980s. (The m arket matured quickly after the 1990-1991 Might vertical integration help? Delta A ir Lines, one of the
G ulf W ar caused a spike in energy prices. Note that many man world's largest airlines, bought its own oil refinery in 2012 as
agem ent m arkets are born out of crises.) part of its fuel m anagem ent strategy. O ver the years, the invest
ment has allowed the airline to manage je t fuel availability in a
O ne problem for airlines is that there are few futures contracts
key region while helping to cover the spread between je t fuel
available for jet fuel. Using w idely available exchange instru
costs and the cost of crude oil.
ments to hedge against the price of crude oil or some other
oil product (e.g ., heating oil) is one way to get around this.
However, the refinery industry has its own ups and downs, which offset each other. In fact, the business activities of a large firm
could be a potential distraction for Delta. Furtherm ore, owning often create natural hedges (e.g ., the inflows and outflows of
a refinery arguably increases the airline's exposure to crude oil foreign currency).11
AA
Interest Rate Risk and Foreign Exchange a practical option in some m arkets.
Risk Management For many firms, interest rate risk is a major concern. Their funda
mental task is to avoid taking on too much debt at high interest
Interest rate and foreign currency risks are critical areas of price
rates and avoid overexposure to variable rates of interest. This
risk m anagem ent for many firms. Box 2.4 presents excerpts from
balancing act is determ ined by:
M cDonald's 2017 Form 10-K (i.e., its annual report) that help
explain why this is so. As a global business with a presence in • Each firm's financial risk appetite, which may set out the lev
over 100 countries, the fast food operator and franchiser has an els of debt the board is happy with, and
active risk m anagem ent function. • The proportion of fixed interest to variable interest, (perhaps
W hile individual transactions can be im portant, large firms like across several tim e horizons).
M cDonald's have many financial exposures that balance and A firm's financial risk appetite needs to be congruent with its
target credit rating and any covenants it has made to banks and
other financing providers.
10 The refinery, situated on the East Coast of the United States, has Even if the firm's risk appetite remains stable, the rest of its risk
had some good and some less good years in terms of profitability,
m anagem ent environm ent is constantly changing (Figure 2.8).
but has given Delta some leverage on jet fuel prices and more gener
ally the "crack spread" in the region. See A. Levine-Weinberg, "Delta These changes will com e as the debt portfolio m atures, business
Air Lines' Refinery Bet is About to Pay Off Again," The Motley Fool, financing needs evolve, as well as when regulations and taxes 1
September 2017: https://www.fool.com/investing/2017/09/03/delta-
air-lines-refinery-bet-is-about-to-pay-off-a.aspx; J. Renshaw, "Exclusive:
Delta Hires Consultant to Study Refinery Options— Sources," March 14,
2017: https://www.reuters.com/article/us-delta-air-refineries-monroe/ 11 There is reason to think that many firms use derivatives only to fine-
exclusive-delta-hires-consultant-to-study-refinery-options-sources-idUSK- tune their risk profile, with much of the risk management already accom
BN16L24H; A. M. Almansur et al., "Hedging Gone Wild: Was Delta Air plished through business decisions and natural hedges. See discussion
lines' Purchase of Trainer Refinery a Sound Risk Management Strategy?" in W. Guay and S. P. Kothari, "How Much Do Firms Hedge with Deriva
October 4, 2016. This final reference includes a review of the literature tives," March 2002, p. 3; paper: http://www1.american.edu/academic
on the value of hedging price risk, see pages 4-7. .depts/ksb/finance_realestate/mrobe/Library/howmuch.pdf
Market Practicalities It may be easier to raise money in one m arketplace and then shift risk charac
teristics (currency, fixed versus, variable, etc.) into another using derivatives.
Changing Business and Financing Needs Deals roll over, and businesses grow.
Basic Aims: Cost Center versus Profit Center The treasurer may be perm itted to take a view on the m arket direction.
Regulations and Taxes The treasurer may need to respond to changes in the regulations and taxes.
Market Direction and Behavior The treasurer may need to prepare for rising interest rates or respond to yield
curve behavior.
Fiqure 2.8 What drives interest rate risk management— examples of factors.
Changes in interest rates are linked to the broader econom y and Keep instruments and strategies sim ple.
consumer dem and. They may affect the fundamental health of Disclose the strategy and explain ram ifications.
a business, including its ability to meet debt obligations. On the
Set resources and limits suitable for the strategy.
upside, the falling cost of servicing variable rate debt can offer an
important natural hedge in a deteriorating business environment. Stress test and set up early warning indicators.
O ne cause of a mishap is to create a "risk m anagem ent" pro M GRM , the energy trading US subsidiary of M etallgesellschaft
gram that is not really intended to manage risk. For exam ple, it A G , had promised to supply end users with 150 million bar
may seem legitim ate for the firm to use risk m anagem ent instru rels of gasoline and heating oil over ten years at fixed prices. It
ments to lower the am ount of interest that it pays. Swaps and hedged this long-term price risk with a supersized rolling pro
other derivatives can be used to attem pt to reduce the amount gram of short-dated futures and O T C swaps.
of interest paid, but in exchange the hedger may be forced
The hedging strategy might well have worked if it had been
take on much more downside risk, or to alter the structure of
pursued to the end. However, changes in the underlying oil
the interest paid to minimize paym ents in the short-term in
m arket (i.e ., a fall in cash prices and a shift in the price curve
exchange for ballooning paym ents in the future.
from backwardation to contango) m eant that the program gen
This kind of program is often more about artificially enhancing erated huge margin calls that becam e a severe and unexpected
returns to m eet analyst forecasts, or covering up fundam ental cash drain.
• Can the firm show it regularly com m unicates about risk and
Do you think derivatives end-user activity (hedging, responds to warning signs and near misses?
trading) in the industry will increase, decrease, or
stay the same over the next three to five years? • Has it tested w hether key staff have a common understand
ing of the firm's risk appetite?
ncrease ■ Stay the same ■ Decrease • Can it dem onstrate that its board has an awareness of the
firm's top ten risks?12
All this is important for firms, but it is also important for those at
the coalface of risk managem ent. A risk manager that attains a
pre-agreed risk m anagem ent goal (e.g., stabilizing a volatile busi
ness exposure over a three-year tim e horizon) has done a difficult
job. That risk m anager deserves to know that his or her success
is part of a bigger strategic plan that has already been communi
cated to stakeholders and is supported by the whole firm.1
QUESTIONS
2.1 W hat are the key risk m anagem ent com ponents that need 2.13 Airlines have used a sophisticated com bination of swaps,
to be re-evaluated on a regular basis for designating a risk call options, collars (calls and puts), futures contracts, and
m anagem ent road map? other instruments to manage their price risks since around
the mid-1980s.
2.2 Provide several exam ples to dem onstrate that the C-suite
A. True
supports a strong risk culture.
B. False
2.3 D escribe w hat is m eant by risk appetite in practical
2.14 MGRM was exposed to a shift in the price curve from
term s.
backwardation to contango, which meant that the pro
2.4 Provide exam ples of what factors drive interest rate risk gram generated huge margin calls that becam e a severe
m anagem ent. and unexpected cash drain.
2.5 Provide exam ples of hedging tips for conservative end A. True
users. B. False
2.21 Exchange-based derivatives are designed to 2.25 Brewers can fix the price they pay per bushel of wheat
A. be traded easily at a relatively low transaction cost. to manage w heat price exposures by buying futures con
B. be a perfect fit hedge. tracts and
C. avoid basis risk. A. holding these futures contracts until they mature and
D. reduce counterparty credit risk. take delivery specified by the exchange in term s of
quality and location.
2.22 Minimizing counterparty credit exposure can be obtained
through the use of B. selling these futures contracts near the delivery date
and using the proceeds to purchase the w heat now
A. margin requirem ents.
from their favored supplier.
B. netting arrangem ents.
C. all of the above. C . All of the above
D. it cannot be minimized at all. 2.26 O nce the firm /bank makes a risk appetite statem ent
2.23 The agricultural futures contracts first listed on the A. it is com m itted to follow it for at least three years.
C. 1940s.
D. after the 1950s.
ANSWERS
2.1 Re-evaluate regularly changes in: 2.5
risk in pursuit of its business goals. Second, it is the sum more opportunities to manage their risk adjusted returns.
of the mechanisms that link this top-level statem ent to the Globalization of com panies and of trading introduced
firm's day-to-day risk management operations. It assesses additional financial risk exposures.
the risk exposures the firm is willing to assume in relations 2.7 These Com m odity derivatives might include
to the expected returns from engaging in risky activities.
• Aluminum swaps,
2.4
• Natural gas and energy derivatives,
Firm Risk A ppetite The firm's risk appetite sets
the key goals. • Exchange-traded w heat futures,
Regulations and The treasurer may need to 2.11 False, because only 15-20% of airline operating costs are
Taxes respond to change in the burnt in the air.
rules of the gam e.
2.12 True
M arket Direction and The treasurer may need to
Behavior prepare for rising interest 2.13 True
rates or respond to yield 2.14 False, because the curve moved from backwardation to
curve behavior.
contango.
2.15 False, most airlines hedge some of their price risk, 2.20 C. all of the ab o ve1
14
but some prefer to retain it all. The naysayers cite the 2.21 D. reduce counterparty credit risk
expense of hedging programs and fear that they will lock
2.22 C. all of the above
in je t fuel prices at a high point in the m arket, just before
a steep price fall. 2.23 A . 1860s
2.16 False 2.24 G enerally yes. Potentially no in the case where the
investor holds the investm ent as part of a diversified
2.17 True13
portfolio.
2.18 C . the amount that it would be happy to bear at any
2.25 C. all of the above
one time
2.26 The board must approve it.
2.19 A . the firm could bear without becoming insolvent
1 *3
See McDonald's Corporation, Form 10-k annual report for fiscal year 14 See https://www.cnbc.com/amp/2019/01/02/mortgage-applications-
ended December 31, 2017, pages 26-27. plummet-nearly-10percent-to-end-2018-despite-lower-rates.html
Explain changes in corporate risk governance that Evaluate the relationship between a firm's risk appetite
occurred as a result of the 2007-2009 financial crisis. and its business strategy, including the role of incentives.
Com pare and contrast best practices in corporate Illustrate the interdependence of functional units within a
governance with those of risk m anagem ent. firm as it relates to risk m anagem ent.
A ssess the role and responsibilities of the board of A ssess the role and responsibilities of a firm's audit
directors in risk governance. com m ittee.
39
Corporate governance is the way in which com panies are run.1 It Europe refrained from a legislative approach. Instead, European
describes the roles and responsibilities of a firm's shareholders, regulators pursued a voluntary reform of corporate codes and
board of directors, and senior m anagem ent. a regim e of "com ply-or-explain" for departures from these
codes. These reforms focused on internal controls, governance
Corporate governance, along with its relationship to risk, has
m echanism s, and financial disclosure and did not directly
becom e a major issue in the banking industry. This chapter
address risk m anagem ent.
traces the developm ent of risk governance (i.e., how firms
undertake and oversee risk management) over the past two The 200 7-2 00 9 global financial crisis was directly tied to risk
decades. It describes how risk governance morphed from a m anagem ent failures. The crisis itself was trig gered by the
vague principle into a well-defined set of best practices and downward turn in a previously "h o t" housing m arket, which
becam e a central tenet of modern banking regulation. was fueled by an all-too-easy m ortgage m arket and acceler
ated by a boom ing m arket for m o rtg ag e-b acked securities
The ascendance of risk governance is closely linked to a series
that w ere traded by leading financial institutions. During this
of high-profile corporate scandals that occurred in the first
tim e, lenders engaged in unsound practices by extending
decade of the twenty-first century. The first wave of these fail
m ortgages to unqualified individuals and encouraging home-
ures included the bankruptcies of Enron in 2001, W orldCom and
ow ners to take on more debt than they could handle. Invest
Global Crossing in 2002, and Parm alat SpA in late 2003. In these
m ent banks securitized these loans into com plex asset-backed
cases, corporate failure was precipitated by financial or account
securities, which found their w ay into the m ainstream credit
ing fraud.
m arket. Th e financial institutions responsible for originating
W hile this fraud was perpetrated primarily by executives, it is and trading these structured instrum ents, as well as the rating
im portant to note that their actions were seem ingly unchecked agencies used to assess them , failed to accurately appraise
by the firm s' auditors and boards of directors. Specifically, their value and risk.
boards and shareholders were not informed of the econom ic
A s the num ber of m ortgage defaults clim b ed , the system
risks undertaken by corporate m anagem ent. This lack of com
unraveled and several m ajor investm ent banks holding
munication reflected a fundam ental breakdown in corporate
low -quality assets found them selves on the verge of co l
disclosure and accountability. Financially engineered products
lapse. A s the crisis unfolded, it becam e ap p arent that the
(e.g ., derivatives) were often involved and were used at tim es to
problem s encountered in the m ortgage m arket extend ed
disguise the severity of the failing firm s' financial positions.
far beyond hom eow ner lending. During the boom years
These scandals, and the faulty corporate governance that preceding the crisis, risk m anagem ent at many financial
allowed them to occur, led to regulatory reforms designed to institutions was m arginalized as execu tive m anagem ent threw
enhance the governance of public firms, increase transparency caution to the wind in pursuit of g reater returns. The decline
and executive accountability, and improve financial controls and in underw riting standards, the breakdow n in o versight, and
oversight. In the United States, these changes took the form of a reliance on co m p lex cred it instrum ents cam e to character
federal legislation: the Sarbanes-O xley A ct1
2 (SO X). This law laid ize the cred it m arkets. This eventually led to the failure of
the foundation for federally enforced corporate governance num erous financial institutions. Although originating in the
rules based on stricter securities regulation. The law was passed United States, the crisis affected banking and econom ic
in 2002 and the new standards were put into effect the follow activity all around the w orld . It was system ic in nature and
ing year, with the Securities and Exchange Com m ission requiring global in sco p e.
US-based securities exchanges and associations to make sure
The events of 2007-2009 underscored the inadequacy of the
that their listing standards conform ed to the new m andated
corporate governance regulation adopted earlier in the decade.
standards set forth by S O X .3 In addition to governance, these
N either the regulation of Sarbanes-O xley nor the principle-
rules also had significant im plications for risk m anagem ent.
based light touch approach in Europe were able to avert the
crisis in the banking and securities industries. N onetheless, many
1 Report of the Committee on the Financial Aspects of Corporate
saw the absence of executive accountability and the failure of
Governance (1992), http://cadbury.cjbs.archios.info/report.
internal corporate oversight as significant contributors to the
2 The Sarbanes-Oxley Act - Pub. L. 107-204, 116 Stat. 745.
crisis and the ensuing loss of confidence in the banking system .
3 The final rule on standards for Listed Companies Audit Commit The debate on corporate governance continued in the after-
tees was put into effect in April of 2003, with exchanges required to
have their own internal rules for compliance approved by the SEC by math of the crisis. Table 3.1 summarizes some of the key issues
December 1, 2003. in this debate.
Table 3.1 Key Post Crisis Corporate Governance Concerns—The Banking Industry
Stakeholder Priority Enquiries into the 2007-2009 financial crisis found that often little attention was paid to controlling tail
risks and considering truly worst-case outcom es. This has led to a debate about the uniquely com pli
cated set of stakeholders in banking and the potential im pact on corporate governance.
In addition to eq uity, banks have large am ounts of d ep o sits, d eb t, and im plicit governm ent guar
antees. D ep o sito rs, d eb th o ld ers, and taxp ayers have a much stronger interest in m inim izing the
risk of bank failure than do m ost shareholders, who often seem to press for short-term results.
Shareholder em p ow erm ent, the usual rem edy to corporate governance ills, may therefo re be an
inadequate solution for the banking industry's w o e s.6
Board Composition The crisis reignited a longstanding debate as to how to ensure bank boards can achieve the appropri
ate balance of independence, engagem ent, and financial industry expertise. Analyses of failed banks
do not show any clear correlation between success and a predom inance of either insiders or outsiders.
O ne can note, however, that failed bank Northern Rock had several banking experts on its board.
Board Risk Oversight The im portance of boards being proactive in risk oversight becam e increasingly recognized follow
ing the crisis. This has led to a focus on educating boards about risk and making sure they maintain a
direct link to the risk m anagem ent infrastructure (e.g ., by giving C R O s direct reporting responsibilities
to the board).
Risk Appetite Regulators have pushed banks to articulate a form al, board-approved risk appetite that defines a
firm's willingness to undertake risk and tolerate threats to solvency. This can be translated into an
enterprise-wide setting of risk limits. Engaging the board in the limit-setting process helps to make
sure it thinks clearly about risk-taking and its im plications for day-to-day decision-m aking.
Compensation O ne of a board's key levers in determ ining risk behavior is its control over com pensation schem es.
Boards have a duty to exam ine how pay structures might affect risk-taking and w hether risk-adjust
ment m echanisms capture all key long-term risks. Some banks have started instituting reforms, such as
limiting the scope of bonuses in com pensation packages, as well as introducing deferred bonus pay
ments and claw back provisions.
2. Board Qualifications Board m em bers should be and remain q u alified , individually and co llectively,
and Composition for their positions. They should understand their oversight and co rporate gover
nance role and be able to exercise sound, o b jective ju d g m en t about the affairs of
the bank.
3. Board's Own Structure The board should define appropriate governance structures and practices for its own
and Practices work and put in place the means for such practices to be followed and periodically
reviewed for ongoing effectiveness.
4. Senior Management Under the direction and oversight of the board, senior m anagem ent should carry out
and manage the bank's activities in a manner consistent with the business strategy, risk
appetite, rem uneration, and other policies approved by the board.
5. Governance of Group In a group structure, the board of the parent firm has the overall responsibility for the
Structures group and for ensuring the establishm ent and operation of a clear governance fram e
work appropriate to the structure, business, and risks of the group and its entities. The
board and senior m anagem ent should know and understand the bank group's organi
zational structure and the risks that it poses.
6. Risk Management Banks should have an effective independent risk m anagem ent function, under the
Function direction of a chief risk officer (CRO ), with sufficient stature, independence, resources,
and access to the board.
7. Risk Identification, Risks should be identified, m onitored, and controlled on an ongoing bank-wide and
Monitoring, and individual entity basis. The sophistication of the bank's risk m anagem ent and internal
Controlling control infrastructure should keep pace with changes to the bank's risk profile, the
external risk landscape, and to industry practice.
8. Risk Communication An effective risk governance fram ework requires robust communication within the bank
about risk, both across the organization and through reporting to the board and senior
m anagem ent.
9. Compliance The bank's board of directors is responsible for overseeing the m anagem ent of the
bank's com pliance risk. The board should establish a com pliance function and approve
the bank's policies and processes for identifying, assessing, m onitoring, reporting, and
advising on com pliance risk.
10. Internal Audit The internal audit function should provide independent assurance to the board and
should support the board and senior m anagem ent in promoting an effective gover
nance process and the long-term soundness of the bank.
11. Compensation The bank's remuneration structure should support sound corporate governance and
risk m anagem ent.
12. Disclosure and The governance of the bank should be adequately transparent to its shareholders,
Transparency depositors, other relevant stakeholders, and m arket participants.
13. Role of Supervisors Supervisors should provide guidance for and supervise corporate governance at
banks, including through com prehensive evaluations and regular interaction with
boards and senior m anagem ent; should require im provem ent and rem edial action
as necessary; and should share information on corporate governance with other
supervisors.
Source: Basel Committee on Banking Supervision, Guidelines: Corporate Governance Principles for Banks, July 2015, 8-40.
purview of bank regulators and was therefore not subject to to scenario analysis and stress testing, with the following
erally regarded as marginal to the stability of the United States • A top-down approach with m acroeconom ic scenarios
banking system (until the 2007-2009 crisis proved otherw ise). unfolding over several quarters;
The com petitive structure of the banking industry was altered • A focus on the effects of m acroeconom ic downturns on
dram atically during, and as the result of, the crisis. Investm ent a series of risk types, including credit risk, liquidity risk,
giants, including Bear Stearns and Merrill Lynch, were merged m arket risk, and operational risk;
(under duress) with banking institutions. Lehman Brothers went • An approach that is com putationally dem anding, because
bankrupt. The last two major investm ent banks, Goldm an Sachs risk drivers are not stationary, as well as realistic, allowing
and Morgan Stanley, were converted into bank holding com pa for active m anagem ent of the portfolios;
nies (BH Cs). This made them subject to the full force of banking
• A stress testing fram ew ork that is fully incorporated
regulation, but also eligible for the credit extended to banking into a bank's business, capital, and liquidity planning
institutions by the Federal Reserve System .
processes; and
A O
In Ju ly 2010, the Dodd-Frank A ct was signed into law. The • An approach that not only looks at each bank in isolation,
Act's 2,300 pages overhauled the regulation of the financial but across all institutions. This allows for the collection
industry in the United States, aiming to improve both consum er of system ic information showing how a major common
protection and system ic stability. Specifically, it attem pted to scenario would affect the largest banks collectively.
address several issues.
The Federal Reserve Board (FRB) conducts two stress testing
• Strengthening the F e d : The A ct extended the regulatory exercises:
reach of the Federal Reserve (i.e., the Fed) in the areas con
1 . The Dodd-Frank A ct Stress Test (D FAST) for banks with
cerned with system ic risk. All the system ically im portant
assets above USD 10 billion, and
financial institutions (SIFIs), which are defined as bank holding
firms with more than USD 50 billion14 of assets, are now reg 2. The Com prehensive Capital Analysis and Review (CC A R) for
ulated by the Federal Reserve and the Fed's m andate now banks with assets above USD 50 billion.16
includes m acroprudential supervision.
1. A forward-looking em phasis on the sustainability of each The Board and Corporate Governance
bank's business m odel, including during conditions of
O ne of the key duties of a corporate board of directors is to
stress,
protect the interests of shareholders. Traditionally, the board
2 . An assessm ent m ethodology based on best practices within has been cast as the gatekeeper for all shareholders. A grow
the banking industry, and ing number of analysts, however, argue that the responsibility
3 . An expectation that every bank will ultim ately operate of the board extends beyond shareholders to include all cor
under the same standards. porate stakeholders (e.g ., debtholders and em ployees). Given
the divergent interests of the various stakeholders, managing
Th e internal capital ad eq u acy assessm en t process (IC A A P )
this responsibility is not always an easy task. D ebtholders, for
and the internal liquidity ad eq u acy assessm ent process
exam ple, are primarily interested in the extrem e downside risk.
(ILA A P) are the tw o key com ponents of SREP.
This is because their stake in the firm is most at risk during times
1 . The IC C A P incorporates scenario analysis and stress of distress (i.e., when corporate solvency is on the line).
testing. It outlines how stress testing supports capital
The board is also charged with overseeing executive m anage
planning.
ment. Analyzing the risks and returns from corporate activity is
2 . The ILAAP incorporates the potential losses from asset one of the board's fundam ental duties. If m anagem ent assumes
liquidations and increased funding costs during stressful a given risk, the board must understand the type and magnitude
periods. of the threat posed should that risk come to fruition.
European banks with assets of EU R 30 billion and above Addressing conflicts of interest between m anagem ent and
m ust run European Banking A uth o rity (EB A ) stress tests. shareholders lies at the heart of corporate board oversight.
Th ese stress tests are run at the consolidated banking group Such conflicts are referred to in the financial literature as agency
level (insurance activities are exclu d ed ). Two supervisory problem s, and they are often m anifested as the unwarranted
m acroeconom ic scenarios covering a three-year period are assumption of risk to pursue short-term profits or to enhance
provided by the regulator: a baseline scenario and an adverse apparent perform ance. These activities put the interests of man
scenario. agem ent squarely against those of longer-term stakeholders.
Although the scenarios unfold over a three-year period, the Conflicts of interest are easily created, rendering agency risk
approach (contrary to C C A R ) is fundam entally static and banks a perennial governance challenge. For exam ple, giving execu
are only required to look at the im m ediate im pact of the cum u tives stock options (which take on value only if the firm's shares
lative shocks over the three-year period. exceed a certain price) can incentivize senior m anagem ent to
Even the best-designed executive com pensation system s cannot tion as well as with external stakeholders and regulators.
fully prevent executives from being tem pted to pursue short The mix of the measures adopted, and the degree to which they
term results to the detrim ent of long-term objectives. For this are enshrined in law, varies between jurisdictions. In 2012, the
reason, the scope and structure of executive com pensation has World Bank articulated a set of standards for risk governance
becom e a major concern and m easures to strengthen executive aimed at improving the effectiveness of risk m anagem ent and
accountability are gaining traction. control, enhancing risk m anagem ent standards, and promoting
Ongoing tensions between the interests of C E O s and the inter the com petitiveness and sustainability of financial institutions.20
ests of longer-term stakeholders have becom e a prominent The board of directors plays a central role in both the shaping
feature of corporate m anagem ent. A gency risks arising from and oversight of risk m anagem ent. Its primary responsibility in
these tensions provide an im portant rationale for the board's risk governance is to assess the fundam ental risks and rewards
independence from executive m anagem ent. They also explain engendered in the firm's business strategy. This assessm ent
the recom m ended best practice of separating the position of must be based on a clear understanding of the institution's
C E O from that of board chairman. direction and goals. The board must proactively participate in
The bankruptcy of brokerage firm M F Global in 2011 illustrates strategic planning as well as outline the appropriate risk ap p e
the perils of agency risk, particularly when the board's indepen tite (as discussed in C hapter 2).
dence from executive m anagem ent is questionable. Risk appetite is intimately related to business strategy and capital
In 2010, MF Global appointed Jon C o rzine171
8as chairman of the planning. Certain activities may be categorically inappropriate for
board and C E O . A t the tim e, the firm was already experiencing an enterprise given the type of risk involved. The appropriateness
liquidity and com pliance problem s. Under Corzine's leadership, of other activities may be a function of their scope relative to the
AQ
and despite repeated warnings by the firm's C R O at the tim e, firm's total asset value. Business planning must take risk m anage
MF Global made huge proprietary investm ents in European sov ment into consideration from the outset, and the matching of
ereign debt. These investm ents soured in 2011, exacerbating strategic objectives to risk appetite must be incorporated into the
the firm's liquidity problem s. This led to a loss of shareholder planning process. Equally important is a clear communication of
and client confidence, and ultim ately to the firm's collapse. risk appetite and risk position throughout the firm. This allows the
During this tim e, the firm allegedly m isappropriated client firm to set appropriate limits on its various risk-bearing activities.
funds in an attem pt to keep the firm solvent. This prom pted the The board is also responsible for oversight and risk transparency.
U.S. Com m odity Futures Trading Com m ission (C FTC ) to act It must ascertain whether any major transaction undertaken by
against Corzine and the firm's assistant treasurer.19 the firm is consistent with the authorized risk and associated
business strategies. Similarly, it must ensure that the disclosure
From Corporate Governance to to managers and relevant stakeholders is both adequate and
Best-Practice Risk Management com pliant with internal corporate rules and external regulations.
Given the board's accountability to stakeholders, the board is
The experience of the past two decades illustrates how the ultimately responsible when risk policy is ignored or violated.
objectives of corporate governance and risk m anagem ent have
To fulfill its role in risk governance, the board must assess
converged. The 2007-2009 crisis exposed extrem e deficiencies in
w hether the firm has put an effective risk m anagem ent system in
risk management and oversight among financial institutions. As a
place that enables it to further its strategic objectives within the
result, post-crisis regulation has raised the bar for risk governance
confines of its risk appetite. The board must also make sure that
with the aim of reining in both financial and agency risks.
procedures for identifying, assessing, and handling the various
Risk governance involves setting up an organizational infrastruc types of risk (e.g ., business, operational, reputational, m arket,
ture to articulate formal procedures for defining, im plem enting, liquidity, com pliance, and credit) are in place. W hile a willful
assumption of excessive risk lies at the heart of many corporate
17 As a U.S. Senator, Corzine helped draft the Sarbanes-Oxley Act in 2002. failures, just as many can be attributed to an inability to identify
risk or assess it properly in a tim ely manner.
18 M. Peregrine, "Another View: MF Global's Corporate Governance
Lesson," New York Times, December 16, 2011, https://dealbook.nytimes
.com/2011/12/16/another-view-mf-globals-lesson-in-corporate-governance. 90
(This is called enterprise risk management and is discussed in Board m em bers need to be trained on risk issues and on how
Chapter 8.) The infrastructure of risk management, which includes to evaluate and define the firm's risk appetite. They need to be
both physical resources and clearly defined operational processes, able to assess the firm's capacity for risk over a specified time
must be up to the task of an enterprise-wide scope. The task of horizon while considering the firm's mix of business activities,
assessing the fitness of a risk management system is daunting, but earnings goals, strategic objectives, and com petitive position.
doable nonetheless. One way to measure the seriousness of a risk This will allow the board to understand the firm's risk profile and
management process is to examine the human capital employed monitor its perform ance relative to the risk appetite.
and the risk managers' standing within the corporate hierarchy.
The board should also have a risk com m ittee whose members
• Is the risk m anager considered to be a m em ber of the have enough analytic sophistication and business experience to
executive staff and can this position lead to other career properly analyze key risks. The board risk and audit com m ittees
opportunities? should be two separate entities, given that each requires differ
• How independent is the risk m anager? W hat authority does ent skills to m eet its respective responsibilities.
he or she hold? To whom does he or she report?
• To what extent can one characterize the enterprise's ethical Publishing a risk appetite statem ent (RAS) is an im portant com
culture as being strong and resilient against the actions of ponent of corporate governance. The Financial Stability Board
bad actors? Has the firm set clear-cut ethical standards and (FSB) describes an RAS as "a written articulation of the aggre
are these standards actively enforced? gate level and types of risk that a firm will accept or avoid in
The board must also evaluate the firm's perform ance metrics order to achieve its business objectives." The RAS includes both
and com pensation strategy. It has the critical responsibility of qualitative and quantitative statem ents.
making sure executives are com pensated based on their risk- The objectives of an RAS should be clearly articulated. For
adjusted perform ance and that the incentives inherent in such exam ple, as shown in Box 3.2, objectives include maintaining a
com pensation do not clash with shareholder interests. balance between risk and return, retaining a prudent attitude
Credit C redit Risk M anagem ent Policy Credit Concentration Limits C red it Com m ittees
Delegated Credit Approval Authorities Global Risk Com m ittee
M arket Capital M arkets Risk M arket Risk Limits Capital M arkets Authorized
M anagem ent Policies D elegated Risk Authorities Products Com m ittee
Structural Risk M anagem ent Global Risk Com m ittee
Policy Global A sset Liability Com m ittee
O perational O perational Risk M anagem ent Key Risk Indicators O perational Risk and Control
Policy Com m ittee
Control Fram ework Global Risk Com m ittee
Reputation Reputation Risk M anagem ent Key Risk Indicators Reputation and Legal Risks
Fram ework and Policy Com m ittee
Liquidity Liquidity Risk M anagem ent Policy Liquidity and Funding Limits Global A sset Liability Com m ittee
Pledging Policy Pledging Limits Global Risk Com m ittee
Strategic Strategic Planning Policy Risk A ppetite Statem ent Executive Com m ittee
Regulatory Regulatory Com pliance M anage Key Risk Indicators Global Risk Com m ittee
ment Policy
toward tail and event risk, and achieving a desired credit rating. B) Be linked to the institution's short- and long-term stra te
The FSB states that: gic, capital, and financial plans, as well as com pensation
program s . . . "
"[a]n effective risk a p p etite statem en t should:
A su m m ary list o f key risk p o lic ie s and lim its sh o u ld be
a) Include key backgrou n d inform ation and the assum p
m ade tra n sp a re n t to all sh a re h o ld e rs. Fo r e x a m p le , B o x 3 .3
tions that inform ed the financial institution's stra teg ic
sh o w s a list o f all th e key risk ty p e s, th e re le v a n t p o lic ie s,
and business plans at the tim e they w ere a p p ro ved
o r
24 Reference CIBC 2017 Annual report, page 44. Reference CIBC 2017 Annual report, page 45.
Capacity
m mentation of these policies and
co exam ine their efficacy. They interpret
Appetite the board-approved risk appetite
and break it down into a set of
I
I practical restrictions and limitations.
I I These new rules are then dissem i
I
I nated throughout the organization
I by the executive staff and depart
I ment heads.
Capacity Performance
Appetite
Tolerance/Target
The Board Audit
Figure 3.1 Risk profile, risk appetite, risk capacity and performance
Committee
Source: COSO, Enterprise Risk Management, Integrating with Strategy and Performance, June 2017, An effective audit com m ittee is
Figure 7.5, page 62. Reprinted by permission. essential to the directors' oversight
of the firm. In addition to being
accountable for the accuracy and
th e ty p e s o f risk lim its, and th e m an ag e m e n t re sp o n sib le com pleteness of a firm's financial and regulatory disclosures, the
fo r o v e rsig h t. audit com m ittee is responsible for ensuring the firm 's com pli
ance with best-practice standards in non-financial m atters as
An RAS should contain risk appetite and risk tolerance measures
w ell. Regulatory, legal, com pliance, and risk m anagem ent activi
that limit the am ount of risk taken at the business unit level as
ties all fall under the purview of the audit com m ittee.
well as the organizational level. The RAS should also make trans
parent the relationship between risk appetite, risk capacity, risk An audit provides the board with independent verification of
tolerance, and the current risk profile. w hether the firm is doing what it claims to be doing. This critical
verification function sets the audit com m ittee's work apart from
A s shown in Figure 3 .1 , risk to leran ce refers to the range of
the work of other risk com m ittees.
acce p tab le outcom es related to achieving a business o b je c
tive . Risk to leran ce (see dotted lines in Figure 3.1) is a tactical A t the same tim e, however, the audit com m ittee's duties extend
m easure, w hereas risk ap p e tite is a broader ag g reg ate m ea beyond the search for discrepancies and infringem ents. The
sure of the am ount at risk. Risk ap p etite is set at a level su f com m ittee must assess not only the veracity, but also the qual
ficien tly below the risk cap acity to ensure th at the actual risk ity of the firm's financial reporting, com pliance, internal control,
stays well below the risk cap acity of the firm . Th e goal here and risk m anagem ent processes. For exam ple, in its review of
is to keep the actual risk profile within the estab lish ed risk financial statem ents, the audit com m ittee must not only confirm
to le ran ce bands. O p eratin g within the risk to le ran ce bands the accuracy of the financial statem ents, but that the firm suf
provides m anagem ent with com fort th at the firm can achieve ficiently addresses the risk of possible material m isstatem ents
the desired risk-adjusted return o b jectives su b ject to lim iting in its reporting as well. The financial crisis revealed the failure of
the am ount at risk. many firm s' audit com m ittees to uncover the excess risk under
taken in proprietary trading, or to alert their boards to the risk
of holding disproportionately large positions in structured credit
RISK GOVERNANCE To successfully execute their duties, audit com m ittee m em bers
must be know ledgeable, capable of independent judgm ent,
The previous sections have outlined the rationale and some of the financially literate, and have the utmost integrity. M em bers can
objectives of risk governance This section exam ines the m echa not be afraid to challenge m anagem ent and ask hard questions
nisms used by financial institutions (as well as other risk-taking when needed. In most banks, a director who is not a m em ber
corporations) to implement risk governance best practices. of the executive staff chairs the audit com m ittee, and most of
• Under the board's authority, the senior risk com m ittee deter
These risk advisory directors can also keep board m em bers
mines the limiting param eters for financial (e.g ., credit and
apprised as to the best practices in corporate governance and
market) and nonfinancial risk (e.g ., business risk and opera
risk m anagem ent. They can also give their professional opinion
tional risk) undertaken by the firm . Sub-com m ittees may be
on risks associated with the firm's core business model and the
established to handle each type of risk independently. For
areas of activity in which the firm operates or seeks to pursue.
exam ple, the firm's credit risk com m ittee would set limits on
the m agnitude and type of credit risk undertaken, as well as
The Special Role of the Board Risk oversee credit risk reporting.
Management Committee • A fter setting risk ceilings, the senior risk com m ittee then
reports back to the board risk com m ittee with recom m enda
A board risk m anagem ent com m ittee is responsible for setting
tions regarding the total risk deem ed prudent (which are sub
the firm's risk appetite and independently reviewing the gover
ject to the latter's consideration and approval).
nance of all material risks. The com m ittee's review includes an
analysis of policy guidelines, m ethodologies, and risk m anage
ment infrastructure. By maintaining direct contact with external The Role of the CRO
and internal auditors, a board risk m anagem ent com m ittee
can allow for better communication between the board and The senior risk com m ittee also bears responsibility for the estab
lishment, docum entation, and enforcem ent of any corporate
m anagem ent.
policies concerning risk. It also sets risk limits for specific busi
ness activities, which are then delivered to the C R O . The C RO
is usually a m em ber of the risk com m ittee and is responsible for
26 This is often done by design. the design of the firm's risk m anagem ent program (in addition
Corporations may also appoint business risk com m ittees for 2. Tier 2 limits are more generalized and relate to areas of
each major line of business. A business risk com m ittee typi business activity as well as aggregated exposures catego
cally com prises both business and risk personnel. Its goal is to rized by credit rating, industry, maturity, region, and so on.
27 This is just an illustrative example; some organizations may prefer lim executive com pensation schem es at many financial institutions
its set at higher or lower levels. encouraged short-term risk-taking, causing m anagem ent to
That said, one must recognize that firms will always be tem pted
to offer attractive com pensation packages to so-called "rain
3.7 THE INTERDEPENDENCE OF
m akers" who exhibit an unusual talent for generating revenues.
A bsent international cooperation, the m arket for human capital
ORGANIZATIONAL UNITS IN RISK
may be subject to regulatory arbitrage as banking enterprises GOVERNANCE
cherry pick the jurisdictions in which they operate.
The im plem entation of risk m anagem ent at virtually all levels of
In Septem ber 2009, the G-20 countries called on their respec
the enterprise is primarily the responsibility of the bank's staff,
tive central bank governors and finance ministers to establish an
rather than the board com m ittees. Executives and line busi
international fram ew ork to prom ote financial stability, including
ness m anagers need to work together to m anage, monitor, and
a reform of com pensation practices. In an endorsem ent of the
report the various types of risk being undertaken. Figure 3.2
FSB's im plem entation standards, the G-20 recom m endations
outlines how risk m anagem ent flows and is shared by various
included:
m anagem ent functions. Business m anagers also play an impor
• The elimination of multi-annual guaranteed bonuses; tant part in the verification of tim ely, accurate, and com plete
• The incorporation of executive downside exposure through deal capture and their affirmation of official profit and loss (P&L)
the deferral of certain com pensation, the adoption of share- statem ents.*
based remuneration to incentivize long-term value creation,
and the introduction of claw back provisions that require reim n o
A bank's operations function not only shares in the im plem enta to risk m anagem ent. A com prehensive review includes, among
tion of risk m anagem ent but plays a critical role in risk oversight other things, assessing the organization of the risk control unit
as well. In investm ent banks, for exam ple, its role is to indepen and docum entation along with analyzing the integrity of risk
dently execute, record, and settle trades; reconcile front and governance and the efficacy of the risk m anagem ent process.
back-office positions; and chronicle all transactions. The opera This analysis includes the integration of risk m easures into daily
tions staff also prepares earnings reports as well as independent business m anagem ent.
valuations of the bank's positions (e.g ., mark-to-market).
Internal auditors are responsible for:
The finance group, on the other hand, is responsible for devel
• Reviewing monitoring procedures,
oping valuation and finance policies, ensuring the accuracy and
• Tracking the progress of risk m anagem ent system upgrades,
com pleteness of reported earnings, and reviewing independent
assessing the adequacy of application controls in generating
valuation m ethodologies and processes. Finance also manages
and securing data, and
business planning and is called upon to support the financial
needs of the various business lines. • Affirm ing the efficacy of vetting processes.
Best practices also call for the internal audit function to review
docum entation relating to com pliance and to com pare this with
3.8 ASSESSING THE BANK'S AUDIT the standards stipulated in the regulatory guidelines.29 It should
FUNCTION also offer its opinion on the reliability of any VaR reporting
fram ework.
The previous sections outlined a risk m anagem ent process that
Taking m arket risk as an exam ple, bank auditors are called upon
conforms to risk governance. Adherence to this process can pre
to review the vetting process pertaining to the derivative valu
vent the assumption of unbridled excessive risk. However, the
ation m odels used by both the front office and the back office.
risk governance function alone cannot ascertain com pliance to
They must sign off on any significant changes to the risk quanti
the policies established by the board and external regulations.
fication process as well as validate the range of risks analyzed by
This is where the audit function comes in. It is incum bent upon the various risk m easurem ent m odels. Internal auditors are also
the internal audit function to ensure the set-up, im plem entation, required to inspect the reliability of information system s as well
and efficacy of risk m anagem ent/governance.
The Institute of Internal Auditors (I IA) has devised a set of stan 31 The Institute of Internal Auditors, (n.d.). Recommended Guidance.
Retrieved from https://global.theiia.org/standards-guidance/
dards relating to internal controls, governance, and risk m anage
recommended-guidance/Pages/Strongly-Recommended-Guidance.aspx
ment. The organization's International Professional Practices
32 See Crouhy, Galai, and Mark, "Key Steps in Building Consistent
Fram ework (IPPF) articulates standards, some of which are man Operational Risk Measurement and Management." In Operational Risk
datory and others that are strongly recom m ended. The and Financial Institutions, ed. R. Jameson, London: Risk Books, 1998.
QUESTIONS
True/False Questions
3.1 A fter establishing a risk limit, a bank should plan to 3.4 The board of directors should be responsible for
maintain a risk exposure level just below the limit during overseeing and approving a firm's risk governance.
the normal course of business.
A. True
A. True B. False
B. False 3.5 Conflicts of interest between senior m anagem ent and
3.2 The standards set in the "Basel A cco rd " are legally other internal m anagem ent are referred to as "agency
binding in all banks in most countries. problem s."
A. True A. True
B. False B. False
A. True
B. False
ANSWERS
3.1 False, because the bank should operate well below its • A focus on the effects of m acroeconom ic down
risk limits during the normal course of business turns on a series of risk types, including credit risk,
liquidity risk, m arket risk, and operational risk;
3 .2 False
• An approach that is com putationally dem anding,
3.3 False, because the leverage ratio is 3%.
because risk drivers are not stationary, as well as
3.4 True realistic, allowing for active m anagem ent of the
3.5 False, because "agency risk" puts the interests of man portfolios;
agem ent squarely against those of a com pany's longer- • A stress testing fram ew ork that is fully incorpo
• Business planning must take risk m anagem ent into • Setting risk appetite and risk tolerance measures
consideration from the outset. which limit the amounts at risk that are expressed
• The matching of strategic objectives to the risk ap p e at the business unit level and on an enterprise
tite must be incorporated into the planning process. level; and
• Clear communication of the firm's risk position and • Making transparent the relationship between risk
risk appetite is essential so that appropriate limits can appetite, risk capacity, risk tolerance and a firm's
• Not undertake certain activities, • Are specific and often include overall limits by asset
class, an overall stress-test limit, and a maximum
• Transfer either all or part of a certain risk to third parties,
drawdown limit; and
• Preem ptively m itigate risk through early detection and
• Excesses must be cleared or corrected im m ediately.
prevention, and
Tier 2 limits:
• Assum e the risk while being fully cognizant of both
the upside and downside im plications. • Are more generalized;
3.11 Q uestions to ask include the following. • Relate to areas of business activity and aggregated
exposures to credit ratings, industries, m aturities,
• Is the risk m anager a m em ber of the executive
regions, and so on; and
staff and can this position lead to other career
• Excesses are less urgent and can be cleared within a
opportunities?
within a few days or a w eek.
• How independent is the risk m anager?
3.14 Recom m endations include:
• W hat authority does the risk m anager hold?
• The elimination of multi-annual guaranteed bonuses;
• To whom does the risk m anager report?
• The incorporation of executive downside exposure
• Are risk m anagers com paratively well paid relative to
through the deferral of certain com pensation, the
other em ployees who are rewarded for perform ance?
adoption of share-based remuneration to incentivize
• Is the enterprise's ethical culture strong and resilient long-term value creation, and the introduction of
to the actions of bad actors? claw back provisions requiring reim bursem ent of
• Has the bank set clear-cut ethical standards and are bonuses should longer-term losses be incurred after
these standards actively enforced? bonuses are paid;
3.12 A risk appetite statem ent: • The placem ent of limitations on the amount of
variable com pensation granted to em ployees relative
• Is an im portant com ponent of corporate governance,
to total net revenues; and
• Articulates the level and types of risk a firm is willing
• The imposition of disclosure requirem ents to enhance
to accept to reach its business goals,
transparency.
• Includes both qualitative and quantitative statements, and
3.15 The senior m anagem ent risk com m ittee:
• Helps to reinforce a strong risk culture.
• Reports back to the board risk com m ittee with recom
O bjectives include
m endations regarding the total at risk deem ed pru
• Maintaining a balance between risk and return; dent for the latter's consideration and approval;
• Retaining a prudent attitude toward tail risk and event • Establishes, docum ents, and enforces all corporate
risk; policies in which risk plays a part;
• Achieving a desired credit rating; • Sets risk limits for specific business activities, which
• Linking short-term capital and long-term capital, are then delivered to the C R O ; and
financial and strategic plans, as well as com pensation • D elegates the power to make day-to-day decisions
structure; to the C R O . This delegation includes the power to
approve risks exceeding preset limits imposed on inherent in such com pensation do not clash with
the various business activities, provided these e xce p shareholder interests.
tions remain within the bounds of the overall board- • Disclosure to m anagers and relevant stakeholders
approved limits. is both adequate and com pliant with internal cor
3.16 Key roles and responsibilities include: porate rules and external regulations.
• The information it obtains concerning the im ple
• Independently assessing risk governance as well as
mentation of risk m anagem ent is accurate and
the im plem entation and efficacy of risk m anagem ent;
reliable.
• Reviewing the risk m anagem ent process, a com pre 3 .1 8 The board audit com m ittee is responsible for:
hensive review includes, among other things, assess
• Assessing the veracity and the quality of the firm's
ing adequacy of the organization of the risk control
financial reporting, com pliance, internal control and
unit and docum entation;
risk m anagem ent processes; and
• Analyzing the integrity of risk governance and the
• Com pliance with best-practice standards in non-finan-
efficacy of the risk m anagem ent process, including
cial m atters.
the integration of risk m easures into daily business
m anagem ent; Regulatory, legal, com pliance, and risk m anage
ment activities also fall under the purview of the audit
• Exam ining the monitoring procedures, for tracking the
com m ittee.
progress of risk m anagem ent system upgrades;
• Assessing the adequacy and effectiveness of applica 3 .1 9 E. C E O and C F O only
tion controls in generating and securing data; S O X specifically requires the C E O and C F O to affirm the
• Affirm ing the reliability of vetting processes; accuracy of all financial disclosures.
• Com paring com pliance docum entation with qualita 3 .2 0 A . Ensuring com petitive positioning of the bank in each
tive and quantitative criteria stipulated by regulations; market
• Offering its opinion on the reliability of any risk Corporate governance is concerned with proper controls
exporting fram ew ork; and around the running of a business entity— not the specif
• Evaluating the risk m easurem ent m ethodologies both ics of strategy.
in term s of theory as well as im plem entation, includ 3.21 A . Verifying the accuracy of financial reports
ing stress-testing m ethodologies.
A ccuracy of financial reports was an aim of Sarbanes-
3.17 Such roles and responsibilities include: O xley, not Dodd-Frank.
• Assessing the fundam ental risks and rewards engen 3 .2 2 D. Setting m ethodologies to assess credit risk
dered in the bank's business strategy, based on a
clear understanding of the latter's direction and goals; The specifics of risk methodologies are not a part of risk
governance. However, risk governance does extend to
• Harmonizing risk appetite with the bank's strategic plan;
ensuring the activities around the developm ent of the
• Being accountable for risk transparency; and methodologies are appropriately controlled and disclosed.
• Making sure that:
3 .2 3 B. Preparing the annual financial report
• Any major transaction undertaken is in-line with
The audit com m ittee serves as a check on processes
authorized risk taking as well as with the relevant
and procedures. In this case, the audit com m ittee would
business strategies.
ensure that the process around the report was properly
• An effective risk m anagem ent system is in place
controlled and delivered accurate results.
that enables corporation to further its strategic
3 .2 4 D. Sets risk limits for specific business activities
objectives within the confines of its risk appetite.
• Procedures for identifying, assessing, and handling The senior m anagem ent risk com m ittee em powers the
the various kinds of risk are effective. C R O to have oversight into the specifics of how risk is
• Executives are com pensated based on their risk- reported and analyzed as well as the overall day-to-day
adjusted perform ance and that the incentives m anagem ent of risk.
Com pare different types of credit derivatives, explain Evaluate the role of credit derivatives in the 2 0 0 7 -2 0 0 9
how each one transfers credit risk, and describe their financial crisis, and explain changes in the credit derivative
advantages and disadvantages. market that occurred as a result of the crisis.
Explain different traditional approaches or mechanisms Explain the process of securitization, describe a special
that firms can use to help mitigate credit risk. purpose vehicle (SPV), and assess the risk of different busi
ness models that banks can use for securitized products.
61
4.1 OVERVIEW OF CREDIT RISK backed by assets such as auto loans, credit cards receivables,
equipm ent leases, and student loans. In addition, asset-backed
TRANSFER MECHANISMS commercial paper (A BCP) and m ortgage backed securities
(MBS) are expected to survive and draw renewed interest. W hile
The core risk exposure for banks is credit risk. Traditionally,
the C LO m arket was dorm ant for a few years following the crisis,
banks have taken short-term liquid deposits and provided long
new C LO issuance has grown significantly since 2011, surpassing
term , illiquid loans. Before the new millennium, banks had only
pre-crisis volum es.
a limited capacity for managing credit risk exposure. That all
changed by the end of the twentieth century. Collateralized debt obligations squared (CD O s-squared), as well
as other forms of overly com plex securitized instrum ents (e.g .,
In 2002, then-Federal Reserve Chairm an Alan Greenspan spoke
single-tranche C D O s and com plex A B C P ) are unlikely to be
of a "new paradigm of active credit m anagem ent." He argued
revived. Their com plexity was not meant to make these instru
that the United States banking system had withstood the
ments better at hedging risk. Rather, it was meant to make them
2001-2002 econom ic slowdown in part because it had trans
easier to market.
ferred and dispersed credit exposures using novel credit deriva
tives and securitizations. These included credit default swaps M eanwhile, new credit risk transfer strategies are em erging.
(CD Ss), collateralized debt obligations (CD O s), and collateral O ne exam ple can be seen in the growing number of insurance
ized loan obligations (C L O s).1 com panies buying bank loans with the aim of building asset
portfolios that match their long-term liabilities. The high capital
This praise may seem m isguided, given the role of credit trans
costs associated with post-crisis reforms suggest the "buy-and-
fer instrum ents in the build-up of system ic risk that preceded
hold" banking model will remain a relatively inefficient way for
the 2007-2009 global financial crisis. However, the blame ini
banks to manage risks generated by lending and other bank
tially assigned to credit derivatives should in fact be laid at the
ing activities. Regulators, as well as industry practitioners, are
feet of those who used and abused them .
interested in securitization m arket reforms aim ed at helping
The C D S and C LO m arkets remained robust, in certain respects, banks obtain funding, optimizing risk m anagem ent, and encour
during and following the crisis. As a result, they fulfilled their aging liquidity and econom ic growth. In the longer term , the
purpose of helping to manage and transfer credit risk. Although 2007-2009 crisis may end up being viewed more as a construc
there were major system ic deficiencies (e.g ., conflicts of inter tive test of the credit transfer m arket than its undoing.
est and transparency issues) that needed to be addressed, the
mechanisms them selves were not the real culprit in precipitating
the crisis.
4.2 HOW CREDIT RISK TRANSFER
Many com m entators have come to the view that the role of
CAN BE USEFUL *•
these mechanisms in causing the crisis may have had more to
do with failings of the pre-crisis securitization process than with Banks have long had several ways to reduce their exposure to
the underlying principle of credit risk transfer. Note that the per credit risk— both on an individual name and an aggregate basis.
form ance of credit derivative m arkets was, and remains, highly Such credit protection techniques include the following.
varied. Some parts of the securitization industry remained viable
• Purchasing insurance from a third-party guarantor/under-
through much of the crisis and beyond. This is perhaps because
w riter: W hen done on an individual obligor basis, this is
their risks remained relatively transparent to investors.
term ed a guarantee. This is often seen in the U.S. municipal
W hile some credit transfer m arkets and instrum ents met their bond market.
dem ise following the financial crisis, some are now reappearing
• Netting of exposures to counterparties: This is done by look
(though not as they were in the past). Some of these instruments
ing at the difference between the asset and liability values for
may take off again as the econom y improves and if interest rates
each counterparty and having in place documentation saying
rise high enough to support costly securitization processes. Still
that these exposures can be netted against each other. O ther
others were relatively unaffected by the crisis.
wise, if a counterparty goes bankrupt, the value of the obliga
Some of the more robust instruments that survived the crisis tion that counterparty has to the bank vanishes while the bank
include C D S and asset-backed securities (ABS), which can be1 itself remains liable for any funds due to the counterparty.
• M arking-to-market/margining: This entails having an agree
1 A. Greenspan, "The Continued Strength of the U.S. Banking System," ment in place among counterparties to periodically revalue
speech, October 7, 2002. a position and transfer any net value change between the
counterparties so that the net exposure is minimized. This guarantor who buys the risk) without having to sell the given
requires relatively sophisticated system s and has historically position. Credit derivatives perm it the isolation of credit risk
been seen in the m arket for exchange-traded derivatives. (e.g ., in a loan or a bond) and transfers that risk without incur
• Requiring collateral be posted: Collateral can offset credit ring any funding or client m anagem ent issues. They are to credit
losses in the event of default. Note that there are instances what interest rate and foreign exchange derivatives were to
when the circum stances precipitating the default could nega m arket risk (because these innovations isolated m arket risk from
tively im pact the value of the collateral. For exam ple, with an funding and liquidity risk concerns).
oil com pany offering barrels of crude as collateral, the prob C redit derivatives com e with their own set of challenges. Each
ability of the com pany defaulting increases as the price of oil of the counterparties is obliged to understand the full nature of
falls (this is known as w rong way risk). the risk transfer: how much risk is transferred, the nature of that
• Term ination/Put option: A t inception, the counterpar risk, how the trigger events are defined, any periodic paym ent
ties agree to a set of trigger events that, if realized, would obligations, the obligations and rights for each counterparty
require the unwinding of the position using a pre-determ ined in trigger scenarios, and so on. They also need to understand
m ethodology (often the mid-market valuation). Such trig when the contract is enforceable and when (if ever) it is not.
gers could be dow ngrades, metrics based on balance sheet/ There are also issues of system ic concentration risk— even prior
income statem ent items, and so on. In the case of a put to the 2007-2009 financial crisis, regulators were concerned
option, the lender has the right to force early term ination at a about the relatively small num ber of liquidity providers in the
pre-determ ined price. credit derivatives m arkets. They feared this nascent market
could face disruption if any of the major participants w ere to
• Reassignm ent of a credit exposure to another party in the
event of some predefined trigger (e.g ., a ratings dow ngrade). experience distress (in isolation or in concert). It is interesting
to note, however, that the single-name and index C D S m arkets
The strategies discussed above are effective but require specific operated relatively sm oothly at the height of the credit crisis
agreements between the counterparties to enact. For this and
under the leadership of the International Swaps and Derivatives
other reasons, they may not easily fit the needs/goals of the coun
Association (ISDA).
terparties. Critically, they are limited in that they do not isolate
credit risk from the underlying positions for redistribution to a Risk transfer and securitization enables institutions to effec
tively tailor pools of credit-risk exposures by facilitating the
broader class of investors. Nor do they effectively "slice and dice"
sale and repackaging of risk. Securitization is also a key source
risk to enable the fine tuning of positions or credit portfolios.
for funding consum er and corporate lending. According to the
C redit derivatives (e.g ., CD Ss) were form ulated precisely to International M onetary Fund (IM F), the issuance of securitized
enable this fine tuning. C redit derivatives are off-balance sheet loans soared from nearly nothing in the early 1990s to almost
instrum ents that facilitate the transfer of credit risk2 between
USD 5 trillion in 2006. Trading volum es collapsed following the
two counterparties (the beneficiary who sells the risk and the subprim e crisis, however, especially for m ortgage-backed C D O s
and C LO s. O nly credit card receivables, auto loans, and lease-
2 Based upon some reference asset. backed securities remained relatively unaffected.
3 Pub. L. No.111 -203, 124 Stat. 1376(2010). Section 941 of the Dodd-
Frank Act. For further information, see: https://www.sec.gov/rules/
final/2014/34-73407.pdf.
4 The U.S. Court of Appeals for the District of Columbia Circuit, 17-5004,
February 9, 2018 - Loan Syndication and Trading Association (LSTA) vs.
the Securities Exchange Commission and Board of Governors of the Fiqure 4.1 Securitization of financial assets.
Federal Reserve System, 1:16-cv-00652.
5 Corporate bonds that offer enough liquidity and market activity to 6 GNMA is the primary mechanism for securitizing government-insured
facilitate credit risk analysis generally are from large corporations. and government-guaranteed mortgage loans.
Chrysler Financial
issues first private
auto loan-backed First
ABS (May) private-
------------ ------------ n
r
♦ ♦ 4 ------ 4 ♦ ---------------- ♦
1977 1981 1983 1985 1987 1990 1997 1999 2006 2010
>» July 2007
»
r
securitization m arket. Figure 4.2 summarizes the major mile The shift toward the O TD business model seem ed to offer the
stones in the developm ent of the securitization m arkets (as financial services industry many benefits.8
depicted by the IMF). • O riginators benefited from greater capital efficiency and
enhanced funding opportunities, as well as lower earnings
4.4 FROM BUY-AND-HOLD TO volatility (at least in the short term ), because the O TD model
seem ingly dispersed credit risk and interest rate risk across
ORIGINATE-TO-DISTRIBUTE
many m arket players.
Starting in the 1980s, certain banking activities shifted • Investors benefited from a w ider array of investm ents, allow
from the traditional buy-and-hold strategy to a new ing them to diversify their portfolios and better sync their
originate-to-distribute (OTD) business model. C red it risk that risk/return profiles with their goals and preferences.
would have once been retained by banks on their balance • Borrowers benefited from the expansion of available credit
sheets was sold, along with the associated cash flows, to inves and product options, as well as from the lower borrowing
tors in the form of A B S s and sim ilar investm ent products. In costs resulting from these benefits.
part, the banking industry's enthusiasm for the O TD model was
driven by the Basel capital adequacy requirem ents. Specifically,
banks sought to optim ize their use of capital by moving capital 7 Segoviano, M., Jones, B., Lindner, P., & Blankenheim, J. (2013,
November). Securitization: Lessons Learned and the Road Ahead(Rep.).
consuming loans off their books. Accounting and regulatory
Retrieved https://www.imf.org/external/pubs/ft/wp/2013/wp13255.pdf
standards also tended to encourage banks to focus on generat
8 See Report of the Financial Stability Forum on Enhancing Market and
ing the upfront commissions associated with the securitization Institutional Resilience (Rep.). (2008, April 7). https://www.fsb.org/wp-
process. content/uploads/r_0804.pdf
Risks that should have been broadly dispersed Fiaure 4.3 The self-reinforcing securitization chain.11
under the O TD model were instead concentrated Figure reprinted by permission of the International Monetary Fund.
in entities primarily established to skirt m anda
tory capital requirem ents. Banks and other financial institutions • There were misaligned incentives along the securitization
achieved this by establishing highly levered off-balance sheet chain, driven by the pursuit of short-term profits. This was
A B C P conduits and structured investm ent vehicles (SIVs). the case among many originators, organizers, m anagers, and
distributors. Investor oversight was w eakened by com pla
Banks m isjudged the risks (e.g ., reputation risk) contained in the
cency, as m arket growth beckoned many to "le t the good
com m itm ents made to SIV investors. They also (falsely) assumed
tim es roll." The com plexity of these instruments and a lack
that there would be a substantial ongoing access to liquidity
of understanding among investors also served as barriers to
funding and that m arkets in these assets would be sufficiently
m arket discipline and oversight.
liquid to support securitization.
• The risks em bedded in securitized products were not transpar
Firms that were selling their credit exposures found them selves
ent. Investors had difficulty assessing the quality of the under
retaining a growing pipeline of credit risk. Furtherm ore, they did
lying assets and the potential correlations between them.
not adequately measure and manage the risks that would m ate
rialize if assets could not be sold. Some levered SIVs suffered • There was poor securitization risk m anagem ent, particularly
from significant liquidity and maturity m ism atches, making them regarding the identification, assessm ent, handling and stress
testing of m arket, liquidity, concentration, and pipeline risks.
vulnerable to a classic bank run (or rather a shadow bank run).
• There was an overreliance on the accuracy and transparency
These problem s shed light on the need to strengthen the foun
of credit ratings. This was problem atic because rating agen
dations of the O TD m odel. The factors that exacerbated these
cies failed to adequately review the granular data underlying
w eaknesses included bank leverage, faulty origination practices,
securitized transactions and underestim ated the risks of sub
and the fact that many financial firms chose to retain (rather than
prime C D O structuring.12
fully transfer) the credit risk em bedded in the securities they
originated. Am ong the issues that needed to be addressed were Figure 4.3 summarizes this self-reinforcing securitization chain
the fo llo w ing.10 that am plified system ic risk during the crisis by allowing massive
leverage and risk concentration in the financial sector.
9 According to the Financial Times (July 1, 2008), 50 percent of AA-rated
asset backed securities were held by banks, ABCP conduits and SIVs.
As much as 30 percent was simply parceled out by banks to each other,
while 20 percent sat in conduits and SIVs. 11 E. H. Neave, Modern Financial Systems: Theory and Application,
Hoboken, NJ: John Wiley & Sons, 2010.
10 Segoviano, M., Jones, B., Lindner, P., & Blankenheim, J. (2013,
November). Securitization: Lessons Learned and the Road Ahead(Rep.). 12 See M. Crouhy, R. Jarrow, and S. Turnbull, "The Subprime Credit
Retrieved https://www.imf.org/external/pubs/ft/wp/2013/wp13255.pdf Crisis of 2007," Journal o f Derivatives, Fall 2008, pp. 84-86.
Figure 4.4 shows the total private European Note: Figures for 2014 are annualized based on data to September.
and U.S. securitization issuance from 2003 1 European securitization includes asset-backed securities (ABS), collateralized debt obligations,
to 2014. A s of 2018, securitization issuance mortgage-backed securities, small and medium enterprise securitizations, public finance initia
tives, and wholesale business securitizations.
is near the level observed in 2003.
2 U.S. securitization includes ABS, commercial mortgage-backed securities, and residential
The dust has not entirely settled on the mortgage-backed securities.
regulatory environm ent. Some measures
Source: IMF Staff. Reprinted by permission of the International Monetary Fund.
are still being drafted, some are in various
stages of im plem entation, and others are facing the possibility W hile it is im portant to be cognizant of the potential risks posed
of repeal. This regulatory uncertainty serves as an obstacle to by credit derivatives, the case favoring a thriving m arket in these
securitization's com eback. It remains to be seen if, once im ple financial instrum ents is com pelling. The paradigm of active
m ented, these new measures will be enough to prevent the credit m anagem ent has not been replaced by a new paradigm .
formation of a similar constellation of incentives, actors, and The dem and for instruments that efficiently transfer credit risk
circum stances that plagued the securitization process before and improve the effectiveness of risk m anagem ent continues to
the crisis. prevail, and the O TD model of banking based on the transfer
and dispersion of credit risk continues to carry the promise of
furthering system ic financial stability.
13 Bank of International Settlements, Credit default swaps, by type
o f position. Accessed June 2019: https://stats.bis.org/statx/srs/table/
15 Segoviano, M., Jones, B., Lindner, P., & Blankenheim, J. (2013,
d10.1?p=20182&c=
November). Securitization: Lessons Learned and the Road Ahead(Rep.).
14 Ibid. Retrieved https://www.imf.org/external/pubs/ft/wp/2013/wp13255.pdf
QUESTIONS
True/False Questions
4.1 The securitization mechanism underlying the subprim e 4.3 C redit Default Swaps allow the transfer of credit risk w ith
C D O m arket played a central role in bringing about the out impacting funding or relationship m anagem ent.
2007-2009 global financial crisis (G FC ).
A. True
A. True B. False
B. False 4.4 In the originate-to-distribute (O TD) business m odel, there
4.2 The securitization of securities backed by assets such as is little incentive for lenders to monitor the creditw orthi
car loans, credit card receivables, and equipm ent leases ness of borrowers.
remained a viable activity during and after the G F C . A. True
A. True B. False
B. False
4.11 Fiow do the SEC 's risk retention provisions force banks to
have "skin in the gam e"?
ANSWERS
4.1 False 4.7 B. Buy-and-hold
The crisis may have had more to do with failings of the Buy-and-hold is an asset acquisition strategy and
pre-crisis securitization process than with the underlying would in fact contribute to the accum ulation of credit
principle of credit risk transfer. exposures.
More straight-forward securitizations survived the G F C , Even prior to the 2007-2009 financial crisis, regulators
whereas more com plex instrum ents (e.g ., C D O s squared) were concerned about the relatively small number of
are unlikely to be revived. liquidity providers in the credit derivatives m arkets. They
4.3 True feared this nascent m arket could face system ic disruption
if any of the major participants were to experience dis
CD Ss do not require funding per se, nor do they require
tress (in isolation or in concert).
any participation from the reference creditor.
4.9 D. All the above
4.4 True
All of these are derived from the creditw orthiness (or the
In the O TD m odel, the originating financial institution
perceived creditworthiness) of the borrower
does not suffer any losses in the event of a default.
4.10 A nsw er: See Figure 4.1 and Section 4.3
4.5 False
4.11 The rules require securitizers to retain, without recourse
Equity tranches typically com prise less than 10% of total
to risk transfer or m itigation, at least 5% of the credit
funding.
risk.
4.6 D. U.S. governm ent bond futures
Explain modern portfolio theory and interpret the Interpret beta and calculate the beta of a single asset
M arkowitz efficient frontier. or portfolio.
Understand the derivation and com ponents of the C A PM . Calculate, com pare, and interpret the following
perform ance m easures: the Sharpe perform ance index,
D escribe the assum ptions underlying the C A PM . the Treynor perform ance index, the Jensen perform ance
index, the tracking error, information ratio, and
Interpret the capital m arket line.
Sortino ratio.
71
Anticipating changes in the financial m arkets is an im portant M arkowitz dem onstrated that a "rational investor" (i.e., an
com ponent of risk m anagem ent. Because future m arket m ove investor who is risk averse and seeks to maximize utility)4 should
ments are inherently uncertain, one must rely on models to m ea evaluate potential portfolio allocations based upon the associ
sure and quantify risks. ated means and variances of the expected rate of return distri
butions. The theory also assumes
This chapter reviews two key theoretical m odels for m arket risk:
modern portfolio theory (MPT) and the capital asset pricing • Capital m arkets are perfect, meaning that:
model (CAPM ). It also dem onstrates how they are related (as • There are no taxes or transaction costs;
well as their place in risk m anagem ent). • All traders have costless access to all available inform a
M arket risk has attracted a great deal of academ ic research tion; and
since the 1950s due to the abundance of available data on • Perfect com petition exists among all m arket participants
traded securities. A s a result, m arket risk m odels have been
• Returns are normally distributed.
em pirically tested in various global m arkets.
The assumption of normally distributed returns allows investor
These m odels have several simplifying assum ptions that allow
utility choices (as well as investm ent portfolios) to be stated sim
them to deliver insights into the key factors and their interre
ply in term s of the mean (i.e., perform ance) and variance (i.e.,
lationships, without getting bogged down by excess com plex
risk). With all else being equal, investors prefer a higher mean
ity. In this sense, a "g o o d " financial model is one that helps
return and a lower variance.
to separate the major explanatory variables from the noisy
Investors seek to reduce the variance of their portfolio returns
A
background.
by diversifying their investm ents. Diversification is accom
The stance taken herein aligns with Milton Friedm an's edict that
plished by investing in a portfolio of assets whose constituents
predictive power is the sole criteria to gauge the success of a
have values that do not move in lock-step with one another
m odel.*2 To that end, even a very sim ple model can be "success
(i.e., are uncorrelated). Specifically, diversification allows inves
ful" if it provides reasonably accurate forecasts and adds value
tors to offset specific risk exposures associated with individual
to the decision-making process. Despite the criticism directed at
assets.
risk m anagem ent m odels following the 2007-2009 financial
crisis— which saw m odels fail due to errors in selection, im ple According to M arkowitz, the level of investm ent in a particular
m entation, and over-interpretation— m odels and their underly financial asset should be based upon that asset's contribution to
ing theories are still essential to modern risk m anagem ent. W hat the distribution of the portfolio's overall return (as measured by
the crisis taught is that, while m odels are im portant tools, what the mean and variance). An asset's perform ance is not judged in
is even more im portant is how they are im plem ented. isolation, but rather in relationship to the perform ance of the
other portfolio assets. In other words, what m atters is the covari
ability5 of the asset's return with respect to the return of the
5.1 MODERN PORTFOLIO THEORY overall portfolio.
In Figure 5.1, portfolio P offers the best return for any portfolio Correlations across asset classes have also increased substan
with the same level of risk. M eanwhile, portfolio K can be cat tially, even in normal m arket conditions. One com m only cited
egorized as being suboptimal because there are portfolios that reason for this increase is the huge increase in basket trading via
will offer better returns for the same level of risk (i.e., all the index-tracking mutual funds and exchange traded funds (ETFs).
portfolios that lie vertically between portfolio K and the efficient Through these vehicles, large baskets of assets com posed of
frontier). benchm ark indices are traded sim ultaneously and independently
of analyst recom m endations concerning the relative perfor
Along the efficient frontier, the only way to achieve a higher
mance of these assets.
expected rate of return is by increasing the riskiness of the port
folio. Conversely, it is only by reducing the expected return that Q uantitative asset m anagem ent techniques have been pro
a less risky portfolio can be achieved. Note that the dotted line posed to adapt to this new environm ent. These techniques
in the plot represents the most inefficient portfolios (e.g ., port consist of identifying risk regimes and optimizing portfolio
folio L) where the investor achieves the lowest expected return allocations for each specific risk regim e. For exam ple, there
for each level of risk. may be periods in which m arket participants are worried and
uncertain about the future. M arkets adjust quickly to these situ
This concept extends to the entire scope of investable assets
ations, resulting in higher m arket volatility and credit spreads.
(at least in theory). Portfolio M (called the m arket portfolio)
These periods tend to be followed by quieter periods with
assumes that the m arket achieves equilibrium and accordingly
lower volatility and lower credit spreads. If an asset m anager
includes all of the risky assets in the econom y w eighted by their
anticipates a high-risk regim e, she can switch her portfolio to a
relative m arket values. In practice, stock m arket indices are used
more conservative selection of investm ents. This may include
to represent the m arket portfolio.
an increased allocation toward low-risk assets, such as money
For the United States, a proxy for the m arket portfolio may be m arket funds. Conversely, if a m anager anticipates a low-risk
the S&P 500 index or the wider-based Russell 2000. M eanwhile, regim e, she can switch to a more aggressive asset allocation
the FT S E 100 and the Euro Stoxx 50 are used for the U .K. and of equities, em erging m arkets, com m odities, high yield bonds,
European m arkets (respectively). and so on. Each asset allocation is optim ized to generate the
Following the theory, diversification means that a security's highest return for the regime with which it is associated. These
specific (i.e., idiosyncratic) risk should not be heavily (or at all) approaches com bine risk m anagem ent techniques with optimal
portfolio selection to control the volatility of investm ent portfo
lio returns.
2 xi & = 1
• No transaction costs, taxes, or other frictions; ;= 1
• Allocations can be made in an investm ent of any partial Note that beta measures the relative co-m ovem ents of security
am ount (i.e., perfect divisibility); / with the m arket, and therefore the weighted sum of the betas
• All participants can borrow and lend at a common risk-free for all assets in the m arket portfolio equals one. In other words,
rate; 8 and the beta of the m arket portfolio is one by construction.
• A ny individual investor's allocation decision cannot change From an investor's perspective, beta represents the portion of
the m arket prices. an asset's total risk that cannot be diversified away and for
which investors will exp ect com pensation. Put more sim ply, the
The C A PM model shows that m arket equilibrium is achieved
higher the beta, the higher the risk (and therefore the higher the
when all investors hold portfolios consisting of the riskless
expected rate of return).10*
asset and the m arket portfolio. Each investor's portfolio is
just a com bination of these tw o , with the proportional allo ca Under this set of assum ptions, the expected rate of return over
tion betw een them being a function of the individual investor's a given holding period on a given asset / is
risk ap p etite.
E m = r + /3,[E(Rm) - r] (5.3)
Accordingly, the expected return on a risky asset is determ ined
Here, E(R,) is the expected return of asset / over the hold
by that asset's relative contribution to the m arket portfolio's
ing period and r is the rate of return on the risk-free asset.
total risk. This measure of system atic risk is named beta and is
The m arket risk premium per unit of beta is E(R M) - r. Finally,
calculated as:
f3j[E{RM) - r] is the expected return premium above the risk-free
co v(Rj, Rm) rate (as required by investors).
(5.1)
The m arket risk premium is the difference between the
Rj and RM are (respectively) the returns on asset / and the m arket expected rate of return of the m arket portfolio and the risk-free
portfolio, while cr, and crM are their associated standard devia rate: [E(R M) - r]. This premium could be given by the difference
tions. M eanwhile, p jM is the correlation between the returns on between the rate of return on a broad m arket index (e.g ., the
asset / and those on the m arket portfolio.9 S&P 500) and a risk-free rate (e.g ., the three-month U.S. Trea
sury Bill).
An asset's contribution to the overall risk of the m arket portfo
lio is given by the ratio of the covariance of its and the market In theory, E(R m) should represent the portfolio of all risky assets
portfolio's rates of return to the variance of the m arket portfolio. in the m arket. In practice, however, a "broad enough" index of
Note that the weighted sum across all covariances equals <Jm traded shares is used as a proxy. Note that broadness is subjec
(i.e., the m arket portfolio's total risk): tive and there continues to be substantial debate am ongst
N
econom ists and investors alike over what is the exact m arket risk
2 x /COv(Rig Rm) = a h (5.2) prem ium .11
/=1
Rewriting Equation (5.3) in term s of cr„ a M, and p jM gives
Note that each asset's relative w eight is given by x„ N is the
N E(Rm) ~ r
total num ber of assets in the m arket portfolio, and = 1. E m = r + c iPiJ - ^ ----- ] (5.4)
cM
/=1
This is the reason why portfolio m anagers rely on indices to For a well-diversified portfolio, beta is w idely accepted as an
measure the perform ance of a given stock or portfolio relative appropriate measure of risk.
to the CAPM equilibrium risk-return relationship.
The derivation of TPI from CAPM is straightforward. According
This section com pares several perform ance indices and to C A PM :
illustrates how they are used. The focus is on the three trad i
E(R,) = r + /3iIE (R m) ~ r]
tional measures of portfolio perform ance based on C A PM :
(1) the Sharpe reward-to-volatility ratio, (2) the Treynor where E(R,) is the expected return on the risky asset or portfolio
reward-to-volatility ratio, and (3) the Jensen perform ance /, and (3i is the asset's system atic risk m easure. Then:
index. Also presented are some additional indices proposed E(Ri) ~ r
= E(R m) - r
in academ ic literature to measure perform ance. Regardless of
A
the measure used, the overall idea is the sam e: To get higher
Thus, in equilibrium it is expected that this ratio will be constant
average returns one must assume a greater amount of risk.
across all risky assets and portfolios and equal to the excess
expected return on the market portfolio E(R M) — r (also called
Sharpe Performance Index the alpha m easure). Any TPI greater than E(R m) — r is consid
ered to have a positive alpha (indicting superior perform ance),
A s previously discussed, the capital m arket line is given by: while a TPI below E(R M) - r would indicate a negative alpha and
E(Rm) ~ r „ inferior perform ance.
E(R P) = r + --------------------(Tp
O'M
E(Rp) and a P are the expected return and the standard deviation of
Jensen's Performance Index
the return, respectively, for an efficient portfolio P. Meanwhile, r is
the risk-free rate and E(R M) and crM are, respectively, the expected Jensen's perform ance index (JPI) is like TP I, as both measures
return and the standard deviation for the market portfolio. assume investors hold well-diversified portfolios.
SPI m easures the perform ance of a portfolio over tim e by V v a r(R p - RB)
sim ply looking at the portfolio's absolute perform ance. An The information ratio is thus an alternative to T E .
alternative approach, adopted by many professionals and
investors, is to m easure perform ance relative to a target
portfolio or benchm ark. In the follow ing section, three dif Sortino Ratio
ferent m easures of perform ance relative to a benchm ark are
The Sortino ratio (SR) is a modification of SPI. Both ratios m ea
discussed: (1) tracking error, (2) inform ation ratio, and (3) the
sure the risk-adjusted return of an asset or portfolio. However, if
Sortino ratio.
the primary focus is on downside risk, then SR is considered to
be an im provem ent over SPI:
The tracking error (TE) is the measure of the difference between ^ 2 " ,m i n < 0 , Rpf - T}2
a portfolio's returns and those of a benchm ark it was meant to
mimic or to beat. The first way to calculate T E is simply: The denom inator is the downside deviation, as measured by the
standard deviation of returns below the target. T is the target or
Rp ~ R b
required rate of return for the investm ent strategy, also known
W here RP is the return of the portfolio under consideration, and as MAR or minimum accepted rate of return. T may be set to
R b is the return of the benchm ark portfolio. the risk-free rate or another hurdle rate.
QUESTIONS
5.1 Is the m arket portfolio the only efficient portfolio that can 5 .1 0 If crA = 20% and a B = 40% and a portfolio if form ed with
be form ed? half the money invested in each stock, then ap must be
A. True
B. False
ANSWERS
5.1 No is based on expected and unobserved variables. It also
provides a method of decom posing asset returns into
5 .2 D. The relative co-m ovem ent of a security with the mar
two com ponents: a system atic (or market) com ponent
ket portfolio
and a residual (or non-market) com ponent:
5 .3 B. E(R m) - r
rP = aP + b PrM + e P
E(R m) - r is the excess return of the m arket portfolio
where rP = RP - r is the excess return of the portfolio
over the risk-free rate.
return RP over the risk-free rate r and rM = RM - r is the
5 .4
excess return of the m arket portfolio R m over the risk
P a = - 1 , P b = 0 and p c = 2 free rate r.
5 .5 A . E(R a ) = - 3 % , E(R b) = 5%, E(RC) = 21%
The residual com ponent eP is uncorrelated with the
In equilibrium stocks are on the same security m arket excess return rM. The system atic com ponent is
m arket line: beta multiplied by the m arket excess return. The mar
E(R,) = r + [E(R m) - r] p, ket model thus appears to be a natural fram ework for
estim ating beta.C A PM is an equilibrium pricing m odel,
5 .6 True
which suggests that each asset is priced so that its
5 .7 True expected return com pensates for its contribution to the
5 .8 False m arket portfolio risk. The asset's expected return is thus
found to be proportional to its beta. For a well-diversi
The realized return is random. CAPM predicts that the
fied portfolio, an asset's risk contribution will approxi
expected rates of return for stocks A and B should be the
mate its risk contribution to the m arket portfolio.
sam e.
5 .9 D. 11.8% 5.14 No, the risk premiums for different stocks will not be the
sam e. It is, according to the C A PM :
5 .1 0 B. Between 10% and 40%
coviRj, R m)
5.11 (E(R m) ~ r)
/= 1
f3; = 0 means that in equilibrium E(R,) = r = 5%
Cov(R„ Rm) = E(R,Rm) - E(R;)E(Rm)
The m arket is not in equilibrium .
Com bining the two equations:
5.18 This statem ent is false. The beta of a security obtained
from past data is only an estim ate of the true beta, which Cov(R„ Rm) = ' Z x j m . R j ) - E(R,)E(Ri)]
is unknown. The estim ate is subject to statistical estim a )=1
tion errors and the true beta, at best, can be said to fall
= 2 XjCoviR,, Rj)
within a confidence interval with a given probability (the
i= 1
confidence level).
= x p f + 2 xj CoviR,, Rj)
i=\
j* i
Explain the arbitrage pricing theory (APT), describe its Explain m odels that account for correlations between
assum ptions, and com pare the A P T to the C A PM . asset returns in a multi-asset portfolio.
D escribe the inputs (including factor betas) to a Explain how to construct a portfolio to hedge exposure to
m ultifactor model. multiple factors.
Calculate the expected return of an asset using a D escribe and apply the Fam a-French three factor model in
single-factor and a m ultifactor model. estim ating asset returns.
83
A s explained in C hapter 5, the capital asset pricing model (3lk is a coefficient measuring the effect of changes in factor lk
(CAPM ) is a single-factor model that describes an asset's on the rate of return of security /; and
expected rate of return as a linear function of the market's risk
e,- is the noise factor (i.e., the idiosyncratic factor).
premium above a risk-free rate. Beta is the coefficient (i.e., the
slope) of this relationship. A P T was later tested by Roll and Ross (1980) and Chen, Roll,
and Ross (1986).4 Chen, Roll, and Ross found that the following
The A rbitrage Pricing Theory (APT) is based on the reasoning
set of m acroeconom ic factors were im portant in explaining the
behind C A PM . However, it explains an asset's expected rate of
realized average rates of return on stocks traded on the New
return as a linear function of several m arket factors. The single
York Stock Exchange (N YSE):
factor in CAPM (i.e., the market's expected risk premium) is
derived from a theoretical model with assumptions about inves • The spread between long-term and short-term interest rates
tor behavior. In contrast, A P T only assumes that there are no (reflecting shifts in tim e preferences);
arbitrage opportunities. • Expected and unexpected inflation;
variances (i.e., residual risks). For exam ple, if M = 3 then this Adding these two factors, Fama and French showed that the
9 -3 HM L factor is redundant.10
becom es 3 H---- _— = 6.
O ther versions of this model (e.g ., Carhart (1997)) include a
momentum factor (M OM ), which is the difference between
Chapter 6 The Arbitrage Pricing Theory and Multifactor Models of Risk and Return ■ 85
Further, the analyst believes that the firm can generate an
Monthly Data From January 1990 to April 2019
extra 3.0% return annually because it has an advantage over its
Coca-Cola J.P. Morgan com petitors.
Alpha 0.08 0.82 0.16 0.71 • A 12.5% return on equities over the next year;
XLB M aterials
Box Example 6.2:
X LE Energy
An analyst believes that a firm's Fama-French dependencies are
X LF Financials
Value XLI Industrials
Beta 0.25 X LK Technology
SMB 1.25 XLP Consum er Staples
HML - 0 .7 5 XLU Utilities
To see how this might be used, consider an analyst that fore basis, then tracking errors will appear. If the hedging strategy
casts the returns over the next w eek as: is updated too frequently, trading costs will be high and drag
down overall perform ance.
• X LF = 5%,
A nother challenge is model risk, which includes both factor
• X LK = - 4 .0 % , and
model error and the potential for errors in im plem entation.
• XLP = 2.0% . Factor model errors occur when a model contains m athem ati
This would translate into an expected return of 3.86% cal errors or is based on m isleading/inappropriate assumptions.
(= 1.000 X 5.0 + 0.223 X (- 4 .0 ) - 0.212 X (2.0)) for a For exam ple, a hedging strategy that is based on linear factor
position in J.P. Morgan. m odels that fail to capture nonlinear relationships among the
factors will be flaw ed.
Determ ining portfolio risk using all the stocks in the S&P 500 (in
various portions) would require the calculation of about 125,000 A no th er common error in model building is to assum e
different variances. By using these nine factors, that number falls stationarity in the underlying asset distribution, as often such
to less than 5,015. The latter is much more feasible and in prac distributions can evolve over tim e. A d d itio nally, assum ptions
tice should offer results that perform just as well (given the error built into m odels may fail to hold in certain conditions, such as
margins). during stressed m arkets. During the 2007-2009 financial crisis,
for exam p le, many m arket-neutral hedge funds perform ed
poorly.
6.3 FACTOR ANALYSIS
IN HEDGING EXPOSURE
W hile idiosyncratic (i.e ., specific) risk can theoretically be
elim inated through diversification, the sam e is not true for
Chapter 6 The Arbitrage Pricing Theory and Multifactor Models of Risk and Return ■ 87
The following questions are i to help candidates understand the material. They are not actual FRM exam questions.
QUESTIONS
6.1 A major disadvantage of A P T is that the theory gives no 6.8 If the return process for 100 firms is a four-factor m arket
insights into what the m acroeconom ic factors might be. m odel, then the number of param eters to be estim ated is
A. 6 .
A. True
B. False
B. 100.
C. 386.
6.2 A P T assumes asset returns are normally distributed.
D. 406.
A. True
6.9 Em pirical studies of the single-factor m arket model show
B. False
the explanatory power of the model is rather high. True or
6.3 A P T requires that investors make decisions based on false? Discuss.
mean and variance.
6.10 Roll noted that well diversified portfolios are nonetheless
A. True highly correlated if the holdings are concentrated within
B. False the same asset class. True or false? Explain.
6.4 W hat is the basic idea of A P T? 6.11 Fama and French (1996) added two risk factors beyond
6.5 The A P T model is derived from the m arket index to explain past average rates of return.
W hich of the following ratios is a risk factor in the Fama-
A. a theoretical model of optimal portfolio selection.
French em pirical model?
B. an extension of the concept of C A PM . A. E B IT D A to total sales
C. arbitraging a few known risk factors in the m arket. B. Current assets to current liabilities
C. Net profit to total assets
D. investors holding efficient portfolios.
D. Book-to-m arket values
6.6 Chen, Roll, and Ross (1986) tested the A P T model and
6.12 In their later work, Fama and French (2015) added two
found several explanatory variables for the average rate of
more factors. W hich of the following is a basis for one of
return on stocks traded on the N YSE. Which of the follow
these new risk factors?
ing is not an explanatory variable in their em pirical test?
A. O perating profitability
A. Expected and unexpected inflation
B. Current assets to current liabilities
B. The yield spread between high and low risk corporate
C. Net profit to total assets
bonds
D. Last month perform ance
C. The yield spread between long and short maturity
bonds 6.13 Factor betas in a well-diversified portfolio provide a means
D. The change in money supply in the econom y for constructing a hedging strategy to reduce system atic
risk. True or False? Discuss.
6.7 If a portfolio has 80 securities, the number of covariances
that should be estim ated is
A. 6,320.
B. 6,400.
C. 3,160.
D. 80.
ANSWERS
6.1 True 6.7 C. 3,160.
These factors may include indices on stocks, bonds, and If there are N different securities, then the number of
com m odities, as well as m acroeconom ic factors. How correlations equals N(N - 1)/2
ever, the model does not say which of these factors adds 6.8 D. 406.
to the explanatory power of the relationship.
The number of param eters to be estim ated is
6 .2 False
MN + M(M — 1)/2 for M common factors and N firms.
A P T has three underlying assumptions. 6.9 False
1. A sset returns can be explained by system ic factors. Em pirical studies of the single-factor m arket model (i.e.,
2 . By using diversification, investors can eliminate
CAPM ) show that its explanatory power is rather low.
specific risk from their portfolios.
6.10 True
3 . There are no arbitrage opportunities among well-
diversified portfolios. If any arbitrage opportunities Roll noted that well-diversified portfolios exhibit high
were to exist, investors would exploit them away. correlations when constrained to the same asset class,
whereas there is much less correlation when portfolios
6 .3 False
are diversified across multiple asset classes.
See the previous explanation.
6.11 D. Book-to-m arket values
6 .4 The basic idea of A P T is that investors can create a
HML is the difference between the returns on stocks with
zero-beta portfolio with zero net investm ent. If such a
high book-to-market values and those of stocks that have
portfolio yields positive return, then a sure profit can be
low book-to-market values.
realized by arbitraging. In the real world, any existing
arbitrages would be exploited away. 6.12 A. O perating profitability
6 .5 B. an extension of the concept of C A PM . Fama and French extended the model in 2015 by sug
gesting two additional factors:
A rbitrage Pricing Theory (APT) is based on the reasoning
behind C A PM . It differs in that it is a multi-factor model. 1. RMW, which is the difference between the returns of
companies with high (robust) and low (weak) operating
6.6 D. The change in money supply in the econom y
profitability; and
The explanatory variables were 2. C M A , which is the difference between the returns of
• The spread between long-term and short-term inter com panies that invest conservatively and those that
est rates (reflecting shifts in tim e preferences); invest aggressively.
• Expected and unexpected inflation; 6.13 True
• Industrial production (reflecting changes in cash flow Each factor can be used to hedge the same factor that is
expectations); and reflected in a given security.
• The spread between high-risk and low-risk corporate
bond yields (reflecting changes in risk preferences).
Chapter 6 The Arbitrage Pricing Theory and Multifactor Models of Risk and Return 89
Learning Objectives
A fter com pleting this reading you should be able to:
Explain the potential benefits of having effective risk data D escribe characteristics of a strong risk data aggrega
aggregation and reporting. tion capability and dem onstrate how these characteristics
interact with one another.
D escribe the im pact of data quality on model risk and the
model developm ent process. D escribe characteristics of effective risk reporting
practices.
D escribe key governance principles related to risk data
aggregation and risk reporting practices. D escribe the role that supervisors play in the monitor
ing and im plem entation of the risk data aggregation and
Identify the governance fram ew ork, risk data architecture reporting practices.
and IT infrastructure features that can contribute to effec
tive risk data aggregation and risk reporting practices.
91
7.1 INTRODUCTION A special com m ittee of the Basel Com m ittee on Banking Super
vision (BCBS) exam ined bank data collection, data storage, and
Effective risk analysis requires sufficient and high-quality data. data analysis practices. That com m ittee uncovered many prob
This makes data a major asset in today's w orld, and it should be lems within the industry and subsequently published a special
treated as such. report on risk data m anagem ent. It concluded that data quality
in the banking industry was inadequate to aggregate and report
Risk analyses can be m ade using the internal data of an organi
risk exposures across business lines, legal entities, and at the
zation (e .g ., transaction data within a financial institution or the
bank group level.
specific costs of raw m aterials for a m anufacturing com pany).
The m ajor concern with this type of data is w hether it is kept In recognition of these inadequacies, the B C B S published a set
in an organized w ay so that it can be used for analysis. Statisti of 14 principles to guide banks as they overhauled their risk data
cal techniques for analyzing this data are w ide ranging and aggregation and reporting capabilities (BC BS 239).2 The BC BS
can include tools such as m achine learning and artificial intel defines risk data aggregation as the "process of defining, gath
ligence (Al). ering, and processing risk data according to [a firm's] risk report
ing requirem ents to enable the bank to measure its perform ance
Data can also come from outside the organization (e.g ., exter
against its risk tolerance/appetite."
nal data on the econom y or on a specific industry). Financial
institutions need data on past inflation rates, changes in money The principles and supervisory expectations outlined in BC BS
supply, major interest rates, exchange rates, and so on. Some 239 apply to risk m anagem ent data and m odels. These prin
external data can be collected from public sources, whereas ciples cover governance/infrastructure issues, risk data aggrega
other types of data may have to be purchased from vendors. tion procedures and needs, reporting, and considerations for
supervising authorities.
Banks have struggled to com ply with B C B S 239 and the o rig i
BOX 7.1 DATA IN MODEL RISK nal tim eline to achieve full com pliance was not m et by any
bank. This is largely due to the highly com plex nature of the IT
Data acquisition plays an im portant role in model risk.
Financial institutions rely on m odels to guide their day- reengineering involved in bringing the various system s into
to-day operations and to analyze their risk exposures. As com pliance as well as the dynam ic nature of the p rin cip les.3
a result, even the sm allest of model errors can have dire Th e exponential increase in the application of Al techniques
consequences. on large data sets has also m ade com pliance with B C B S 239
Model risk can be decom posed into four com ponents:1 more challenging.
input risk, estimation risk, valuation risk, and hedging risk.
Section 7.2 explains how effective risk data aggregation and
Note that data acquisition is especially pertinent when
considering input risk. M odels depend on the quality of reporting can allow organizations to measure risk across an
data because it is used to create statistical estim ators of enterprise.4 Section 7.3 describes the key B C B S governance
their param eters. As the adage goes: "garbage-in, principles.5 Section 7.4 identifies the data and IT infrastructure
garbage-out". features that contribute to effective data aggregation and
reporting. Section 7.5 describes specific characteristics of a
strong risk aggregation capability as well as the interactions
For many years, financial firm s collected data on either a depart between those characteristics. Finally, section 7.6 describes the
mental or business activity basis. G enerally, these efforts were characteristics of effective risk reporting practices and the need
not well coordinated or m anaged. Different departm ents often for forward looking capabilities to give preem ptive signals of
used different data sources, resulting in duplication in some potential risk exceedances.
cases. A lot of data was neglected and even destroyed (e.g .,
data loss can occur when moving from one com puter system to
another). In the 1960s and 1970s, data were stored on paper 2 Principles for effective risk data aggregation and risk reporting!Rep.).
cards or com puter tapes. Later storage devices included floppy (2013, January). Retrieved https://www.bis.org/publ/bcbs239.pdf
disks and hard disk drives, neither of which were com patible 3 See Basel Committee on Banking Supervision, June 2018, Progress
with the older generation of system s. in adopting the Principles for effective risk data aggregation and risk
reporting (RDARR): https://www.bis.org/publ/bcbs443.pdf
4 The specific costs and benefits of enterprise risk management (ERM)
will be discussed in Chapter 10.
1 Crouhy, Galai, and Mark, Risk Management, McGraw Hill, 2002,
page 586. 5 Best practices in corporate governance were discussed in Chapter 2.
6 Big data is data that are so big and complex that traditional data pro
cessing techniques are inadequate. A strong governance fram ework (see Principle 1 in Box 7.2)
7 This is data without a pre-defined data model or otherwise lacking a com bined with a well-designed risk data and IT infrastructure14
pre-defined approach to organization.
8 COSO, "Enterprise Risk Management: Integrating Strategy with Per
12 The Financial products Markup Language (FpML) is one such exam
formance," June 2017. (See Principle 18: Leverages Information and
ple. FpML defines a taxonomy and structure of financial derivative
Technology.)
products using the extensible Markup Language (XML) standards. For
9 Crouhy, Galai, and Mark, The Essentials o f Risk Management (2nd edi example, FpML includes structural definitions not only for derivatives,
tion), Chapter 15, McGraw Hill, 2014, offers a more complete discussion but also for the underlying financial instruments and assets to which
on model risk management. financial derivatives contracts must necessarily refer.
10 United States, Board of Governors of the Federal Reserve System, 13 Basel Committee on Banking Supervision, January 2013, "Principles
Office of the Comptroller of the Currency (2011), "Supervisory Guidance for effective risk data aggregation and risk reporting." Reprinted by
on Model Risk Management (SR 11-7)." Retrieved from https://www. permission.
federalreserve.gov/supervisionreg/srletters/sr1107a1 .pdf
14 Infrastructure describes the actual components of a system. Architecture
11 Basel Committee on Banking Supervision, January 2013, "Principles describes the design of the components and their relationships. For exam
for effective risk data aggregation and risk reporting." ple, a system is built on an infrastructure that has a specific architecture.
architecture and IT infrastructure lack the "appropriate pro instrum ent contracts. Com prom ises in tim eliness are often made
cesses and controls to ensure that the risk reference data is due to the need to extract and map data from different trading
updated following changes in business activities."26 system s into other system s that can integrate, sum m arize, and
report on the consolidated data.
STRONG RISK DATA AGGREGATION would be the ability to integrate a hypothetical stress scenario
with other parts of the portfolio to produce an aggregated
CAPABILITY enterprise risk measure. A daptability would also include the
capability to incorporate changes in an upcoming regulatory
Firm s need to monitor their data on an ongoing basis to ensure
fram ework (e.g ., an update to Basel capital regulatory rules) and
its accuracy and integrity (see Principles 3 and 4 in Box 7.4). Risk
the ability to com bine that with historical data to produce an
data should be com plete, reconciled with sources, and include
overall risk measure.
all material risk disclosures at a granular level. Classifications
and categorizations are necessary to present com plete and The B C B S notes that an effective (i.e., fully or largely compliant)
m anageable information to executive m anagem ent. If classifica capability to aggregate risk data features "appropriate data e le
tions are too broad, however, information loss and data distor ment certification, data quality docum entation, data quality
tion can occur. assurance m echanism s, assessm ent of data quality per risk type,
and docum ented and effective controls for manual
Banks should also be "ab le to produce aggregate risk inform a
p ro cesses."28
tion on a tim ely b a sis"27 (see Principle 5 in Box 7.4). The
degree of tim eliness required depends on the risk area being Conversely, ineffective (i.e., with com pliance gaps) risk data
m onitored. For exam p le, data used to m easure risk on the aggregation capabilities may feature "deficiencies in data qual
trading floor will need to generate risk inform ation on a tim e ity controls . . . ; [lack of properly established] data quality rules
lier basis when com pared to risk inform ation on a corporate such as minimum standards for data quality reporting thresh
loan. Inform ation system s dedicated to trading rooms must olds; absence of a designated authority [oversight] . . . ; lack of
an effective escalation model . . . ; and w eaknesses in [quality
control]" as well as ". . . overreliance on manual . . . processes
without proper docum entation [and policy] . . . , lack of reconcili
ation for certain key reports . . . and no variance analysis . . . ,
24 A physical data model can generate the specific operations, proce
dures, and data loads to create a functioning database instance of the inability to promptly [also without automation] source risk data
logical data model. from foreign subsidiaries . . . , lack of standardization of refer
25 Basel Committee on Banking Supervision, June 2018, "Progress ence d a ta ."29
in adopting the Principles for effective risk data aggregation and risk
reporting (RDARR)." This report also mentions as an example "a data
dictionary and a single data repository or data warehouse for each risk
type identified and constructed"
26 Ibid. The report also mentions as an example of this "a lack of a for
malized escalation process to communicate poor data quality to senior 28 Basel Committee on Banking Supervision, June 2018, "Progress
management". in adopting the Principles for effective risk data aggregation and risk
reporting (RDARR)."
27 Basel Committee on Banking Supervision, January 2013, "Principles
for effective risk data aggregation and risk reporting." 29 ibid.
Banks also have significant progress to make when it com es to 32 Pillar 1 risks include market risk, credit risk, and operational risk.
the B C B S 239 principles on effective risk reporting practices. Pillar 2 risks include business risk, reputation risk, and strategic risk.
Chapter 1 describes and differentiates among the key classes of risks.
The B C B S notes that "risk m anagem ent reports should be accu 33 Basel Committee on Banking Supervision, January 2013, "Principles
rate and precise to ensure a bank's board and senior for effective risk data aggregation and risk reporting."
34 The cycle of sample, process, and review and act upon results repeats
itself, often daily, producing yet more results datasets. In addition to the
Basel Committee on Banking Supervision, January 2013, "Principles need to manage these results datasets, there is a need for the annota
Q A
for effective risk data aggregation and risk reporting." Reprinted by tion and attribution of scenario assumptions corresponding to the data
permission. in the results data repository.
Accuracy — Risk m anagem ent reports should accurately In summary, effective reporting capabilities feature routine risk
and precisely convey aggregated risk data and reflect risk reports having useful information and providing preem ptive
in an exact manner. Reports should be reconciled and
analyses and dynam ic features. A drill down of risk data from
validated.
these reports can enable rigorous analyses across different risks
and be accessed with an easy-to-use interface.
Principle 8:
Com prehensiveness — Risk m an ag em en t rep o rts Conversely, ineffective risk reporting capability would have the
should co ver all m aterial risk areas w ithin the o rg a n iza opposite features (not all are required and this list is far from
tio n . T h e depth and sco p e of th ese rep o rts should be com prehensive): static/inflexible, lacking ability to answer even
co n siste n t with the size and co m p le xity of the bank's sim ple drill down questions, and difficult to understand.
o p eratio n s and risk p ro file, as w ell as the req u irem en ts
o f the re cip ie n ts.
Principle 9: CONCLUSION
Clarity and usefulness — Risk m anagem ent reports should The original goal of the Basel Com m ittee was to ensure that
com m unicate information in a clear and concise manner.
firms developed strategies to m eet the B C B S 239 principles by
Reports should be easy to understand yet com prehensive
enough to facilitate informed decision-m aking. Reports 2016. However, we still have a long way to go.
should include meaningful information tailored to the The Risk Data N etw ork (RDN) periodically releases progress
needs of the recipients.
reports on im plem entation of the B C B S 239 p rincip les.36 In
these reports, supervisors rate firm s' current perform ance on
Principle 10:
achieving com pliance with the RDARR principles (see A p p e n
Frequency — The board and senior m anagem ent (or
dix 1 for details). These ratings are affirm ed by a 2016 survey
other recipients as appropriate) should set the frequency
of risk m anagem ent report production and distribution. conducted by M cKinsey and the Institute of International
Frequency requirem ents should reflect the needs of the Finance (IIF)— which revealed that despite significant invest
recipients, the nature of the risk reported, and the speed m ents, banks are still struggling to com ply with the p rinciples.37
at which the risk can change, as well as the importance
of reports in contributing to sound risk m anagem ent and A study from PwC showed higher performance for compliance
effective and efficient decision-making across the bank. with Principles 7-11 (risk reporting) com pared to Principles 3-6
The frequency of reports should be increased during tim es (data aggregation). M eanwhile, Principles 1 (governance) and 2
of stress/crisis. (data architecture and infrastructure) have poor com pliance rates.
Principle 11: Although these principles are focused on internal risk reporting,
some supervisors have indicated regulatory and stress-testing
Distribution — Risk m anagem ent reports should be distrib
uted to the relevant parties while ensuring that confidenti results would also help to inform the process when assessing
ality is m aintained. bank com pliance. More recently, the European Central Bank has
stated that financial and regulatory reporting is part of BC BS
scenario param eters that are easily applied to independent 239 com pliance. Though many banks have asked, regulators
model runs. Lack of such scenario consistency will result in have not come forward with clearer guidelines for com pliance.
im portant aspects of the diversification across scenarios being The regulators continue to em phasize that ascertaining com pli
lost. In turn, this can destroy a model's ability to determ ine the ance with B C B S 239 is a subjective exercise and that the stan
volatility of the aggregate results. dards for each bank are accordingly bespoke.
25
20
15
10
0
Governance &
Risk Data Aggregation Capabilities Risk Reporting Practices
Infrastructure
P1 P2 P3 P4 P5 P6 PI P8 P9 P10 P11
2017 2.90 2.73 2.60 2.90 2.87 2.90 2.73 3.03 3.03 2.97 3.33
2016 2.83 2.60 2.60 2.93 2.73 2.90 2.77 3.00 3.10 2.97 3.37
APPENDIX 1
BOX 7.6 PRINCIPLES 12 TO 1438
Compliance Levels of 30 Banks
Principle 12:
In Figure 7.1, the small changes in the average com pliance rat
Review — Supervisors should periodically review and evaluate
a bank's compliance with the eleven Principles above. ings (on scale of 1 to 4) with B C B S 239 between 2016 and 2017
illustrate the minimal progress observed in the Principles' imple
Principle 13: m entation. The scale ranges from being "fully com pliant" (a rat
Remedial actions and supervisory measures — Super ing of 4) to "non-com pliant" (a rating of 1). The scores for the
visors should have and use the appropriate tools and fth Principle are shown in Figure 7.2. For exam ple, Principle 1
resources to require effective and tim ely remedial action was rated 2.83 in 2016 and 2.90 in 2017.
by a bank to address deficiencies in its risk data aggrega
tion capabilities and risk reporting.
Principle 14:
Home/host cooperation — Supervisors should cooperate
with relevant supervisors in other jurisdictions regard
ing the supervision and review of the Principles, and the
im plem entation of any remedial action if necessary.
QUESTIONS
7.1 B C B S 239 concerns An additional requirem ent that has em erged since the
A. conducting scenario analysis. original B C SBS 239 principles were published is the
B. liquidity requirem ents in banks. expectation that B C B S 239 principles should also apply to
C. how to deal with data in a bank. banks' regulatory reporting.
D. details of how to im plem ent the Graham -Dodd A ct A. True
B. False
7.2 Is the following statem ent True or False?
7.5 Please provide an exam ple of com pliant risk data gover
The original tim eline to achieve full com pliance with BCBS
nance in B C B S 239.
239 was not met by any bank.
A. True 7.6 Please provide an exam ple of effective risk reporting in
B. False B C B S 239.
7.3 Is the following statem ent True or False? 7.7 W hy was the original tim eline to achieve full com pliance
There is a uniform blueprint in place for B C B S 239 com pli with B C B S 239 not met by any bank?
ant infrastructures. 7.8 W hat are the characteristics of a strong risk data aggrega
A. True tion capability?
B. False
7.9 Explain how model risk is affected by data quality.
7.4 Is the following statem ent True or False?
ANSWERS
7.1 C. how to deal with data in a bank. preem ptive analyses and dynamic features. A drill down
The principles and supervisory expectations outlined in of risk data from these reports can enable rigorous analy
ses across different risks and be accessed with an easy-
B C B S 239 apply to risk m anagem ent data and m odels.
to-use interface.
These principles cover governance/infrastructure issues,
risk data aggregation procedures and needs, reporting, 7.7
and considerations for supervising authorities. • The underestim ation of the com pliance
D escribe Enterprise Risk M anagem ent (ERM ) and com pare D escribe risk culture, explain characteristics of a strong
an ERM program with a traditional silo-based risk m anage corporate risk culture, and describe challenges to the
ment program. establishm ent of a strong risk culture at a firm.
Com pare the benefits and costs of ERM and describe the Explain the role of scenario analysis in the im plem enta
motivations for a firm to adopt an ERM initiative. tion of an ERM program and describe its advantages and
disadvantages.
Explain best practices for the governance and im plem en
tation of an ERM program. Explain the use of scenario analysis in stress testing pro
grams and in capital planning.
D escribe im portant dim ensions of an ERM program and
relate ERM to strategic planning.
101
8.1 ERM: WHAT IS IT AND WHY DO exacerbate each other (e.g ., through risk concentrations, conta
gion, and cross-over risks).
FIRMS NEED IT?
Enterprise risk m anagem ent (ERM ) applies the perspective and
Earlier chapters of this book have focused on specific risk types resources at the top of the enterprise to manage the entire port
(e.g ., credit risk, m arket risk, or operational risk). This approach folio of risks and account for them in strategic decisions.3 ERM
has also been adopted by banking regulators, who require improves upon silo-based risk m anagem ent by giving executives
banks to hold minimum capital against credit, m arket, and oper an integrated, enterprise-level view of risk. This feature makes
ational risk (e.g ., Pillar I of Basel III).1 Looking at risk within risk ERM an im portant supplem ent to the more limited perspective
types and specific business portfolios makes it easier to: available from specific business lines or risk-type functions. It
also focuses attention on the largest threats to a firm's survival
• Define and measure risk (e.g ., most financial models deal
and core functionality.
with specific risks),
• A ggregate risk within business lines, and A nother im portant feature of ERM is that it supports a con
sistent approach to enterprise risks throughout a firm, from
• Hedge risk using derivative instrum ents, which tend to be risk
the boardroom to the business line. This consistency can be
specific.
achieved through a robust risk culture and an adherence to
However, it is also im portant to com pare exposures to one enterprise risk appetites and governance. Firms that lack this
another. Doing so allows firm s to prioritize risk m anagem ent consistency may see one business unit reject an opportunity due
and understand how risk-type and business line exposures add to its risk, while similar opportunity is em braced by another unit.
up to their total exposure. A t the enterprise level, risks may
This chapter explains how ERM evolved to help firm s manage
negate each other (e.g ., through netting and diversification) or
risk efficiently, identify overlooked enterprise risks, m anage
risk concentrations, and understand how different risk types
interact (Figure 8.1). It also introduces the key ERM dim ensions
BOX 8.1 CROSS-OVER RISKS—THE
NORTHERN ROCK EXAM PLE
1. Helps firms define and adhere to enterprise risk
A perceived weakness in one risk m anagem ent area (e.g ., appetites
credit risk) can reveal weakness in another area (e.g ., fund
ing liquidity). Northern Rock discovered this to its detri 2 . Focuses oversight on most threatening risks
ment during the initial stages of the 2007-2009 global
3 . Identifies enterprise-scale risks generated at business
financial crisis.
line level
The fast-growing bank had developed a strategy that left
4 . M anages risk concentrations across the enterprise
it highly dependent on investors and wholesale m arkets—
rather than custom ers' deposits— for its funding. It tried 5 . M anages em erging enterprise risks (e.g ., cyber risk,
to manage this funding concentration risk by diversifying A M L (anti-money laundering) risk, reputation risk)
geographically beyond its home m arket in the United
Kingdom by tapping funding m arkets in continental 6 . Supports regulatory com pliance and stakeholder
Europe and the United States. reassurance
H ow ever, th at approach left the institution vu ln erab le 7 . Helps firms to understand risk-type correlations and
to the global storm in funding m arkets th at erup ted cross-over risks
when investo rs began shunning banks p erceived as
having risky lending stra te g ie s (as w e d iscu ssed in 8 . O ptim izes risk transfer expenses in line with risk scale
C h a p te r 5). N orthern Rock o fficials later claim ed that and total cost
this kind o f global funding m arket shutdow n was
9 . Incorporates stress scenario capital costs into pricing
"u n fo re s e e a b le ."1
2
and business decisions
1 Regulators are also concerned with many other risks facing a bank and
try to make sure banks consider them by applying Pillar II, the supervi Fiqure 8.1 Top ten b en efits of ERM .
sory review process.
2 House of Commons, Treasury Committee, "The Run on the Rock," 3 Enterprise risks, meanwhile, are those risks large enough to make
January 2008, p.16. enterprise outcomes fall materially short of enterprise goals.
Risk view ed in business line, risk-type, and functional silos Risk viewed across business lines, functions, and risk types,
looking at diversification and concentration
Risk m anagers work in isolation Risk team integrated using global risk m anagem ent com m ittee
and chief risk officer
Many different risk m etrics that cannot be com pared (apples to Developm ent of rational risk m anagem ent fram eworks and
oranges) cross-risk universal m etrics (e.g ., VaR and scenario analysis) to
integrate risk view (i.e., apples to apples)
Risk aggregated, if at all, within business lines and risk types. Tools and integrated fram eworks make it possible to more
Difficulty seeing the aggregate risk picture accurately measure and track enterprise risk. Potentially, risk is
aggregated across multiple risk types.
Each risk type managed using risk-specific transfer instruments Possibility of cutting risk transfer costs firm -wide and integrated
(e.g ., multi-trigger) instruments
Each risk m anagem ent approach (e.g ., avoid/retain/m itigate/ Each risk m anagem ent approach is view ed as one com ponent
transfer) often treated separately, with strategy rarely being of a total cost of risk, ideally measured in a single currency.
optim ized. Com ponent choice is optim ized as far as possible in risk/reward
and cost/benefit term s expressed in that currency.
Impossible to integrate the m anagem ent and transfer of risk Risk m anagem ent is increasingly integrated with balance sheet
with balance sheet m anagem ent and financing strategies m anagem ent, capital m anagem ent, and financing strategies.
8.3 ERM: FROM VISION TO ACTION Table 8.2 Five Key ERM Dimensions
ERM Dimension Examples
So far, this chapter has covered ERM 's evolution and basic goals.
But how is ERM organized in practice?6 This depends a lot on Targets En terp rise goals: Enterprise risk appetite,
enterprise limit fram ew orks, risk-sensitive
the size and type of firm, but it helps to think of ERM practices
business goals and strategy formulation
across five dimensions (Table 8.2).
Structure H ow w e organize E R M : Board risk
1. Targets: T h e se include the en terp rise's risk ap p e tite and oversight, global risk com m ittee
how it relates to its strate g ic goals (discussed in C h a p
Risk Officer; ERM subcom m ittee; reporting
te r 2). Risk ap p e tite is linked to o perational m echanism s,
lines for ERM ; reporting structures
such as global lim it fram ew o rks and incentive co m p en sa
Metrics H ow w e m easure en terprise risk:
tion schem es. O ne goal of ERM is to set the right targ ets
Enterprise-level risk m etrics, enterprise
and m ake sure th ey are not in co nflict with o ther stra te
stress testing, aggregate risk m ea
gic goals. sures (Value-at-Risk, Cash-Flow-at-Risk,
2. Structure: The organizational structure of an ERM program Earnings-at-Risk, etc.), "total cost of risk"
approaches, enterprise level risk mapping
includes the role of the board, the global risk com m ittee
and flagging, choice of enterprise-level
and other risk com m ittees, the C R O , and the corporate risk limit metrics
governance fram ework described in C hapter 3. The goal of
ERM Strategies H ow w e m anage ER M : Enterprise level
ERM is to make each structure sensitive to the enterprise-
risk transfer strategies, enterprise risk
scale risks faced by the firm, including indirect losses. transfer instruments, enterprise moni
toring of business line m anagem ent of
enterprise-scale risks
6 In organizational terms, ERM programs are often implemented through Culture H ow w e do things: "tone at the to p ",
the senior management risk committee. Other risk committees, such as accountability for key enterprise risks,
the Credit Risk committee, may adopt ERM initiatives. Meanwhile, some openness and effective challenge, risk-
non-financial firms that lack elaborate risk committee structures may
aligned com pensation, staff risk literacy,
set up ERM committees that help coordinate ERM activities with their
whistle-blowing mechanisms
respective business lines.
However, the success of ERM is governed by the how these five Top to Bottom—Vertical Vision
dim ensions interact with each other. For exam ple, appointing a
Large risks often begin their life a long way from the board
C R O might either lead to im portant im provem ents in enterprise room. As an exam ple, consider the case of a car manufacturer.
stress testing or be a cynical re-badging exercise that changes
Suppose that a poor design or sourcing decision is m ade, and a
nothing. M eanwhile, an im provem ent in stress testing and other
potentially dangerous car part is installed. The risk is engineered
risk m etrics might not lead to im provem ents in risk m anagem ent into countless cars and therefore threatens the enterprise, its
if a firm lacks a healthy risk culture.
suppliers, and their insurers through recall and com pensation
Furthermore, many ERM programs that look well established may costs, lost sales, and reputational harm.
not be comprehensive. For example, surveys suggest that only
We can see som ething sim ilar happening in the "product fac
around half of CRO s review the impact of compensation plans on a
tories" of financial institutions. For exam ple, m isconduct issues
firm's risk appetite and culture— arguably a critical ERM function.7
have plagued large financial firms in recent years. In these firms,
The true test for ERM is w hether its growing adoption leads to a selling a poor investm ent product may not seem like a critical
decrease in negative surprises and mishaps. So far, empirical threat at the business line level when the business is young. As
research has yielded am biguous results. Some researchers have the business grows, however, that threat can rise dram atically
identified positive results from adopting ERM (e.g ., in term s of over tim e.
bank default swap spreads),8 while others have so far failed to For both financial and non-financial firm s, the rem edy might
find evidence of tangible benefits.
be som ething simple (e.g ., tweaking the design or spending
marginal amounts on better com ponents) or som ething painful
7 Deloitte, Global Risk Management Survey, 10th edition; p. 6 and p. 18.
(e.g ., closing a product line and firing the line manager). It might
The Deloitte survey is available at https://www2.deloitte.com/insights/
us/en/topics/risk-management/global-risk-management-survey.html also mean recognizing that the risk is being driven by poor
• Picking up on early signs that things are going wrong to Firm s cannot always avoid concentrations. For exam ple, insur
reduce the leveraging effect of tim e. ers and bankers have been wary of concentrating their key sys
tem s, infrastructure, and data with cloud com puting providers.
ERM brings risk decisions, across tim e and space, in line with the
1n
However, large security investm ents made by cloud providers
enterprise's stated risk appetite.
mean that going to the cloud could offer one way to manage
cyber risk and strategic technology risk. Firms must manage
Concentrations of Risk within the Firm? Ultim ately, ERM includes the recognition and m anagem ent of
concentration risks according to a firm's risk appetite.
Line m anagers look after specific business lines and therefore it
can be difficult for them to spot risk concentrations across the
enterprise. C redit concentrations, for exam ple, are the big red Thinking Beyond Silos
lever of the credit portfolio. If a bank loans too much to one
Conversely, there are major diversification benefits that can only
person (i.e., name concentration), the bank risks a big hit. If too
be understood at the enterprise level, particularly in term s of
many borrowers belong to the same industry, a sector downturn
risk type.
could w reak havoc.
Acknow ledging risk-type diversification reduces the aggre
Hidden concentrations often build up across many different
gate risk capital a firm needs to hold. It also helps to transform
businesses because line m anagers cannot see the connections.
"badly behaved" risk portfolios, including many kinds of opera
In banking, for exam ple, an institution may lend to one firm in its
tional risk, into loss distributions closer to a normal bell-shaped
corporate loan division and then create a counterparty exposure
curve (Figure 8.2).
with the same firm in its derivatives division. Many kinds of con
centration risk can creep across enterprises. Exam ples include A t the same tim e, thinking beyond silo-based risk m anagem ent
the following. helps firms to understand how risk types can interact to worsen
enterprise threats. For exam ple, enhanced consum er protection
• G eographical and industry concentrations. Exam ples include
in the United States since the global financial crisis has created
where a manufacturer's production facilities or a bank's core
significant cross-over risks between credit risk, legal risk, and
IT is located within a given region, or where a financial firm
reputational risk. A s a result, banks are under growing pressure
is over-exposed to default risk in a local econom y or type of
to make sure they are not deceiving custom ers or engaging in
industry.
abusive acts.
• P roduct concentrations. For exam ple, a derivative or retail
product might be mispriced in multiple divisions. Likewise, ERM can help firms understand how risk can cross over
between risk types during tim es of stress (as noted in Box 8.1).
• Su p p lier concentrations. An exam ple would be a firm that
has too great of a dependency on a link in its global supply
chain or, in the case of financial institutions, on technology Don't Insure the Kettle
suppliers or data/risk analysis providers.
Consum ers are nearly always right to turn down offers of insur
ance for inexpensive goods. For exam ple, if a kettle catches fire,
it is the home insurance they need to worry about and not the
10 One complication is that business line short-term priorities are often replacem ent cost of the kettle.
set at the top of the firm. For example, the business line might be try
ing to save money on product components to boost its reported profit Firms have been applying the same logic at the enterprise level
margin. It might be trying to make headquarters' sales targets, through since the 1960s by using m echanisms such as self-insurance and
whatever means. ERM is therefore also about managing agency risk and
captive insurance to retain portions of property, liability, and
the firm's risk culture, including how to build structures within the firm
that balance the need for aggressive short-term goals against the need other risks. Note that around 20% of firms with between USD
to stay in line with long-term risk appetite. 1 billion and USD 5 billion in revenue have a captive insurance
unit; that percentage rises to over 50% for firm s with at least their true exposures (i.e., considering enterprise netting
USD 10 billion in revenue. Risk retention decisions are best and diversification effects) they can retain the right level of
made at the enterprise level, where the aggregate level of risk exposure and target resources towards the real, enterprise-
exposure can be understood. threatening risks.
enterprise risk assessm ents of cyber dependencies and vulnera procedures, custom s, and conventions that influence how staff
create, identify, m anage, and think about risk within an enter
bilities, and then applying quantitative m etrics to assess the
financial im pact of cyber events. prise, including im plicit and explicit beliefs. A nother well-known
definition is that "risk culture can be defined as the norms and
This dem onstrates a general truth: firms that understand enter traditions of behavior of individuals and of groups within an
prise risk can translate this understanding into dollar savings
organization that determ ine the way in which they identify,
(Figure 8.3). The process is most obvious in the case of insurable
understand, discuss, and act on the risks the organization con
risks, but it is true for financial risks as well. As firms understand fronts and the risks it ta k e s ."13
Mitigate Severity
Keep Exp ected Loss Minimize Tran sfer C osts (Save Further USD)
Risk culture sounds intangible, but a strong risk culture is a firm's Risk culture is a difficult to address because it is m ultilayered
surest handle on ER M 14 in the same way that a strong safety cli (Figure 8.4). Individuals arrive at an en terp rise with th eir own
mate minimizes accidents in physical industries.15 risk m indsets th at are driven by th eir p erso n alities, d em o
g rap h ics, professional stan d ard s, personal e xp e rie n ce s, and
In the aftermath of the global financial crisis of 2007-2009, supervi
so on. T h ey then absorb m any of the risk-related behaviors
sory reports focused on risk culture as a driver of risk management
and p ractices of th eir local group (e .g ., business line sales
failure in large financial institutions. Other culture-driven scandals
targets) and m ake risk decisions as part of th at local social
emerged in the post-crisis years, including the mis-selling of con
environm ent.
sumer financial products (e.g., the UK payment protection insur
ance scandal), the manipulation of financial markets (e.g., Libor In turn, this can lead to a gap between the stated targets of the
rate manipulation), money laundering, and embargo breaches. organization (e.g ., risk appetite and values) and behavior by its
em ployees. This behavior may be driven by short-term or self-
The banks involved in these scandals paid massive penalties and
centered goals, with rules being broken or side-stepped. Fur
suffered discounting on their share prices while litigation contin
therm ore, it is not easy to improve risk culture across the whole
u ed .16 It is therefore not surprising that around 70% of surveyed
enterprise if a firm has no way to assess its progress.
financial institutions say that establishing and em bedding risk
culture across the organization is a high p riority.17
# • Enterprise Thinking
14 O. Karlsson et al., "Are CEOs Less Ethical Than in the Past?,"
Strategy+ Business, issue 87, May 15, 2017: https://www.strategy-business. Enterprise • Group/Enterpimse
Dynamics
com/feature/Are-CEOs-Less-Ethical-Than-in-the-Past?gko=50774
15 See summary of effect of "safety climate" on industrial accidents in Group Thinking
E. Sheedy and B. Griffin, "Empirical Analysis of Risk Culture in Financial Group Recruitment of
Individuals to a Group
Institutions: Interim Report," Risk Culture Project MacQuarie University,
version: November 2014, p. 7.
-# 9 - . • Recruitment Criteria
16 For example, for the costs of misconduct cases as a drag on bank I PI Cl IVI Q U 3 I • Mindset Promoted by
share prices, see European Systemic Risk Board, "Report on Misconduct Firm
Risk in the Banking Sector," June 2015, p. 16, Chart 7.
17 For example, Deloitte, Global Risk Management Survey, 10th edition,
published 2017, p. 27: https://www2.deloitte.com/insights/us/en/topics/ Fiqure 8.4 Risk culture is a se rie s of o verlap p in g
risk-management/global-risk-management-survey.html layers.
Leadership Tone Does board and executive com pensation support the firm's core values? Do m anagem ent's actions
support or undermine the risk m essage? Can the board be shown to monitor and com m unicate how
business strategy fits with risk appetite?
Accountability and Are there clear expectations on monitoring and accountability for key risks? Are escalation processes
Risk Monitoring used?
O penness and Is there evidence that opposing views from individuals are valued? Are there regular assessm ents of
Effective Challenge "openness to dissent"? Is risk m anagem ent given stature?
Risk-Aligned Are com pensation and perform ance m etrics supportive of the firm's risk appetite and desired culture?
Com pensation
Risk A ppetite Do key staff m em bers know the firm's enterprise risk appetite? Can they answer straightforward
Knowledge questions about its application to business decisions?
Risk Literacy/Com m on Do staff use a common language to describe risk and its effects? Are training program s available and
Language attended?
Risk Information Flows Can the firm see information flowing up and across the firm in a way that captures and highlights
enterprise-scale risks? And is there a clear link to specific discussions and decisions?
Risk/Reward Decisions Has the firm tested w hether senior executives respond to benchm ark risk/reward questions consistently
with each other and with the firm's risk appetite?
Risk Stature Do the key ERM staff have the right stature and direct communication with the Board? W ho hires and
fires them ?
Escalation and W histle Do key staff m em bers understand when and how they can escalate a suspected enterprise risk? When
Blowing were escalation procedures last used? Is there a whistle-blowing mechanism and is it used?
Board Risk Priorities Can the board name the top ten enterprise risks faced by the firm ? Can it name the key industry disas
ters associated with these risks?
Action Against Risk Has the firm disciplined em ployees who have acted against its risk appetite and ethical stance? Does the
O ffenders staff believe action will be taken even if a risk violation leads to a profit rather than a loss?
Risk Incident and Near Can the firm show how it has identified culture issues in risk incidents and the measures taken in
Miss Responses response?
Financial firm s are increasingly exp ected to be able to form a 2. Effective com munication and challenge,
view of risk culture within their institutions and of the degree to 3. Incentives, and
which their risk culture helps them adhere to their risk ap p e 4. Tone from the top.
tite s .18 O ne approach is to identify what are called key risk
Table 8.3 builds on this to offer a longer series of indicators for
culture indicators.
discussion purposes. Some of these are informal and clearly cul
In an effort to reduce the risk posed by system ically im portant tural (e.g ., encouraging openness in risk dialogue). O thers are
financial institutions, the Financial Stability Board (FSB) has really part of a firm's organizational structure, but still signal a
sp ecified 19*four key risk culture indicators: healthy environm ent (e.g ., a whistle blower needs a way to blow
the whistle).
18 See APRA, Risk Culture, Information Paper, October 2016, p. 5: http:// Note that this is a short illustrative list and does not reflect any
www.apra.gov.au/Crosslndustry/Documents/161018-Information-Paper- regulatory checklist. For consistency, the first four items follow
Risk-Culture.pdf and FSB, Guidance on Supervisory Interaction with (in the broadest term s only) the indicators set out by the FSB.
Financial Institutions on Risk Culture, 7 April 2014, p. 5.
19 These are not meant to be exhaustive. FSB, Guidance on Supervisory W hile firms focus on internal culture indicators, the firm's wider
Interaction with Financial Institutions on Risk Culture, 7 April 2014, p. 5. environm ent is also im portant. Environm ental factors driving
Industry practices/guidelines 1. Risk indicator or risk lever? The industry desperately wants
to identify risk indicators that can be used to prove it is
Professional standards
steadily improving risk culture. But if indicators are used
Regulatory standards as levers to change behavior (e.g ., if survey results affect
Country risk/corruption indices the perform ance assessm ents of senior m anagers), could
the indicators them selves becom e com prom ised? It's a lot
easier to manage (or manipulate) an indicator than it is to
risk culture may include industry norms, professional norms, and
manage risk culture.
even phenom ena such as credit cycles (Table 8.4).
2. Education for everyo n e? Firms can and should create com
Many firm s have begun system atically assessing culture using
mon enterprise languages of risk by defining risk m anage
risk culture indicators and other internal evidence (e.g ., surveys,
ment term s, concepts, and common procedures as well as
interviews, and focus groups with staff).20 For exam ple, surveys
key ERM roles (e.g ., the Board, C R O , and business line lead
may ask staff how they rate the risk culture of their business line
ers).22 O ne large financial institution w ent so far as to create
with regard to certain key characteristics, and how they and
a fictional character in a web-based game to bring risk
their colleagues behave in regard to risk/control decisions.
taking decisions to life and improve risk communication
There are m ethodologies for transform ing questionnaire results (which apparently provoked "m ixed responses").23 But so-
and other sets of quantitative key risk culture indicators into an called education for everyone includes the board. A t the
overall risk culture score. However, while these indicators track end of the day, can the board list the top ten enterprise
changes in the quality of risk culture, they do not quantify the risks and explain how these relate to the firm's risk appetite?
size of the losses associated with risk culture failings. 3 . Tim e and sp a ce: Do the same cultural attitudes exist in all
Some supervisors are digging deeper. For exam ple, the Nether parts of the firm and how do they change over tim e?
lands' DNB has conducted a series of detailed assessm ents of • Em pirical evidence suggests risk culture is mainly form ed
individual financial institutions on topics related to risk culture in the local business lines, rather than at enterprise
using insights from organizational psychologists, among other level.24 It's easy for business lines to develop distinct risk
experts. The exercise brought to light "fundam ental risks . . . in cultures under the exam ple of local team leaders.
behavior and culture" in 34 of 54 assessm ents between 2010 • Conversely, if signs em erge from multiple business lines
and 2015 .21 that som ething is wrong, (e.g ., similar "near m isses"
in term s of conduct issues), does the firm have m echa
20 One example of the application of questionnaires and focus nisms to pick up these signals? O r are they all dealt with
groups to gauge key characteristics related to risk culture can individually?
be found in the activities of the UK's Banking Standards Board, a
private sector subscription-funded body created to promote high 4 . Culture cycle: Arguably, it is only during tim es of stress
standards of behavior: https://www.bankingstandardsboard.org.uk that the enterprise's real risk culture becom es visible. A s a
Results from their 2017/18 Annual Review can be found here: https:// result, risk cultures that look robust today may not survive
www.bankingstandardsboard.org.uk/annual-review-2017-2018/
assessment-findings and a description of the BSB approach is here: real-life crises. W hile regulators want risk m anagers to carry
https://www.bankingstandardsboard.org.uk/the-uk-banking-standards- real w eight within firms to withstand this kind of buffeting,
board-an-outcome-based-approach-to-assessing-organisational-culture
A further detailed example of a researcher-driven survey of business line no
risk culture in three large banks can be found in E. Sheedy and B. Griffin, For example, see IFC (World Bank Group), Risk Culture, Risk Gover
Empirical Analysis of Risk Culture in Financial Institutions: Interim Report, nance, and Balanced Incentives: Recommendations for Strengthening
Risk Culture Project: Macquarie University, version: November 2014. Risk Management in Emerging Market Banks, 2015, p.13.
21 DeNederlandscheBank (DNB), Behaviour and Culture in the Dutch 23 T. Palermo, M. Power, and S. Ashby, "Navigating Institutional Com
Financial Sector. plexity: The Production of Risk Culture in the Financial Sector," Journal
o f Management Studies, 54:2, March 2017, p.167.
A brief survey of how regulators around the world are approaching
risk culture can be found in S. Chaly et al., Misconduct Risk, Culture, 24 E. Sheedy and B. Griffin, "Empirical Analysis of Risk Culture in Finan
and Supervision, Federal Reserve Bank of New York, December 2017, cial Institutions: Interim Report, Risk Culture Project," Macquarie Univer
pp. 12-16. sity, version: November 2014, pp.16-17.
Advantages Disadvantages
No need to consider risk frequency beyond "plausibility" Difficult to gauge probability of events; does not lead to the
quantification of risk
Scenarios can take the form of transparent and intuitive Unfolding scenarios can becom e com plex with many choices.
narratives.
Challenges firms to imagine the worst and gauge the effects Firms may not stretch their im aginations (e.g ., scenarios might
underestim ate the im pact of an extrem e loss event or omit
im portant risk exposures).
Can allow firms to focus on their key exposures, key risk types, O nly a limited number of scenarios can be fully developed— are
and the ways in which risk develops over time they the right ones?
Allow s firms to identify warning signals and build contingency Are they the right warnings and plans, given the scenario selec
plans tion challenge?
Does not depend on historical data; can be based around The scenarios chosen are often prom pted by the last major
either historical events or forward-looking hypothetical events crisis; im aginative future scenarios may be dismissed as
im probable.
Firms can make scenario analysis as sophisticated or straightfor Scenario analyses vary in term s of quality and sophistication.
ward as they like, outside regulator defined program s. Their credibility and assum ptions can be difficult to assess.
Stress test results can influence risk appetite, risk limits, and Usefulness depends on accuracy, com prehensiveness, and the
capital adequacy. forward-looking qualities of the firm's stress test program.
history suggests this w eight lessens as m em ories of the last W hile scenario analysis may be entirely qualitative, firm s are
crisis fade into the past. building increasingly sophisticated quantitative m odels to
5. Curse o f data: In the years ahead, firms will be able to assess the im pact of each scenario on their portfolios and
businesses.
gather massive amounts of data about risk culture from sur-
vey/focus group evidence, risk culture indicator scores, and Scenario analysis, along with stress and sensitivity testing, have
human resources data (e .g ., the number of sick days25 risen to becom e the preem inent risk identification tools for
taken). They can then com bine this data with a w ider set of many ERM program s. This is a result of the w eaknesses in prob
risk data to spot patterns. However, m anagers may need to abilistic risk metrics (e.g ., VaR) that were revealed by the global
deploy machine learning technologies to hunt down financial crisis of 2 0 0 7 -2 0 0 8 .26
insights and warning signs in such large data sets.
W hen m arkets begin to behave abnorm ally, risk factor relation
ships break down to produce m arket movements and loss levels
that seem inconceivable based on VaR calculations. For exam
8.6 SCENARIO ANALYSIS: ERM'S ple, amid m arket turmoil in August 2007, Goldm an Sachs' chief
SHARPEST BLADE? financial officer David Viniar said that his firm was "seeing things
that were 25-standard deviation moves, several days in a ro w ."27
sen sitivity testing involves changing one param eter or variable
in a risk model to see how sensitive the model result is to the This is where scenario analysis com es in. It helps firm s think
alteration (and thereby identifying key variables). On the other through the enterprise im pact of abnormal events and events
hand, stress testing includes changing one or more key variables for which there is no historical data. But it also has its own set of
to explore risk model results under stressful conditions. advantages and disadvantages (Table 8.5).
Scenario analysis has been a significant risk m anagem ent tool However, D FA ST is more prescriptive, applies more limited capi
in banking since well before the global financial crisis. Pre-crisis, tal action assum ptions, and is less dem anding in term s of report
banks tended to pick their own short selection of historical and ing. Both D FA ST and C C A R also oblige banks to generate their
hypothetical scenarios from a list of events (e.g ., those listed in own scenarios to com plem ent the supervisory scenarios.
Figure 8.5) to run against their portfolios. The Federal Reserve generates three supervisor-devised mac
Judgm ents are inevitable when building scenarios. For each his roeconomic scenarios, that are differentiated by what they are
torical scenario, the bank considers which key variables to apply designed to mimic:
to its own current portfolios and how far to pursue the narrative. • Baseline: Corresponds to the consensus forecast among
For exam ple, should a simulation of the the 1998 Russian debt major bank econom ists,
default event (noted in Table 8.6) also include the related near
• A d v e rse : A m oderately declining econom y, and
collapse of Long-Term Capital M anagem ent?28
• Severely A d v e rse : Severe, broad global recession/depression
A fter the crisis, it becam e apparent that banks often failed and an associated decline in dem and for long-term fixed-
to consider factors such as the cum ulative exposures across income investm ent.
multiple business lines, how different risks interacted with one
C C A R obliges banks to project how these scenarios drive their
another, and how the behavior of m arket participants might
income statements and balance sheets over a nine-quarter horizon.
change under stress. Regulators also pointed to the mildness of
This complex process requires the dynamic projection of revenues,
many of the hypothetical scenarios.
provisions, credit losses related to defaults and downgrades, man
agement rules for new loan issuances, regulatory ratios, and so on.
Post-Crisis Trends in Scenario Building C C A R firms must also submit detailed capital plans that include:
Since the global financial crisis, regulators around the w orld29 • Assessm ents of expected sourcing and use of capital over
have begun to insist that larger, system ically im portant banks the planning horizon,
dem onstrate that they can withstand more severe, dynam ic, and
realistic scenarios. Regulators in the United States, for exam ple, 30 Macroeconomic stress testing first tended to focus on market and
oblige larger banks to apply regulator-defined m acroeconom ic credit risk impacts. Banks and other financial institutions are now also
stress scenarios— specified in term s of variables such as drops in often expected to conduct liquidity stress testing and to meet key stan
dards (e.g., the Basel III liquidity coverage ratio).
GDP, em ploym ent, equity m arkets, and housing prices— across
their enterprise exposures. 31 More precisely CCAR is mandatory for firms designated as either sub
ject to Large Institution Supervision Coordinating Committee Oversight
(selected based upon the Fed's judgement that such firms potentially
pose "elevated risks" to the US banking system) or "large and complex"
28 As well as credit scenarios, banks develop scenarios that demonstrate
firms—the latter defined as (per the US code of Federal Regulations, part
risk across interest rate, equity, foreign exchange, and commodity mar
225 section 8 ) firms that " (1) have USD 250 billion or more in total con
kets as well as key operational risk events such as cyber attacks, natural
solidated assets, (2) have average total nonbank assets of USD 75 billion
catastrophes, or even the effects of a flu pandemic.
or more, or (3) are U.S. global systemically important bank holding com
29 For example, the U.S. Federal Reserve and the Bank of England. panies." Altogether, 18 firms participated in the 2018 CCAR exercise.
AND CAPITAL PLANNING BEGIN ? (e.g ., credit spreads and margining) need to be
adjusted as the scenario unfolds.
This can be a difficult line to draw, as illustrated by C o C o s.
4 . In turn, banks can allow for their capital planning as
CoCos are bonds issued by a financial institution that are
written down or convert into common equity if the firm gets the scenario unfolds.
into trouble. The idea is that CoCos ease the bank's obliga 5 . Im portantly, imposing a standard set of scenarios on
tions and cash outflows when it is in a tight spot. Most exist
the largest banks allows regulators to see system ic
ing C oC os focus on accounting triggers (e.g., the level of
effects and com pare bank risk exposures.
Tier 1 capital). However, the trigger mechanism could also
be some market-based event (e.g., a drop in an institution's
share price). Fiq u re 8 .6 Five key improvements driven by CCAR.
Since the global financial crisis of 2007-2009, regulators
have favored C o C o s as a shock-absorbing funding instru If a bank cannot show it satisfies minimum capital ratios under
ment. Note that C o C o s are effectively a form of insurance stressed conditions, it must review the business plans of its vari
(i.e., ERM risk transfer) that can be triggered by a multi ous units and lower its risk appetite.
plicity of underlying risk events (e.g ., credit, operational,
and system ic risks). Furtherm ore, because C o C o s becom e The com plexity of the C C A R exercise dwarfs most banks' his
less valuable after a major shock, they can help banks toric stress testing program s. In the 2018 exercise, for exam ple,
structure risk-sensitive bonuses that increase executive the 28 variables used by the regulators to describe the three
exposure to the downside and therefore potentially lead scenarios included changes in gross dom estic product, the
to an im provem ent in risk culture. O ne great advantage of
unem ploym ent rate, housing and commercial real estate price
this kind of enterprise risk transfer is that the source of the
indices, stock m arket volatility (i.e., the VIX), and various interest
risk does not need to be defined in advance.
rate m easures (e.g ., the three-month Treasury bill rate and BBB
no
corporate bond yields).
• Descriptions of the firm's process and m ethodology to gauge For each scenario , banks project the behavior of all risk factors
capital adequacy, affecting their portfolios over a nine-quarter horizon. These
• Capital policy, and additional risk factors (e .g ., the slope of the interest-rate term
• Discussions of any expected business plan changes that are structure and com m odity prices) can num ber in the hundreds!
likely to m aterially im pact capital adequacy/liquidity. It has not been easy for banks in the United States to build
For each scenario, banks must show that they maintain minimum scenario analysis programs that m eet supervisor objectives.
capital ratios (Figure 8.5), how they will raise capital if necessary, However, the exercises have driven five key ERM im provem ents
and their intentions in term s of dividend distribution, share buy (outlined in Figure 8.6). From a regulatory point of view, reac
backs, and so forth. For exam ple, one way to hedge potential tions to each scenario can now be assessed at an industry level
capital shortages over the planning horizon is to issue contin to improve the stability of the financial system .
gent convertible bonds (CoCos), which are described in detail in C C A R has also transform ed internal bank-driven stress test
Box 8.2. ing. Specifically, banks have had to invest in building an
Stress Testing in Europe: Future comes (i.e., the tail of the distribution) in terms of bank KPIs. Then
they can look at the scenarios that gave rise to these worst-case
Directions
tail risks and how the shocks turned into losses. This process shines
Regulators around the world have also developed their own a light on the business lines and portfolios that contribute to a
stress testing program s. Som e, such as the European Banking worst-case loss and highlights the risk factors that matter most.
Authority (EB A ), have seen less im m ediate success than the
A firm can also identify the worst business environm ents for
authorities in the United States.34 Com pared to the C C A R , the
specific business lines and look at the sensitivity of various KPIs
EBA 's testing program is more static, less sophisticated, and
(e.g ., loan losses) to the fam ily of risk drivers.
allows for less latitude in term s of altering risk and business
strategies as scenarios unfold. This is because the E B A applies Many banks around the world continue to regard stress testing
stress tests to a w ider range of banks than C C A R . as a largely regulatory com pliance function. They do not use the
results in their day-to-day planning processes.
The big improvements in European stress testing may be
driven not by the EBA's supervisor-led stress tests, but by new However, a new generation of stress testing technologies offers
approaches to bank supervision under the European Central banks advantages beyond com pliance. Specifically, they can use
Bank's Supervisory Review and Evaluation Process (SREP). These the results to:
new approaches will examine how banks explore the sustain • Specify their risk appetites and limit fram eworks,
ability of their business models under stress, including capital and
• Perform a "reasonableness check" on business and capital
liquidity adequacy, using industry best practices as a guide. Stress
planning,
testing and scenario analysis will be key tools in this process.
• Develop early warning signals, and
In the years ahead, banks are likely to move away from a lim
• Put in place contingencies to manage credit, funding, and
ited num ber of rather determ inistic scenario tests toward a
liquidity shocks.
much more dynam ic-stochastic approach. This approach will
apply simulation techniques to explore many different scenarios
playing out over tim e, including m acroeconom ic and g eo p o liti
8.7 ERM AND STRATEGIC DECISIONS
cal shocks.
For exam p le, we can im agine a bank setting out its own core Enterprise risk m anagers need to be involved in strategy form u
range of m acro/geopolitical shocks (e .g ., a sharp slowdown in lation. The banking industry can provide many exam ples where
the C hinese econom y or a fall in oil prices). These shocks act business strategies (e.g ., increased lending volume through low
on risk drivers such as interest rates and credit default swap ered standards or rapid growth through successive acquisitions)
(CDS) spreads. did not take ERM into account.
The relationship between the scenario and the risk factors can The latest industry thinking encourages firm s to apply ERM to
be specified in a variety of ways. For exam ple, the relationship forge a stronger link between risk and reward in corporate plan-
between a shock to oil prices (part of the scenario) and G D P ning and strategy.
growth rate (a risk factor) might be based on the judgm ent of
The latest stochastic stress testing techniques offer a practi
business leaders or on statistical analysis of the historical record.
cal tool for thinking through a strategy's ERM im plications. For
G enerating thousands of scenarios will allow each bank to pro exam ple, a bank can explore the risk effects of growing a port
duce a full distribution of outcom es for key perform ance indica folio of lending to a given industry sector. The bank could learn
tors (KPIs) such as expected profits, regulatory capital, RW As,
8.8 CONCLUSION: RISK are interpreted at the board level, including w hether a bank
is capable of "thinking the unthinkable" and dealing ratio
MANAGEMENT AND THE FUTURE
nally with am biguous decisions.
Anchoring and referencing: This is the use of mental reference Loss aversion: Experim ents show that for most people the
points to contextualize a decision (e.g., such as using an existing potential for losses outweighs potential gains of sim ilar m ag
price point to determine whether a new price point is attractive nitude. This can lead a decision maker to favor a result that
or not). The anchor may influence the decision-making process is presented as certain, while foregoing the chance of larger
in an irrational way. Furthermore, the various reference points in but riskier wins. Loss aversion does not always lead to conser
a collection of related decisions may lack coherence. vative risk decisions. It can also encourage decision makers
to take irrationally risky decisions to preserve some chance of
Feedback effects: The presence or absence of frequent,
avoiding a loss. (W hether a decision is fram ed as a loss or as
positive feedback can irrationally influence the ability of deci
a potential gain is also therefore im portant.)
sion makers to stick to a decision.
Mental accounting: People seem to account for money
Framing: How a choice is fram ed can push a decision maker
within separate categories that are treated differently, as
toward one decision or another. For exam ple, a consum er
if the m oney was not com pletely fungible across accounts.
may be willing to hunt for a 50% savings on a phone case
For exam ple, consum ers m ight spend more if they use a
(saving them selves USD 10) but be unwilling to make the
credit card com pared to using cash. Investors m ight invest
same effort to save the USD 10 when buying a USD 200
the m oney from an inheritance differently than money from
phone (because it represents a sm aller percentage of the
a gam bling win. They may also be reluctant to "clo se " a
purchase price).
mental account if it involves declaring a loss or m istake.
Groupthink: This describes the tendency of individuals within Loss aversion and other behavioral phenom ena, such as
groups to overcom e their doubts about a risky decision (or the treatm ent of "sunk" costs, often further distort mental
keep quiet) in favor of the group consensus. The consensus accounting.
may itself have been shaped by a dom inant individual, poorly
Ostrich effect: This describes the irrational tendency to
set targets, or selective reading of am biguous evidence.
avoid observing bad news that might precipitate uncom fort
Herding: Herding is the tendency of investors to copy the able decisions or actions. For exam ple, an investor might
actions of others, both when investing and when reducing pay more attention to booming stock m arkets than flat or
losses in a volatile market. Herding effects in risk m anagem ent falling m arkets. (Conversely, an investor that pays too much
can lead to too many investors using the same risk metrics or attention to each individual loss can suffer from irrational
setting the same stop-losses, leading to sharp market sell-offs. loss aversion.)
Holistic thinking about risk and risk m anagem ent is the way on high leverage or naive assum ptions about the robustness
forward. It would be wrong, however, to set up a direct of third-party credit assessm ents. Many tim es, growth plans
opposition between silo-based risk m anagem ent and were form ulated without input from the risk function or the
holistic ERM . The new em phasis on ERM su p p lem en ts con chief risk officer. The future risk function must play a criti
tinuing efforts to improve our quantitative, granular under cal role in setting a firm's risk appetite, analyzing the risks
standing of specific risks. of each business model (often with the help of worst-case
scenario sim ulations), explaining how risks may interact,
2. Risk jumps across risk types in business models and
markets and planning for contingencies. Firms need to decide in
advance on the key warning indicators and the actions that
Scenario stress testing is helping banks to understand how
will then be considered.
risk develops over an extended period (i.e., a year or more)
This may prove particularly im portant with the growth of
while jum ping across risk types. This kind of thinking must
also be incorporated into business strategy form ulation. digital businesses that are driven by machine learning and
new data stream s, or those using cognitive technologies to
Prior to the global financial crisis of 2007-2009, too many
offer risk-related services to custom ers.
institutions pursued growth using business m odels based
3. Numbers and judgment
QUESTIONS
8.1 W hat are advantages and disadvantages of scenario 8.16 C C A R does not oblige banks to generate their own sce
analysis? narios to com plem ent the supervisory scenarios.
A. True
8.2 W hat are three types of US Federal Reserve generated
B. False
supervisory devised m acroeconom ic scenarios?
8.17 For each scenario, Banks project C C A R scenarios over a
8.3 W hat is C C A R (Com prehensive Capital Analysis and
five-quarter horizon.
Review)?
A. True
8.4 W hat are some of the key im provem ents driven by C C A R B. False
over standard stress testing?
8.18 C o C o s focus solely on accounting triggers, such as the
8.5 W hat are CoCos? level of Tier 1 capital.
ANSWERS
8.1 8.4
1. C C A R m acroeconom ic scenarios unfold over several
Advantages Disadvantages
quarters (rather than sim ply a point-in-time shock).
No need to consider risk fre Difficult to gauge probability 2. The scenarios drive a series of interlinked factors cov
quency beyond "plausibility" of event; does not lead to
ering a variety of risks such as credit risk, m arket risk,
the quantification of risk
operational risk, and so on.
Scenarios can take the form Unfolding scenarios can 3. The risk variables are not held static and all sorts of
of transparent and intuitive becom e com plex with many
underlying risk factors (probability of default, loss given
narratives choices
default) and m arket im pacts (credit spreads, margining,
Challenges firms to "im agine Firms may not stretch their etc.) need to be adjusted as the scenario unfolds.
the w orst" and gauge the imaginations
4. In turn, the bank can allow for its capital planning as
effect
the scenario unfolds.
Can allow firms to focus on Only a limited number 5. Im portantly, imposing a standard set of scenarios on
their key exposures and risk of scenarios can be fully
the largest banks allows regulators to see system ic
types and the way risk devel developed— are they the
effects and com pare bank risk exposures.
ops over time right ones?
Does not depend on his The scenarios chosen are 8.6 Risk culture can be thought of as the values and norms of
torical data: can be based often prom pted by the last behavior that surround risk taking and risk m anagem ent.
around either historical major crisis; im aginative It includes the tendency within the firm to com ply with
events or forward-looking future scenarios may be dis
best-practice risk m anagem ent.
hypothetical events missed as im probable
8.7
Firms can make scenario Scenario analyses vary in
analysis as sophisticated or term s of quality and sophis • Identifies enterprise-scale risks generated at business
straightforward as they like, tication. Their credibility and line level
outside regulator defined assum ptions can be difficult
programs to assess. • Focuses oversight on most threatening risks
1. Baseline: representing a consensus econom ic forecast/ • Helps firms to understand risk-type correlations and
outlook; cross-over risks
2. A dverse: corresponding to a declining econom y; and • O ptim izes risk transfer expenses in line with risk scale
3 . Severely A dverse: severe global recession along with and total cost
decline in dem and for long-term fixed income assets.
• Incorporates:
Note: The adverse and severely adverse scenarios
• Stress scenario capital costs into pricing, and
describe hypothetical m acroeconom ic environm ents that
• Risk into business model selection and strategic
test bank resilience.
decisions.
8 .3 From 2011 onward, as part of the Dodd-Frank A ct, the 8.8
Federal Reserve began conducting annual stress test
• G eographical concentrations,
exercises. C C A R is a specific an annual stress test exer
• Industry concentrations,
cise required for large banks.
8.15 True
Indicator Trend Tracking
O therw ise situations could arise where business lines
Risk Information Can the firm see risk information flow
are offsetting risks that might already be offset by other
Flows ing up and across the firm that captures
businesses.
and highlights enterprise-scale risks
and is there a clear link to specific dis 8.16 False
cussions and decisions?
Both D FA ST and C C A R also oblige banks to gener
Risk/Reward Has the firm tested w hether senior ate their own scenarios to com plem ent the supervisory
Decisions executives respond to benchm ark risk/
scenarios.
reward questions consistently with each
other and with the firm's risk appetite? 8.17 False
Risk Stature Do the key ERM staff have the right C C A R obliges banks to project how these scenarios drive
stature and direct communication with their income statem ents and balance sheets over a nine-
the Board? W ho hires and fires them ?
quarter horizon.
Escalation and Do key staff m em bers understand when
8.18 False
W histle Blowing and how they can escalate a suspected
enterprise risk? W hen were escalation The trigger mechanism could also be some m arket-based
procedures last used? Is there a w histle event (e.g ., a drop in an institution's share price).
blowing mechanism and is it used?
8.19 True
Board Risk Can the board name the top ten enter
Priorities prise risks faced by the firm ? Can it The purpose of reverse stress testing is to force m anage
name the key industry disasters associ ment to visual potential scenarios that could generate
ated with these risks? critical levels of losses.
Action Against Can the firm show a record of action 8.20 False
Risk O ffenders taken against those acting against its
The Northern Rock collapse arose from a failure to man
risk appetite and ethical stance? Do
staff believe action will be taken even if age funding liquidity risk.
contravention of the risk appetite leads 8.21 False
to profit rather than loss?
It describes the irrational tendency to avoid observing
Risk Incident Can the firm show how it identified
bad news that might precipitate uncom fortable decisions
and Near Miss culture issues in risk incidents and m ea
Responses sures taken? or actions.
Diversification at the enterprise level can reduce overall 8.24 A . all of the above
risk so long as the constituent pieces are not strongly See Table 8.4.
correlated.
Analyze the key factors that led to and derive the lessons Rogue trading and misleading reporting, including the
learned from case studies involving the following risk factors: Barings case.
Interest rate risk, including the 1980s savings and loan Financial engineering and com plex derivatives, includ
crisis in the US. ing Bankers Trust, the O range County case, and
Funding liquidity risk, including Lehman Brothers, Sachsen Landesbank.
Continental Illinois, and Northern Rock. Reputational risk, including the Volkswagen case.
Implementing hedging strategies, including the Corporate governance, including the Enron case.
M etallgesellschaft case. C yber risk, including the SW IFT case.
Model risk, including the N iederhoffer case, Long Term
Capital M anagem ent, and the London W hale case.
123
This chapter briefly exam ines case studies of fam ous financial main source of funding. In the banking industry's vocabulary,
disasters. The purpose of these case studies is to show how S&Ls simply had to "ride the yield curve" to make money.
various risk factors can m aterialize and, when ignored, esca
However, rising inflation in the late 1970s prom pted the Fed to
late into m ajor disasters. Th ese cases are classified by the risk
im plem ent a restrictive m onetary policy, which led to a signifi
factors involved. In each case, however, m ultiple risk factors
cant increase in short-term interest rates. The increase in short
sim ultaneously caused and exacerb ated the crisis, leading to
term rates pushed up funding costs for S&Ls, wiping out the
m ajor losses.
interest rate spread they depended on for their profit margin.
The first section focuses on how interest rate risk led to the U.S. The spike in their short-term funding costs (which were needed
savings and loan (S&L) crisis in the mid-1980s. Section 9.2 ana to finance long-term fixed-interest rate m ortgages) meant that
lyzes a couple of cases involving funding liquidity risk. Sections 9.3 S&Ls generated negative net interest margins on many of their
and 9.4 cover strategic risk and model risk, respectively. long-term residential m ortgage portfolios.
Rogue trading, discussed in Section 9.5, can cause major The failure of the S&Ls to manage their interest rate risk helped
financial institutions to collapse (as seen in the case of Barings to spark a long-running crisis in the United States, which gath
Bank). Section 9.6 deals with the hidden risks of financial engi ered force through the 1980s as S&Ls desperately sought to
neering and the com plexity of financial structures. Section 9.7 repair their balance sheets with new business activities and
illustrates the dam ages that can arise from reputation risk, higher-margin (but riskier) lending. However, these efforts
and Section 9.8 focuses on one of the most notorious cases of resulted in the industry losing even more money through poorly
corporate governance failure (i.e., Enron). Finally, cyber risk is controlled credit and business risks. Between 1986 and 1995,
discussed in Section 9.9. 1,043 out of 3,234 S&Ls in the United States failed or were
taken over. The number of remaining S&Ls eventually fell to
few er than 2,200 and the crisis necessitated what was (at the
9.1 IN T ER ES T RATE RISK time) one of the world's most expensive banking system bail
outs: USD 160 billion. This bailout was funded by the Am erican
O ver the last century, interest rate risk has caused the failure taxpayers.
of individual firm s as well as entire industries within the financial
services sector. One notable exam ple can be found in the col
lapse of the U.S. S&L industry in the 1980s. 9.2 FU N D IN G LIQ U ID IT Y R ISK
To m itigate interest rate risk, firm s must manage their balance
Funding liquidity risk can stem from external market conditions
sheet structure such that the effect of any interest rate m ove
(e.g ., during a financial crisis) or from structural problems within
ment on assets remains highly correlated with the effect on
a bank's balance sheet. Most often, however, it stems from a
liabilities. This must be the case even in volatile interest rate
combination of both. The collapse of Bear Stearns and Lehman
environm ents. Such a correlation can be partially achieved using
Brothers at the height of the 2007-2009 financial crisis, along
classical duration matching tools. More sophisticated m ethods
with the near collapse of Long Term Capital M anagem ent (LTCM)
involve the use of interest rate derivative products such as caps,
a decade earlier, offer exam ples of funding liquidity crises that
floors, and swaps.
were prompted by unexpected external conditions and exposed
vulnerabilities inherent in the institutions' business models.
The Savings and Loan Crisis
The U.S. S&L industry prospered throughout most of the Liquidity Crisis at Lehman Brothers
twentieth century thanks to regulations qoverninq interest paid
During the late 1990s and early 2000s, investm ent bank Lehman
on deposits (i.e., Regulation Q )1 and an upward-sloping yield
Brothers invested heavily in the securitized U .S. real estate mar
curve. In particular, the upward-sloping yield curve meant that
ket. The 150-year-old institution pioneered an integrated busi-
the interest rate borrowers paid on a ten-year residential m ort
ness model in which it sold m ortgages to residential custom ers,
gage (a typical product offered by S&Ls) exceeded the rates on
turned portfolios of these loans into highly rated securities, and
the short-maturity savings and tim e deposits that were an S&L's
then sold these securities to investors.
A
From 1933 until 2011, Regulation Q restricted interest payments on
deposit accounts. For example, banks were not permitted to pay inter 2 To this end, in the early years of the millennium, Lehman had acquired
est on demand deposits. several mortgage lenders, including subprime lender BNC Mortgage.
(e.g ., borrowing daily from the repo markets) to fund relatively prior to 1981. During that tim e, the bank's total assets grew
illiquid long-term real estate assets. This meant that the firm from USD 21.5 billion to USD 45 billion.
had to depend heavily on the confidence of its funders and The first sign of Continental's problem s surfaced with the clos
counterparties if it was to continue to borrow the funds ing of Oklahom a-based Penn Square Bank. This sm aller bank
necessary to stay in business.4 had issued loans to oil and natural gas com panies in Oklahom a
During the second half of 2007, it becam e evident that the during the boom of the late 1970s. If a loan was too large for
U.S. housing bubble had burst and that the subprim e m ortgage it to service, Penn Square would pass it on to a larger institu
m arket was in deep trouble. A s a result, confidence began to tion such as Continental Illinois. But as oil and natural gas prices
erode in firms heavily invested in subprim e securities. In Ju ly decreased after 1981, some firms began to default on their
of that year, Bear Stearns (another highly leveraged subprime- debt. In 1982, Penn Square becam e insolvent and regulators
linked firm) had to support two of its hedge funds following stepped in to close the bank.
steep losses caused by their subprim e m ortgage exposures. In By then, Continental held more than USD 1 billion in loans to
March 2008, these w eaknesses caused Bear Stearns to collapse Penn Square's oil and gas custom ers, and therefore suffered
after its repo lenders and bank counterparties lost confidence in heavy losses as defaults rose. W hile many other banks also suf
the firm's ability to repay its debts. J.P. Morgan then bought the fered credit losses during this period, Continental was unusual in
fallen firm at a fraction of its prior m arket value. that it had only a tiny retail banking operation and a relatively
small amount of core deposits. Therefore, it relied primarily on
federal funds and floating large issues of certificates of deposit
3 "Mortgage-related assets on Lehman's books increased from USD 67
billion in 2006 to USD 111 billion in 2007, " The Financial Crisis Inquiry (CDs) to fund its lending business.6
Report, Financial Crisis Inquiry Commission, January 2011, p. 177.
W hen Penn Square failed, Continental found itself increasingly
4 When investment banks came under close regulatory scrutiny in unable to fund its operations from the U.S. m arkets. A s a result,
2007-2008, they found it tempting to play down their leverage:
"According to the bankruptcy examiner, Lehman understated its lever
age through 'Repo 105' transactions—an accounting maneuver to
5 Report of Anton Valukas, "Examiner to the United States Bankruptcy
temporarily remove assets from the balance sheet before each report
Court, Re Lehman Brothers Holdings Inc.," March 11, 2010.
ing period." The Financial Crisis Inquiry Report, Financial Crisis Inquiry
Commission, January 2011, p. 177. 6 Federal funds, or "fed funds" are a form of interbank lending.
Northern Rock— Liquidity bank to adopt so-called "advanced approaches" for calculating
credit risk that looked likely to reduce its minimum regulatory
and Business Models
capital requirem ents.9
The 2007 failure of m ortgage bank Northern Rock is a more
W hen Northern Rock becam e unable to fund itself through
recent illustration of liquidity risk arising from structural w eak
interbank loans, U .K. authorities began to discuss various strate
nesses in a bank's business m odel. In this case, a com bination of
gies to relieve the bank's difficulties. News of the Bank of En g
an excessive use of short-term financing for long-term assets
land's planned support operation for Northern Rock leaked,
and a sudden loss of m arket confidence triggered a funding
setting the scene for a run on deposits in m id-Septem ber. The
liquidity crisis that rapidly led to disaster.7
panic was exacerbated by the tight rules then in effect for com
Northern Rock was a fast-growing medium-sized m ortgage pensating d ep o sitors,101and calm only (slowly) returned after
bank based in the United Kingdom . The bank had been growing U .K. authorities publicly promised that deposits would be
assets at around 20% per year for several years by specializing in repaid. Northern Rock eventually accepted em ergency govern
residential m ortgages, and it continued to expand aggressively ment support and then public ownership.
in the m arketplace into the first quarter of 2007. The bank's
rate of growth was supported by a business model and funding
strategy that was unusual among U .K. banks. Specifically, the Lessons Learned
bank relied on an originate-to-distribute approach, by which it A s a result of the 2007-2009 crisis, the U.S. Federal Reserve
raised money through securitizing m ortgages, selling covered began to m andate liquidity stress testing programs for the larg
bonds, and making use of the wholesale funding m arkets. As est banks. These programs are aimed at ensuring that banks
a result, Northern Rock relied much more heavily on investors have liquidity and funding strategies that will survive system-
and w holesale m arkets and less on retail deposits for funding in wide stress scen ario s.11 In essence, the challenge of managing
comparison to many of its U .K. peers. funding liquidity risk lies partly in optimizing the bank's borrow
The bank hoped to m itigate potential weaknesses in this fund ing sources and their com position. This optim ization is often
ing strategy by diversifying its funding m arkets geographically. accom plished by managing the contractual maturities of assets
For exam ple, it tapped m arkets in continental Europe and the and liabilities, either directly or synthetically, using derivatives
Am ericas as well as in the United Kingdom .8 As it turned out, such as interest rate swaps. Like most com plicated decisions,
however, the bank had overestim ated the benefits of however, asset/liability m anagem ent (ALM) decisions are driven
geographical diversification. by trade-offs.
After years of a strong economy and rising housing prices, • There is a trade-off between funding liquidity and interest
widespread doubts about mortgage-related assets began to sur rate risk: W hen funding liabilities have shorter duration than
face among investors early in 2007. These doubts were initially
9 Though the timing of the waiver later embarrassed the bank and its
regulators, it was not a significant factor in the loss of confidence in
7 In the summer of 2008, California's IndyMac also suffered a bank run.
the bank.
IndyMac's problems were more conventional as they largely involved
weak underwriting and difficulties in finding buyers for the mortgages 10 At the time, private depositors were fully guaranteed only up to
that the bank had originated. £2,000, with a further guarantee of 90% of sums up to a ceiling of
£33,000.
8 See comments by Adam Applegarth, ex-CEO of Northern Rock, to
the House of Commons, Treasury Committee, "The Run on the Rock," 11 For the so-called "C-Lar" program, see S. Nasiripour, "Fed Begins
January 2008, p. 15. Stress Tests on Bank Liquidity," Finandal Times, December 13, 2012.
To m itigate funding liquidity risk in a positively sloped yield as the underlying position is kept (or at least for a set period
curve environm ent, institutions can increase the maturity of of tim e).
their funding liabilities. However, this will clearly cost more A static strategy has the advantage of being relatively easy to
than cheaper shorter-duration funding. im plem ent and monitor. A dynam ic strategy, on the other hand,
involves adjusting the hedge through a series of ongoing trades
Banks may also m itigate funding liquidity risk by reducing the
to contiuously (or frequently) calibrate the hedge position to the
maturity of their assets (e.g ., commercial loans), but this is not
always possible because asset maturity is often driven by bor (changing) underlying exposure. A s such, a dynam ic strategy
typically involves greater managerial effort to im plem ent and
rower dem and, the nature of a bank's business, and its com peti
monitor, and may involve higher transaction costs. Note that a
tive environm ent.
static approach focuses on the result of the strategy at the hori
A s it is not possible to perfectly coordinate liquidity, firms also zon, whereas dynam ic hedging tries to rebalance the strategy
need em ergency liquidity cushions to ensure they can meet over short intervals of tim e (e.g ., on a daily basis).
their com m itm ents. The larger and better quality the cushion,
Firms that im plem ent dynam ic hedging strategies must have
the lower the risk. However, this risk reduction com es at a cost,
the appropriate models and expertise to trade in the markets
as highly liquid and m arketable assets yield lower returns than
and effectively monitor their positions. This, however, will not
less liquid assets. C red it lines also command a cost, even if the
necessarily preclude these firms from making m istakes in the
funds are not drawn. Again, banks must consider the significant
im plem entation and communication of a risk m anagem ent
tradeoff between pursuing a risky funding liquidity strategy and
strategy. The following section illustrates this by exam ining a
the cost of that strategy com pared with less risky strategies and
dynam ic strategy put in place by M etallgesellschaft Refining &
liquidity reserves. It follows that all the com ponents of an ALM
M arketing, Inc. (M GRM ).
policy are linked (i.e., interest rate risk m anagem ent, funding
liquidity risk m anagem ent, profit planning, product pricing, capi
tal m anagem ent, and fundam ental business strategies) and must Metallgesellschaft— How a Dynamic
be part of a holistic and integrated approach to balance-sheet Hedging Strategy Can Go Wrong
m anagem ent.
MGRM was a U.S. subsidiary of M etallgesellschaft A G , an indus
trial conglom erate based in Frankfurt, Germ any. In 1993, MGRM
entered into long-term, fixed-price contracts to deliver oil prod
9.3 CONSTRUCTING AND ucts (primarily gasoline and heating oil) to end-user custom ers.
IMPLEMENTING A HEDGING Because M GRM could not change its prices after these contracts
STRATEGY were signed, it was exposed to the risk of rising energy prices.
Hedging Considerations and prices can change, making what had initially appeared
to be an attractive hedging opportunity unattractive. During
Another im portant aspect of a hedging strategy is the time im plem entation, firms must be ready to adapt to changing
horizon over which it is im plem ented. A s described in the dis conditions with the same care and thoroughness that w ent into
cussion of static and dynamic hedging strategies, horizons can the original strategy design. O nce im plem ented, however, the
be fixed (e.g ., quarter-end or year-end) or rolling. Regardless of firm must take special care to monitor the positions with respect
the choice of horizon, perform ance evaluations and investm ent to their fit with the overall strategy and their ongoing effective
horizons should be aligned. ness as hedges.
Accounting issues and potential tax im plications need to be
considered when devising a hedging strategy. Accounting
rules related to derivatives and hedging can be quite com plex 9 .4 M O D E L R ISK
and are subject to change. A derivative and the underlying
position it is intended to hedge must be perfectly matched Sophisticated financial products often rely on valuation
m odels to determ ine their prices. Models can be theoretical
(e.g ., CAPM ) or they can be statistically based (e.g ., the term
13 The decision by management to liquidiate the hedges, while under structure of interest rates). Institutions are exposed to risks
standable, might not have been the best course of action. According arising from the use of models when pricing these financial
to Culp and Miller, at least three other possible actions should have
products. Model risk can stem from using an incorrect m odel,
been considered: obtaining additional financing to keep the program
intact, finding another firm willing to buy the program from MGRM, or incorrectly specifying a m odel, and/or using insufficient data and
unwinding the contracts with the original customers. incorrect estim ators.
LTCM 's failure reflected its inability to anticipate the dram atic Risk Measurement Models and Stress
increase in correlations and volatilities and the sharp drop in
Testing
liquidity that can occur during an extrem e crisis. LTCM also
succum bed to an internal liquidity crunch brought on by large LTCM made heavy use of a Value-at-Risk (VaR) model as part of its
margin calls on its futures holdings. Ironically, LTCM 's strate risk control. VaR is a measure of the worst-case loss for an invest
gies were valid in the medium term , and as the crisis ended, ment (or set of investments) given normal market conditions over
the banks that took over LTCM realized substantial profits. a specific time horizon and at a given confidence level.
LTCM felt that it had structured its' portfolio so that the fund's
risk should not have exceeded that of the S&P 500. The prob
Trading Models
lems encountered at LTCM shed light on how assumptions made
Basing m odels, or strategies, on relationships that exist dur when calculating regulatory VaR calculations do not necessarily
ing benign m arket conditions makes them vulnerable to failure apply to hedge funds.
during extrem e, or crisis, situations. The events of A ugust 1998
• The tim e horizon for econom ic capital should be the tim e it
in Russia made many m arket participants fearful of the pos
takes to raise new capital, liquidate positions in an orderly
sibility of other sovereign defaults. These fears triggered an
manner, or the period over which a crisis scenario will unfold.
investor exodus from em erging m arkets and other risky assets
Based on the experience of LTCM , ten days is clearly far too
into liquid and less-risky assets like US and Germ an govern
short a tim e horizon to determ ine a hedge fund's VaR.
ment debt. This flight to quality caused the spreads between
• Liquidity risk is not factored into traditional static VaR m od
"safe haven" assets, like US treasuries, and riskier assets, like
els. Such models assume that normal m arket conditions pre
em erging m arket bonds and corporate high-yield bonds, to
vail and that markets exhibit perfect liquidity.
diverge sharply. These same fears caused the relative yields
between Germ an and Italian debt to widen (because Germ an • Correlation and volatility risks (i.e., the risk that the realized
bunds were thought to be safer than Italian bonds) along with correlations and volatilities significantly deviate from exp ecta
credit spreads across a range of asset classes. tions) can be captured only through stress testing. This was
probably the w eakest point of LTCM's VaR system .
A s spreads w idened, many relative-value trades began to lose
money and lenders began to dem and the posting of additional Federal Reserve Bank of New York President William
collateral. This forced many hedge funds to either sell assets McDonough Federal Reserve Bank of New York testified before
1c
at fire-sale prices to raise funds to m eet the margin calls or to Congress that:
abandon their arbitrage plays. Liquidity evaporated from many We recognize that stress testing is a d evelo p in g d isci
m arkets, especially em erging m arkets, and volatility increased. pline, b u t it is clear that adequate testing was not done
The breakdown in the historic correlation and volatility patterns with re sp e c t to the financial conditions that p recip ita ted
assumed in LTCM 's m odels led to most of its losses. The factors Long-Term Capital's problem s. E ffective risk m anage
that were most relevant during the m arket turmoil included the m ent in a financial institution requires not only m odeling,
following. but m odels that can te st the full range o f financial trans
actions across all kinds o f a d verse m arket d evelo p m en ts.
• U.S. Treasury interest rates and stock prices fell in tandem
because investors had deserted the stock m arket and During the run-up to its collapse, LTCM experienced daily vola
started purchasing U.S. governm ent bonds in a flight to tility of more than USD 100 million, more than tw ice the level it
quality. In normal m arkets, stock returns and interest rates envisioned. Furtherm ore, despite estim ating its ten-day VaR to
are negatively correlated (i.e., when interest rates fall, stock
prices rise). 15 McDonough, W. J. (1998, October 1). Statement by William J.
• Liquidity vanished in many markets sim ultaneously and made McDonough Before the United States House Committee on Bank
ing and Financial Services. Lecture, Washington, D.C. Retrieved from
the unwinding of positions exceedingly difficult. Portfolios https://www.newyorkfed.org/newsevents/speeches/1998/mcd981001
that seem ed to be well-diversified across m arkets began to .html
Model Risk and Governance— increase. In late 2011, the SCP bankrolled a USD 1 billion credit
derivatives trading bet that produced a gain of approxim ately
The London Whale
USD 400 million. In D ecem ber 2011, JPM organ Chase instructed
During the first half of 2012, J.P. Morgan Chase lost billions of the C IO to reduce its Risk W eighted A ssets (RWA) to enable the
dollars from an exposure to a massive credit derivatives portfo bank, as a whole, to reduce its regulatory capital requirem ents.
lio in its London office. The following case study of the event In response, in January 2012, rather than dispose of the high risk
was com piled using word-for-word extracts from the 300-page assets in the SC P — the most typical way to reduce RW A— the
report produced by a subsequent investigation by the U.S. C IO launched a trading strategy that called for purchasing addi
Sen ate.16 tional long credit derivatives to offset its short derivatives posi
tions and lower the C IO 's RW A in that manner. That trading
strategy not only ended up increasing the portfolio's size, risk,
Setting the Scene and RW A, but also, by taking the portfolio into a net long posi
"JP Morgan Chase & Com pany is the largest financial holding tion, elim inated the hedging protections the SCP was originally
com pany in the United States, with USD 2.4 trillion in assets. It supposed to p ro vid e ."18
is also the largest derivatives dealer in the world and the largest
single participant in world credit derivatives m arkets. Its princi
pal bank subsidiary, JP Morgan Chase Bank, is the largest U.S.
Operational Risk
bank. JP Morgan Chase has consistently portrayed itself as an "In its first four years of operation, the SCP produced positive
expert in risk m anagem ent with a "fortress balance sheet" that revenues, but in 2012, it opened the year with losses. In January,
ensures taxpayers have nothing to fear from its banking activi February, and March, the num ber of days reporting losses far
ties, including its extensive dealing in derivatives. But in early exceeded the num ber of days reporting profits, and there was
2012, the bank's C h ief Investm ent O ffice (CIO ), which is charged not a single day when the SCP was in the black. To minimize its
with managing USD 350 billion in excess deposits, placed a reported losses, the C IO began to deviate from the valuation
massive bet on a com plex set of synthetic credit derivatives that, practices it had used in the past to price credit derivatives. In
in 2012, lost at least USD 6.2 billion. early January, the C IO had typically established the daily value
The C IO 's losses were the result of the so-called "London of a credit derivative by marking it at or near the m idpoint price
in the daily range of prices (bid-ask spread) offered in the mar
W hale" trades executed by traders in its London office— trades
ketplace. Using m idpoint prices had enabled the C IO to com ply
so large in size that they roiled world credit m arkets. Initially
dism issed by the bank's C h ief Executive O fficer as a "tem p est in with the requirem ent that it value its derivatives using prices
that were the "m ost representative of fair valu e". But later in the
a te ap o t", the trading losses quickly doubled and then tripled
17 first quarter of 2012, instead of marking near the m idpoint, the
despite a relatively benign credit en viro n m e n t. . . "
C IO began to assign more favorable prices within the daily price
range to its credit derivatives. The more favorable prices
The Risk Exposure Grows enabled the C IO to report sm aller losses in the daily profit/loss
(P&L) reports that the SCP filed internally within the b a n k ."19
". . . In 2006, the C IO approved a proposal to trade in syn
thetic derivatives, a new trading activity. In 2008, the C IO ". . . by March 16, 2012, the SCP had reported year-to-date
losses of USD 161 million, but if m idpoint prices had been used,
those losses would have swelled by at least another
16 "JP Morgan Chase Whale Trades: A Case History o f Derivatives USD 432 million to a total of USD 593 m illion."20
Risks and A buses," United States Senate Permanent Subcommittee
on Investigations, Carl Levin, Chairman and John McCain, Ranking
Minority Member, March 15, 2013 Hearing. For the company's own
18 Senate report, p. 3 and 4.
account of the debacle, see Report o f JPMorgan Chase & Co Manage
ment Task Force Regarding 2012 CIO Losses, January 16, 2013.
1Q
Senate report, p. 96.
17 Senate report, p. 1. 20 Senate report, p. 96.
s <
CD
“O
O
- 92-Jdv
as that would have required trading
four tim es that week's total volum e for
- 6l-Jdv the Nikkei futures contracts on both the
\ S IM E X a n d the O S E.
/ 03 - Zl-Jdv
I By the tim e Barings discovered Leeson's
l T3 - 5-Jdv rogue trading, the losses he had accum u
o - 6z-*m
lated had grown too large and the bank
> was forced to liquidate. Eventually, IN G,
L - 33-JeiAI C£ a Dutch bank, acquired Barings Bank for
03
> the ignominious sum of G B P 1.
-5L-J61AI
13
(i.e., front-office operations). Another
-91-qaj 0 basic lesson is that outsized or strangely
1 consistent profits (think Bernie Madoff
- 6-q^d
I as well) should be independently investi
- z-q^d CD gated and rigorously monitored in order
13
O to verify that they are real, generated in
- 92-uer C£
03 accordance with the firm's policies and
>
- 6L-uer 13 procedures, and not the result of nefari
+-»
CD
F ia u re 9.1 VaR for the CIO: "old" versus "new" VaR model.25 exceed 25% of their capital. Had these
rules been in effect in 1994, or had the
bank developed and enforced prudent
guidelines similar to these rules, Barings would have been
extra bonuses his superiors received on the back of Leeson's
prohibited from amassing such large positions and one of the
reported profits may have clouded their judgem ent.) The risk
world's most infamous rogue trading scandals might have been
controller's suspicions were raised again in January 1995 after
avoided.26
Leeson reported a one-week profit of G B P 10 million in January
1995, and once more their concerns were dism issed. Had his Large trading volum es and revenues typically result in large
superiors investigated the source and plausibility of the profits, bonuses for senior m anagers. In turn, this com pensation fram e
simple calculations would have shown that it would have been work encourages m anagers to trust the traders that report to
This debacle was caused by a combination of excessive lever A firm 's reputation is based on the b elief that it can and will
age and a risky (and eventually wrong) interest-rate bet em bed fulfil its prom ises to counterparties and creditors, and that
ded in the securities bought by the fund. Citron later adm itted the enterprise is a fair dealer and follow s ethical practices.
he did not understand either the position he took nor the risk In recent years, however, concern about reputation risk has
exposure of the fund. becom e more prom inent with the rapid growth of social net
w orks. Rum ors can spread quickly on the internet and destroy
Firms need to understand the risks that are inherent in their
reputations in a m atter of hours. Com panies are also under
business m odels. Senior m anagem ent then needs to deploy
growing pressure to dem onstrate their com m itm ent to envi
robust policies and risk m easures tying risk m anagem ent, and
ronm ental, social, and governance-related best practices. A s a
particularly the use of derivatives, to risk appetite and overall
result, the reputational dam age for unethical conduct can be
business strategy as it has been com m unicated to stakeholders.
very severe.
M anagem ent and boards should always ask where the risks are
hiding and under what circum stances could they produce a loss.
Sachsen opened a unit in Dublin tasked with setting up vehicles California officials.
to hold large volum es of highly rated U.S. m ortgage-backed The dam age to Volkswagen, the world's biggest carmaker, was
securities. W hile these vehicles were technically off the parent significant. The share price of the com pany fell by over a third
bank's balance sheet, they benefited from the guarantee of as the scandal unfolded and the firm faced billions of dollars
Sachsen itself. in potential fines and penalties. Numerous lawsuits were filed.
W hile this operation was highly p ro fitab le,28 it was sim ply Its reputation, particularly in the im portant US m arket, took a
too large when com pared to the size of Sachsen's balance severe hit. The reputational effect extended beyond the com
sheet. W hen the subprim e crisis struck in 2007, the rescue pany itself as Germ an governm ent officials expressed concerns
operation w iped out Sachsen's capital and the bank had to be that the value of the im prim atur "M ade in G erm any" would be
sold to Landesbank Baden-W urttem berg (i.e ., another Germ an diminished because of Volkswagen's actions.
state bank).
Many in Enron's senior m anagem ent acted in their own self- 32 The SPV was capitalized entirely with Enron stock. The danger is that
if the value of Enron's stock declines, the credit risk of the SPV increases.
interest and against the interests of shareholders (i.e., this is
33 Primbs, Michael and Wang, Clara, "Notable Governance Failures:
known as agency risk). For exam ple, Enron chairman and C E O
Enron, Siemens and Beyond" (2016). Comparative Corporate Gover
Ken Lay was charged with "falsifying Enron's publicly reported nance and Financial Regulation. Paper 3 https://scholarship.law.upenn.
financial results and making false and misleading public edu/cgi/viewcontent.cgi?article=1009&context=fisch_2016
34 The PCAOB promulgates auditing standards and has the power to 35 See Crouhy, Galai, and Mark, " 'What's in a Name?' Risk," Enterprise
investigate. Wide Risk Management Supplement (November 1997), pp. 36-40.
QUESTIONS
9.1 W hat does it mean to ride the yield curve? 9.8 LTCM was purported to have had an experienced team
and operated strategies that were perceived as having
9.2 The S&L crisis of the 80s was mainly due to
minimal risk. So, what were the reasons for the collapse of
A. S&Ls failing to manage their interest rate risk.
LTCM in Septem ber 1998? Explain.
B. increased com petition among S&Ls.
C. increased com petition from commercial banks. 9.9 W hich of the financial disasters was not affected by
D. econom ic recession. increased correlations in the m arkets?
A. LTCM
9.3 Explain what the major factors leading to Lehman Brothers
collapse in Septem ber 2008 w ere.
B. M etallgesellschaft
C . The subprim e crisis
9.4 Liquidity risk, which brought the dem ise of Lehman Broth
D. The London W hale
ers and Continental Illinois, was not caused by
9.10 In the "London W hale" case it is m entioned that ". . . the
A. expanding the business too fast.
SCP trades breached the limits on all five risk m etrics. In
B. reliance on short-term financing.
fact, from January 1 through April 30, 2012, C IO risk limits
C. changes in regulation that required more liquidity
and advisories were breached more than of 330 tim es."
reserves.
How can the inaction of the bank's m anagem ent be
D. worsening m acroeconom ic conditions.
explained?
9.5 In the Northern Rock case one of the lessons is that there
is a tradeoff between funding liquidity and interest rate
9.11 Explain the term "flight to quality" and explain how it
risk: W hen funding liabilities have shorter duration than relates to a financial crisis.
loan assets, the bank is exposed t o ____________ interest rate 9.12 W hat is model risk?
risk a n d ____________ funding liquidity risk. 9.13 G ive some fam ous exam ples of rogue trading.
A. lower, higher
9.14 The Enron failure was due to
B. lower, lower
A. liquidity risk.
C. higher, higher
B. foreign currency risk.
D. higher, lower
C . com m odity risk.
9.6 Rumors about a possible intervention by the Bank of Eng D. governance risk.
land contributed to the default of Northern Rock.
A. True
B. False
9.7 In which of the following cases did the firm default due to
fraud?
A. M etallgesellschaft Refining and Marketing
B. Northern Rock Bank
C. Victor N iederhoffer
D. None of the above
ANSWERS
9.1 Maintain positive spreads between interest rates earned calls on its futures holdings. Ironically, LTCM's strategies
on longer-term assets (e.g ., loans) and interest paid on actually were valid in the medium term , and as the crisis
shorter-term liabilities (e.g ., deposits). ended, the banks that took over LTCM realized a sub
stantial profit.
9.2 A. S&Ls failing to manage their interest rate risk.
9.9 B. M etallgesellschaft
Interest rate risk led to the US savings and loan (S&L)
crisis in the mid-1980s. M etallgesellschaft was hurt by change in the shape of the
price curve.
9.3 Concerns about the valuation of the firm's real estate-
based assets led to a loss in m arket confidence. Counter 9.10 Fail ure in corporate governance and poor risk culture.
parties began to reduce their exposure significantly and Specifically, the whale trades showed that breaches in
the firm could not roll over its debt. A ttem pts to orga risk limits were frequently ignored, risk m etrics were
nize an industry rescue failed. often criticized or dow nplayed, and risk m odels were
9.4 C. changes in regulation that required more liquidity misused by em ployees to set capital requirem ents that
were artificially low.38
reserves.
In each case, the liquidity crisis was brought on by 9.11 W hen investors are worried about the econom ic and
m arket environm ent, they tend to rebalance their
changing conditions in the w ider econom y and the credit
portfolio by investing heavily in "secure" assets from
m arkets.
"safe heaven" countries (e.g ., the United States). As
9.5 A. lower, higher
a consequence, the yield on US securities goes down
Banks must consider the significant tradeoff between a during a financial crisis, whereas interest rates in other
short-term funding strategy with low rates but frequent countries go up.
rollovers (and thus more liquidity risk) and a long-term
9.12 Trading of financial securities, especially derivative prod
funding strategy with higher rates (and thus higher costs)
ucts, relies heavily on mathematical m odels. Trading
but less frequent rollovers.
losses can be the consequence of model errors due to
9.6 True incorrect assum ptions about the underlying asset price
W hen Northern Rock becam e unable to fund itself process, errors in the calibration of key input param eters
through interbank loans, UK authorities discussed vari such as volatility and correlations, and errors in the deri
ous strategies to relieve the bank's difficulties. News of vation of the hedge ratios.
the Bank of England's planned support operation for Note that when m arkets becom e illiquid (e.g ., during a
Northern Rock leaked, setting the scene for a run on financial crisis), even the best model might not be able
deposits between Septem ber 14 and Septem ber 17. to help in hedging the risk of a trading position because
9.7 C. None of the above traders might not be able to execute the hedge in the
market.
The fraud exam ples included Barings Bank and Enron.
9.13 Barings
9.8 LTCM failed because its models did not anticipate the
vicious circle of losses that would arise as volatilities 9.14 D. governance risk.
increased, correlations between various instruments and Enron was a poster child of corporate governance failure
m arkets approached 1, and liquidity vanished. LTCM also and poor risk m anagem ent.
succum bed to a liquidity crunch caused by large margin
38 Frierson, R. D. (2013, June 7). Re: Docket No. 1457 and RIN
7100-AD-95 on Large Bank Assessments [Letter to United States Senate
Committee on Homeland Security and Governmental Affairs].
• D escribe the historical background and provide an over- • D escribe trends in the short-term wholesale funding mar-
view of the 2007-2009 financial crisis. kets that contributed to the financial crisis, including their
im pact on system ic risk.
• D escribe the build-up to the financial crisis and the factors
that played an im portant role. # D escribe responses taken by central banks in response to
the crisis.
Explain the role of subprim e m ortgages and collateralized
debt obligations (CD O s) in the crisis.
141
10.1 INTRODUCTION AND OVERVIEW
BOX 10.1 SUBPRIME MORTGAGE
The cascade of events that came be known as the G reat Finan MARKET PRE-CRISIS
cial Crisis of 2007-2009 (G FC ) began with a downturn in the Subprim e m o rtg a g es1
3 are residential home loans made to
U.S. subprim e m ortgage m arket in the sum m er of 2007 borrowers with poor credit. In the United States,
(Box 10.1). The years preceding the crisis saw an exceptional consum er credit quality is m easured with a FIC O sco re.4
boom in credit growth in the United States, a massive housing Factors that can drive down a FIC O score include a limited
credit history, a large amount of outstanding debt, or a
price bubble, and an excess of leverage in the financial system
history of delinquent paym ents. The exact definition of a
that had been building since the previous credit crisis of subprim e borrower can vary, and some lenders even
2 0 0 1 -2 0 0 2 .2 The boom years had also been accom panied by a consider borrowers with relatively high credit scores as
wave of financial innovations related to securitization, which subprim e if their m ortgages have low down paym ents.
expanded the capacity of the financial system to generate credit Broadly speaking, subprim e m ortgages have more default
risk than prime m ortgages and therefore pay higher
assets but outpaced its capacity to manage the associated risks.
interest rates.
Unlike previous U.S. credit crises, the G F C affected investors all
There is another key category of borrowers term ed Alt-A.
over the world. Massive losses spread from subprim e m ortgages These are borrowers that have reasonably strong credit
in the United States to other segm ents of the credit m arket. ratings but lack essential docum entation needed to verify
Banks began to experience large losses and liquidity problems their assets and income.
amid growing uncertainty about the valuation of credit assets. Subprim e m ortgages becam e very popular in the United
As a result, banks stopped lending to one another. Governm ents States in the years preceding the financial crisis. According
around the world intervened by offering liquidity support facili to form er Fed chairman Ben Bernanke, "[fjrom 1994 to
2006, subprim e lending increased from an estim ated USD
ties and recapitalizing insolvent banks in an effort to encourage
35 billion, or 4.5 percent of all one-to-four fam ily m ort
bank lending. Many banks failed entirely or were taken over.
gage originations, to USD 600 billion, or 20 percent of
February 2008 saw the nationalization of troubled U .K. m ort originatio ns."5
gage lender Northern Rock, a victim of the first bank run that By early 2007, total outstanding subprim e m ortgage debt
nation had experienced in 140 years. The following month, U.S. was estim ated at USD 1.3 trillion.6
investm ent bank Bear Stearns was absorbed by J .R Morgan
Chase in a deal brokered by the U.S. Treasury D epartm ent and
the Federal Reserve. holding com panies and becam e regulated by the Federal
Reserve. This move gave them access to the Fed's liquidity
The crisis also brought the asset-back commercial paper (ABCP)
facilities.
and repo markets to a halt, causing numerous hedge funds to
• Fannie Mae and Freddie Mac were nationalized. A IG was
freeze redem ptions or fail. Many special investm ent vehicles
brought back from the brink of collapse via a USD 150 billion
(SIVs) and conduits were also wound down. C redit losses w orld
capital infusion by the U.S. Treasury and the Federal Reserve.
wide eventually exceeded USD 1 trillion.
• In Europe, many countries had to step in to provide massive
The peak of the subprim e crisis cam e in Septem ber 2008, which
support to their banks. Dutch financial conglomerate Fortis was
saw a cascade of events.
2006 20
10.2 HOW IT ALL STARTED8 Sources: B&C Lending Fedral Reserve Bank of St. Louis; EIR.
• A s m entioned previously, many subprim e m ortgages eventually defaulted. Originating brokers therefore had very
included teaser rates. For exam ple, a 2/28 adjustable-rate little incentive to conduct proper due diligence.
rowers were steered into subprim e m ortgages although ensure that the super senior tranche receives a A A A rating, a
they qualified for m ortgages with more attractive term s. surety wrap was som etim es u sed .17
M eanwhile, other borrowers ended up with m ortgages they In theory, the O TD m odel, coupled with extensive use of secu
ritization, would distribute risk more broadly throughout the
financial system . This in turn would make banks less sensitive
14 It should be noted that the market was heavily dependent upon the to credit crises, reduce system ic risk, and give banks additional
rating agencies to provide an explicit risk analysis of these securities,
funding sources to support their lending.
which in turn translated to a high implicit impact on market valuation.
15 N. Knox, "43% of First-time Home Buyers Put No Money Down," USA
Today, 2006, Jan. 17.
16 Board of governors of the Federal Reserve system, H.15 Selected 17 A surety wrap is supplied by a monoline insurer who is obligated to
Interest rates. make interest and principal payments in the event of default.
aware of the requirem ents and assum ptions underlying these transactions, ranging from governm ent bonds and high-quality
ratings, they were able to structure the paym ent waterfalls and corporate bonds to tranches of securitizations. The quality of
associated liabilities in such a way as to obtain a high percent the collateral greatly influences the size of the haircut (i.e., the
age of A A A -rated bonds. percent reduction from the initial m arket value the lender is will
ing to give the borrower), with higher (lower) quality collateral
The assum ptions used in this rating process were based on his
having sm aller (larger) haircuts. For exam ple, a haircut of 10%
torical data. However, this data did not reflect the changes in
means that a borrower can borrow USD 90 for each USD 100
the asset characteristics that were taking place at the tim e (e.g .,
pledged collateral. A haircut is intended to protect the lender
the growing number of N IN JA loans, liar loans, and subprim e
from recovering less than the full value of the loan amount in the
m ortgages with 100% loan-to-value ratios).
event they need to sell the collateral after a default.
Rating agencies also relied on data received from the issuers
Repos are excluded from the bankruptcy process. This means
and arrangers, who were bundling the m ortgages and perform
that if one counterparty fails, the other may term inate the trans
ing due diligence. In spite of w idespread knowledge of declin
action unilaterally and either keep the cash or sell the collateral.
ing lending standards and increasing fraud, the rating agencies
them selves did not perform any additional due diligence or In unsecured CP financing, short-term debt is issued but is not
monitoring of the data. backed by any specific assets. Because there is no specific col
lateral that a lender can seize in the event of default, unsecured
It is also im portant to note that subprim e m ortgage loans
CP issuers generally have very high credit quality. If a C P issuer's
were too new in the m arketplace to offer long-term data that
credit quality deteriorates, such as through a rating dow ngrade,
could inform risk analyses. Therefore, many of the initial ratings
there is usually an orderly exit through margin calls.
assigned to these securitizations (typically the senior tranches
that were given A A A ratings) were likely faulty from the outset. Asset-back commercial paper (A BCP) is a special case of CP
where the issuer finances the purchase of the assets by issuing
Despite these analytical flaws, there were strong incentives for
CP, with the assets serving as collateral.
agencies to provide the required ratings. These agencies are paid
to monitor the C D O over its life. But if the C D O trust did not The dem and for collateral increased in the years preceding the
get formed because too few bonds were A A A -rated, the agency crisis, driven by the growth of the O T C derivatives m arkets and
would miss out on this profitable and continual cash stream. an increasing reliance on short-term collateralization by financial
45
40
30
U)
CD
03
4 —
*
c 25
u
CD
Q)
Q_ 20
By the sum mer of 2007, the short-term wholesale funding mar First of all, they are difficult to value even when there isn't an
kets started to freeze, including both the A B C P m arket and the ongoing crisis. Th eir liability structure and cashflow w aterfalls
repo m arket. Investors stopped rolling maturing ABCP, forcing tend to be co m p lex and contain different typ es of collateral
banks to repatriate SIV assets onto their balance sheets. With and interest rate trig g ers. A lso , even if they share a basic
the significant increase in repo haircuts, institutions that relied securitization fram ew o rk, each structured product is unique.
on repo financing were unable to roll their short-term funding. T h e re fo re , the m odel(s) used to sim ulate the cashflow s for
A t that point, there were only three outcom es: bailout, merger, each bond must be custom ized to fit the unique aspects of
or bankruptcy. the structure.
This is exactly the scenario that led to the failure of Bear Th e assets in the collateral pool must also be valued. In the
Stearns, m ortgage banks Northern Rock in the United Kingdom , case of A B S trusts, this can require the valuation of thousands
IndyM ac in California, and Lehman Brothers. Note that all these of subprim e m ortgages, with a w ide variety of borrow er char
institutions satisfied Basel minimum regulatory capital require acteristics and loan term s. C D O s may contain securities issued
ments before they failed. by A B S trusts, w hile C D O -sq uared structures contain secu ri
Relying heavily on short-term wholesale funding can be danger ties issued by other C D O s. Som e asset pools contain synthetic
ous, as it can disappear overnight. A B S credit default sw aps. All of these com plex instrum ents
m ust be valued.
The lack of transparency extended to types of products within of 2008, the Fed created backstop facilities for a majority of the
the SIVs, because banks may hold assets until they can be secu asset classes that experienced stress during the crisis. Its actions
included
ritized and sold. Their exact holdings are, therefore, often
unknown to investors. 23 • Creating long-term lending facilities against high quality
collateral,
The total volume of outstanding com m itm ents that a financial
institution had given, including existing backstop lines of credit • O pening the discount w indow *•242
5to investm ent banks and
the bank was com m itted to or loan com m itm ents for private securities firms,
equity buyouts, was also hard to determ ine. Many banks also • Providing funds to be lent against high-quality illiquid asset-
had profitable money m arket franchises and these relationships backed securities,
carried im plicit com m itm ents to these funds in the event they
• Providing funds to finance the purchase of unsecured CP and
experienced significant difficulties (e.g ., a run on the fund).
ABCP,
A wave of uncertainty, com bined with a lack of transparency, • Providing liquidity to money m arket funds, and
triggered the subprim e crisis in the sum mer of 2007. q r
inputs. Their valuation can be rather subjective. Examples of Level 3 Viral Acharya, Thomas Philippon, Matthew Richardson, and Nouriel
assets are MBS, private equity shares, complicated derivatives, foreign Roubini, The Financial Crisis o f 2007-2009: Causes and Remedies, 2009,
stocks, and distressed debt. NYU Salomon Center for the Study of Financial Institutions publication.
27 On October 28, 2008, Bank of America, BNY Mellon, Citigroup, Gold 2007, the three-m onth Libor (London interbank offered rate)
man Sachs, J.P. Morgan Chase, Morgan Stanley, State Street, and Wells rose over 30-basis points. The reluctance to lend becam e
Fargo received a total of USD 115 billion under the TARP program. w idespread as credit standards tightened, negatively im pact
See United States., Government Accountability Office. (2009). The Trou ing hedge funds and other financial institutions, squeezing the
bled A sset Relief Program March 2009 status o f efforts to address trans availability of m ortgages (both residential and com m ercial), and
parency and accountability issues: Report to congressional Committees.
Washington, D.C.: U.S. Govt. Accountability Office, https://www.gao restricting business lending. Thus, a financial crisis becam e an
.gov/assets/290/288105.pdf econom ic crisis.
QUESTIONS
10.1 Securitization didn't play a major role in the G F C . 10.9 In order to securitize m ortgages off their balance sheet,
A. True banks structured bankruptcy remote com panies called
B. False A. SUVs.
B. SIVs.
10.2 The G F C was contained in the United States and didn't
spread out to the rest of the world.
C. VIPs.
A. True 10.10 A s early as the sum mer of 2007, the short-term wholesale
B. False funding m arkets started to freeze. A s a consequence,
there was a significant increase in
10.3 Subprim e borrowers were required to pay a
A. the Libor-OIS spread.
down-paym ent of at least 10% to buy a house.
A. True B. repo haircuts.
B. False
C. A and B.
10.11 Between the fall of 2007 and the end of 2008, the Fed
10.4 The G reat Financial Crisis (G FC ) started
came up with several programs to inject liquidity into the
A. with the failure of Lehman Brothers.
financial m arket, including
B. in the high-tech sector.
A. TA F
C. in the subprim e m ortgage market.
B. P D C F
10.5 The G F C appears to have been triggered by
C. TARP
A. a liquidity crisis that led to a solvency crisis.
D. All of the above
B. a solvency crisis that led to a liquidity crisis.
E. None of the above
10.6 During the sum mer of 2007 banks, such as Northern
10.12 The Lehman Brothers collapse
Rock in the U .K ., started to run into funding problem s,
A. could have been easily predicted from the ratings of
because of the shutdown of
Lehman's debt instruments.
A. the asset back commercial paper (A BCP) market.
B. could have been predicted from the financial reports
B. the repo m arkets.
of the com pany.
C. A and B.
C. all of the above.
10.7 W hich major U.S. investm ent bank(s) was/were converted D. none of the above.
into bank holding com panies in 2008? Select all that
10.13 W hat are N IN JA loans?
apply.
10.14 Explain in a few words: W hat is the originate-to-distribute
A. Citibank
(O TD) business model?
B. J.P. Morgan
C. Goldm an Sachs 10.15 Describe in a few words the system ic im pact of the
D. Morgan Stanley default of a major O T C derivatives dealer such as
E. All of the above Lehman Brothers.
ANSWERS
10.1 False 10.9 B. SI Vs.
Securitization expanded the capacity of the financial sys An SIV is a lim ited-purpose, bankruptcy remote com pany
tem to generate credit assets but outpaced its capacity used by banks to purchase assets funded with short-term
to manage the associated risks. commercial paper as well as some medium-term notes
and capital.
10.2 False
tors all over the world. The OlS-swap spread exploded (as shown in Figure 10.1)
in the summer of 2007. It remained high during the crisis,
10.3 False
jumped again when Lehman Brothers failed, and never came
In 2005, 43% of first-time home buyers paid zero down
back to pre-crisis levels. A t the same time, there was system
paym ent.
atic increase in haircuts, from zero pre-crisis to more than 45%
10.4 C. in the subprim e m ortgage market when Lehman failed in September 2008 (see Figure 10.2).
The cascade of events that came be known as the G reat 10.11 D. All of the above
Financial Crisis of 2007-2009 (G FC ) began with a dow n
• Term Auction Facility (TAF) is a program im plem ented
turn in the US subprim e m ortgage m arket in the summer
in D ecem ber 2007 and designed to provide funds to
of 2007.
depository institutions by auctioning funds against
10.5 A. a liq uidity crisis that led to a solvency crisis. a wide range of collateral. TA F was subsequently
This is especially true for highly levered institutions which expanded in March 2008, following the collapse of
relied heavily on short-term wholesale funding. Bear Stearns, to include other types of institutions.
• Primary D ealer C redit Facility (PD C F), created in
10.6 C. A and B
March 2008, through which the Fed lent funds via
By the sum mer of 2007, the short-term wholesale fund
repos to primary dealers.
ing m arkets started to freeze, including both the A B C P
• Troubled A sset Relief Program (TARP) was introduced
m arket and the repo market.
in O ctober 2008.
10.7 C. Goldm an Sachs
10.12 D. None of the above
D. Morgan Stanley
Note that Lehman satisfied the Basel minimum regula
The last two major investm ent banks in the United tory capital requirem ents before it failed.
States, Morgan Stanley and Goldm an Sachs, were con
10.13 N IN JA Ioans refer to applicants who had "no incom e, no
verted to bank holding com panies and becam e regu
job, and no assets."
lated by the Federal Reserve.
10.14 In the originate-to-distribute business m odel, banks:
10.8 D. A and B
• Extend loans;
W hen housing prices fell, subprim e m ortgage balances
quickly began to exceed the m arket value of the homes • Securitize the loans; and
that collateralized the loans. • Sell the securities to investors.
Teaser rates were not much of a problem if a borrower 10.15 Lehman's default triggered a cascade of defaults among
could refinance the m ortgage before the reset date. But its counterparties, who could not get back their col
if the borrower could not refinance, and if interest rates lateral. Dealers which had no direct link to Lehman, but
increased, the monthly m ortgage costs could rise very were counterparties of failed direct counterparties of
quickly. Lehman, also defaulted.
D escribe the responsibility of each G A R P M em ber with D escribe the potential consequences of violating the
respect to professional integrity, ethical conduct, conflicts G A R P Code of Conduct.
of interest, confidentiality of inform ation, and adherence
to generally accepted practices in risk m anagem ent.
153
I. INTRODUCTORY STATEMENT fulfill the risk professional's responsibilities and to uphold
the reputation of the risk m anagem ent profession. G A RP
The G A R P Code of Conduct ("C o d e ") sets forth principles of M em bers must avoid disguised contrivances in assess
professional conduct for Global Association of Risk Professionals ments, m easurem ents and processes that are intended to
("G A R P "), Financial Risk M anagem ent (FRM®) and Energy Risk provide business advantage at the expense of honesty and
Professional (ERP®) certifications and other G A R P certification truthfulness.
and diploma holders and candidates, G A RP's Board of Trustees, 1.2 Conflicts of Interest. G A R P M em bers have a responsi
its Regional Directors, G A R P Com m ittee M em bers and G A RP's bility to prom ote the interests of all relevant co n stitu en
staff (hereinafter collectively referred to as "G A R P M em bers") cies and will not know ingly perform risk m anagem ent
in support of the advancem ent of the financial risk m anagem ent services directly or indirectly involving an actual or
profession. These principles promote the highest levels of ethi potential conflict of interest unless full disclosure has
cal conduct and disclosure and provide direction and support been provided to all affected parties of any actual or
for both the individual practitioner and the risk m anagem ent ap p arent conflict of interest. W here conflicts are unavoid
profession. able G A R P M em bers com m it to their full disclosure and
m anagem ent.
The pursuit of high ethical standards goes beyond following
the letter of applicable rules and regulations and behaving in 1.3 Confidentiality. G A R P M em bers will take all reasonable
accordance with the intentions of those laws and regulations, it precautionary m easures to prevent intentional and uninten
is about pursuing a universal ethical culture. tional disclosure of confidential information.
There is no single prescriptive ethical standard that can be others, to operate at the highest level of professional
globally applied. We can only exp ect that G A R P M em bers will skill.
continuously consider ethical issues and adjust their conduct • G A R P M em bers should always continue to perfect their
accordingly as they engage in their daily activities. expertise.
This docum ent makes references to professional standards and • G A R P M em bers have a personal ethical responsibility
generally accepted risk m anagem ent practices. and cannot out-source or delegate that responsibility to
others.
Risk practitioners should understand these as concepts that
2.2 Best Practices.
reflect an evolving shared body of professional standards
and practices. In considering the issues this raises, ethical • G A R P M em bers will promote and adhere to applicable
behavior must weigh the circum stances and the culture of the "b est practice standards," and will ensure that risk
applicable global community in which the practitioner resides. m anagem ent activities perform ed under his/her direct
supervision or m anagem ent satisfies these applicable
standards.
II. CODE OF CONDUCT • G A R P M em bers recognize that risk m anagem ent does
not exist in a vacuum . G A R P M em bers com mit to consid
The C ode is com prised of the following Principles, Professional ering the w ider im pact of their assess ments and actions
Standards and Rules of Conduct which G A R P M em bers agree to on their colleagues and the w ider community and envi
uphold and im plem ent. ronment in which they work.
1.2 Shall exercise reasonable judgm ent in the provision of risk 3.2 Must not use confidential information to benefit personally.
services while maintaining independence of thought and
direction. G A R P M em bers must not offer, solicit, or accept
any gift, benefit, com pensation, or consideration that could
4. Fundamental Responsibilities
be reasonably expected to com prom ise their own or anoth GARP Members:
er's independence and objectivity. 4.1 Shall com ply with all applicable laws, rules, and regu
1.3 Must take reasonable precautions to ensure that the lations (including this C ode) governing the G A R P
M em ber's services are not used for improper, fraudulent or M em bers' professional activities and shall not knowingly
illegal purposes. participate or assist in any violation of such laws, rules, or
regulations.
1.4 Shall not knowingly m isrepresent details relating to
analysis, recom m endations, actions, or other professional 4.2 Shall have ethical responsibilities and cannot out-source or
activities. delegate those responsibilities to others.
1.5 Shall not engage in any professional conduct involving 4.3 Shall understand the needs and com plexity of their
dishonesty or deception or engage in any act that reflects em ployer or client, and should provide appropriate and
negatively on their integrity, character, trustworthiness, or suitable risk m anagem ent services and advice.
professional ability or on the risk m anagem ent profession. 4.4 Shall be diligent about not overstating the accuracy or cer
1.6 Shall not engage in any conduct or com mit any act that tainty of results or conclusions.
com prom ises the integrity of GARP, the (Financial Risk 4.5 Shall clearly disclose the relevant limits of their specific
Manager) FRM designation or the integrity or validity of know ledge and exp ertise concerning risk assessm ent,
the exam inations leading to the award of the right to use industry practices and applicable laws and regulations.
the FRM designation or any other credentials that may be
offered by GARP.
5. General Accepted Practices
1.7 Shall endeavor to be mindful of cultural differences regard
ing ethical behavior and custom s, and to avoid any actions GARP Members:
that are, or may have the appearance of being unethical 5.1 Shall execute all services with diligence and perform all
according to local customs. If there appears to be a conflict work in a manner that is independent from interested
or overlap of standards, the G A R P m em ber should always parties. G A R P M em bers should collect, analyze and distrib
seek to apply the higher standard. ute risk information with the highest level of professional
objectivity.
2. Conflict of Interest 5.2 Shall be fam iliar with current generally accepted risk man
agem ent practices and shall clearly indicate any departure
2.1 Shall act fairly in all situations and must fully disclose any 5.3 Shall ensure that com m unications include factual data and
actual or potential conflict to all affected parties. do not contain false information.
2.2 Shall make full and fair disclosure of all m atters that could 5.4 Shall make a distinction between fact and opinion in the
reasonably be expected to impair their independence and presentation of analysis and recom m endations.
158 ■ Index
fundamental responsibilities, 155 liquidity crunch hits, 146-147
Fundamental Review of the Trading Book (FRTB), 42 originate-to-distribute, 143
funding liquidity risk, 5 short-term wholesale debt market, 145-146
Continental Illinois, 125-126 subprime crisis, 142
Lehman brothers, 124-125 subprime mortgage market pre-crisis, 142
lessons learned, 126-127 systemic risk, 149
Northern Rock, 126 valuation uncertainty and transparency issues, 147-148
Greenspan, Alan, 62
groupthink, 116
G
GARP Code of Conduct H
applicability, 156
hard numbers, 14
confidentiality, 155
hedging exposure, factor analysis, 87
conflict of interest, 155
hedging philosophy, 23-24
enforcement, 156
herding, 116
fundamental responsibilities, 155
high minus low (HML), 85
general accepted practices, 155
holistic thinking, 115-116
principles, 154
home bias, 116
professional integrity and ethical conduct, 155
home/host cooperation, 98
professional standards, 154
human agency, 1 2
general market risk, 4
Ginnie Mae. See Government National Mortgage Association (GNMA)
Glass-Steagall Act, 44 I
global financial crisis, 40 information ratio (IR), 78
governance Institute of Internal Auditors (IIA), 55
bank's audit function, 54-55 integrity, 96
implementing board-level risk interest rate risk, 31-32
board audit committee, 49-50 internal capital adequacy assessment process (ICAAP), 45
board risk management committee, 50 internal liquidity adequacy assessment process (ILAAP), 45
risk advisory director role, 50 International Monetary Fund (IMF), 63
incentives and risk-taking, 52-53 International Professional Practices Framework (IPPF), 55
infrastructure investment analysis, 14
best-practice risk management, 46-47
board and corporate, 45-46
J
interdependence of organizational units, 53-54
Jensen's performance index (JPI), 77
post-crisis regulatory response
Basel Committee on Banking Supervision, 42
Basel I, 42 K
Basel II, 42 key risk indicators (KRIs), 14
Basel III, 42 Knightian uncertainties, 8
industry restructuring, 44-45
net stable funding ratio, 42
L
Supervisory Review and Evaluation Process, 45
liquidity risk, 5
risk appetite, 50
long term capital management (LTCM), 129-130
chief risk officer (CRO), 50-51
loss aversion, 116
limits policies, 51-52
monitoring risk, 52
risk appetite statement, 47-49 M
Government National Mortgage Association (GNMA), 64 market liquidity risk, 5
Graham-Leach-Bliley Act, 44 market portfolio, 73
Great Financial Crisis of 2007-2009 (GFC) market risk, 4-5, 12
central banks, 148-149 limits, 51
financial intermediaries, 144-145 Markowitz, Harry, 72
issues with the rating agencies, 145 Mcdonald's financing and market risk, 31
Index ■ 159
mental accounting, 116 monitoring risk, 52
Metallgesellschaft Refining & Marketing (MGRM), 32, 33, 127-128 risk appetite statement (RAS), 47-49
mitigate risk, 8 , 27 Risk Data Network (RDN), 97
model risk, 128-129 risk management building blocks, 2
corporate governance, 132 balancing risk and reward, 13-14
fudging VaR models, 132 conflicts of interest, 1 2
governance, 131 enterprise risk management, 14-15
long term capital management, 129-130 human agency, 1 2
operational risk, 131-132 interactions between factors, 1 0 - 1 1
risk exposure grows, 131 knowns and unknowns, 8-9
risk measurement models, 130-131 process, 7-8
setting the scene, 131 quantitative risk metrics
stress test, 130-131 expected loss, 9
trading models, 130 expect the unexpected, 9-10
wrong assumptions, 129 risky relationships, 1 0
modern portfolio theory (MPT), 72-73 from unexpected to extreme, 1 0
moonwalking bears, 9 value-at-risk, 1 0
Morgan, J.P., 86 risk aggregation, 12-13
mortgage backed securities (MBS), 62 risk factor breakdown, 1 0 - 1 1
multi-faceted costs, 135 structural change, 1 1 - 1 2
multifactor models of risk and return, 85-87 timeline, 2, 3
typology
N banking industry, 2-4
business lies strategic risk, 6
Northern Rock, 126
credit risk, 5
nuclear war, 8
liquidity risk, 5
market risk, 4-5
O operational risk, 5-6
operational risk, 5-6 reputation risk, 6-7
orange county, 134-135 risk management cost/benefit analysis, 14
originate-to-distribute (OTD), 65-67, 143 risky relationships, 1 0
Osaka Securities Exchange (OSE), 132 Robust Minus Weak (RMW), 85
ostrich effect, 116 rogue trading, 132-134
Roll, R„ 84
P rolling hedge, 128
Ross, S., 84
pricing strategies, 14
Rumsfeld, Donald, 8
professional integrity and ethical conduct, 154, 155
S
Q
Sarbanes-Oxley (SOX), 41
quantitative asset management techniques, 73
savings and loan (S&L) crisis, 124
scenario stress test, 116
R securitization process, 64-65
referencing, 116 sharpe performance index (SPI), 77
remedial actions, 98 Singapore International Monetary Exchange
repos, 145 (SIMEX), 132
reputation risk, 6-7, 135 small minus big (SMB), 85
retain risk, 8 , 26 Sortino ratio (SR), 78
rightsizing risk management, 27-28 special purpose vehicle (SPV), 64
risk-adjusted return on capital (RAROC), 13-14 specific market risk, 4
risk aggregation, 12-13 Standard and Poor's Depository Receipts (SPDR), 86
risk appetite, 24-26, 46, 50 State Street Global Advisors, 86
chief risk officer (CRO), 50-51 strong risk data aggregation capability, 95-96
limits policies, 51-52 supervisory measures, 98
160 ■ Index
Supervisory Review and Evaluation Process (SREP), 42, 45
U
surprise factor, 84
underwater icebergs, 9
SWIFT, 137
U.S. Dodd-Frank Act, 42
syndication, 63
usefulness, 97
systemic risk, 149
T V
Value-at-Risk (VaR), 10, 12, 13
timeliness, 96
Volcker Rule, 44
tracking error (TE), 78
Volkswagen Emission Cheating Scandal, 135
trading liquidity risk. See market liquidity risk
transfer risk, 8, 27
Treynor performance index (TPI), 77 W
triaging risks, 7 wrong way risk, 63
Index ■ 161