Risk Management
陳明道 教授 David M. Chen
Graduate Institute of Finance [email protected]
Crouhy, Michel, Dan Galai, and Robert Mark McGraw-Hill, Inc., 2003
Content
1. The Need for Risk Management Systems
2. The New Regulatory and Corporate Environment 3. Structuring and Managing the Risk Management
Function in a Bank
4. The New BIS Capital Requirements for Financial Risks
5. Measuring Market Risk: The VaR Approach 6. Measuring Market Risk: Extension of the VaR
Approach and Testing the Models 7. Credit Rating Systems
8. Credit Migration Approach to Measuring Credit Risk
9. The Contingent Claim Approach to Measuring Credit Risk 10. Other Approaches: The Actuarial and Reduced-Form
Approaches to Measuring Credit Risk
11. Comparison of Industry-Sponsored Credit Models and Associated Back-Testing Issues
12. Hedging Credit Risk
13. Managing Operational Risk
14. Capital Allocation and Performance Measurement 15. Model Risk
16. Risk Management in Non-bank Corporations 17. Risk Management in the Future
Ch. 1 The Need for Risk Management Systems
International banking system
Consolidation* over the last 25 years
M&A, globalization
Financial Service Act of 1999
• New products, new markets, new business activities*
• Repeal key provisions of the Glass-Steagall Act – Passed during the Great Depression
– Prohibits commercial banks from underwriting insurance and most kinds of securities.
• Repeal key provisions of the Bank Holding Act of 1956 – Prohibits M&A of brokerage firms, banks, and insurers.
• Allows bank holding companies to expand their range of services* and to take advantage of new financial
technologies such as web-based e-commerce.
– Puts brokerage firms and insurers on a par with banks.
Changes in industry structure
Disintermediation
• Corporations found it less costly to raise money from the public
– Reducing profit margins, lending in larger sizes*, longer maturities, and to customers of lower credit quality
Tailor-made financial services
• Customers are demanding more sophisticated and complicated ways to finance their activities, to hedge their financial risks, and to invest their liquid assets.
Risk intermediation
• New market, credit, and operational risks
• Engaging in risk shifting activities*
– Managerial emphasis has shifted away from maturity intermediation (term vs. risk spreads).
– From simplistic profit-oriented management to risk/return management (similar to major corporations).
– The Federal Reserve Bank (FRB) estimates that in 1996, U.S. banks possessed over $37 tln of off-balance-sheet assets and liabilities; $1 tln only 10 years earlier.
• Demand better and better expertise and know-how in controlling and pricing the risks.
– Not by rejecting risk, but by quantifying risk and thus pricing it appropriately.
Basle (Switzerland) Committee on Banking Supervision (BCBS) of Bank for International Settlements (BIS)
• 1988 BIS Accord
– Required to set aside a flat fixed percentage of banks’ risk- weighted assets (8% corporate loans, 4% uninsured residential mortgages) as regulatory capital against default.
– Capital adequacy requirements are currently tailored to the needs of traditional bank holding companies.
• From 1998, required to hold additional regulatory capital against market risk in trading books.
• New Accord: from 2006, required to hold additional against
operational risk: liquidity risk, regulatory risk, human factor risk, legal risk, and many other sources of risk*.
Integration (internally developed models)
• Risk management (RM) becomes an integral part of the management and control process rather than simply a tool to satisfy regulators.
Historical evolution
Banking regulations
Often dictates how financial institutions accommodate risks.
• Converging and consistent across countries
The crash of 1929 and the economic crisis
• Focused on systematic risk: the risk of a collapse of the banking industry at a regional, national, or international level.
• In particular, to prevent the domino effect: the chance of a failure by one bank might lead to failure in another, and then another.*
1933 Federal Deposit Insurance Corporation (FDIC)
• Enhancing the safety of bank deposits.
1933 Glass-Steagall Act
• Define the playing field for commercial banks
– Barred from dealing in equity and from underwriting securities
(effectively separated commercial and investment banking activities).
1933 Regulation Q
• Put a ceiling on the interest rate that could be paid on savings account.
• Reserve requirements encouraged banks to offer checking accounts that did not pay interest.*
1927 McFadden Act
• Prohibited banks from establishing branches in multiple states (interstate branching)
• State regulations led to the establishment of many small banks that specialize in a particular local market*.
• Helped to support natural regional monopolies in the supply of banking services.
1956 Bank Holding Company Act
• Limited the nonbanking* activities of banks.
• Felt that if banks expanded into new and risky areas, they might introduce idiosyncratic risk, or specific risk, that would affect the soundness of the whole banking system.
Reduced both the risk and competition
Banking environment
From World War II to 1951
• Interest rates had been pegged 釘住 and were not used as a tool in the monetary policy of the Federal Reserve.
– Interest rates were stable over an extended period of time, with only small changes occurring from time to time.
• 1944 Bretton Woods Agreement
– International foreign exchange rate were artificially 人為 fixed.
– Central banks intervened whenever necessary to maintain stability.
– Exchange rates were changed only infrequently, with the
permission of the World Bank and the International Monetary Fund (IMF). They usually required a country that devalued its currency to adopt tough economic measures in order to ensure the stability of the currency in the future.
From 1951
• The governments of developed economies had begun their slow but consistent withdrawal from their role as insurers or managers of certain risks*.
• Broke down of the regime of fixed exchange rates from the late 1960s – Due to global economic forces including a vast expansion of
international trading and inflationary pressure in the major economies.
– The hitherto obscured volatility surfaced in traded foreign currencies, precipitated a string of novel financial contracts.
– In 1972 the Chicago Mercantile Exchange (CME) created the International Monetary Market (IMM) to specialize in foreign currency futures and options on futures on the major
currencies.
– In 1982 the Chicago Board Options Exchange (CBOE) and the Philadelphia Stock Exchange introduced options on spot
exchange rates.
• Interest rates became more volatile, intensified in the 1970s and 1980s*.
– The increase in inflation and the advent of floating exchange rates soon began to affect interest rates.
– Volatility grew substantially from the early 1980s onwards, after the FRB under chairman Paul Volcker decided to use money supply as a major policy tool. Rates were able to react to changes in the money supply without prompting
interference from the Fed.
– The first traded futures on the long-term bonds issued by the Government National Mortgage Association (GNMA) appeared in October 1975 on the Chicago Board of Trade (CBOT), then futures on Treasury bonds in August 1977, futures on Treasury notes in May 1982, and options on Treasury bonds futures in October 1982.
– The CBOE introduced options on Treasury bonds in the same month.
– The CME added futures on Treasury bills in early 1976, futures on Eurodollars in 1981, options on Eurodollar futures in March 1985, and on Treasury bill futures in April 1986.
– Banks introduced the interest rate swap in 1982 and forward rate agreements (FRAs) in early 1983.
– BIS survey of derivative markets, starting April 1995, repeated every quarter, OTC notional amount from over $47 tln end- March 1995 to over $80 tln end-December 1998.
– OTC gross market value from $2.2 tln to $3.23 tln.
– OTC Daily turnover from $839 bln April 1995 to $ 1,226 bln April 1998.
– In April 1998, daily turnover of interest contracts are $275 bln in the OTC markets and $1,361 bln on exchanges. The situation is completely different in the case of foreign
currency contracts, $990 bln OTC and $12 bln exchanges.
– Non-financial firms engaged in a daily volume of $168 bln in OTC foreign currency products, but traded only a
volume of $27 bln in OTC interest rate products.
• Rapid changes in global markets
– Creation of large multinational corporations
– Technological change in the form of computerized information system
– Both offered incentive to merge banks to exploit economies of scale and be better placed to serve the changing needs of global clients.
– Mergers and globalization continuing through the 1990s among nonbank corporations.
– Regulatory bodies also became more willing to allow competition on a global scale, foreign banks were
allowed to operate in local markets, both directly and by acquiring local banks.*
– This quickening process of globalization exposes banks and other corporations to ever-greater foreign currency and interest rate risk, such as the risks associated with cross-border fund raising.
Regulatory environment
1980 DIDMCA
The Depository Institutions Deregulation and Monetary Control Act
• Marked a major change in regulatory philosophy in the U.S.
• Deregulation of the banking system and the liberalization of the economic environment in which banks operate.
• Initiated a six-year phase-out period for Regulation Q, allow commercial banks to pay interest on accounts with withdrawal rights (NOW accounts)
1982 DIA
Garn-St. Germain Depository Institution Act
• Allows banks to offer money market deposit accounts and the super-NOW accounts (pay money market interest but offered limited check-writing privileges).
• By the late 1970s (inflation) and early 1980s, the numbers of failed institutions (thrift and savings banks) increased
substantially. The main reason was an economic squeeze on banks that held sizable fixed-rate loan portfolios and which had financed these portfolios by means of short-term instruments*.
• Before it was changed*, Regulation Q helped to drive small depositors away from such banks, they turned instead to market traded instruments, money market accounts, and NOW accounts.
• The charter of such banks prevent them from using derivatives to deal with maturity mismatch.
The 1988 BIS Accord
The push to implement RM systems, ironically, came primarily from the regulators.
• The story of bank regulation since the 1980s has been one of an ongoing dialogue between the BIS and commercial banks all over the world.
• The Bank of England and the Federal Reserve Bank, concerned about the growing exposure of banks to off-balance-sheet claims, coupled with problem loans to third-world countries, their response, first of all, was to strengthen the capital requirements. In addition, they proposed
translating each off-balance-sheet claim into an equivalent on-balance- sheet item.
• Secondly, they attempted to create a level playing field by proposing that all international banks should adopt the same capital standard and the same procedures.
• While the regulatory bodies initiated the process and drew up the first set of rules, they have accepted that
sophisticated banks should have a growing role in the setting up of their own internal RM models. With the principles set and the course defined, the role of the regulators has begun to shift to that of monitoring sophisticated bank’s internal RM system.
July 1993 G-30 study
Was the first industry-led and comprehensive effort to broaden awareness of advanced approaches to RM.
• Provide practical guidance in the form of 20
recommendations, addressed to dealers and end-users alike, in terms of managing derivative activities.
Academic background and technological changes
Fundamental theories
Markowitz, Sharpe, Lintner, Modigliani, Miller, Black, Scholes, Merton
• Background courses
Implementation
Reliable, broad, and up-to-date data bases concerning both the bank’s transactional positions and the financial rates available in the wider market place.
Statistical tools and procedures that allow the bank to analyze the data
• To assess the net risk exposure daily, a bank must bring together data from a multiplicity of legacy systems with different data structures, from all of its branches and business worldwide.
• Estimates of volatilities and correlations of major risk form key inputs into the pricing model used to assess the risks inherent in the various financial claims.
• In reaction to evidence that volatility in financial markets may be nonstationary, researchers have begun to make use of increasingly sophisticated procedures such as ARCH, GARCH, and other
extensions.
Accounting systems
Backward looking
Past profits or losses are calculated and analyzed, but future uncertainties are not measured at all.
Off-balance-sheet
• As the GAAP could not easily accommodate derivatives, the instruments have largely appeared in the footnotes.
• The end result is that true risk profile is unclear from financial reports.
Problem loans of March 31, 1998
• Under conventional accounting practices in Japan as compared to the new proposed measurement standard, for the largest nine banks, the average understatement is 42% (29% to 62%).*
Forward looking
Two dimensional system
• Ideally the financial world would create a new reporting system base on what might be called “Generally Accepted Risk Principles”.
• Compromise between accuracy and sophistication, on the one hand, and applicability and aggregation (standard deviations are non-additive) on the other.
• Simply translating each off-balance-sheet claim to its on-balance-sheet equivalent, and then adding up these individual claims, would hugely overstate the real position and impose a significant cost on banks.
Lessons from financial disasters
Causes
Bad debts
• Major cause since modern banks began to evolve in the seventeenth century.
• The key weakness was that credit risk was evaluated on a case-by-case basis. Correlation risk was often ignored*.
Market exposures
• Some spectacular bank failure over the last 25 years generated by derivative positions.
Correlation between credit, market and liquidity risks
• Predictably, high interest rate leads to low value and low liquidity of real estate, which leads to default, then leads to low interest rate.
• The near-collapse of Long-Term Capital Management (LTCM) in 1998 highlight the risks of high leverage to an individual
institution.
– It also showed how problems in one institution might spill over into the entire financial system when, simultaneously, market prices fall and market liquidity dries up, making it almost impossible for wounded institution to unwind their positions in order to satisfy margin calls*.
• The industry as a whole is looking at how the relationship
between liquidity risk, leverage risk, and market and credit risk can be incorporated in risk measurement and stress testing models.
• No model offers a panacea to the problem of substantial changes in default rates, interest rates, exchange rates, and other key
indexes over a short time period. Increasingly, bank recognize they must subject their positions to stress analysis to measure their vulnerability to unlikely but possible market scenarios.
Operating risk
• The downfall of Barings in February 1995 bore witness to the failing of senior managers. They lacked the ability to monitor trading activities effectively.
– Due to a disregard for RM procedures
– A first principle is that the assessment of risk and
control over tracking transactions must be independent of trading function.
– Must scrutinize success stories in order to evaluate the risks incurred.
• The treasurer of the Orange County, California, borrowed heavily and invested in MBSs, only to incur losses of over
$1.6 bln when the cost of borrowing rose (1994).
– Showed excellent result at first.
Typology of risk exposure
Market risk
The risk that changes in financial market prices and rates will reduce the value of the bank’s position.
• Often measured relative to a benchmark index, referred to the risk of tracking error.
• Also includes basis risk: the chance of a breakdown in the relationship between the price of a product and the price of the instrument used to hedge that price exposure.
• Components of market risk: directional risk, convexity risk, volatility risk, basis risk, etc.
Credit risk
The risk that a change in the credit quality of a counterparty will affect the value.
• Only when the position is an asset, i.e., positive replacement cost.
Yet it can be negative at one point in time and become positive at a later point. Must examine the profile of future exposure up to the termination of the deal.
• Default, whereby a counterparty is unwilling or unable to fulfill its contractual obligation in the extreme case.*
• Counterparty might be downgraded by a rating agency (credit spread).
• The value it is likely to recover is called the recovery value; the amount it is expected to lose is called loss given default (LGD).
Liquidity risk
Funding liquidity risk
• Relates to a financial institution’s ability to raise the necessary cash, to roll over its debt, to meet the cash, margin, and collateral
requirements of counterparties, and to satisfy capital withdrawals (mutual funds).
• Affected by various factors such as the maturity of liabilities, the extent of reliance on secured sources of funding, the terms of
financing, and the breadth of funding sources, including the ability to access public markets such as the commercial paper market.
• Also influenced by counterparty arrangements, including collateral trigger clause, the existence of capital withdrawal rights, and the existence of lines of credit that the bank cannot cancel.
• Funding can be achieved through buying power: the amount a
trading counterparty can borrow against asset under stressed market conditions.
Trading related liquidity risk
• Often simply called the liquidity risk, is the risk that an institution will not be able to execute a transaction at the prevailing market price, because there is, temporarily, no appetite for the deal on the “other side” of the market.
Operational risk
Fraud
• A trader or other employee intentionally falsifies and misrepresents the risk incurred in a transaction.
Technology risk
• Principally computer systems risk
Human factor risk
• Losses that may result from human error such as pushing the wrong button*, inadvertently destroying a file, or entering the wrong value for the parameter input of a model.
Model risk
• The valuation of complex derivatives*
Legal risk
A counterparty might lack the legal or
regulatory authority to engage in a transaction.
• Usually only become apparent when a
counterparty, or an investor, loses money on a transaction and decided to sue the bank to avoid meeting its obligation.
• The potential impact of a change in tax law on the market value of a position.
Financial Risks
Market
Credit
Equity
Trading
General
Gap Specific Interest Rate
Currency Commodity
Transaction Concentration
Issue Issuer
Counterparty Liquidity
Funding Trading
Nonfinancial corporations RM
Purpose
To identify the market risk factors that affect the volatility of their earnings, and to measure the combined effect of these factor.
• There is mounting pressure from regulators such as the SEC and from shareholders for more and better disclosure of financial risk exposures.
• RM techniques are now being adopted by firms such as insurance companies, hedge funds, and industrial corporations.
• Generally need to look at risk over a longer time
• Must look at how to combine the effects of their underlying business exposures with those of any financial hedges.
• The effects of risk on planning and budgeting must be considered.
• Often do not possess a formal system to monitor general corporate risks and to evaluate the impact of their various attempts to reduce risks.*
• There is little in the way of a unified approach to corporate RM.
• Generally not regulated with the intensity seen in financial institutions, because the main risk is business risk; domino effect is not a major concern; not as heavily leveraged (D/E 30%); and the leverage is primarily of concern to the firm’s creditor.
• Yet, daily average turnover in OTC derivatives increased from
$129 bln in April 1995 to $195 bln in April 1998.
• The trend in many countries is to demand greater transparency with regard to RM policies and strategies.
Ch. 2 The New Regulatory and Corporate Environment
Regulatory environment
Its importance to the development of RM in financial institutions (chapter 1).
Why do regulators impose a unique set of minimum required regulatory capital rules on commercial banks?
1)While the deposits are often insured by specialized
institutions, in effect national governments act as a guarantor for commercial banks; some also act as a lender of last resort.
– The creation of the FDIC in 1933 provided unconditional government guarantees for most bank creditors*.
– The original explicit deposit-insurance premium was fixed by law at 1/12% of domestic deposits (non-risk-based).
– Restriction were placed on the interest rates that banks could pay on deposits. This provided an additional subsidy to banks that also made uninsured bank deposits safer, reducing
further market capital requirements.
– Hence, have a very direct interest in ensuring that banks remain capable of meeting their obligations.
– Wish to limit the cost of the “safety net” in the case of a bank failure (all government actions designed to enhance the
safety and soundness of the banking system other than regulatory and enforcement of capital regulation, such as deposit insurance.)
– By acting as a buffer against unanticipated losses, regulatory capital helps to privatize a burden that would otherwise be borne by national governments.
2) Capital structure matters more than in other industries because of the importance of confidence to banks, and to the financial services industry in general.
– To avoid any systematic effect whereby an individual bank failure would propagate to the rest of the financial system.
Such a domino effect would disrupt world economies and incur heavy social costs.
– Banks often act as the transmission belt on which setbacks in the financial sector are transmitted to the wider
economy*.
3) Fixed-rate deposit insurance itself creates the need for capital regulation because of the moral hazard and adverse selection problems that it generates.
– Akin to a put option (NPL) sold by the government to banks at a fixed premium, independent of the riskiness (CDS).
– Depositors have no incentive to select their bank cautiously, instead, may be tempted to look for the highest deposit rates.
Sophisticated methodologies in RM becoming part of the new regulatory and corporate risk environment.
1988 Basle Accord
• Defined two minimum standards for meeting acceptable capital adequacy requirements.
1993 G-30 report
1995 modification
• According to some survey, netting reduces the gross replacement value of a bank’s exposures by, on average, half.
1996 Amendment (BIS 98)
• Became mandatory in January 1998. Include risk-based capital requirements for the market risks that banks incur in their trading accounts.
• Officially consecrates the use of internal models based on the value-at-risk (VaR) to assess market risk exposure.
BIS also sets limits on concentration risks.
• Risks that exceed 10% of the bank’s capital must be reported.
• Banks are forbidden to take positions that are greater than 25% of the bank’s capital without explicit approval by their local regulator.
• Had these rules been effective in 1994, Baring could not have built those huge futures positions on the SIMEX (40% of
capital) and OSE (73%).
The BIS 2000+ Accord
1999 BCBS
A consultative paper released in June
Propose a New Capital adequacy Framework.
G-12 recommendations
Counterparty Risk Management Policy Group
• Formed by a group of 12 internationally active financial institutions, together with a number of other market participants including insurance companies, hedge funds, investment management companies, industry associations, and law firms in January 1999 for the improvement of counterparty RM practices (known as the G-12).
• Inspired by the severe market disruptions during August 1998 due to the near-collapse of the hedge fund Long Term Capital Management (LTCM).
– After Russian government had defaulted on its debt, liquidity suddenly evaporated.
– LTCM was rescued by means of a $3.6 bln cash injection which came from 14 financial institutions coordinated by the Federal Reserve Bank, New York.
– Motivated by the fear that the collapse of LTCM would not only leave these institutions with heavy losses but would also threaten financial stability.
Objective
• To make a comprehensive set of recommendations to reduce the likelihood of such events in the future.
• To reduce the impact of such events by improving the management of such failures.
• To make it easier to liquidate a failed institution (sent the message to the world that no financial institution is too big to fail anymore).
Recommendations*
1.Enhanced information sharing between counterparties – Both prior to engaging in dealings likely to generate
significant credit exposure, and on an ongoing basis.
– Must address the issue of confidentiality, e.g., the net asset value of a fund, its liquidity position, detailed portfolio composition, and collateral margin calls.
2.Integrated analytical framework for evaluating the effects of leverage on market risk, funding arrangements and
collateral requirements, asset liquidity risk, and credit risk.
– Should consider the interplay between these factors not only under normal market conditions but also under stressful conditions when the impact of leverage is magnified.
3. Liquidation-based measures of potential counterparty credit exposures that integrate market, liquidity, and credit risk factors.
– The framework for stress testing should encompass all risks in an integrated model. Should assess concentration risk to both a single counterparty and to groups of
counterparties, as well as correlation risk among both market risk and credit risk factors.
– Mark-to-market replacement values should be
supplemented by different measures of liquidation-based replacement values which incorporate the potential for adverse price movements during the liquidation period (by liquidating its position, the bank might move the market).
– Limits should be set against these various exposure measures.
4. Strengthen internal credit practices by factoring potential liquidation costs into limit-setting and collateral standards.
5. Enhance the quality of information provided to senior management and the Board of Directors.
– Should convey clearly information on the overall
tolerance for risks, including loss potential in adverse markets, and approved by the Board.
6. Voluntary disclosure of statistical information to the regulatory authorities as well as the market participants.
– Such a policy should benefit firms by reducing their cost of capital since it reduces moral hazard and adverse
selection problems.
7. Improvements to, and harmonization of, standard industry documents, as well as better internal controls around
documentation.*
Ch. 3 Structuring and Managing the RM Function in a Bank
Integrated framework
To measure, price and control risk in a comprehensive manner
Establish appropriate firm-wide policies
Develop relevant firm-wide risk methodologies
Coupled to a firm-wide RM infrastructure
• The risks to be covered include trading market risk,
corporate treasury gap market risk, liquidity risk, credit risk in the trading book and banking book, and operational risk.
• A common measurement unit and strategy.
Benefits of risk integration
Combine the measurement of trading market risk and gap market risk to ensure that market risk is covered completely and consistently.
Rationalize approach to market and credit RM.
• Trading market risk and credit risk can be assessed from the same market value distribution, taken at selected points in time over the life of a transaction.*
Best-practice RM philosophy
Limit management process
• Identify and select those risks that the firm is willing to take, then monitor closely the risks that are retained in the books.
Risk Analysis
• Capture risk exposures accurately – Market and credit VaR
– Complemented by stress testing and scenario analysis to assess the potential losses during exceptional market crises.
• Day to day risk communication
– Risk managers should discuss their risk analysis with senior trading management in a daily trading room conference.
– The discussion should be prior to the opening of trading and might take around 30 minutes.
– Automated daily exception reports should be distributed at the meeting.
– Should also conduct a weekly (say, two-hour) risk meeting with internal business partners in order to review major risk-related business issues.
RAROC
• The foundation of performance measurement.
• Manage RAR through the assignment of reserves and economic capital.*
• Each time a new transaction is considered, the bank can assess its marginal impact on economic capital, and make sure that the
pricing is consistent with its target RAROC (hurdle 欄檻 rate).
• Optimal capital attribution and risk pricing
• Also, ABC and customer profitability analysis.*
Active portfolio management
• Manage risk actively in a portfolio context.
• Risk deduction through composition.
Organizing the RM function
Three-pillar framework
1)Best practice policies
• Business strategies (risk/return targets) → risk tolerance → authorities
→ disclosure
• Market risk policy
– Explicitly stated in terms of a statistically defined potential or worst case loss.
– Decide how to allocate capital and risk units across activities and divisions.
– Set the authorities for assuming market risks, and specify the nature of the market risk to which the institution should be exposed.
• Credit risk policy
– How much credit to supply, for what duration, for which type of clients.
– The extent of diversification & limits on size.
– Set authorities for approving credit by size and by risk exposure.*
– Tie tolerance for risk and associated economic capital into desired credit rating (a AAA rating requires more economic capital for a given risk.)
– Establish a reporting system to track exposures, coupled with a routine for updating information about debtors.
• Operational risk policy
– Human errors, computer failures, employing large amounts of data for estimation purposes, and implementing pricing and valuation models.
– Decide which to insure and which to manage.
– Set policies, control procedures, and assign responsibilities that establish the procedures required to review the introduction of all new products. An independent RM function must evaluate all the pricing models.
– Administration (Baring lessons): management teams have the duty to understand fully the business they manage. Responsibility for each business activity has to be clearly established and
communicated. Relevant internal controls must be established for all business activities. Top management and the audit committee must ensure that significant weaknesses are resolved quickly.
2)Best practice methodologies (internal model)
• Market, credit risk & operational risk → pricing & valuation → RAROC (efficient frontier)
• Risk measurement methodologies
– Old-style duration calculations posit a simple parallel shift in the yield curve. A more realistic approach takes into account the more complicated nonparallel shifts, i.e., the yield curve might flatten, steepen, or invert.
– A full VaR measurement methodology encompasses more intricate types of risk, e.g., credit spreads or vega-related option risk. Permits a consistent measurement of market risk across all business units through the use of RM unit, RMU, the common unit of risk measurement across business.*
– Measure credit risk for the loan book and off-balance-sheet derivative products according to an analytic approach that is consistent with the approach implemented for market risk.
• Pricing and valuation methodologies
– Differentiate between transactions where prices are
transparent and those where price discovery is more limited (longer tenor or highly structured derivative transactions).*
• Accounting for portfolio effects
– Enable one to calculate the required economic (or risk)
capital for the entire organization, which is less than the sum.
– Economic capital should be compared across organizational levels and within each level (e.g., across products).
– A well-designed portfolio RM approach enables one to slice and dice risk vertically and horizontally across an organization to facilitate the pricing of risk.*
3) Best practice infrastructure
• People (skills) → operations → accurate data → technology (software application, hardware)
• Judgment will always be a significant input
• Ensuring the integrity of data provides an important competitive advantage.
• Integration of operations and technology.
• Sophisticated computer technology
– The effects are increasing competition and shortened time horizons for the development and distribution of financial products.
– Typical problems are difficulty in system communication (fragmentation or islands of automation) and functional overlapping (redundancy and expensive processing)
– A rational, consistent and integrated RM system allows the firm to monitor and manage all of its risk on a global basis.*
RM is only as strong as the weakest link
• Integrated goal congruent RM process
– Ensure that policies and methodologies are consistent with each other.
– A “one firm, one view” approach which also recognizes the specific risk dynamics of each business.
– Integration vs. aggregation.
• Open up new value-added possibilities.
Data and technological infrastructure*
Enhancing return-risk tradeoff
The greater the RM system’s capability, the greater the velocity 速率 of profit indication.
• New products created quickly
• Opportunity capitalized
• Losses avoided
• Management comfort and control enhanced
IT architecture
Business principles → technology demands → standards and guidelines
→ technological investments → support the business principles
• Definition: a set of standards and guidelines that should be adhered to by staff when they make technology decisions.
• Can be thought of as a collection of sub-architectures that support each entity within the firm. All should be operating within a unified IT framework.
• The design should optimize the exchange of information between each entity.
Application architecture
• Establishes the technical, functional, and operational
characteristics of application systems (construction and use)
Data architecture (object oriented)
• The establishment of an environment in which all information can be accessed and understood by any associate of the firm.
Organization architecture
• The responsibilities and interrelationships necessary to ensure the comprehensive information interchange between parties.
Risk data warehousing
The IT design needs to take into account the means by which key RM information is gathered from the various internal and external systems into a risk data warehouse.
• Organize the necessary RM data into a common format (data dictionary).
• Needs to take into account of how key RM information might change over time.*
– The information might be static (contractual details) or dynamic.
– Include both historical statistics and current risk characteristics for each transaction in every portfolio.
• Markets in multiple time zones require best-in-class database and communication technologies.
– Distributed databases promote the distribution of data and decision making to regional sites.
– Enable an organization to store data on the network wherever it is most economical, rather than on each remote database server.
– An overseas office can request information on any financial instrument from other sites.
– Offer a low-cost solution to the problem of providing RM data for global risk-related decision making.
Tiered RM systems
New trading platform technologies
• Trading institutions should select a suitable three-tiered RM system to integrate front office, middle office, and back office.
– The middle office handles functions such as RM, monitoring trades, pricing deals, etc.
– The back office performs routine functions such as recording the amount of interest paid, maintaining tax accounting information, performing regulatory reporting, etc.
Enterprise-wide RM computing
• Should be capable of running on centrally located hardware.
– The RM database must be able to store extracted data and to allow for interactive unscheduled access or interrupt
functionality.
– Need to establish an effective and integrated workgroup computing environment that supports RM end-users, policy makers, and application developers.
– Ensure that the corporate networks connect all three RM tiers so that RM data can be exchanged, allowing software and data to be easily transferred through the network.
– Multiple users at different organizational levels should have easy access to risk software applications, data, and reports.
– The RM infrastructure is similar to a highway system in that it enables those legacy systems to transport information
without the bank having to continuously build new roads for its data.*
• The data warehouse should be populated daily with transaction and market information.
– The transaction information should also be reconciled daily to ensure that market risk is reported accurately.
• Risk reports should be generated daily by an analytic engine with a flexible architecture to accommodate advanced risk measures.
• As a whole, the system should be able to
– Develop and distribute financial instruments quickly.
– Aggregate risk across the institution.
– Supply transaction personnel with information on limits as well as RAROC expectations.
Risk authorities and risk control
Roles and responsibilities
Understood at all levels of the bank
• An independent market RM function should develop risk policy and monitor adherence.
• A knowledgeable internal audit function should provide an in- depth assessment of internal RM controls, including controls over the RM function.
• Best-practice corporate governance demands that a subcommittee of the board of directors (say, a RM & conduct review committee) reviews and approves RM policies at least once a year.
• A senior operating policy committee (say, an asset/liability
management committee) should be responsible for determining the extent of financial risk to be accepted by the bank as a whole.
– ALCO is typically responsible for establishing, documenting, and enforcing all policies that involve market risk, such as liquidity, interest rate, and FX risk.
– Also responsible for the delegation of market risk limits to the president and chief risk officer (CRO).
– Should ensure that the bank’s infrastructure can support the bank’s market risk management objectives.
• CRO is responsible for RM strategy, policies, methodologies, and overall governance.*
– Authority to make day-to-day decisions, including the
authority to extend business unit mandates beyond their annual renewal date until it is convenient for ALCO to review them.
– Approves excesses of limits provided that they do not breach overall risk limits approved by the board.
• Business-level risk committee should be responsible for
ensuring that the desired risk/reward trade-offs are successfully managed.
– Should manage design issues that set out how risk will be managed, reflecting the agreed relationship between the business and the bank’s RM function.
– Approve policies applicable to the appropriate measurement and management of risk.
– Provide for a detailed review of risk limits for trading and credit authorities.
• Trading-room managers establish and manage risk exposures.
– Ensure timely, accurate, and complete deal capture and sign off on the official profit and loss (P&L) statement.
• The operations function independently books trades, settles trades, and reconciles front- and back-office positions.
– Responsible for providing an independent mark-to-market of the bank’s positions, and support the operational needs of the various businesses.
• The finance function develops valuation and finance policy, and ensure the integrity of P&L.
– Review of any independent valuation processes.
– Manage the business planning process, and supports the financial needs of the various businesses.
The independent RM function
• Develops risk policies, monitors compliance to limits, manages the ALCO process, vets models and spreadsheets, and provides an independent view on risk.
– Support the RM needs of various businesses.
Standards for risk authorities
Write down the policies and procedures that govern trading activities.
• How to approve new products
• How to establish market limits
• The nature of any formal reviews of market risk exposures
• Analytic methodologies used to calculate the bank’s market risk exposures
• Procedures for approving limit exceptions
Business unit mandate
• The process for developing and reviewing authorities should be explicit.
– Business unit mandates should expire one year after they are approved by ALCO.
– The senior risk officer may approve an extension to accommodate ALCO’s schedule.
• A balance must be struck between ensuring that a business has the limits set high enough to allow it to meet its business goals and the maintenance of overall risk standards.
• The format for obtaining approval should be standardized. Key infrastructure and corporate governance groups must be consulted.
– The manager seeking approval should provide an overview and restate the key decisions that need to be taken.
– Should bring everyone up to date about the business (key achievement, risk profile, and a description of any new products or activities that may affect the risk profile).
– Should outline future initiatives.
– Proposed risk limits should be put forward. The report should note the historical degree of use of any current limits, as well as current and proposed limits, emphasizing the impact of any full use of limits on liquidity and capital.
– The report should describe the operational risks that the business unit is exposed to, including the impact of any finance, legal, compliance, and tax issues.
Delegation process for risk authorities
• The RM and conduct review committee should approve the bank’s risk appetite each year and delegate authority to the CEO of the bank as chair of ALCO.
• ALCO should approve each business unit mandate.
– Also the impact of each mandate in terms of the market risk appetite.
– Delegates market risk authority to a business-driven risk committee.
• The risk committee provides a detailed review and approval of each business unit mandate.
– Also the impact of each mandate in terms of the respective risk limits.
– Delegates these limits to a CRO.
• The CRO is responsible for independently monitoring the limits.
– May well order that positions be reduced, or closed out because of concerns about market, credit or operational risks.
– Delegates some responsibilities to the head of global trading.
• The head of global trading is responsible for risk and performance of all trading activities.
– Delegates the management of limits to the business manager.
• The business manager is responsible for the RM and performance of the business.
– Delegates limits to the bank’s traders.
Standards for limit design
Market risk should be measured using a VaR-style risk measure
• Based on a common confidence interval and on an appropriate time horizon.
– Limits should control the risk that arises from changes in the
absolute price or rate, as well as changes in delta, gamma, volatility (vega), time decay (theta), basis, correlation, discount rate (rho).
– Policies should also be set out regarding exposure to liquidity risk, especially in the case of illiquid products.
– Should also include limits related to stress events and scenario
analysis, to make sure the bank can survive extreme volatility in the markets.
Tier I limits (two tiers)
• Should include
– A single overall VaR limit for each asset class – A single overall stress test limit
– A cumulative loss from peak limits.*
• Should generally be set at a level such that the business, in the normal course of its activities, has exposures of about 40% to 60% of its limit.
• Peak usage of limits, in normal markets, should generate exposures of perhaps 85% of the limit.
– Balance the needs of business unit’s financial targets with a realistic assessment of the use.
– Based on the evaluation of the bank’s tolerance for risk, as well as the RM function’s ability to provide timely and accurate reporting on relevant risks, and the historical usage of risk limits.
Tier II limits
• Should include
– Authorized markets/currencies/instruments, and concentration limits*.
• A consistent limit structure helps a bank to consolidate risk across its various trading floors.
– With a common language of risk, tier II limits become fungible across business lines.
– However, such transfers would require the joint approval of the head of trading and the CRO.
Standards for monitoring risk
All positions should be marked-to-market daily
• All the assumptions used in models to price transactions and to value positions should be independently verified.
• Daily P&L statements should be prepared by units that are independent of the traders and provided to nontrading senior management.
Timely and meaningful reports to measure compliance to policy and to trading limits
• A timely escalation procedure for any limit exceptions or transgressions 違反 .
– It should be clear what a manager must do if his or her subordinates breach limits.
The variance between the actual volatility of the value of a
portfolio and that predicted by means of the bank’s market risk methodology should be evaluated.
• Stress simulations should be executed to determine the impact of market changes on P&L.
Data used in limit monitoring must conform
• The source must be independent of the front office.
• Need to be reconciled to the official books to ensure integrity.
• Data feeds must be consolidated.*
• Format must allow risk to be properly measured.
Distinguish between data used for monitoring tier I limits (independent) and data used for other kinds of management information
• Where timeliness is the key requirement, risk managers may be forced to use front-office systems as the most appropriate sources.
– Real-time risk measurement, such as that used to monitor intraday exposures, may simply have to be derived this way.
Business units should advise the RM function before an excess occurs.
• If there is an alert when an exposure is at 85% of the tier I or tier II limit, the CRO, jointly with the head of business, might petition ALCO for an excess, in which case the business risk committee should be notified.
• If RM is advised of a planned excess, then it should be more likely that an excess will be approved.
If the limit is breached
• RM should immediately put any excess on a daily tier I or tier II
exception report, with an appropriate explanation and a plan of action to cope with the excess.
– The CRO may authorize the use of a reserve.
• Tier I excesses must be cleared or corrected immediately. Tier II excesses should be cleared or approved within a relatively short time frame.
• RM should report all limit excesses on an exception report, which might be tabled at a daily trading-room meeting and which should distinguish between tier I and tier II limits.
Role of audit
An independent assessment of the design and implementation of the RM process.
• Examining the process surrounding the building of risk models, the adequacy and reliability of the RM systems, and especially,
compliance with regulatory guidelines.
Scope of work
• Provide overall assurance on the adequacy of the RM processes.
– Evaluate the design and conceptual soundness of both the VaR measures (including stress testing) and the back-testing.
• Evaluate the soundness of elements of the RM information system (risk MIS).*
– Soundness of the financial rates database used to generate parameters.
– The process used for coding and implementation of internal models.
– Controls over market position data capture.
– Controls over the parameter estimation processes.
– The reliability of the vetting processes.
– The adequacy and effectiveness of application controls within the risk MIS.
– The progress in plans to upgrade RM systems.
• Review the adequacy and effectiveness of the processes for monitoring risk
• Examine the documentation relating to compliance with the qualitative/quantitative criteria outlined in regulatory guidelines.
• Comment on the reliability of the VaR reporting framework.
Regulatory expectations
• Regulatory guidelines typically call for internal audit groups to review the overall RM process.
– The adequacy of documentation – The effectiveness of the process – The integrity of the RM system
– The integration of risk measures into daily RM
• Also call for auditors to address the approval process
– Vetting risk pricing models and valuation systems used by front- and back-office personnel.
– The validation of any significant change in the RM process.
– The scope of risks captured by the RM models
• The integrity of the MIS
– Verify the consistency, timeliness, reliability and independence of data sources.
