Challenges of Risk Management

Download as pdf or txt
Download as pdf or txt
You are on page 1of 17

Christine M. Cumming and Beverly J.

Hirtle

The Challenges of Risk


Management in Diversified
Financial Companies
• Although the benefits of a consolidated, or
firmwide, system of risk management are
widely recognized, financial firms have
I n recent years, financial institutions and their supervisors
have placed increased emphasis on the importance of
consolidated risk management. Consolidated risk
traditionally taken a more segmented management—sometimes also called integrated or
approach to risk measurement and control. enterprisewide risk management—can have many specific
meanings, but in general it refers to a coordinated process for
• The cost of integrating information across measuring and managing risk on a firmwide basis. Interest in
business lines and the existence of regulatory consolidated risk management has arisen for a variety of
barriers to moving capital and liquidity within reasons. Advances in information technology and financial
engineering have made it possible to quantify risks more
a financial organization appear to have
precisely. The wave of mergers—both in the United States and
discouraged firms from adopting consolidated
overseas—has resulted in significant consolidation in the
risk management.
financial services industry as well as in larger, more complex
financial institutions. The recently enacted Gramm-Leach-
• In addition, there are substantial conceptual Bliley Act seems likely to heighten interest in consolidated risk
and technical challenges to be overcome in management, as the legislation opens the door to combinations
developing risk management systems that of financial activities that had previously been prohibited.
can assess and quantify different types of risk This article examines the economic rationale for managing
across a wide range of business activities. risk on a firmwide, consolidated basis. Our goal is to lay out
some of the key issues that supervisors and risk management
• However, recent advances in information practitioners have confronted in assessing and developing
technology, changes in regulation, and consolidated risk management systems. In doing so, we hope to
breakthroughs in risk management clarify for a wider audience why the ideal of consolidated risk
methodology suggest that the barriers to management—which may seem uncontroversial or even
consolidated risk management will fall obvious—involves significant conceptual and practical issues.
during the coming months and years. We also hope to suggest areas where research by practitioners
and academics could help resolve some of these issues.

Christine M. Cumming is an executive vice president and the director of The authors would like to thank Gerald Hanweck, Darryll Hendricks, Chris
research and Beverly J. Hirtle is a vice president at the Federal Reserve Bank McCurdy, Brian Peters, Philip Strahan, Stefan Walter, Lawrence White, and
of New York. two anonymous referees for many helpful comments. The views expressed are
those of the authors and do not necessarily reflect the position of the Federal
Reserve Bank of New York or the Federal Reserve System.

FRBNY Economic Policy Review / March 2001 1


The approach we take is to review the arguments made by views, using a simple portfolio model to help illustrate the
supervisors and the financial industry in favor of consolidated economic rationale behind consolidated risk management.
risk management. While both parties agree on the importance Next, we discuss the constraints that have slowed many
of this type of risk management, this support seems to be financial institutions in their implementation of consolidated
motivated by quite different concerns. Supervisors appear to risk management systems. We conclude with a discussion of
support it out of a safety-and-soundness concern that the major technical challenges and research questions that will
significant risks could be overlooked or underestimated in the need to be addressed as an increasing number of financial firms
absence of firmwide risk assessment.1 In contrast, financial implement firmwide risk management systems.
institutions appear willing to undertake significant efforts to

Our goal is to lay out some of the key


Consolidated Risk Management:
issues that supervisors and risk Definitions and Motivations
management practitioners have
confronted in assessing and developing At a very basic level, consolidated risk management entails a
coordinated process of measuring and managing risk on a
consolidated risk management systems. firmwide basis. This process has two distinct, although related,
dimensions: coordinated risk assessment and management
across the different types of risk facing the firm (market risk,
develop consolidated risk management systems because they credit risk, liquidity risk, operational risk), and integrated risk
believe that those systems will help them assess the risk and evaluation across the firm’s various geographic locations, legal
return of different business lines and thus allow them to make entities, and business lines. In theory, both dimensions must be
more informed decisions about where to invest scarce addressed to produce a consolidated, firmwide assessment of
resources to maximize profits.2 While these two views may risk. In practice, few financial firms currently have in place a
reflect quite different underlying motivations for supporting
consolidated risk management, we argue below that they result
in a common emphasis on the importance of accurate The absence thus far of fully implemented
assessments of risk.
Although both supervisors and financial institutions consolidated risk management systems
support the concept of consolidated risk management, few if suggests that there are significant costs or
any financial firms have fully developed systems in place today.
obstacles that have historically led firms to
The absence thus far of fully implemented consolidated risk
management systems suggests that there are significant costs or manage risk in a more segmented fashion.
obstacles that have historically led firms to manage risk in a
more segmented fashion. We argue that both information costs
and regulatory costs play an important role here by affecting consolidated risk management system that fully incorporates
the trade-off between the value derived from consolidated risk both dimensions, although many large institutions—both in
management and the expense of constructing these complex the United States and overseas—appear to be devoting
risk management systems. In addition, there are substantial significant resources to developing such systems (Joint Forum
technical hurdles involved in developing risk management 1999a).3
systems that span a wide range of businesses and types of risk. To understand consolidated risk management, it is
Both of these factors are evolving in ways that suggest that the important to recognize the distinction between risk
barriers to consolidated risk management are increasingly measurement and risk management. Risk measurement entails
likely to fall over the coming months and years. the quantification of risk exposures. This quantification may
The remainder of this article is organized as follows. In the take a variety of forms—value-at-risk, earnings-at-risk, stress
next section, we describe the concept of consolidated risk scenario analyses, duration gaps—depending on the type of
management in greater detail and provide a more in-depth risk being measured and the degree of sophistication of the
discussion of the views of supervisors and the financial industry estimates. Risk management, in contrast, refers to the overall
about this process. We then offer a critical analysis of these process that a financial institution follows to define a business

2 The Challenges of Risk Management


strategy, to identify the risks to which it is exposed, to quantify for describing the risk management process to encompass the
those risks, and to understand and control the nature of the role of business strategy and the activities of business line
risks it faces. Risk management is a series of business decisions, decision makers.6 The Committee also set out an approach to
accompanied by a set of checks and balances—risk limits, the supervisory review of a bank’s internal assessment of capital
independent risk management functions, risk reporting, adequacy in light of a firm’s overall risks as the second pillar of
review and oversight by senior management and the board of the proposed new capital adequacy framework (Basel
directors—in which risk measurement plays an important, Committee on Banking Supervision 1999b).
although not all-encompassing, role. Thus, consolidated risk Recently, an international forum of banking, securities, and
management involves not only an attempt to quantify risk insurance supervisors issued a report containing principles that
across a diversified firm, but also a much broader process of supervisors should follow to ensure that financial
business decision making and of support to management in conglomerates are adequately identifying and managing risk.
order to make informed decisions about the extent of risk taken The report’s lead recommendation is that “supervisors should
both by individual business lines and by the firm as a whole. take steps . . . to provide that conglomerates have adequate risk
Recent trends in the financial services industry have management processes in place to manage group-wide risk
increased the challenges associated with this process. To begin, concentrations” (Joint Forum 1999a).
financial institutions increasingly have the opportunity to The rationale offered by supervisors for the importance of
become involved in a diverse range of financial activities. In the consolidated risk management seems to be a concern that, in
United States, bank holding companies have been able to the absence of a firmwide assessment, significant risks could be
combine traditional banking and securities activities since the
late 1980s, when the Federal Reserve permitted the creation of
“Section 20” securities subsidiaries. The Gramm-Leach-Bliley Consolidated risk management involves
Act will now enable affiliations involving banking, securities, not only an attempt to quantify risk across
and insurance underwriting in so-called financial holding
a diversified firm, but also a much broader
companies (FHCs). Such combinations of diverse financial
activities present significant challenges to consolidated risk process of business decision making and
management systems, as greater diversity often means that the of support to management in order to
system must encompass a wider range of risk types.4
Consolidation in the financial services industry has
make informed decisions about the extent
produced institutions with operations spanning large of risk taken both by individual business
geographic areas, both domestically and internationally. Such lines and by the firm as a whole.
wide geographic dispersion, especially across time zones, can
make it difficult for a firm’s management to keep track of the
activities across all of its operating centers. Financial overlooked or underestimated. The Joint Forum report, for
institutions have responded to this situation by increasing the instance, argues that “the additive nature of concentrations and
resources devoted to information systems designed to track the risk of transmission of material problems within a
and monitor exposures worldwide. Indeed, the development of conglomerate point to the value of both conglomerate
coordinated information systems is one of the most important management and supervisors conducting a group-wide
steps in consolidated risk management. assessment of potential concentrations” (Joint Forum 1999a).
The supervisory community has advocated that financial The underlying concern is that such underestimated or
institutions adopt consolidated risk management procedures overlooked risks receive insufficient management attention
in the guidance it has published in the 1990s, especially and have the potential to produce unexpectedly large losses
guidance for banking companies. In the United States, these that could threaten the firm’s financial health.
efforts began in 1993 with guidelines for supervisors evaluating Financial market practitioners also cite the interdependent
risk management in derivatives and trading activities, and have nature of risks within an organization as a motivation to
continued to date, most recently with a 1999 Federal Reserve develop consolidated risk management systems. For instance,
paper containing broad conceptual guidelines for evaluating echoing sentiments in the supervisors’ Joint Forum report,
capital adequacy in light of the full range of risks facing the Lam (1999) argues that “managing risk by silos simply doesn’t
bank or bank holding company.5 Internationally, the Basel work, because the risks are highly interdependent and cannot
Committee on Banking Supervision extended the framework be segmented and managed solely by independent units” in the

FRBNY Economic Policy Review / March 2001 3


firm. Similarly, a senior executive at a major U.S. bank asserts and financial institutions’ emphasis on enhanced under-
that “the careful identification and analysis of risk are, standing of the risk/return trade-off among different activities
however, only useful insofar as they lead to a capital allocation reflect a common emphasis on the importance of accurate
system that recognizes different degrees of risk and includes all assessments of risk.
elements of risk” (Labrecque 1998).
In contrast to the supervisors, however, the primary
implication that Lam and others draw from this finding
concerns the role that consolidated risk management systems
can play in helping firms to make better-informed decisions Understanding the Role
about how to invest scarce capital and human resources. For of Consolidated Risk Management
instance, Mudge (2000) stresses that a consistent framework
for evaluating firmwide risk and return across diverse financial The discussion above reflects a well-established belief on the
activities is a key to evaluating the benefits of potential mergers part of financial institutions and supervisors in the importance
among banking and insurance firms. Similarly, Lam (1999) of consolidated risk management. But what economic
argues that consolidated risk management systems can help fundamentals underlie this belief? In this section, we assess the
firms understand the risk/return trade-offs among different views of supervisors and financial institutions and try to place
business lines, customers, and potential acquisitions. them in a common framework. We do not attempt to address
Furthermore, consolidated risk management may allow a firm the question of why firms choose to manage risk at all.7 Instead,
to recognize “natural hedges”—when one entity within the we try to understand why it matters whether risk is managed on
firm has positions or is engaged in activities that hedge the a consolidated basis or at the level of individual businesses or
risks within a firm.

While both supervisors and financial


institutions agree on the importance of The Supervisors’ View: Spillover Effects
consolidated risk management and point We first consider the view expressed by supervisors in the Joint
to the same driving factors, their Forum paper (1999a), namely, that in the absence of
consolidated risk management, significant risks could be
conclusions about the role that these
overlooked or underestimated. To gain some insight into this
systems can play emphasize quite view, it is helpful to consider a simple portfolio approach to
different concerns. assessing the risk of a diversified financial firm. This approach
helps illustrate how the perception of the overall risk facing the
firm would differ if institutions managed their risk in an
positions or activities of another part of the firm—that may integrated way instead of by individual businesses or legal
become apparent only when risk is examined from the entities within the larger organization.
perspective of the consolidated institution. Firms that fail to To begin, suppose that a financial firm has two business
recognize the diversification effects of such natural hedges may lines, each of which earns profits that vary uncertainly over
waste resources on redundant hedging by individual units time. Application of standard portfolio theory suggests that the
within the organization. risk of the overall firm will depend on the variation in each
Thus, while both supervisors and financial institutions agree unit’s profits and the extent to which variation in these profits
on the importance of consolidated risk management and point is correlated between the two units. In particular, the risk facing
to the same driving factors, their conclusions about the role the consolidated firm will be less than or equal to the sum of the
that these systems can play emphasize quite different concerns. risks facing the individual business units within the firm
At one level, this difference is not surprising, given the different whenever this correlation is less than perfect. In this situation,
objectives of supervisors and financial institutions (safety and the profit variation in one unit diversifies the risk of the other.8
soundness, on the one hand, and profit maximization, on the The importance of this observation for our purposes is that
other). On another level, these concerns are not necessarily it suggests that establishing risk monitoring and control (such
mutually exclusive. Indeed, in the next section, we argue that as limits) at the business level and then summing up across
supervisors’ emphasis on underestimation of firmwide risk business lines would be a conservative approach to managing

4 The Challenges of Risk Management


and assessing the overall risk facing the firm, since it ignores firm faces the “portfolio insurance” problem in that the actions
any potential diversification effects across business lines. This of one unit affect the risks facing another.10
conclusion stands in marked contrast to the arguments These spillover effects can be enhanced during times of crisis
advanced by supervisors in favor of consolidated risk or severe market disruption. A firm that manages risk on a
management. How can we reconcile these two outcomes? unit-by-unit basis may have to spend valuable time simply
The answer, of course, is that the simple portfolio example determining what its aggregate position is in the affected
misses some important “real world” aspects of financial risk markets, rather than being able to react to quickly developing
and risk management. Perhaps the most significant of these is market conditions. Since nimbleness in responding to
the assumption that the risks facing each business unit are fixed problems can affect outcomes favorably, such firms may be at
and known. In fact, these risks are functions of many factors a disadvantage compared with smaller firms (for instance,
that can vary significantly over time. In particular, the simple compared with a series of smaller firms that are comparable in
portfolio example assumes that the risk profile of one business the aggregate to the diversified financial institution) and
compared with large firms with consolidated risk management
systems. Such a situation is an example of how the structure of
Spillover effects can be enhanced during the risk management system—as distinct from any ex ante risk-
mitigating actions taken by the firm’s risk managers—may
times of crisis or severe market disruption.
affect the aggregate risk facing the firm. Nimbleness is
A firm that manages risk on a unit-by-unit especially important if market disruption spreads rapidly from
basis may have to spend valuable time market to market in a hard-to-anticipate pattern, as it did in
1997-98.
simply determining what its aggregate In fact, the financial crisis in the fall of 1998 provides some
position is in the affected markets, rather interesting insights into the importance of consolidated risk
management and measurement systems when there are
than being able to react to quickly
linkages across markets. International bank supervisors
developing market conditions. conducted a study of the performance during the market
upheaval of banks’ risk management systems and the value-at-
risk models used to calculate market risk capital requirements
line can be measured without regard to the risks undertaken by (Basel Committee on Banking Supervision 1999c). The study
the other. This assumption is not a statement about the degree examined information on the stress testing done by large banks
of correlation between the risks faced by the two business units, in several G-10 countries and found that ex ante stress test
but rather the idea that the underlying volatility of one business results provided a better picture of actual outcomes during the
line’s profitability may be affected by the actions of another third quarter of 1998, when those tests were based on actual
business line. historical experience or hypothetical scenarios that
An example of this relationship might be when two or more incorporated simultaneous movements in a range of rates and
geographic centers within a global financial firm have similar prices, rather than on large movements in a single market risk
positions that they have each hedged in a particular security or factor. Thus, firms whose stress testing and risk management
market. In the absence of a consolidated risk management systems recognized potential linkages across markets had more
system, the various units could be unaware of the positions that realistic estimates of the way events in the fall of 1998 were
other units within the firm have taken.9 Each unit assumes that likely to affect their firms.
its position is small enough that it would be able to roll over its Another way in which spillover effects can result in
hedges or otherwise take steps to reduce its risk even in the aggregate risk exceeding the sum of the individual risks of
event of market stress. However, when the various business business units within the firm concerns what might be called
units try to take these steps simultaneously, their combined reputational or contagion risk. As discussed in the Joint Forum
activity reinforces the liquidity problems facing the market, report (1999a), this is the idea that problems in one part of a
resulting in sharp, adverse moves in the market prices of the diversified firm may affect confidence in other parts of the
hedging and/or underlying instruments. Thus, losses at firm. The situation that the Joint Forum paper appears to have
individual units exceed the risk assumptions made in each in mind is one in which such problems cause acute, near-term
unit’s individual risk management plans and the aggregate funding or liquidity problems across the firm, due to questions
position of the firm is therefore riskier than the sum of the about whether the losses in the troubled business unit are
assumed individual risks of the business units. In essence, the evidence of as-yet-unrevealed losses in other business lines.11

FRBNY Economic Policy Review / March 2001 5


Aside from such near-term concerns, spillover effects can within a diversified firm offset one another. The consolidated
also have a longer run dimension. For example, innovative firm would appear to have incentives to manage its risk on an
businesses or those involving massive technology investments aggregate basis whenever these diversification benefits are non-
can engender what some analysts call “strategic risk.” Failure in negligible. At its heart, this is the logic that Lam and others in
such ventures may be highly visible and thus likely to have the financial services industry have applied in support of
spillover effects on other businesses through the cost of capital, consolidated risk management: the idea that a diversified
the cost of funding, and revenue effects through the loss of financial firm should be viewed as a “portfolio” comprising its
customer approval. Thus, other business lines associated with different units and business lines.
the troubled entity may see their franchise value erode as a This view is closely related to the broader question of how
result of difficulties in an affiliated unit. Such strategic risk may firms decide which activities are coordinated within the firm
be particularly important for institutions for which customer and which activities are coordinated through markets. This
trust is a key competitive advantage. Adverse publicity, legal question has long interested economists, and we can draw on
the insights of this “theory of the firm” literature to enhance
our understanding of the role of consolidated risk
Certain important risks may be very management. Coase (1937) first noted that the efficiency of
markets might be expected to lead firms to rely on markets and
difficult, if not impossible, to incorporate
contracts with third parties to conduct their activities, but that
into risk management systems that focus in fact many decisions are made, coordinated, and executed by
on individual business units or types of internal mechanisms such as reporting hierarchies, production
organization, and compensation plans. Coase’s insight was that
risk alone within a diversified firm. a firm carries out inside the firm those activities that it can
manage internally at a cost lower than the information and
transaction costs involved in purchasing corresponding
judgments against the firm, evidence of fraud or internal theft, services or goods outside the firm.
or high-profile failed business ventures may erode customer Since the mid-1970s, economists have further developed
confidence in an institution. In the extreme, such concerns may and extended the Coase analysis by elaborating more fully on
reach the point where the affected firm is no longer viable as an the roles of contracting for goods and services and the
ongoing concern, even though it may technically be solvent.12 ownership of assets in determining what is coordinated within
This discussion of spillover effects suggests that supervisors’
the firm and what is coordinated by markets. Grossman and
concerns that disaggregated risk management systems
Hart (1986) noted that the combination of uncertainty and
understate the risks facing diversified financial institutions may
complexity makes contracting with inside or outside parties
not be without foundation. Certain important risks may be
difficult. In the presence of less than fully specified contracts,
very difficult, if not impossible, to incorporate into risk
ownership and control of assets is synonymous with ownership
management systems that focus on individual business units or
of the rights not otherwise covered by contract. Thus, the ease
types of risk alone within a diversified firm. Consolidated risk
or difficulty of contracting plays a major role in determining
management systems therefore may be necessary to obtain an
what occurs inside the firm. Ownership demarcates the
accurate picture of the risks facing a firm and to have in place
boundary of the firm’s internal activities, which often involve
the procedures needed to manage those risks, both on a day-to-
the “noncontractible” aspects of the firm’s activities. In the
day basis and in stress situations. In this light, supervisors’
Grossman and Hart analysis, bringing activities under
concerns can be seen not so much as a desire for firms to have
common ownership (integration) makes economic sense
risk management systems that are conservative, but instead for
whenever efficiency gains from improved information and
firms to have risk management systems that are accurate.
coordination within the firm exceed the efficiency losses
resulting from the reduced entrepreneurial incentive of the
manager who is no longer an owner.
Consolidated Risk Management The basic implication of this literature is that activities will
and the Theory of the Firm be performed inside the firm when the complexity or costs of
performing them outside the firm are high. For a diversified
Concerns about understating firmwide risk exposures financial firm, these insights can be applied to interactions
notwithstanding, disaggregated risk management systems may between the various units within the firm. In this setting, we
also miss instances in which the risks from different units can think of activities conducted by a corporate parent on a

6 The Challenges of Risk Management


firmwide basis as coordination “inside” the firm, while formally.14 In their model, financial institutions fully hedge
activities conducted independently by separate units of the risks for which liquid markets are available. Financial
firm are analogous to the “market” activities discussed in Coase institutions have incentives to engage in risk management
and in Grossman and Hart. Following this logic, risk whenever they face risks that cannot be traded in liquid
management and other corporate control activities will be markets because they need to hold capital against the
conducted on a consolidated basis when it is too difficult or nontradable positions according to the amount of risk in the
costly for the individual business units to contract among
themselves.
The type of spillover effects and interrelated risks discussed That consolidated risk management
above arguably create just such a situation. When the actions of
allows the firm to allocate capital
one business unit in a diversified firm potentially affect the
risks faced by others, the contracting problem—in this case, efficiently further reinforces the
what risk exposures may be undertaken by the various business interdependence between a firm’s
units within the firm—becomes very complex to solve on a
bilateral basis. In such circumstances, the incentives to create a business units.
centrally run, consolidated risk management system may be
strong.
portfolio.15 The desirability of any given investment depends
on the extent to which its nontradable risk is correlated with
the nontradable risks of the firm’s other portfolio positions.
Fungibility of Financial Resources Drawing this point to its logical conclusion, Froot and Stein
argue that “this line of reasoning suggests that the right
That consolidated risk management allows the firm to allocate question is not whether or not the bank should centralize its
capital efficiently further reinforces the interdependence decisionmaking, but rather how often headquarters should
between a firm’s business units. The fungibility of capital gather information and use this pooled information to help
within the firm—what some have called a firm’s internal guide investment decisions.”
capital market—means that the risks undertaken by one unit The firm’s liquidity resources (assets that can be liquidated
can affect the resources available to another through the as well as funding sources that can be tapped) can be viewed as
workings of the internal capital market. In considering risk in fungible across the firm in much the same way that capital is
relation to the capital resources available to back that risk, then, fungible (in the absence of regulatory or other constraints). For
an additional dimension is that those resources may also be this reason, liquidity resources virtually always are coordinated
called into play to back the activities of other units within the centrally for the firm as a whole (Basel Committee on Banking
firm.13 Supervision 2000a). These resources are available to provide
The financial institution’s internal capital market is itself an cash needed to meet obligations, especially in contingency
example of coordination within the firm potentially being situations such as market distress.
more efficient than external markets. Gertner, Scharfstein, and This interdependency suggests that consolidated risk
Stein (1994) attribute the efficiency of internal capital markets management systems should take liquidity considerations into
to the strong incentive that owners have to monitor capital use account. Liquidity risk assessment requires knowledge of the
relative to debtholders, especially if many aspects of the firm’s size and nature of the firm’s risk positions, while the firm’s
capital use are not limited by the debtholders’ contract. In liquidity risk position should influence the amount and type of
addition, capital allocated to an unsuccessful project can be risk that business managers choose to take. One approach to
shifted to another use within the firm at less cost than would be recognizing this connection is to extend the concept of capital
involved in liquidating the assets of the project in the market, if adequacy to encompass the ability to liquidate assets or easily
capital and resources in one use are close enough substitutes for fund them, as is intended by the Securities and Exchange
those in other activities. As discussed earlier, these benefits are Commission’s capital rule for registered broker-dealers.
offset by a reduction in incentives to managers who no longer Alternatively, an integrated risk assessment approach could
act like owners. consider liquidity risk along with market, credit, and other
Froot and Stein (1998) offer a model of capital allocation risks in scenario analyses intended to test the impact of the
and capital structure for financial firms that develops the scenario on capital adequacy (and ultimately solvency) and
relationship between risk management and capital allocation liquidity, in a test of dual constraints.

FRBNY Economic Policy Review / March 2001 7


Finally, the risks introduced by leverage reinforce the need above by providing meaningful information about the true
to evaluate risk on a firmwide basis. Most financial firms are extent and nature of linkages between various businesses
leveraged, and over the course of the 1990s analysts in financial within the consolidated firm.17 Thus, these systems can provide
institutions and their supervisors have recognized that many an important tool for management to address the moral hazard
methods can be used to increase leverage in addition to concerns of creditors and to obtain better borrowing terms as a
increasing balance sheet debt to equity, such as taking positions result.
through the use of derivatives and imbedded optionality. Since Spillover effects, the fungibility of resources, and the
leverage increases the risk supported by capital, a sophisticated concerns of debtholders and creditors suggest that firms have
risk assessment should incorporate the combined effects of all strong incentives to measure risks well, to take advantage of
sources of market and credit risks, of liquidity risk, and of
leverage on capital. This point was made by the Counterparty
Risk Management Policy Group (1999) in its private sector Consolidated risk management systems . . .
report on lessons learned from the 1998 de facto failure of
facilitate better disclosure by providing a
Long-Term Capital Management, a large hedge fund. The
report suggests several measures that can be used to conduct a consistent and comprehensive assessment
risk and capital or liquidity adequacy analysis. of the firm’s true risk exposure that can be
used by creditors to monitor the
institution’s activities.
Debtholders and Other Creditors
Financial institutions may have additional incentives to engage
diversification benefits, and to manage capital and liquidity
in consolidated risk management because of the concerns of
efficiently. In the next section, we examine why firms have not
debtholders and other creditors.16 In agreeing to extend credit,
been faster to adopt consolidated risk management to take
these parties must take into account the moral hazard incentive
advantage of even small diversification effects and why both
that the firm has to increase its risk exposure—to the benefit of
industry and supervisory efforts have been necessary to
the firm’s shareholders and the detriment of its creditors—
encourage its use.
once the credit has been extended. This situation is particularly
acute for financial firms, which can change their risk profiles
relatively rapidly using derivatives and other liquid financial
instruments. In the face of this uncertainty, creditors may
charge higher rates or offer less favorable nonprice terms (for Obstacles to Creating Consolidated
instance, shorter maturity or higher collateral) than they would Risk Management Systems
if this incentive could be addressed.
Consolidated risk management systems provide a way for That firms have not immediately adopted consolidated risk
financial institutions to make a credible commitment against management systems suggests that there are significant costs or
such behavior. In particular, these systems facilitate better
obstacles that historically have led firms to manage risk in a
disclosure by providing a consistent and comprehensive more segmented fashion. While the firm can invest in two
assessment of the firm’s true risk exposure that can be used by business activities, as discussed above, it finds the two activities
creditors to monitor the institution’s activities. In the absence to be in some sense segregated, so that taking advantage of
of such systems, it can be significantly more difficult for
diversification effects engenders costs. The segregation can be
analysts to draw an accurate picture of the firm’s overall risk geographical (such as New York versus London) or conceptual
exposure, even if the individual units within the firm make (for example, loans versus over-the-counter options).
extensive disclosures of their risk profiles. Furthermore, the
centralized and independent risk management units that nearly
always are a key feature of consolidated risk management
systems provide an internal check against any incentives for Information Costs
individual units or employees within the firm to hide risk
exposures from senior management. Finally, the enhanced Segregation creates two kinds of costs. The first is information
disclosure made possible by consolidated risk management costs—the costs of integrating and analyzing information from
systems may mitigate some of the spillover effects described the two business lines. Those costs involve both the resources

8 The Challenges of Risk Management


involved in transmitting, recording, and processing the approach used to manage most international businesses in the
information and the amount of decay in the time value of the 1970s and 1980s.
information, reflecting the lags in assembling and verifying Finally, the value of information has risen as the pace of
information. At any given moment, there may be competing developments has picked up and the complexity of financial
information technologies with similar scale effects, but a relationships among markets and counterparties has increased.
different mix of costs in terms of monetary outlays and time If we interpret the increased speed of events as an increase in
to assemble information (for instance, a highly automated the variability of the risks and correlations associated with a
process versus a manual one). financial firm’s different business lines, then, ceteris paribus,
Information costs are shaped largely by technology. firms would tend to set necessarily more conservative limits on
Information systems tend to have substantial fixed costs that their activities—perhaps in line with the maximum possible
usually increase with the size of the information system, but values of the risk exposures of their various units.20 Since these
low marginal costs until the particular system approaches maxima would rarely be observed together in practice, there
capacity. To reflect that, we consider the total information cost would appear to be substantial opportunities for gains from
identifying and responding to changes in the diversification
benefit. But greater volatility in the underlying risk
Improvements in technology reduce fixed relationships also changes the set of relevant information
technologies, since at any scale of activity most “low-tech,”
information costs, make it possible for time-intensive techniques become unacceptably costly,
firms to take greater advantage of reflecting the rapid decay in the value of information. Thus, in
diversification benefits, and increase the a more volatile environment, we might expect the ability to
design and implement effective technology-intensive risk
scale on which certain businesses can management information systems to represent a significant
be conducted. dimension of competitiveness for financial institutions seeking
to operate in a large number of markets.21

function to be a step function increasing discretely as the scale


of the business increases. For a given volume of information, Regulatory Costs
then, the value of recognizing the impact of diversification—
which is a function of the amount of diversification inherent in Regulatory barriers to moving capital and liquidity within a
the firm’s activities—needs to exceed the information costs for financial organization impose another cost that inhibits the use
the scale of the firm’s business in order for the firm to invest in of consolidated risk management. These barriers can take the
the information infrastructure. In essence, the firm maximizes form of business line capital and liquidity requirements set by
its expected profits subject to a capital constraint by choosing regulators, prohibitions or limits on capital and funds that can
the business mix, the scale of business, and the information be transferred from one business line to another, or the
technology (or none) to manage risk.18 necessity of seeking prior approval or giving prior notice to
Information costs will tend to limit the size of the business move funds between business lines. Most commonly, business
for a given level of capital. If the firm finds the cost of lines segregated from one another by such regulatory
information high relative to the diversification benefit, the firm requirements are in different locations or different legal
will manage each business separately, and in doing so, it will entities, subjecting the two business lines to different
assign relatively high amounts of capital to each business line as regulations. However, similar types of costs can be imposed by
if there was no diversification benefit. As a result, the scale of rating agencies, creditors, or even investors when the
the firm’s overall business will be lower than it would be when requirements or expectations they set differ across individual
diversification effects can be realized.19 entities.
Improvements in technology reduce fixed information As with information costs, we can consider the regulatory
costs, make it possible for firms to take greater advantage of costs to reflect both monetary outlays to manage or circumvent
diversification benefits, and increase the scale on which certain regulatory barriers and the waiting period or decay in profit
businesses can be conducted. For example, improvements in opportunities in the time needed to comply with or overcome
information technology permit banks and securities firms to regulatory costs. While in some cases regulatory requirements
manage single “global books,” in contrast to the regional can make it virtually impossible to move capital or liquidity

FRBNY Economic Policy Review / March 2001 9


from one business line to another in the short run, in many As argued above, one key motivation for consolidated risk
cases regulatory requirements can be satisfied at some cost. The management is to enable firms to make more informed
cost of managing and circumventing regulatory requirements judgments about where to invest their scarce capital resources,
appears to have dropped substantially through the use of in particular, about where to expand through acquisition or
derivatives, securitization techniques, and other financial internal growth. Firms in weakened financial condition are
engineering. Indeed, a recurring pattern in financial regulation unlikely to be in a position to fund such growth—even into
is the erosion of regulatory requirements through financial lines of business where the institution’s risk/return trade-off is
innovation and regulatory arbitrage and their eventual repeal.
That pattern dates back at least to the creation of the Eurodollar
market in the 1960s and the subsequent slow removal of Intensive work on consolidated risk
deposit ceilings and many reserve requirements. If regulatory
circumvention is not possible, in the longer term the firm can
management has coincided with the
plan its organization and its capital and funding strategy to rebuilding of the financial strength of
create more flexibility in managing regulatory requirements, many banking organizations following
usually at the cost of holding excess capital and liquidity in
some units. the difficulties of the late 1980s and
Therefore, for a given scale of its various businesses, there early 1990s.
are regulatory costs that the firm can minimize to some extent.
Once again, the firm will invest in information technology and
management of regulatory requirements only if the highly favorable—so they have less incentive to invest in the
diversification benefits (taking into account the ability to consolidated risk management systems that would permit
manage capital and liquidity on a very short-term basis under them to identify such opportunities. The improved financial
contingencies) are seen to exceed the information and condition of many institutions since the early part of the 1990s
regulatory costs. Moreover, the reduction of regulatory barriers therefore may have provided an additional incentive for firms
to moving capital and liquidity within the firm enables the to develop and implement consolidated risk management
development or enlargement of the firm’s internal capital systems.
market and increases the gains from pooling risk measurement Declining information costs, eroding regulatory barriers,
information within the firm as well as the firm’s overall and stronger financial condition present fairly stylized
efficiency. explanations for increased attention by financial institutions to
consolidated risk management and internal capital allocation
activities. However, the optimization problem faced by firms is
more complex than we have described. Holmstrom and
Financial Condition
Roberts (1998) provide many examples of the rich variety of
Intensive work on consolidated risk management has mechanisms used to coordinate activities within and among
coincided with the rebuilding of the financial strength of many firms and the multiplicity of factors that influence the
banking organizations following the difficulties of the late coordination decision. The examples particularly illustrate the
1980s and early 1990s. For instance, a 1998 Federal Reserve roles that incentives in internal (implicit) and external
study of credit risk models (Federal Reserve System Task Force contracts and information flows play in resolving complex
on Internal Credit Risk Models 1998) notes that large U.S. coordination problems, including overcoming regulatory
banks have begun to develop both advanced credit risk barriers.23 The implication is that coordination mechanisms
modeling and internal capital allocation systems only since the used by individual firms may change as a wide variety of factors
mid-1990s—just the period over which these institutions change. The current importance of consolidated risk
recovered from the financial stresses of the earlier part of the management as a goal for many financial institutions could be
decade. These internal capital allocation systems are one of the enhanced or complemented by further advances in
key elements in banks’ attempts to evaluate the risk-adjusted information technology and monitoring techniques, new
performance of their various business units. As such, they designs for incentive contracts with employees and outside
represent an important step in the progress toward full-fledged agents, better public and private information flows, and greater
consolidated risk management systems.22 liquidity of financial markets.
This financial rebuilding may also have contributed to the Even so, the decline of information costs and the erosion
growing emphasis on consolidated risk management systems. and repeal of regulatory barriers have been so great that many

10 The Challenges of Risk Management


of the principal hurdles to consolidated risk management these two dimensions may be similar, the details differ
within a financial conglomerate involve problems in considerably, making simple “bottom-up” aggregation
measuring, comparing, and aggregating risks across business approaches difficult, if not impossible, to implement.
lines. The ability to merge banks and insurance companies Aggregating across business lines presents challenges
under the Gramm-Leach-Bliley Act provides financial because firms and functional supervisors in the different
institutions with new opportunities to diversify risks and business lines have tended to approach risk management and
expand internal capital markets and creates further impetus to measurement from quite different perspectives. For instance,
develop consolidated risk management techniques for financial banks traditionally have emphasized the risks arising from the
conglomerates. Thus, both firms and supervisors are probably asset side of the balance sheet (credit risk) and from the
closer today in their common interest in accurate and precise interaction of assets, liabilities, and off-balance-sheet positions
risk measurement than they were just five years ago. (interest rate risk, liquidity risk). Insurers, in contrast, have
tended to place emphasis on the risks arising from the liability
side of their business (underwriting risk, catastrophe risk).
Securities firms have tended to emphasize the combination of
market risk and liquidity (meaning both the ability to fund or
Major Technical Challenges to sell an asset) in their portfolios. Of course, advances in
and Research Questions financial theory and market practice have eroded these
distinctions somewhat, and many firms now attempt to
The previous sections discussed the economic rationale behind
consolidated risk management and some of the costs facing
diversified financial firms in constructing such systems. In this Our goal is to highlight a series of practical
section, we turn to some additional practical problems
issues where additional research by risk
associated with this overall goal. Our goal is to highlight a series
of practical issues where additional research by risk management practitioners and by
management practitioners and by academics would be academics would be especially beneficial.
especially beneficial. In particular, we describe some of the
technical challenges involved in actually estimating an
aggregate measure of risk for a diversified financial institution measure the way in which risks can interact and affect an entire
and suggest some areas where further research could help both institution.25 Nonetheless, one of the key challenges of
financial institutions and supervisors understand the strengths consolidated risk management is to integrate these different
and weaknesses of such aggregate risk management. perspectives on risk into a coherent framework.
At a very general level, there does appear to be an emerging A related set of challenges arises when aggregating across
consensus about how various forms of risk should be different types of risk. These challenges reflect the fact that at
quantified. Most risk measurement methods used by major many financial institutions, risk measurement and
financial institutions are intended to capture potential losses management began as a bottom-up process, with different
over some future horizon due to the risk in question. These types of risk measured separately. A particular business area
methods can use a probability-weighted approach to would develop risk measurement approaches to capture the
estimating potential losses (as in a value-at-risk or earnings-at- most important risks facing that unit: credit risk for lending
risk system, where the distribution of future earnings is activities, market risk for trading, interest rate risk for the
calculated) or can provide point estimates of potential losses treasury/asset-liability management function. This risk-by-risk
under certain extreme circumstances (as in a stress test or approach has resulted in industry standards of risk
scenario analysis approach or in an “expected tail loss” measurement that differ significantly across risk types, and
estimation). The common thread is the focus on potential sometimes across activities with similar risks, both in the way
future losses, either to earnings or economic value.24 that risk is measured and in the extent to which it is quantified
Beyond this general consensus, however, the picture is at all.
considerably more complex. As noted above, an aggregate risk To a large extent, the state of development of modeling
measure must incorporate different types of risk (market, technology across the various risks reflects the availability of
credit, operational) and must bring together risks across data and the nature of the risk itself, which can affect the ease
different business lines (banking, insurance, securities). or difficulty involved in accurately modeling the risk. At one
Although the broad risk concept applied within and across end of the spectrum, the banking and securities industry has a

FRBNY Economic Policy Review / March 2001 11


now fairly long history of measuring market risk through of events and the sensitivity of cash flows to these events, both
value-at-risk models. The fact that value-at-risk models were to enhance day-to-day liquidity management and to
among the first statistical risk models developed reflects the strengthen the underpinnings of liquidity stress scenarios.
high-frequency and largely continuous nature of market risk Finally, at the far end of the spectrum, other risks—such as
and its management,26 the mark-to-market environment in legal, reputational, and strategic risk—are rarely quantified, as
which most trading activities occur, and the resultant ease of both the data and theoretical techniques for capturing these
modeling (normality has often been assumed) and availability risks have yet to be developed extensively.
of comparatively long historical data series around which to Even for those risks that are measured, important
calibrate the models. differences exist in the assumptions and techniques used to
Credit risk tends to exhibit somewhat lower frequency estimate potential losses. One key issue is the time horizon over
variation, as changes in credit status tend to evolve over weeks which potential losses are to be measured. As noted above, the
or months rather than on a day-to-day basis. Thus, fewer risks facing financial institutions vary in the extent to which
they are continuous or discrete, in how quickly new events
develop, and in the size of events when they occur (many small
At many financial institutions, risk events versus a few large ones). These differences imply the
measurement and management began as need for different horizons to capture different risks effectively.
In fact, we see these differences in the assumptions underlying
a bottom-up process, with different types the risk estimates made by financial firms, with market risk
of risk measured separately. typically measured over a one-day horizon, credit risk typically
measured over a one-year horizon, and operational risk
measured over a variety of short and long horizons (an industry
historical data are available to aid in model calibration, and the standard has yet to emerge).
modeling process itself is more complex, as the distribution of These differences present a challenge for calculating
credit losses is quite asymmetric with a long right-hand tail.27 consolidated risk exposures that span several risk types. Should
Financial institutions have made considerable progress over a single horizon be chosen for all risks and, if so, which one?
the past two or three years in credit risk modeling, but it is fair Should the time dimension be explicitly factored into the risk
to say that these models are at an earlier stage of development assessment, with paths of risk over time? More generally, issues
than the value-at-risk models used for market risk
assessment.28
Even further down the spectrum is operational risk—the Perhaps a more fundamental question is
risk stemming from the failure of computer systems, control whether a consolidated risk management
procedures, and human error—which captures a mixture of
system needs to have a fully consolidated
events, some of which involve relatively frequent small losses
(settlement errors in a trading operation, for instance) and risk measurement methodology at its core.
others that are characterized by infrequent but often large
losses (widespread computer failure). Consistent data sources
on this form of risk are difficult to obtain, especially for the less such as differing horizons suggest that there is an important set
frequent events; statistical modeling is in its early stages; and of research questions concerning methods for calculating
the computational requirements may be substantial, given the aggregate risk measures. At a very basic level, can the different
number of “control points” in most operational processes. individual risk measurement approaches typically used within
Liquidity risk measurement involves many similar issues financial firms be meaningfully aggregated? If so, how? If not,
of sorting the frequency of different types of events and is it possible to develop a “top-down” approach that somehow
developing appropriate data. Liquidity risk measurement has blends the risks facing the firm without measuring them
long involved scenario analysis focused on stress events and separately, such as an analysis of income volatility? Is there
based on subjective probabilities of how depositors, other some way of combining “top-down” with “bottom-up”
creditors, and borrowers would respond to the stress event. As approaches to consolidated risk measurement? And how does
risk measurement techniques have advanced, some financial the growing attention to evaluating performance against risk in
institutions are examining the potential for cash-flow-at-risk rewarding managers at all levels of the organization factor into
analysis, based on more formal measurement of the probability these decisions?

12 The Challenges of Risk Management


A related set of issues concerns the mathematical biases might enter the assessment of aggregate risk if this
aggregation of risk measures across businesses and risk types. assessment is based on disparate risk measures? How might
In most cases, this process would involve estimating comparisons of risk and return across business lines be
correlations between various risk exposures. An important affected? How can we relate the results of stress scenario
challenge in this regard is measuring the degree of correlation analysis to statistical measures of risk exposure? Are there limits
between risks in businesses that are distinct in terms of the to how different the various risk measures can be, yet still be
sources and frequency of variability (for instance, between useful in a consolidated risk management system? These are
insurance underwriting and trading). The data demands of important, unresolved issues.
producing accurate estimates are likely to be enormous. Even
when aggregate risk measures can be calculated, a related
challenge is how to apportion the benefits of diversification
across various business lines. That is, if less-than-perfect
correlation across distinct business lines results in a decrease in Conclusion
the overall risk facing the firm, how should these benefits be
allocated back to the various business units in the internal As the above discussion suggests, there is considerable scope
capital allocation process? for further research to enhance our understanding of the
This discussion assumes that to produce a consolidated benefits and shortcomings of consolidated risk management.
measurement of risk exposure, it is necessary to develop risk Many of the key research questions involve technical issues in
measures that are highly comparable across risk types. risk measurement and financial series modeling. While these
However, perhaps a more fundamental question is whether a questions are vital to understanding how to calculate a
consolidated risk management system needs to have a fully consolidated measure of risk exposure spanning all of a
consolidated risk measurement methodology at its core. In financial institution’s businesses and risk factors, they are not
other words, how much comparability across risk measures is the only questions of interest. Further research into the main
strictly necessary to have an effective consolidated risk question of this article—the economic rationale for
management system? If risk measures cannot be made perfectly consolidated risk management—could produce findings that
compatible across risk types and business lines, are there still would be of clear use to supervisors and financial institutions.
benefits to imperfectly comparable measures? In addition, this work could provide insight into such diverse
Our sense is that the answer to this question is likely to be a topics as the theory of the firm, the costs/benefits of
resounding yes, largely because the ability to evaluate results diversification, the linkages among financial markets, and the
against risks taken has become a major feature of financial impact of product and geographic deregulation. Our study
institution management in the 1990s. Some important issues presents some initial ideas, but clearly much more work needs
would need to be explored before understanding the full to be done. We hope that this article can serve as a starting
implications of this conclusion. For instance, what kind of point for further discussion.

FRBNY Economic Policy Review / March 2001 13


Endnotes

1. It can also be argued that supervisors may place somewhat greater 6. This framework is best developed in “Principles for the
weight on the risk of severe downside scenarios, given the nature of the Management of Credit Risk,” published in September 2000. The
supervisory role, but the private sector appears to be closing any gap Committee has also published work on interest rate risk, in 1997;
as a result of the insight gained from experiences such as the market operational risk, in 1998; and liquidity risk, in 2000.
disturbances in 1998.
7. The work of Modigliani and Miller (1958) and Miller and
2. Firms vary in how they use the risk management process to Modigliani (1961) suggests that any risk-altering actions taken by a
maximize profits. Some firms use risk-and-return measures in the firm’s management are redundant and resource-wasting because
selection of their medium-term business mix in order to maximize shareholders can achieve their optimal degree of diversification
long-run expected profits. Firms also use risk management systems to independently. See Cummins, Phillips, and Smith (1998) for a
assist in managing expected profits over short horizons, by seeking to discussion of the factors—such as bankruptcy costs, taxes, and costly
identify changes in risk and loss potential and adjusting their external financing—that may make it worthwhile for firms to engage
portfolios accordingly. in risk management.

3. In large measure, these efforts are an extension of a longer term 8. This relationship can be expressed mathematically as
trend toward enhanced risk management and measurement in the
σ FIRM = σ A2 + σ B2 + 2 ρ σ A σ B ≤ σ A + σ B ,
financial services industry. Many of these efforts have focused on
developing risk measurement and management systems for individual where σA and σB are the profit volatilities of business units A and B
risk types or businesses (for instance, market risk in a securities firm and ρ is the correlation between them.
or credit risk in a bank’s loan portfolio). In consolidated risk
management, however, the focus is on an expansion of these single- 9. This situation was not uncommon among globally dispersed
risk-management systems to span diverse financial activities, institutions prior to the introduction of enhanced information
customers, and markets. systems in the early-to-mid-1990s. Later in this article, we discuss the
role of information costs and information systems in diversified
4. Mergers may occur for many reasons, including the desire to financial institutions.
benefit from exactly the sort of diversification that presents challenges
to risk management and measurement systems. In this discussion, we 10. Morris and Shin (1999) describe this problem in the context of
distinguish between the broad diversification that may occur when multiple firms operating in a single market. They describe the errors
firms comprise business units involved in distinct business activities in risk assessment that can occur when risk management systems
(such as banking, insurance, or securities activities) or geographic assume that the firm’s activities are similar to playing roulette
locations and the type of portfolio diversification that occurs when (gambling against nature), when in fact the risks are more like those in
risk management units take steps to hedge portfolio- or business-level poker (where the actions of the other players matter). The same
risk exposures. It is the first type of diversification—which has become analogy can be applied to risks within a firm.
much more feasible given the regulatory and technical developments
discussed in the text—that presents the sort of challenges we discuss in 11. Or, as discussed below, such contagion fears may arise because
this article. market observers believe that the resources of all of the firm’s business
units will be used to “rescue” a troubled unit, calling into question the
5. The evaluation of the adequacy of risks in light of a full risk solvency of all of the businesses within the firm.
assessment is discussed in Federal Reserve SR Letter 99-18. Earlier in
the decade, the Federal Reserve issued SR Letter 93-69, on the 12. The large investments that many financial institutions are making
management of trading activities; SR Letter 97-32, on information in electronic trading and banking are examples of strategic risk related
security; SR Letter 00-04, on outsourcing; and a series of papers on the to establishing the competitive position of a firm in a fast-changing
management of credit risk in both primary and secondary market and greatly contested market. The problems many financial
activities (SR Letters 99-3, 98-25, and 97-21). The Office of the institutions experienced in the mid-1990s—when customers
Comptroller of the Currency and the Federal Deposit Insurance experienced large losses in connection with derivatives and complex
Corporation have issued guidance using a comparable framework for trading strategies—are examples of strategic risk related to damage to
a similar range of topics. the firm’s reputation.

14 The Challenges of Risk Management


Endnotes (Continued)

13. Froot and Stein (1998) consider a variant of this risk—the rise in the idiosyncratic risk of equities in the 1990s, the last example
bankwide cost of capital effect—that involves the impact of increased documented in Campbell, Lettau, Malkiel, and Xu (2001).
capital costs on all units within a firm when one unit takes on large
amounts of risk. 21. Gibson (1998) derives similar conclusions about the impact of
declining information costs. In his approach, risk measurement is a
14. In the Froot and Stein analysis, banks choose their capital means to monitor risk-taking by employees when information about
structure, risk management policies, and investment policies jointly, the managerial effort of those employees (or outside agents, such as
rather than impose a short-run capital constraint. However, when mutual fund managers) is not observable by the employer.
capital is costly, banks economize on the amount of capital they hold
and therefore take risk management concerns into account in their 22. Typically, these internal capital allocation systems fall short of a
investment policies. full-fledged consolidated risk measurement system, either because
they incorporate only a limited range of the risks facing a financial
15. The example Froot and Stein give is the counterparty risk on a institution (for example, just credit risk or market risk, but not
foreign exchange swap. With the advent of credit derivatives and other operational or other forms of risk) or because they are applied only to
credit risk management techniques, such risks are increasingly a subset of the institution’s activities.
tradable, by which Froot and Stein mean that the risks can be offset
to achieve a zero net present value. Nontradable risks can include 23. The specific regulatory barrier they cite is the limitations on
unhedged proprietary positions premised on subjective expected rates foreign ownership of domestic airlines.
of return deviating from those of the market. Note that the reliance on
markets for hedging for liquid risks and internal capital allocation for 24. Other potential definitions of risk could involve pure volatility
nontradable risks is another version of the contractible/ measures, such as standard deviations of earnings or economic value,
noncontractible distinction discussed earlier. or sensitivity measures that capture the derivative of earnings or
economic value with respect to particular risk factors, such as the
16. Other creditors here could include suppliers, consultants, and “value of a basis point.”
other contractors who provide products or services in return for the
promise of future payment. 25. Lewis (1998), for instance, describes how one insurance company
examines stress scenarios that affect all aspects of the firm, such as an
17. This would be especially true if there were meaningful disclosures earthquake that simultaneously causes extremely high insurance
about intrafirm exposures, as called for in a recent report by the Joint claims and disrupts financial markets—and thus the firm’s
Forum (1999b). investments and investment income—for some period of time.

18. As information systems become more “scalable,” the step function 26. Of course, some market price series exhibit sharp, discontinuous
may become flatter, in effect making it easier to realize and manage the jumps, such as those associated with emerging market developments
diversification benefits from combining activities. and unexpected changes in exchange rate regimes. These factors have
tended to be incorporated into value-at-risk models after the initial
19. This is also consistent with the analysis of Holmstrom and phases of model development.
Milgrom (1994), which derives analytically that enhancements to
performance measurement tend to permit greater employee freedom 27. To some extent, both the lack of data and the lower frequency
(such as higher limits), although the authors caution that their analysis variation reflect the current GAAP (Generally Accepted Accounting
requires a careful specification of the exact problem. Principles) accounting standards, which do not require the daily
marking-to-market to which trading account positions are subject.
20. Correlations and volatilities have changed substantially over time. Thus, shorter term variation in value may not be reflected in the
Examples include the sharp drop in volatilities in short-term interest accounting data typically available for use in credit risk models.
rates associated with the decline in inflation in the 1980s and early
1990s; sharp increases in the correlations and short-term volatilities of 28. See Basel Committee on Banking Supervision (1999a) for a
U.S. long-term fixed income instruments in times of distress; and a discussion of the state of development of credit risk models.

FRBNY Economic Policy Review / March 2001 15


References

Basel Committee on Banking Supervision. 1999a. “Credit Risk Coase, Ronald. 1937. “The Nature of the Firm.” Economica 4, no. 4
Modeling: Current Practices and Applications.” April. Basel, (November): 386-405.
Switzerland: Bank for International Settlements.
Counterparty Risk Management Policy Group. 1999. “Improving
———. 1999b. “A New Capital Adequacy Framework.” June. Basel, Counterparty Risk Management Practices.” June.
Switzerland: Bank for International Settlements.
Cummins, J. David, Richard D. Phillips, and Stephen D. Smith. 1998.
———. 1999c. “Performance of Models-Based Capital Charges for “The Rise of Risk Management.” Federal Reserve Bank of Atlanta
Market Risk.” September. Basel, Switzerland: Bank for Economic Review, first quarter: 30-40.
International Settlements.
Federal Reserve System Task Force on Internal Credit Risk Models. 1998.
———. 2000a. “Sound Practices for Managing Liquidity in Banking “Credit Risk Models at Major U.S. Banking Institutions: Current
Organizations.” February. Basel, Switzerland: Bank for State of the Art and Implications for Assessments of Capital
International Settlements. Adequacy.” May.

———. 2000b. “Principles for the Management of Credit Risk.” Froot, Kenneth A., and Jeremy C. Stein. 1998. “Risk Management,
September. Basel, Switzerland: Bank for International Settlements. Capital Budgeting, and Capital Structure Policy for Financial
Institutions: An Integrated Approach.” Journal of Financial
Board of Governors of the Federal Reserve System. 1993. “Examining Economics 47, no. 1 (January): 55-82.
Risk Management and Internal Controls for Trading Activities of
Banking Organizations.” SR Letter 93-69. December 20. Gertner, Robert H., David S. Scharfstein, and Jeremy C. Stein. 1994.
“Internal versus External Capital Markets.” Quarterly Journal
———. 1997a. “Risk Management and Capital Adequacy of Exposures of Economics 109, no. 4 (November): 1211-30.
Arising from Secondary Market Credit Activities.” SR Letter 97-21.
July 11. Gibson, Michael S. 1998. “The Implications of Risk Management
Information Systems for the Organization of Financial Firms.”
———. 1997b. “Sound Practice Guidance for Information Security Board of Governors of the Federal Reserve System International
for Networks.” SR Letter 97-32. December 4. Finance Discussion Paper no. 632, December.

———. 1998. “Sound Credit Risk Management and the Use of Global Derivatives Study Group. 1993. “Derivatives: Practices and
Internal Credit Risk Ratings at Large Banking Organizations.”
Principles.” July. Washington, D.C.: Group of Thirty.
SR Letter 98-25. September 21.
Grossman, Sanford J., and Oliver D. Hart. 1986. “The Costs and
———. 1999a. “Supervisory Guidance Regarding Counterparty Benefits of Ownership: A Theory of Vertical and Lateral
Credit Risk Management.” SR Letter 99-3. February 1.
Integration.” Journal of Political Economy 94,
no. 4: 691-719.
———. 1999b. “Assessing Capital Adequacy in Relation to Risk at
Large Banking Organizations and Others with Complex Risk
Holmstrom, Bengt, and Paul Milgrom. 1994. “The Firm as an Incentive
Profiles.” SR Letter 99-18. July 1.
System.” American Economic Review 84, no. 4 (September):
972-91.
———. 2000. “Outsourcing Information and Transaction
Processing.” SR Letter 00-04. February 29.
Holmstrom, Bengt, and John Roberts. 1998. “The Boundaries of the
Firm Revisited.” Journal of Economic Perspectives 12,
Campbell, John, Martin Lettau, Burton Malkiel, and Yexuai Xu. 2001.
no. 4 (fall): 73-94.
“Have Individual Stocks Become More Volatile: An Empirical
Exploration of Idiosyncratic Risk.” Journal of Finance 56, no. 1
(February): 1-43.

16 The Challenges of Risk Management


References (Continued)

Joint Forum (Basel Committee on Banking Supervision, International Miller, Merton H., and Franco Modigliani. 1961. “Dividend Policy,
Organization of Securities Commissioners, International Association Growth, and the Valuation of Shares.” Journal of Business 34
of Insurance Supervisors). 1999a. “Risk Concentration Principles.” (October): 411-33.
December. Basel, Switzerland: Bank for International Settlements.
Modigliani, Franco, and Merton H. Miller. 1958. “The Cost of Capital,
———. 1999b. “Intra-Group Transactions and Exposures Principles.” Corporation Finance, and the Theory of Investment.” American
December. Basel, Switzerland: Bank for International Settlements. Economic Review 48 (June): 261-97.

Labrecque, Thomas G. 1998. “Risk Management: One Institution’s Morris, Stephen, and Hyun Song Shin. 1999. “Risk Management with
Experience.” Federal Reserve Bank of New York Economic Interdependent Choice.” Bank of England Financial Stability
Policy Review 4, no. 3 (October): 237-40. Review, no. 7 (November): 141-50.

Lam, James. 1999. “Enterprise-Wide Risk Management: Staying Mudge, Dan. 2000. “The Urge to Merge.” Risk Magazine. February,
Ahead of the Convergence Curve.” Journal of Lending and p. 64.
Credit Risk Management 81, no. 10 (June): 16-9.

Lewis, Robert. 1998. “Capital from an Insurance Company


Perspective.” Federal Reserve Bank of New York Economic
Policy Review 4, no. 3 (October): 183-5.

The views expressed in this article are those of the authors and do not necessarily reflect the position of the Federal Reserve Bank
of New York or the Federal Reserve System. The Federal Reserve Bank of New York provides no warranty, express or
implied, as to the accuracy, timeliness, completeness, merchantability, or fitness for any particular purpose of any
information contained in documents produced and provided by the Federal Reserve Bank of New York in any form or
manner whatsoever.

FRBNY Economic Policy Review / March 2001 17

You might also like