In the second part of the book, we use these tools to develop a framework of risk control for an institution. This is also relevant for those operating in different parts of the world – financial risks have no borders.
BARINGS: FLAWED CONTROLS
In the aftermath, it became abundantly clear that control, governance and management oversight had failed: Leeson had full authority over front- and back-office functions and could create financial fiction; the financial control, finance and risk functions never questioned Leeson’s margin claims or the source of Leeson’s impressive profits – reported profits of almost £55 million over two and a half years. The venue and product management also never took direct responsibility for understanding the nature of Leeson's activities - as long as he was profitable, he was left to his own devices.
LONG TERM CAPITAL MANAGEMENT: TOO MUCH LEVERAGE, TOO LITTLE LIQUIDITY
As the price of IBM and the yen/dollar exchange rate change daily, the fund has obligations to meet. The fund held some very large positions – such as asset swap spreads (the return difference between a risky credit and a risk-free benchmark), equity volatility (the relative level of volatility in a stock market) and stocks – whose liquidity characteristics were not understood correctly.
MERRILL LYNCH: TOO MUCH RISK, NOT ENOUGH GOVERNANCE
Much of the increased profitability was thus driven by good markets and increased credit exposures, which generated increased interest income above Merrill Lynch's cost of funds. Indeed, some of Merrill Lynch's debt activity has centered on taking advantage of the spread between its sovereign debt ratings and this portfolio of less creditable securities.
FAILURES IN THE RISK PROCESS
There was also a lack of understanding of concentration and liquidity risks and an unwillingness to override some of the sophisticated analytical infrastructure with common sense. We will explore these themes, summarized in Figure 1.1, further in the balance of the book.
MARKET RISK
Curve risk is the risk of loss resulting from a negative change in the maturity structure (known as the curve) of a reference asset – an interest rate, security price, volatility level and so on. Correlation risk is the risk of loss as a result of a negative movement in the correlations or price relationship between assets or markets.
CREDIT RISK
However, if the contract is close to expiration and out of the money when the bank defaults, he will lose no money. Unfortunately, it tends to be placed at the bottom of the priority list of risks to worry about.
LIQUIDITY RISK
It is one of the most difficult to monitor, as it relies on the availability of a technology-intensive, real-time, comprehensive system – something that few, if any, firms possess. If a bank trades in the local currency of a developing country, it may experience a loss of sovereign risk if the country devalues the currency dramatically over a short period of time, or if the country's central bank stops converting the local currency back into foreign currencies. convertible indefinitely. .
MODEL RISK
SUITABILITY RISK
PROCESS RISK
It is unclear how large process risk losses actually are, as reporting is generally very vague and individual losses may be small in absolute terms (although ultimately large in total!). Institutions that sustain process risk losses also prefer to "keep quiet" rather than publicly announce them - so the true extent of the problem is not precisely known.
LEGAL RISK
Barings is another example: internal fraud, lax management controls, manipulation of software code, obfuscation of risk reports, falsification of settlement instructions and diversion of trades led to the bank's eventual collapse. It is imperative for a business to continually review its operations to ensure that it has identified all sources of risk – and that management shares a common understanding of those risks.
ASSET LIQUIDITY RISK
The best bid could be 95, which means the company loses $5 million due to asset liquidity risk. Not every firm has the same amount of asset liquidity risk for the same portfolio of assets.
FUNDING LIQUIDITY RISK
Asset liquidity risk is also relevant when looking at credit risk, and it cannot be brushed aside if the credit exposure to a counterparty is backed by a lien or collateral. However, because very few companies enjoy such flexibility in their operations, asset liquidity risk must always be considered, identified and managed.
ASSET AND FUNDING LIQUIDITY RISK
The combination of asset liquidity and funding risk should also be considered when there is no loan. The remaining mutual fund holders, in essence, mutually insure each other for the value of the assets in the fund at prices set by the fund manager/administrator.
LEVERAGE ARBITRAGE
Investors write put options on a portfolio of stocks daily at prevailing prices and sell them to all other investors. An investor who exits the fund does the usual worthlessness of the investment on the money - if too many investors do the same thing at the same time, those investments may no longer be worthless.
MONITORING LIQUIDITY RISK
If the asset turnover rate slows and more of the balance sheet shifts into an 'aged' category (for example, 90, 120 or more than 180 days), asset liquidity risk is likely to increase. A position that is overvalued is unlikely to be attractive to others in the market and remain on the books.
INFLUENCING BEHAVIOR TO ALTER LIQUIDITY PROFILES
- Balance sheet targets
- Concentration limits
- Aged/illiquid inventory penalties
- Adequate haircuts
- Diversified funding
For example, if a company makes a $10 million reverse repo loan backed by $11 million of U.S. Treasury bonds, it should have a buffer large enough to cover itself in the event that the borrower defaults on the loan (especially since the securities are valued daily and the collateral is not repaid). calls will be made if necessary). 11 million in high-yield bonds, it may not have enough collateral to cover the loan in the event of a default.
TEN USEFUL LIQUIDITY RISK QUESTIONS
The explosion of creativity in financial engineering that started in the mid-1980s has made the analysis of credit risk much more difficult. Therefore, the analysis of credit risk has become very complex, and the once separate credit and market risk disciplines are gradually converging.
SUITABILITY CASES
- Orange County
- Procter and Gamble
- Sumitomo Corporation
- Prudential Securities
As Hamanaka's influence grew, he even became known as 'Mr 5%' because he could routinely control 5% of the global copper market (trading mainly through the London Metal Exchange (LME), the world's largest forum for listed copper trading). ). This example illustrates the need for financial organizations to ensure that products aimed at individual investors are truly suitable (with prudent amounts at risk) and are accompanied by full and accurate disclosure of the potential downsides that could be caused by poor performance, credit , market and market conditions. or liquidity events.
KNOWING YOUR CUSTOMER
Funds
As noted in the Orange County and P&G cases above, a very powerful party that has the financial means to pay its obligations (eg, a government institution or a well-funded corporation) may choose not to do so for any number of reasons—it may believe , the banker treated him unfairly (eg he was "robbed"), that the required hedging did not provide the desired benefits, that there was too much risk built into the deal, that the valuations were wrong, and so on. Therefore, it is crucial to choose the types of customers you will be dealing with and the different types of products that can be marketed.
Governments and charities
While it is difficult to know in advance whether or not a client will willingly fulfill its obligations (regardless of financial strength), a firm should be alert to the possibility that high-risk transactions may be very complex or unusual, a greater chance of being challenged by a dissatisfied customer (usually in a losing position!). It is also true that the greater the potential loss, the greater the chance of a tort claim, even if the financial agreements are simple.
Other corporations and financial intermediaries
These events can very quickly become very public and embarrassing – much to the chagrin of financial intermediaries and regulators. Not-for-profit organizations (eg religious foundations and pension funds) similarly fall easily into the public domain and should only be treated as businesses after very careful consideration.
THE CREDIT DECISION: BUSINESS CONSIDERATIONS
DEALING WITH CLIENT SUITABILITY
It is also helpful to include a member of the external audit team on the committee to obtain a “neutral” opinion. In order to determine the effectiveness of the process, the status of transactions approved in the past should be reviewed regularly.
TOWARD BETTER DISCLOSURE
Clearly, understanding the disclosure differences generated by different accounting standards is a key part of the analysis process. It is also possible to engage a third party to filter the information to protect some of the details, yet not reduce its usefulness to the creditor.
TEN USEFUL SUITABILITY RISK QUESTIONS
There is a large gap that needs to be filled by accounting and regulatory agencies in both financial accounting and risk disclosure. In addition to improved GAAP and IAS, there is an urgent need for the accounting and regulatory community to dictate useful standards of risk disclosure for financial and non-financial corporations, funds, not-for-profit organizations and governments - which may be referred to as the General Agreed Risk Disclosures (GARD).
DEFINING PROCESS RISK
CATEGORIZING PROCESS RISK
DISASTER RECOVERY RISK
However, drastic cost-cutting in 2001 had led to disaster recovery planning budgets in the institutional businesses being cut in half. And how to create disaster recovery rules that can easily be applied by some devices but not others.
BUSINESS RECOVERY RISK
Hopefully, since the unfortunate events of 9/11, everyone is taking disaster recovery plans more seriously. Disaster recovery risks can be broad-based, such as those based on 9/11-type scenarios, or institution-specific.
PEOPLE RISK
FRONT-OFFICE ERROR RISK
We also suspect cases where orders placed by clients are placed by the broker shortly afterwards into an error account if the market has moved in the wrong direction. But in many organizations, especially those dealing with high volume/small retail flows, it can end up being quite expensive.
OPERATIONS ERROR RISK
In the short term, a company should ensure that appropriate management and oversight are in place, that people are well trained and held strictly accountable for any mistakes or violations. In the long term, a company should try to use as much "straight-through processing" technology as possible - technology that does not require human intervention and can automatically detect front-office trade errors ("out trades", cancellations, revisions, etc. continue).
SOFTWARE ERROR RISK
Standard models for calculating forward curves, options and other financial variables should be imposed by a set of models resident in the independent risk management function. Any marketer or accountant who relies on computers to be more than sophisticated multitasking calculators is asking for trouble.
AUTHORIZATION RISK
We argue that while many of these relate to software errors, half or more of the blame lies with traders and accounting staff, who should be able to see that computer-generated results do not match their intuitive or risk-attributed results.
STRUCTURED PRODUCT RISK
The more qualified the "followers" are to understand the complexities of transactions and the more trained they are, the fewer errors there will be. We believe it is important to hold transactors accountable for ensuring ongoing follow-up on each item related to the deal; while they obviously shouldn't lead the charge in negotiating legal documentation (that's the job of lawyers), they should be available, cooperative, and feel accountable for following through on the transaction throughout its life.
DOCUMENTATION FOLLOW-UP RISK
COLLATERAL RISK
TRAINING AND REGULATORY COMPLIANCE RISK
CONTROLLING PROCESS RISKS
TEN USEFUL PROCESS RISK QUESTIONS
When a company realizes that it is running risks like those described in the previous chapters, it needs to know approximately how much money it is putting at risk. When this happens, it is usually not that the formulas are wrong, just that they are being misinterpreted.
MATHEMATICAL MEASURES
Scenarios can, and should, cover very likely events (eg, high frequency, small loss) as well as catastrophic events (eg, the "hundred-year floods" that generate very large losses). Moreover, it is based on historical correlations (which can break down especially in times of market stress, just when it matters!) and statistical assumptions (which may or may not be true).
SUBJECTIVE MEASURES
The measure takes the maximum loss resulting from a set of scenario shocks for each risk class (e.g. currency volatility risk, target interest rate risk) and adds them together to give a division-wide or company-wide loss amount. Because maximum loss is a conservative measure, we believe it is closer to truly capturing a century-long flood disaster scenario, for which most other commonly used measures provide little insight—although even a maximum loss measure can never guarantee to capture the absolute worst case.
MEASURING DIFFERENT RISKS
- Market risks
- Credit risks
- Liquidity risks
- Process risks
- Legal, suitability and reputational risks
Direct credit risk, trade credit risk and contingent credit risk – three of the broad classes of credit exposure we defined in Chapter 2 – can be estimated through statistics or analysis. 100 million as a risk today, or measure a nominal exposure (eg the value of the credit derivative premium of the option today) and add the amount of the facility only when (or if) it is drawn.
RISK PHILOSOPHY
Financial risk and corporate goals
So e.g. should the oil company focused on managing its commodity exposures not actively position equity or interest rate derivatives as this would be contrary to the imperatives of the company and not part of its core expertise – in short, not part of its risk. philosophy. Where it has no choice but to take risks that are not part of the core competence (eg the management of a pension fund), it should only do so with expert advice and under very conservative accounting practices.
Focus of “balance sheet” risk activities
Before doing anything else, a company needs to understand what risk means to its business operations—essentially knowing whether risks complement, enhance, or harm its operations, and whether they are a significant part of revenue generation. An industrial company, on the other hand, generates more revenue from industrial production and may only have risks that are a by-product of its core business lines (eg commodity risks, product risk, etc.) rather than those that come from financial sources.
Stakeholder expectations
RISK TOLERANCE
How much is the firm willing to lose?
What resources are available?
Is the firm getting paid to take risk?
In our opinion, the risk capital allocation process should be an automated part of risk management. Communication should be an ongoing process and interested parties should be notified if any changes to the risk mandate occur.
PRINCIPLE 1: CLEAR RISK APPETITE
We believe that the eight key principles of risk summarized in Figure 9.1 allow for the development of such a discipline.
PRINCIPLE 2: EFFICIENT RISK ALLOCATION
PRINCIPLE 3: EFFICIENT AND INDEPENDENT CONTROL FUNCTIONS
However, we question whether they see themselves as a very important link in the risk management chain and whether they are actually held accountable accordingly. For most organizations, the treasury function is also a critical link in the risk management chain.
PRINCIPLE 4: THOROUGH BUSINESS REVIEWS
Without an accurate valuation of positions, an in-depth analysis of returns based on the risk taken, strong and effective capital allocation models, and so on, it becomes very difficult for risk pools and management to be effective. An accounting function that is independent, qualified and accountable for its role in risk management is therefore a fundamental building block.
PRINCIPLE 5: FOCUS ON TOP 10 RISKS
PRINCIPLE 6: SOLID RISK INFRASTRUCTURE
PRINCIPLE 7: ZERO TOLERANCE FOR VIOLATIONS
PRINCIPLE 8: NO SURPRISES!
CREATING A CULTURE OF ACCOUNTABILITY
ROLES AND RESPONSIBILITIES
A good working relationship between the committee chair and the head of corporate risk management is obviously crucial. The head of the risk management group, as well as some of its senior members, should have commercial expertise.
CREATING A RISK FRAMEWORK
- Computing maximum losses
- Aggregating losses
- Credit risk
- Liquidity risk
- Settling limits at different levels
Table 1 Table 2 Table 3 Collateral asset 1Collateral asset 1 Risk class limits: Collateral asset 2 Risk class limits: Collateral asset 2 Collateral asset 3 Risk class limits: Collateral asset 3 Collateral asset 4 Risk class limits: Collateral Asset 4 Collateral Asset Limits 5R Collateral Asset Limits 5R: :Desk Limits: Desk Limits: Division Limits: All SecuredAll SecuredAll SecuredAll Secured Businesses, perbusiness, perbusiness, perbusiness, for counterparty and counterparty and counterparty and counterparty and collateral collateral collateral Figure 11.6 Desendering: limited limited class. Risk class limits: Collateral asset 1 Risk class limits: Collateral asset 2 Collateral asset 3 Risk class limits: Collateral asset 3 Collateral asset 4 Risk class limits: Collateral asset 4 Collateral asset 5 Class limits of Risk: Collateral asset 5 Desk limits: Desk limits: Desk limits: Sharing limits: All insuredAll insuredAll insuredAll insured business to business to business to business, for counterparty 1 counterparty 2 counterparty 3 counterparty and collateral Figure 11.7 Class shifting: cross-linked exposures.
THE COMPLETE RISK FRAMEWORK
For example, an energy company entering into OTC derivative contracts to hedge commodity risks is taking the same counterparty credit risks that banks normally take.
MONITORING, ADJUSTING AND DEALING WITH EXCEPTIONS
Amount for all parties/legal entities within each and all categories of sub-investment categories (BB, B, CCC) Loans, securities, deposits 100% of notions, by party/legal entity. By country∗ Amount for all parties/legal entities within the country Loans, securities, deposits 100% of notions, by party/legal entity.
RULE 1: STICK TO THE RISK FRAMEWORK
Instead, we use this term to refer to the elements in the risk management process that can be institutionalized through the disciplined following of well-thought-out rules. By automating certain processes and behaviors, they become second nature and help move every person in the organization toward the common goal of creating a well-controlled environment.
RULE 2: ESCALATE ALL EXCEPTIONS
Furthermore, they work best when taken to the lowest common denominator in the business: the closer the rules are to the person who pulls the trigger every day, the better. Although these are kept to a minimum, it is important that if senior management decides to move forward with such transactions while “breaching” the boundaries set by the framework, only they are allowed to make such a decision.
RULE 3: ORGANIZE ALL RISK TAKING
Brokers who help their colleagues manage risk should not see inter-office hedging as an opportunity to get away with high profit margins – prices should be fair and market-oriented. Most institutions do not have more than a handful of truly skilled risk takers (these are people who are able to consistently make money despite unfavorable odds in price-taking situations, and must be distinguished from recruiters who have the odds in their favor either because of better information on market flows and/or because they are one of the few price makers for a particular product (which gives them better price information and market bid-offer spreads to exploit) – significant risk should be concentrated in their hands .
RULE 4: ALLOCATE CAPITAL EFFICIENTLY
Not only is this more efficient, it also ensures that everyone can focus on what they are good at and increases transparency in managing major risks.
RULE 5: BE ACCURATE AND TRANSPARENT IN ACCOUNTING
RULE 6: BE ABLE TO EXPLAIN RISK EARNINGS IN DETAIL
No later than the following day, the accounting staff must independently calculate the "official" result and result for the day. These reserves must be well defined and only calculated by the auditors; Traders must never be allowed to take and release reserves themselves.
RULE 7: KNOW THY CLIENT
Reserves should be formulaic (eg objective rather than subjective), working within accepted accounting principles. In determining reserve rules, consideration should be given to the behavioral incentives that these accounting rules may create so as not to inadvertently increase the firm's risk profile.
RULE 8: UNDERSTAND THE WORST-CASE SCENARIOS
Such scenarios should be implemented in conjunction with the treasury and accounting functions to monitor the impacts of assets and liabilities on the balance sheet, funding requirements and any regulatory capital issues that may arise. Finally, like any rule, there are limitations that must be well understood and supplemented by continued diagnosis, experience, and common sense.
SUPPLEMENTING AUTOMATED PROCESSES
MANUAL CONTROL 1: TOP PROFESSIONALS
Skills
Integrity and character
MANUAL CONTROL 2: EFFECTIVE HUMAN RESOURCE MANAGEMENT
Staying fresh
Loss of acuity or enthusiasm in any sensitive role can lead to errors, mistakes or greater breaches of control. Not surprisingly, staying in this type of role for a long period of time, not taking "mind-clearing" breaks and so on, can wear down even the best.
Managing actively
This brings in “new blood”, new ideas and new perspectives – a fresh look at complex risk books can often yield important information.
MANUAL CONTROL 3: PROPER MOTIVATION
Incentive compensation
We noted earlier in the book that risk managers, risk takers, and other control specialists need to stay fresh and energized to add value. Making a controlling officer's pay a direct function of the revenue of the business units is contrary to the best interests of the firm and violates the independence rules discussed earlier.
Leadership and teamwork
Governing officers must be paid out of medium-term company profitability – so there is some incentive to be commercial, and yet ultimately they can still “just say no!”.
MANUAL CONTROL 4: COMMUNICATIONS
MANUAL CONTROL 5: SPOT CHECKS
If a company can't monitor its risk activities, it will have trouble making risk decisions, and if managers lack visibility into the company's risk profile, they can't really be in control. In our view, an appropriate investment in policies, reporting, data and technology is essential to allow controllers and directors to properly manage the company's business and risks.
POLICIES
Policy manuals should list the relevant qualifications that the company requires of employees to perform their functions. For example, a derivatives trader should be required to be trained in options theory, forward curves, derivative accounting, new products and customer screening procedures, etc.
REPORTING MECHANISMS
While many firms strive for real-time risk reporting of all positions, few actually have such capabilities. An individual business, such as forex, may have real-time risk capabilities, but a business is unlikely to see its risk that way (especially if it has very broad-based, cross-market global operations).
DATA AND TECHNOLOGY INFRASTRUCTURE
Data
The template can contain pre-computed risk information (e.g. risk sensitivities, agency VAR, etc.), or simply act as a raw material for risk analyzes that calculate risk information. Bad data distorts the appearance and magnitude of the company's risk profile and leads to poor decisions.
Technology
Risk analytics embedded in technology platforms (rather than those contained in stand-alone risk and financial control systems) should be able to provide the market, credit, liquidity and process risk measures defined by the risk management group. danger. As with any dynamic process, these should be reviewed regularly and improved as necessary.
ONGOING DIAGNOSTICS
AN IDEAL WORLD
Different parts of the risk control process may not always work as intended, or may become obsolete as the environment changes. Looking for clues about what might not be working properly can lead to the discovery of problems; once uncovered, a cure can be prescribed.
CLUES, CAUSES AND CURES
- Governance
- Identification
- Measurement
- Reporting/monitoring
- Ongoing management
- Infrastructure
This is intended to solve the risk tolerance and framework problems highlighted in Chapters 8 and 11. This is intended to resolve the litigation and legal risk issues highlighted in Chapters 4 and 5.
TOWARD GREATER TRANSPARENCY
In the same light, we believe that shareholders should be able to ask questions and receive intelligent answers regarding the company's risks - so that they can form an opinion on how these will affect their investment decision. Key people inside and outside the company should be able to regularly respond to such inquiries and answer other key questions.
TEN QUESTIONS THE BOARD MEMBER OR CEO OUGHT TO BE ABLE TO ANSWER
The behavior of focusing on the top 10 risks should then flow naturally throughout the organization, with similar assessments, discussions and debates. For illustrative purposes, we have listed a few below (others can of course be developed to meet the needs of a specific organization – but the themes are likely to be similar).
TEN QUESTIONS THE CFO OUGHT TO BE ABLE TO ANSWER
Board members, the CFO, the head of corporate risk, the head of internal audit must all be present, equally familiar with the subject and equally accountable. Have you entered into any transaction(s) that will materially affect the forward balance sheet and net worth of the company.
TEN QUESTIONS THE HEAD OF CORPORATE RISK OUGHT TO BE ABLE TO ANSWER
How much can you lose in an accident and what would be the consequences for the corporation in terms of funding and capital. Are your liabilities sufficiently diversified in terms of investors/lenders, maturities and commitments to withstand a catastrophe.
TEN QUESTIONS THE HEAD INTERNAL AUDITOR OUGHT TO BE ABLE TO ANSWER
TEN QUESTIONS THE PRIMARY REGULATOR OUGHT TO BE ABLE TO ANSWER
TEN QUESTIONS THE HEAD EXTERNAL AUDITOR OUGHT TO BE ABLE TO ANSWER
Correlation risk the risk of loss as a result of a change in the historical correlations or correlations between assets. Credit risk the risk of loss as a result of a counterparty not fulfilling a contractual obligation.
