THE ESSENTIALS OF RISK
THE ESSENTIALS OF RISK MANAGEMENT This page intentionally left blank THE ESSENTIALS OF RISK MANAGEMENT SECOND EDITION MICHEL CROUHY, DAN GALAI, ROBERT MARK New York Chicago San Francisco Athens London Madrid Mexico City Milan New Delhi Singapore Sydney Toronto Copyright © 2014 by McGraw-Hill Education. All rights reserved. Except as permited under the United States Copyright Act of 1976, no part of this publication may be reproduced or distributed in any form or by any means, or stored in a database or retrieval system, without the prior written permission of the publisher. ISBN: 978-0-07-182115-5 MHID: 0-07-182115-5 The material in this eBook also appears in the print version of this title: ISBN: 978-0-07-181851-3, MHID: 0-07-181851-0. eBook conversion by codeMantra Version 1.0 All trademarks are trademarks of their respective owners. Rather than put a trademark symbol after every occurrence of a trademarked name, we use names in an editorial fashion only, and to the benefit of the trademark owner, with no intention of infringement of the trademark. Where such designations appear in this book, they have been printed with initial caps. McGraw-Hill Education eBooks are available at special quantity discounts to use as premiums and sales promotions or for use in corporate training programs. To contact a representative, please visit the Contact Us page at www.mhprofessional.com. This publication is designed to provide accurate and authoritative information in regard to the subject matter covered. It is sold with the understanding that neither the author nor the publisher is engaged in rendering legal, accounting, securities trading, or other professional services. If legal advice or other expert assistance is required, the services of a competent professional person should be sought. —From a Declaration of Principles Jointly Adopted by a Committee of the American Bar Association and a Committee of Publishers and Associations TERMS OF USE This is a copyrighted work and McGraw-Hill Education and its licensors reserve all rights in and to the work. Use of this work is subject to these terms. Except as permitted under the Copyright Act of 1976 and the right to store and retrieve one copy of the work, you may not decompile, disassemble, reverse engineer, reproduce, modify, create derivative works based upon, transmit, distribute, disseminate, sell, publish or sublicense the work or any part of it without McGraw-Hill Education’s prior consent. You may use the work for your own noncommercial and personal use; any other use of the work is strictly prohibited. Your right to use the work may be terminated if you fail to comply with these terms. THE WORK IS PROVIDED “AS IS.” McGRAW-HILL EDUCATION AND ITS LICENSORS MAKE NO GUARANTEES OR WARRANTIES AS TO THE ACCURACY, ADEQUACY OR COMPLETENESS OF OR RESULTS TO BE OBTAINED FROM USING THE WORK, INCLUDING ANY INFORMATION THAT CAN BE ACCESSED THROUGH THE WORK VIA HYPERLINK OR OTHERWISE, AND EXPRESSLY DISCLAIM ANY WARRANTY, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. McGraw-Hill Education and its licensors do not warrant or guarantee that the functions contained in the work will meet your requirements or that its operation will be uninterrupted or error free. Neither McGraw-Hill Education nor its licensors shall be liable to you or anyone else for any inaccuracy, error or omission, regardless of cause, in the work or for any damages resulting therefrom. McGraw-Hill Education has no responsibility for the content of any information accessed through the work. Under no circumstances shall McGraw-Hill Education and/or its licensors be liable for any indirect, incidental, special, punitive, consequential or similar damages that result from the use of or inability to use the work, even if any of them has been advised of the possibility of such damages. This limitation of liability shall apply to any claim or cause whatsoever whether such claim or cause arises in contract, tort or otherwise. CONTENTS Foreword vii Foreword xi I ntroduction to the Second Edition: Reforming Risk Management for the Post-Crisis Era xv 1. Risk Management: A Helicopter View 1 1.1 Typology of Risk Exposures 23 2. Corporate Risk Management: A Primer 45 3. Banks and Their Regulators: The Post-Crisis Regulatory Framework 67 3.1 Basel I 117 3.2 The 1996 Market Risk Amendment 125 3.3 Basel II and Minimum Capital Requirements for Credit Risk 131 3.4 Basel 2.5: Enhancements to the Basel II Framework 137 3.5 Contingent Convertible Bonds 143 4. Corporate Governance and Risk Management 151 5. A User-Friendly Guide to the Theory of Risk and Return 183 6. Interest Rate Risk and Hedging with Derivative Instruments 203 7. Measuring Market Risk: Value-at-Risk, Expected Shortfall, and Similar Metrics 233 8. Asset/Liability Management 265 9. Credit Scoring and Retail Credit Risk Management 305 10. Commercial Credit Risk and the Rating of Individual Credits 333 10.1 Definitions of Key Financial Ratios 363 v vi • Contents 11. Quantitative Approaches to Credit Portfolio Risk and Credit Modeling 11.1 The Basic Idea of the Reduced Form Model 12. The Credit Transfer Markets—and Their Implications 12.1 Why the Rating of CDOs by Rating Agencies Was Misleading 13. Counterparty Credit Risk: CVA, DVA, and FVA 14. Operational Risk 15. Model Risk 16. Stress Testing and Scenario Analysis 16.1 The 2013 Dodd-Frank Severely Adverse Scenarios 17. Risk Capital Attribution and Risk-Adjusted Performance Measurement Epilogue: Trends in Risk Management Index 365 407 411 467 471 499 529 555 581 583 609 619 FOREWORD The world changed after the global financial crisis of 2007–2009, and the change was especially dramatic for banks. The second edition of this book is therefore very welcome and helps to clarify both the implications of the crisis for risk management and the far-reaching process of regulatory change that will come into full force over the next few years. Banks are reforming their risk management processes, but the challenge goes much deeper. Banks must rethink their business models and even question the reason for their existence. Do they exist to take proprietary risks (on or off their balance sheet) or to provide a focused set of services and skills to their customers and business partners? At Natixis, our business adopts the latter model. We have recently completed an aggressive push to adapt to post-crisis regulatory constraints, end our proprietary activities, reduce our risk profile, and refocus on our three core businesses: wholesale banking, investment solutions, and specialized financial services. The far higher capital costs under Basel III are likely to shift many other banks toward a more service-based business model with less risk retained. The new regulations are also obliging banks to change their funding strategies—e.g., by making use of new funding tools in addition to reformed approaches to securitization and traditional funding avenues. This change of philosophy may mean developing trusted partnerships with different kinds of financial institutions, such as insurance companies and pension funds, that can absorb the risks that banks no longer wish to carry on their balance sheets—a process that Natixis has already begun. As banks change their approach, they must also take a fresh look at their corporate governance. The crisis showed that banks had been driven vii viii • Foreword by too simplistic a notion of growth and short-term profitability. Going forward, firms must build a wider and longer-term view of stakeholder interests—e.g., by defining long-term risk appetites explicitly and connecting these securely to strategic and operational decisions. Ensuring the right kind of growth will require many of the best-practice mechanisms of corporate governance discussed in this book. The crisis also showed that banks need to pay more than lip service to the concept of enterprise risk management. They must improve their understanding of how a wide range of risks—credit, market, liquidity, operational, reputation, and more—can interact with and exacerbate each other in a bank’s portfolios and business models when the financial system is under strain. In turn, this requires the development of new risk management methodologies and bankwide infrastructures—for example, in the area of macroeconomic stress testing. One of the accomplishments of this book is that it helps set out these new methodologies and explains their strengths and also their limitations. The authors believe that financial institutions must not rely on any single risk measure, new or old. Risk measurement and management methodologies are there to help decision makers, not to supply simplistic answers. It is critical that institutions (as well as regulators) develop a better understanding of the interconnected nature of the global financial system. As this book explains in its various chapters, systemic risks, counterparty interconnections, liquidity risks, credit risks, and market risks all feed on one another in a crisis. Understanding how risks concentrate during good times and then spread through systemic interconnections during bad times needs to become part of the philosophy of bank risk management. Without this understanding, it is difficult for financial institutions to resist activities that boost growth and profitability in the short term, but that may create unsustainable levels of risk in the longer term. The global economy is trying to find a path toward sustainable growth at the same time that developed nations have begun to unwind the unprecedented support given to economies and banking systems during the crisis years. This will give rise to many challenges as well as opportunities. Natixis plays a frontline role in financing the real economy, but we know that this must be built on solid risk-managed foundations. Foreword • ix In this sense, the book supports the business philosophy we are developing at Natixis. We believe that long-term success comes to institutions and economies that can deliver growth while managing downside risks through both improved risk management and the careful selection of fundamental business models. Laurent Mignon Chief Executive Officer of Natixis September 13, 2013 This page intentionally left blank FOREWORD I think that the concept of the Crouhy, Galai, and Mark book, The Essen- tials of Risk Management, Second Edition, is brilliant. In my career as an academic and in investment management, I found that there is too large a separation between the technocrats who build risk-management models and systems and those who should be using them. In addition, the model builders seem to me to be too far from economics, understanding what risk management can and cannot do and how to structure the risk management problem. Crouhy, Galai, and Mark bridge that gap. They bring the academic research together with applications and implementation. If riskmanagement model builders come to appreciate the economics underlying the models, they would be better prepared to build risk-management tools that have real value for banks and other entities. And, as the authors bring up time and again, board members of corporations must also become as familiar with the models and their underlying economics to ask the correct follow-up questions. Risk management is often described as being an independent activity of the firm, different from generating returns. Most macro and micro models in economics start from a framework of certainty and add an error term, a risk term to represent uncertainty. When describing predicted actions that arise from these models, the error or uncertainty term disappears because the modelers assume that it’s best to take expectations as their best guess as to future outcomes. In both cases, however, this is incorrect. Risk management is part of an optimization program, the tradeoffs between risk and return. As described in the book, the three tools of risk management are (a) reserves, (b) diversification, and (c) insurance. With greater reserves against adverse xi xii • Foreword outcomes, the risk of the firm or the bank is reduced. Greater reserves, however, imply lower returns. And, the dynamics of the reserve need to be known. For example, if a bank needs capital or liquidity reserves to shield it against shock, is the reserve static or can it be used, and how is it to be used at time of shock? If it is a reserve that must always be at a static level, it is not a reserve at all. These are important optimization and planning questions under uncertainty. With more diversification, the bank reduces idiosyncratic risks and retains systematic risks, which it might also transfer to the market. Diversification has benefits. But, if a bank earns profits because its clients want particular services such as mortgages, it might want to concentrate and make money by taking on additional idiosyncratic risk, for it is not possible to diversify away all risks and still earn abnormal profits. The bank must respond to its client’s demands and, as a result, take on idiosyncratic risks. The same is true of insurance. Unlike car insurance, wherein, say, the value of the car is knowable over the year, and the amount of the insurance is easy to ascertain, as the book describes, the bank might not know how much insurance is necessary and when it might need the insurance. Nor does it know the dynamics of the insurance plan as prices change in the market. That is why risk management is integrated into an optimization system where there always are tradeoffs between risk and return. To ignore risk considerations is inappropriate; to concentrate on risk is inappropriate. The boards of banks or corporations are responsible to understand and challenge the optimization problem. Likewise, modelers must also understand the economic tradeoffs. Prior to the financial crisis of 2008, many banks organized their risk management activities in line and not circle form. That is, the risk department was separate and below the production department. The risk management systems of the future must be designed such that the optimization problem is the center focus. This involves deciding on the level of capital employed not only for working capital, or physical investment capital, or human capital but also the amount of risk capital in deciding on the profitability of various business lines and how they coordinate with each other. Risk management involves measurement and model building. This book provides us with a description of many of the problems in building Foreword • xiii models and in providing the inputs to the models. But, once the senior management and the modelers understand the issues, they will change their focus and address the modeling and measurement issues. For example, there are three major problems in the model building/data provision or calibration of the model framework: (1) using historical data to calibrate the model, (2) assuming the spatial relationships will remain unchanged, such as how particular assets are grouped together into clusters or how clusters move together, and, (3) assuming that once the model is built and calibrated that others don’t reverse engineer the model and its calibration and game against those using the model. There are myriad examples and applications of each of these, or these in combination with each other in this book. For example, the rating agencies used historical data to calibrate the likelihood of declines in housing price such that homeowners would default on their mortgages. Unfortunately they used too short a time period and assumed incorrectly that the best prediction of the future would be provided from these short-period data inputs. They also assumed that homeowners default on their mortgages randomly, while ignoring the possibility that the independent clusters of possible mortgage defaults that they assumed existed would become one cluster during a crisis such as the 2008 financial crisis. Moreover, once they provided their ratings on complicated mortgage structured products, market participants reverse engineered how they rated mortgage products and gamed against them by putting lower and lower quality mortgages into structures to pass just the ratings level that they wanted to attain. These three lessons are pervasive in risk management and are illustrated brilliantly in one form or the other over and over again in this book. There are decisions that should be made, in part, proactively and decisions that should be made, in part, reactively. Risk management includes an understanding of how to plan to respond to changes in the opportunity set and to changes in the costs of adjusting assets and to financing activities. There is a value in planning for uncertainty. Ignoring risk might supply large short-term profits but at the expense of survivorship of the business, for not setting aside sufficient risk capital threatens survivorship of the business. And understanding includes evaluating the returns and risks of embedded and explicit options. xiv • Foreword All risk management systems require a careful combination of academic modeling and research with practical applications. Academic research highlighted in this book has made a major contribution to risk management techniques. Practice must be aware of the underlying assumptions of these models and in what situations they apply or don’t apply and adjust them accordingly. Practical applications include understanding data issues in providing inputs to these risk models and in calibrating them consistent with underlying economics. The 2008 crisis highlighted once again the importance of risk management. I believe that all board members must become as conversant in risk management as in return generation. That will become a prerequisite for board participation. This book highlights the importance of these issues. Myron S. Scholes, Frank E. Buck Professor of Finance, Emeritus, Stanford University Graduate School of Business; 1997 recipient of the Nobel Prize in Economics November, 2013 INTRODUCTION TO THE SECOND EDITION: REFORMING RISK MANAGEMENT FOR THE POST-CRISIS ERA Half a dozen years and more have passed since the start of the global financial crisis of 2007–2009,1 and even the European sovereign debt crisis of 2010 is fading into history. In neither case can we be sure that the crises are fully resolved, and their aftershocks and ramifications continue to shape our world. However, enough time may have elapsed for us to absorb the main lessons of the crisis years and to begin to understand the implications of the still unfolding reforms of the world’s financial industries. In this new edition of The Essentials of Risk Management, we have revisited each chapter in light of what has been learned from risk management failures during the crisis years, and in this Introduction we pick out key trends in risk management since we published the first edition in 2006. However, we have also tried to prevent the book as a whole from becoming too dominated by the extraordinary events of 2007–2009 and the immediate succeeding years. Some of the lessons learned in those years were lessons that earlier crises had already taught risk managers, and that Throughout this book, we’ve used the phrase “financial crisis of 2007–2009” to define, reasonably precisely, the banking and financial system crisis of that period. Others choose to use the term “global financial crisis,” or GFC. 1 xv xvi • Introduction to the Second Edition were covered in some detail in the first edition of the book—even if some firms found it hard to put them into practice. The crisis years also spawned a series of fundamental reforms of the regulation of financial institutions, and one thing we can be sure of in risk management is that major structural change creates new business environments, which in turn transform business behavior and risk. One of the curses of risk management is that it perennially tries to micromanage the last crisis rather than applying the first principles of risk management to forestall the next—a trap we have tried to avoid. We hope this book contributes to the attempt to strengthen the overall framework of risk management by encouraging the right mix of theoretical expertise, knowledge of recent and past events, and curiosity about what might be driving risk trends today. *** The financial crisis that started in the summer of 2007 was the culmination of an exceptional boom in credit growth and leverage in the financial system that had been building since the previous credit crisis in 2001–2002, stimulated by an accommodative monetary policy. The boom was fed by an extended period of benign economic and financial conditions, including low real interest rates and abundant liquidity, which encouraged borrowers, investors, and intermediaries to increase their exposure in terms of risk and leverage. The boom years were also marked by a wave of financial innovations related to securitization, which expanded the capacity of the financial system to generate credit assets but outpaced its capacity to manage the associated risks.2 The crisis uncovered major fault lines in business practices and market dynamics: failures of risk management and poorly aligned compensation systems in financial institutions, failures of transparency and disclosure, and many more. In the years following the crisis, many areas of weakness have begun to be addressed through regulation and from the very top of financial institutions (the board of directors and the management committee) down to business line practices, including the misalignment of incentives between the business and its shareholders, bondholders, and investors. Below, we Securitization and structured credit products are discussed in Chapter 12. 2 Introduction to the Second Edition • xvii summarize some of the major problem areas uncovered by the global financial crisis; the rest of the book addresses these issues in more detail. Governance and Risk Culture Risk management has many different components, but the essence of what went wrong in the run-up to the 2007–2009 financial crisis had more to do with the lack of solid corporate governance structures for risk management than with the technical deficiencies of risk measurement and stress testing. In the boom period, risk management was marginalized in many financial institutions. The focus on deal flow, business volume, earnings, and compensation schemes drove firms increasingly to treat risk management as a source of information, not as an integral part of business decision making. Decisions were taken on risk positions without the debate that needed to happen. To some degree, this is a matter of risk culture, but it also has to do with governance structures inside organizations: • The role of the board must be strengthened. Strengthening board oversight of risk does not diminish the fundamental responsibility of management for the risk management process. Instead, it should make sure that risk management receives some enhanced attention in terms of oversight and, hopefully, a longer-term and wider perspective. Chapter 4 on corporate governance elaborates on the role and obligations of the board. • Risk officers must be re-empowered. Some firms distinguish between a “risk control” function, responsible for quantitative measures, and a “risk management” function, which has a more strategic focus. Either way, it is no longer appropriate for risk management to be only an “after the fact” monitoring function. It needs to be included in the development of the firm’s strategy and business model. Chief risk officers (CROs) should not be just risk managers but also proactive risk strategists. With the strength of regulators and an angry public behind them, risk managers presently wield some clout. The trick will be to make sure this lasts in periods of recovery (or growing corporate frustration with unexciting returns). Chapter 4 elaborates on the role of the CRO in a best-practice institution. xviii • Introduction to the Second Edition Inadequate Execution of the Originate-to-Distribute Business Model One common view is that the crisis was caused by the originate-todistribute (OTD) model of securitization, through which lower quality loans were transformed into highly rated securities. To some extent, this characterization is unfortunately true. The OTD model of securitization reduced incentives for the originator of the loan to monitor the creditworthiness of the borrower, because the originator had little or no skin in the game. In the securitization food chain for U.S. mortgages, intermediaries in the chain made fees while transferring credit into an investment product with such an opaque structure that even the most sophisticated investors had no real idea what they were holding. Although the pre-crisis OTD model of securitization, and its lack of checks and balances, was clearly an important factor, the huge losses that affected banks, especially investment banks, mainly occurred because financial institutions did not follow the business model of securitization. Rather than acting as intermediaries by transferring the risk from mortgage lenders to capital market investors, these institutions themselves took on the role of investors. Chapter 12 elaborates on this issue. Poor Underwriting Standards The OTD model generated a huge demand for loans to feed the securitization machine, and this in itself contributed to a lowering of underwriting standards. But benign macroeconomic conditions and low default rates also gave rise to complacency and an erosion of sound practices in the world’s financial industries. Across a range of credit segments, business volumes grew much more quickly than investment in the supporting infrastructure of controls and documentation. The demand for high-yielding assets encouraged a loosening of credit standards and, particularly in the U.S. subprime mortgage market, not just lax but fraudulent practices proliferated from late 2004. Chapter 9 elaborates further on the issue of retail risk management. Introduction to the Second Edition • xix Shortcomings in Firms’ Risk Management Practices The crisis highlighted the risk of model error when making risk assessments. The risk control/risk management function must become more transparent about the limitations of risk metrics and models used to make important decisions in the firm. Models are powerful tools, but they necessarily involve simplifications and assumptions; they must be approached critically and with a heavy dash of expert judgment. When risk metrics, models, and ratings become ends in themselves, they become obstacles to true risk identification. This applies also to the post-crisis rash of new models and risk assessment procedures. Chapter 15 analyzes the problems associated with model risk. • Stress testing and scenario analysis. Stress testing, discussed in Chapter 16, is now a formal requirement of Basel III and the Dodd-Frank Act and has become a much more prominent part of the risk manager’s toolkit. Properly applied, stress testing is a critical diagnostic and risk identification tool, but it can be counterproductive if it becomes too mechanical or consumes resources unproductively. It is important to approach stress testing as one aspect of a multifaceted risk analysis program. In particular, stress testing must be carefully designed to gauge the business strengths and weaknesses of each individual firm; it cannot follow a “one size fits all” approach. Firms need to ensure that stress testing methodologies and policies are consistently applied throughout the firm, take into account multiple risk factors, and adequately deal with correlations between risk factors. Results must have a meaningful impact on business decisions. • Concentration risk. Firms need to improve their firmwide management of concentration risks, embracing not only large risks from individual borrowers but also concentrations in sectors, geographic regions, economic factors, counterparties, and financial guarantors. For example, a concentrated exposure to one (exotic) product can give rise to major losses during a market shock if liquidity dries up and it becomes impossible to rebalance a hedging position in a timely fashion. xx • Introduction to the Second Edition • Counterparty credit risk. The subprime crisis highlighted several shortcomings of over-the-counter (OTC) trading in credit derivatives, most notably the treatment of counterparty credit risk. The primary issue is that collateral and margin requirements are set bilaterally in OTC trading and do not take account of the risk imposed on the rest of the system (e.g., as experienced following the failures of Lehman Brothers and the quasi-bankruptcies of Bear Stearns, AIG, and others). Counterparty credit risk is discussed in Chapter 13. Overreliance on Misleading Ratings from Rating Agencies Credit rating agencies were at the center of the 2007–2009 crisis, as many investors had relied on their ratings to assess the risk of mortgage bonds, asset-backed commercial paper issued by structured investment vehicles, and the monolines that insured municipal bonds and structured credit products. Money market funds are restricted to investing in AAA-rated assets, while pension funds and municipalities are restricted to investing in investment-grade assets.3 In the low interest rate environment of the period before the crisis, many of these conservative investors invested in assets that were complex and contained exposure to subprime assets, mainly because these instruments were given an investment-grade rating or higher while promising a yield above that of traditional assets, such as corporate and Treasury bonds, with an equivalent rating. Chapter 10 discusses ratings and the controversial role of the rating agencies. Poor Investor Due Diligence Many investors placed excessive reliance on credit ratings, neither questioning the methodologies of the credit rating agencies nor fully understanding the risk characteristics of rated products. Also, many investors Most of the US$2.5 trillion sitting in money market funds is traditionally invested in such assets as U.S. Treasury bills, certificates of deposit, and short-term commercial debt. 3 Introduction to the Second Edition • xxi erroneously took comfort from the belief that insurance companies conducted a thorough investigation into the assets they insured.4 Going forward, institutional investors will have to upgrade their risk infrastructure in order to assess risk independently of external rating agencies. If institutions are not willing or able to do this, they should probably refrain from investing in complex structured products. For U.S. retail investors who lack the knowledge and the tools to evaluate and make decisions about financial products, the Dodd-Frank Act creates the Bureau of Consumer Financial Protection (BCFP) as an independent bureau
Collepals.com Plagiarism Free Papers
Are you looking for custom essay writing service or even dissertation writing services? Just request for our write my paper service, and we'll match you with the best essay writer in your subject! With an exceptional team of professional academic experts in a wide range of subjects, we can guarantee you an unrivaled quality of custom-written papers.
Get ZERO PLAGIARISM, HUMAN WRITTEN ESSAYS
Why Hire Collepals.com writers to do your paper?
Quality- We are experienced and have access to ample research materials.
We write plagiarism Free Content
Confidential- We never share or sell your personal information to third parties.
Support-Chat with us today! We are always waiting to answer all your questions.