Monday, January 12, 2009

The Regulator as Risk Manager versus Risk Monitor

I have recommended in various forums that we need a government-level market risk manager. (See my House testimony (October, 2007) and Senate testimony (June, 2008), both linked via posts in this blog, and the Preface for the paperback edition of A Demon of Our Own Design). Such a role has also been recommended by the Treasury in the form of a market stability regulator.

I was discussing this idea yesterday with a colleague in government, and he mentioned that one concern for such a role is the potential for a concentration of power. Risk taking is at the center of the financial industry, and whether it is the Federal Reserve, Treasury or SEC, the ability to dictate risk limits puts this role in the position of controlling the industry’s profitability.

To answer this concern, it is useful to make a distinction between risk management and risk monitoring. In the financial industry, be it in hedge funds or in banks, what is called risk management is really a risk monitoring function. The risk management team, headed by the Chief Risk Officer, oversees the aggregation and analysis of exposures. But it does not make decisions on the appropriate risk appetite for the firm, and it does not unilaterally set the risk limits or otherwise force the risk takers to hedge or reduce their positions. If the CRO thinks action is needed, the baton is passed up the chain of command to the firm’s decision makers. This might be the head of the trading division, the CFO, the CEO, or a risk management committee with these as its members. The decisions of how much risk to take, the limits to set, when to make exceptions all are made at this level.

A similar structure could exist for the risk management role within the government. The role of risk manager would be staffed by technocrats, in the positive sense of that word, who would develop systems to acquire the necessary risk information from the institutions, analyze that data and determine if new areas of risk are emerging. They would connect with their industry counterparts, the CROs of the various institutions, to understand areas of concern, to help identify common or emerging risks, and to constantly refine the risk management process. If a market crisis did occur, they would have all of the data at their disposal to revisit the risks to monitor and the limits to set. Think in terms of what the NTSB does when there are airplane accidents. All of this would lead to recommendations to a decision making committee, perhaps a subcommittee of the House or the Senate.

Don’t worry about too much back and forth with the decision makers. On a practical level, it would be rare for the government risk manager make one-off suggestions that this or that bank lower its risk beyond the risk targets that have already been established. More likely, the government risk manager would see that a number of banks are starting down a particular path, building up exposure to a new market or diving into a particular structured product space, and recognize that, while each bank’s actions might be reasonable on a stand-alone basis, there is too much concentration and potential systemic effect once the exposure is aggregated across the banks.

And, by the way, no one can make such an observation in our current regulatory structure.

1 comment:

  1. Risk Czar....Unified approaches to risk management accelerate it. The NRSRO monopoly for the ratings agencies didn't exactly produce sunshine. I argue for the elimination of risk oversight and mandated risk frameworks. give me multiple models with wildly diverging opinions instead of a unified system which is "believed" and then gamed SIV/CDO style. give me the Post model world.