Friday, January 16, 2009

A Regulatory Approach to Risk Management

There is not much mystery about how banks ended up in such a mess. It was not the malfunction of sophisticated risk models, nor was it a “100-year flood” event that swamped risk controls that would have been adequate in normal times. It was simply a huge and unrelenting build up of inventory in illiquid and often complex securities. A build-up that was there to be seen and corrected.

There was nothing tricky in fixing this problem before it got out of hand. When you are seeing the inventory of complex structured products grow from a few billion dollars to ten billion, then on their way to 20 or 30 or 40 billion, a natural question to ask in the course of the build-up is “why aren’t we selling any of this stuff”. And a natural answer to that question is “maybe we aren’t pricing it correctly”. Any risk manager with a fifth grade education will note that if the price of the inventory is off by just ten percent, that will mean a loss of billions of dollars, and so will propose selling some of the inventory, say a few billion dollars worth, and see the price at which it clears. At that point, the gig will be up.

So why didn’t this happen?

One hypotheses is asleep-at-the-switch incompetence by the risk mangers: they just missed the inventory build-up. But given the simplicity of the problem and the fact that any of these banks have hundreds of personnel in the risk management division, that’s hard to believe.

A second hypothesis is incompetence or poor incentives in senior management: the problem was passed up the chain of command and then ignored. This seems reasonable; there are, after all, tensions that pull against the in-house Cassandra. Senior management is reluctant to reduce risk because it means lowering earnings. And management gets backing for this from a powerful constituency, the traders who control the profit centers and make their money by taking risk. The traders are at loggerheads with the risk manager because of skewed incentives, the so-called “trader’s option” where if the firm wins they win while if the firm loses big time they miss their bonus for the year and head off to greener pastures. Indeed, senior management might be swayed by similar incentives.

Under this hypothesis the risk failure within the banks is organizational; it has to do with incentives, communication and plain old fashioned bureaucracy.

So how do you fix it?

The government needs to create a market risk management function with direct lines to the Chief Risk Officer of each financial institution. The CRO should be required to provide full risk information to the government risk authority. It sees whatever he sees. And it should go one step further, to require the CRO to notify the government risk authority of any risk concerns that have not been resolved by senior management. In essence, the CRO would have dotted-line reporting to his government counterparts. Think along the lines of the Sarbanes-Oxley Act, which requires the CEO to attest to internal controls and certify the accuracy of the financial statements.

As important as the specifics of the structure is the spirit with which the regulatory role is executed. For the CRO engaged in fulfilling his responsibilities, the government risk authority can act as his ombudsman, an outside voice with the power to get things done if his own voice is not being heard within the firm. The CEO is less likely to ignore risk concerns if he knows who might be making the next knock on his door. And if the CEO has a legitimate disagreement about the degree of risk, he might welcome the outside view.

For this to work, we need to change the mindset behind regulation. Marching in with a subpoena in one hand and a sixty page questionnaire in the other is not the way forward. Which means we also need a different type of regulatory staff. Some jobs cannot be done by SEC lawyers or career government workers. We need to entice market professionals into government service, market professionals who are on par with those in industry. It might cost some money to get them on board, but I bet the bill will be way south of a trillion dollars.


  1. This won't be on-topic, but just wanted to say I'm glad you're posting more frequently this year so far. Thanks!

  2. Given the scenario you described I don't see how your proposal could solve the bureaucratic and institutional problems.

    You suggest that competent risk managers must have detected the growing risk, but that the incentives within the banks are such that the risk managers will be ignored/overruled.

    Providing dotted-line reporting to a government entity doesn't change the calculus of a risk manager: He still wants to sound an alarm about every possible problem, but he doesn't want to push any of them too hard because he might piss off the guys in power, and everyone knows that you don't take money without taking risk. He also enjoys something of a "trader's option" in that he enjoys a piece of the action when times are good, and when they blow up he loses his bonus and moves on (and if he is any good he'll have a copy of the memo in which he warned about the risk that finally hit).

    Of course, the risk-takers are constantly getting memos from the risk manager so they pretty much ignore him -- and justifiably so since his incentive is primarily to cover his ass.

    What's a government risk management group going to contribute here? Maybe its bigger picture will allow it to see something that none of the firm-level risk managers can see. But otherwise it's just in the business of echoing the warnings of the company risk managers. Its actions can only go one of two ways:

    1. It quickly realizes that private enterprises don't like toothless regulators telling them what to do anymore than they like toothless risk managers telling them what to do.

    2. It decides to put some teeth in its warnings, at which point it becomes another juicy political plum, ripe for rewarding special interests or stroking the egos of bureaucrats who crave power.

    In the former case, it adds nothing. In the latter case it becomes as destructive as every other government regulator run amok.

  3. Rick, the solution to the incentive problem requires a change in our corporate laws.

    The Chief Risk Officer is legally adverse in interest with the rest of the other Officers.

    Current corporate law doesn't recognize and allow for this.

  4. I don't really agree with the argument. Asset bubbles are created by flawed beliefs in easy money to be had either supported by quantitive models or faulty thinking "grey matter" models. Bubbles arrive when a single source or meme becomes the arbiter of truth be it an acronym like BRIC or the AAA ratings handed down from NRSRO ministry of truth, which is then used to game the Tier 1 capital regime.
    I prefer an environment with multiple capricious participants and evaluators who constantly change opinions and faith in one another positions.
    No risk CRO at the federal level is going to want to burst the bubble. Politically it won't happen and if it does, the regulator would get the blame for bursting a small bubble. The correct argument that he/she prevented a large bubble would hold little sway in a political town. I prefer a smaller "less" efficient capital system with wary participants who have no Central authority or mandated ratings agencies to FOB their due diligence and responsibility on. Fear and uncertainty among all participants are a better Tobin tax proxy than a regulator who eventually would be politicized and propogate a bigger bubble. Basel 2's reliance on a various mean variance risk frameworks will be the systemic cause of the largest bubble we have ever seen. It will be about 7-10 years from now, but could really be something. The pursuit of financial efficiency via uniform risk frameworks only leads to lax diligence among participants. Take fear out of the system and blind excess will follow.
    A safer system is red in tooth and claw with a fearful eye, not a lapdog trying to fool a single bureaucratic entity into giving it a "pass". Better have a "system" based on divergence of opinions than one designed for participants to game a single arbiter of truth.

  5. PS rick, I enjoyed your book and think your contributions to the debate about risk are very useful.

  6. Rick:

    First, let me add my happiness that you are posting regularly again. You are a recognized expert in this field and your thoughts are important to getting us out of this mess.

    As far as your specific suggestion, I think it has general merit.

    I am under the impression that risk managers have less power over portfolio management than the managers themselves, particularly in markets that are performing well. I am also under the impression that the inventory buildup was considered strategic by the portfolio managers who believed that the value of the holdings exceeded the prices available in the market.

    The existing regulatory system relies heavily on external auditors with accounting standards and auditing standards that have evolved over the years. External audits may have lost some of their credibility after Enron and Worldcom, but they still provide some comfort that financial statements are presented fairly.

    Perhaps, as we build an updated regulatory system, an independent external professional body will be created and empowered to provide consistent risk assessments to managements, investors, and the Government.

    Does something like that sound feasible to you?



  7. Regarding Larry's comment, see my previous post. It is true that risk managers do not have the authority in fact to make decisions. They can monitor and report, but when they think something is wrong, the CRO is one voice within the firm. And that is reasonable. After all they are no more knowledgeable than others. But they are the only ones who have an incentive that is not aligned with the traders. The point of having an ombudsman role in the government is to provide them with more support and authority.

    I agree in principle with ngogerty that, if I am reflecting his view correctly, there is risk in having one authority with one viewpoint. But this can be mitigated to some extent if there is dialogue between this authority and the CROs, and if the government risk management function is run in an open way, as opposed to having a single person who thinks he has all the answers. But, yes, it still is not ideal.

  8. I have to disagree this time, Rick. Why do you think we had the build up of such complex products in the first place? Because adding trades to the inventory is adding to the PL. Bonuses are a funcion of PL. Nobody will do anything unless they can show accounting PL on it before year end at most. In other words, you are allowed to recognize profit on each new trade on day one, and get paid a lot for it. Profit should be recognized after it is earned, and truth is we can never ever earn an amount equivalent to those supposedly mark to mrket valuations. So the first thing is to fix the way we account for profits. Currently the build up of inventory is not perceived as a problem as long as some amount, no matter how tiny, trades around your current valuation or higher. The book is "making money" (the hell it is in reality), no risk manager will have the power to stop it or will ever be rewarded for having done so. Everybody seems to think that mark to market means (last price) x (size of your inventory), no matter how large the inventory, which is fundamentally wrong. So the main problem is accounting, I can not stress this enough.

  9. The point you bring up about accounting is not really an accounting problem, it is simply that no one wants to reign in those who are making money. And the reason they don't is that they are not looking at the total picture -- they see the revenue, but not the risk. Or they see the risk, but don't care, because they will have banked their bonuses by the time those risks are realized -- if indeed they do become realized. If I were to focus on accounting, it would be the problems of mark to market accounting. I have discussed that in earlier posts. (Changing mark to market accounting, by the way, does not mean not allowing transparency. There are ways that investors can understand the exposures held by the bank without those also being priced based on where the last trade occurred).

  10. thanks for the reply, Rick, I am honored. not sure if you are in touch with what is happening in the banking world these days. just in case you are not, let me tell you how it works, I am still in the middle of it. the easiest way to generate PL and get million dollar bonuses was structured products/exotics (the party is over now, for a while). you declare PL the instant you enter a new exotic deal. think about it, where is the economic performance here? 20y or 30y callable/KO structure that potentially stays on the book for many years, and you take PL the second you put the trade on (very much like subprime stuff). how stupid is that? unless you can sell it immediately for that value (no way not even in the good days) all you can to do is try to earn it slowly over the years from vanilla hedges. now isn't it common sense to earn the money first and then show the profit and get the million dollar bonus? would a brick and mortar company ever be allowed to show profit now for 20 years of hypothetical future revenues? anyway, this is why the inventory is so big now, deals were added to feed the bonus paying machine. I know ift for a fact, I am one of the beneficiaries... so accountants should have said NO, earn it first boys.

  11. Anon. 1:48pm is on the mark about how you count what you count.

    There's another issue to do with career paths not addressed here. The government risk authority is not one person, it's a bureau. Members of that bureau will move back and forth into and from the firms they regulate. They will only be restrained in their "slanting" of information to benefit the firms' short-term apparent interests by long-term concerns -- which they are likely to feel can be 'externalized' (left for others to handle after they've got theirs.)

  12. For a debunking of the idea of good regulation please read:

    Bad Regulation Drives Out Good

  13. I found this site using [url=][/url] And i want to thank you for your work. You have done really very good site. Great work, great site! Thank you!

    Sorry for offtopic