There have been calls for financial services firms to dramatically improve their risk management capabilities since 2008, when the world learned how sorely lacking they were. Since then, there has been plenty of discussion about risk and even claims that risk management’s importance has been elevated. Risk managers, say commentators, garner much more respect than before and senior managers are more likely to listen to their concerns.
That is only partially true. While risk management is slowly gaining more importance in financial services, it is also clear that not all firms are created equal when it comes to managing risk.
Soon, firms may have little choice about whether they are going to invest in risk management. The Basel III Capital Accords have gone a long way toward regulating risk by requiring banks to step up their risk management practices and be able to report their findings to the regulators.
Risk Data Challenges
In September 2012, the Bank for International Settlements (BIS) published its principles for effective risk data aggregation and risk reporting, which set out specific guidelines in an effort to strengthen risk management at banks. “A bank should be able to capture and aggregate all material risk data across the banking group,” the report states. “Data should be available by business line, legal entity, asset type, industry, region and other groupings.”
Implementing these principles was a key task for the first half of 2013. The Basel Committee for Banking Supervision (BCBS) and national regulators first had to prepare themselves, and the global systemically important banks (G-SIBs) they supervise, for intensive risk data and reporting self-assessments, which began in June.
A big challenge for the remainder of 2013 will be for firms to improve their effectiveness in risk-data gathering and reporting using the BIS principles. The BCBS has issued a questionnaire to be used by national regulators to review G-SIBs’ risk data aggregation and risk reporting self-assessments. The questionnaire helps judge whether banks’ risk data set-ups are world class, need improvement, materially non-compliant or fail outright.
Currently, many firms have difficulty producing complete and accurate regulatory reporting program data in the time envisaged. Some of the G-SIBs that will be going through this self-assessment exercise have grown through acquisitions but have failed to fully integrate their front- and back-end IT systems. That is a big part of what is impeding their ability to turn around complete and accurate risk management information.
Greater Scrutiny of Risk Models
Scrutiny of banks’ risk models has increased. For example, late last year, the U.K. Financial Services Authority (FSA) began examining the books of large U.K. banks looking for signs that they have been low-balling their potential losses and holding insufficient capital against them. The Financial Policy Committee, the new stability regulator, also stated that it suspects banks’ risk-weighted models are too optimistic.
Large banks use their own internal models to measure risk and sometimes these models do not tell the whole story. Take the recent reports that Deutsche Bank is under investigation by German financial regulators seeking to determine whether it altered its internal models to hide $12 billion in losses back in 2008. Regulators are onto that kind of behavior. They want to make sure firms’ risk models are not making them look stronger than they really are.
This issue of doctoring internal risk models has become more pronounced in recent months. Banks in the United States and Europe have accused their competitors of rigging risk models to create a rosier picture of the riskiness of the assets they hold so that they will be able to meet more stringent capital requirements. Regulators on both sides of the Atlantic are wise to banks’ latest ploy, however, and are taking measures to prevent them from fiddling with their internal models. For example, the European Banking Authority (EBA) has put a lower limit on how low risk weightings can go when calculating the 9% capital requirement.
Regulators are unlikely to return to a Basel I-style standardized approach for risk measurement, but already they are taking steps to improve transparency between financial institutions’ risk models. In the future, regulators will take steps to increase governance around risk modeling practices and will become more prescriptive about the parameters or assumptions model makers use to build models.
In January, the BCBS published its “Analysis of Risk-weighted Assets for Market Risk,” which examined the calculation of risk-weighted assets in banks’ trading books. It found that current risk disclosures were opaque and modeling practices were the primary driver of variability in the risk weightings for trading books. The analysis revealed that the bulk of the variation could be attributed to a relatively small set of modeling choices.
At the same time, the committee has appointed a task force to look into the question of the simplicity and comparability of the regulatory framework. Wayne Byres, secretary general of the BCBS told regulators in Seoul, Korea in February, “This task force has not been looking at specific issues of detail, but instead is approaching the issue from a more conceptual perspective: what is the optimal trade-off between simplicity, risk-sensitivity and comparability?”
Part of the task force’s remit will be to suggest reforms to firms’ modeling practices with a view to making them more “robust and consistent.” The BCBS has also raised the possibility of simplifying some of the Basel III rules as part of its effort to strike an appropriate balance between simplicity, comparability and risk sensitivity.
In February, the EBA published its own interim report on the variation in risk-weighted asset calculations in banks’ books. This paper reignited the discussion around whether banks aremanipulating their risk measurement models to lessen capital requirements. It showed that some models allowed banks to hold 70% less capital than their competitors.
Lastly, the U.S. Senate’s recent report on the losses incurred by JP Morgan’s so-called “London whale” underscored problems with model manipulation. The report outlines how JP Morgan changed the value-at-risk (VaR) model for its Chief Investment Office and did not disclose the changes to its regulator. “The change in the VaR methodology effectively masked the significant changes in the portfolio,” alleges the report.
The Senate report recommends, among other things, that: “To prevent model manipulation, federal regulators should require disclosure of, and investigate, any risk or capital evaluation model which, when activated, materially lowers the purported risk or regulatory capital requirements for a trading activity or portfolio.” In effect, then, regulators should be increasing their supervision of firms’ risk models.
Separately, the U.S. Treasury, through the Office of the Comptroller of the Currency, issued its supervisory guidance on model risk management in April 2011. This guidance requires banks to ensure that their models are subject to “effective challenge.” The U.K. and Europe have yet to follow suit with specific guidance in this area. But the issue of model risk is high on the agenda.