The paradox of risk regulation and risk management

Regulation of liabilities and assets

In past articles we have looked at some of the aspects of risk-management, looking at the weakness of Basel 2 (non-definition of capital) and lack of a frame-work to assure liquidity adequacy. Here we look at the way in which the crisis has illuminated the way in the regulation of risks for liabilities and assets affected the behaviour of depositors and management in banks.

Risk regulation and risk management

The fallout from the financial crisis continues to occupy governments and bank regulators and to fill pages of news and comment. Much the comment is very emotional with feelings focussing on taxpayers’ anger at financing government support of banks, while the managers and employees in these banks are considered to be profiting disproportionately from this support. There is also an incendiary debate about the responsibility for the crisis, with many depositors maintaining that regulatory approval of banks means that the government has not only confirmed that a bank conforms to existing rules, but also that the government implicitly accepts responsibility for depositors’ risks.

It is a widely accepted view that government support of depositor insurance is a moral obligation and not only a contractual requirement or a political necessity. De facto, governments have responded to these expectations.

Historically, the question of depositor protection has always been at the centre of bank regulation. Minimum reserve ratios were introduced to protect bank clients from overly ambitious bank mangers jeopardizing their clients’ deposits. When all cash in circulation was underpinned one to one by gold, this was not necessary, but the advent of fractional banking and several subsequent bank disasters lead to the introduction of a regulatory framework, of which the minimum reserve ratio was the key element.

Regulating depositor expectations

Reserve ratios oblige banks to maintain sufficient funds against a public loss of confidence in a bank. The core element of a reserve ratio is to ensure that the bank can always pay out depositor withdrawals. This avoids a loss of confidence which would cause subsequent massive withdrawals, forcing the bank to recall loans or close.

Depositor risk may also be regulated directly, by the existence of a deposit insurance scheme. Schemes of this sort exist in many countries and are mandatory for banks with retail clients in the EU and EEA. Depositor protection is generally the main vector of bank regulation. Both reserve schemes and minimum reserve ratios originally aimed to protect retail depositors. They also have secondary implications, however. These may be important for the other main vector of bank regulation : namely financial market stability.

Shareholder protection on the other hand, is not usually an issue close to the hearts of government regulators (except in the case of nationalized banks).

Reserve requirements as a macro management tool

Reserve ratios influence the multiplier effect of monetary policy. If we only look at cash ratios and M1 growth, then the impact is fairly straight forward. In fact reserve ratios may be defined in a range of more or less liquid instruments and deposits may be closer or further from being actual call deposits. However, these are problems of measurement : These are important for the regulation of bank liquidity, but less so for the management of asset allocation.

In fact reserve ratios rarely change. Instead central banks regulate the price paid for reserves as one of the key interest rates managed as part of monetary policy, acting on the reserve ratio via multiplier effect. (The other rates are the refinancing rates charged for refinancing operations by the central bank). These tools are used to try to steer the banking system (and the economy) to try to avoid inflation and/or boom-bust cycles. In a large sense, this is depositor protection, as this is a key tool in inflation control- arguably the biggest threat to deposits…

With respect to depositors at a specific bank the price of central bank money to the banking system offers no protection for their deposits. Depositor risk is indirectly managed via the capital adequacy ratio, as this ultimately limits the volume and types of assets held.

Deposit insurance schemes

These are effectively risk managements schemes functioning on behalf of retail depositors. Generally they are only available only up to a defined maximum amount, and they are intended to help individual depositors avoid hardship in the case of a bank failure. Events around the collapse of Icesave in the UK and the Netherlands and comments made by depositors make it clear that the cover of various deposit insurance schemes (bank and insurance in the UK, though the latter was not implemented) were important factors in retail clients’ choice of this bank for their deposits.

As with all insurance, there is a degree of moral risk involved. There were various comments from retail clients that rates offered by Icesave were “too good to be true”, but despite this, deposits were placed, in the knowledge that they were insured. In other words, the existence of depositor insurance changes the behaviour of depositors and makes riskier, high interest deposits an acceptable proposition. Decisions on personal risk management are linked to the existence of (free) deposit insurance.

Deposit insurance schemes do not generally cover corporate and public depositors. Regulators assume that corporate and public entities managing large volumes of deposits are capable of assessing the quality of their banks. In fact, this does not correspond to experience. In the fall-out of Icesave, we have seen that public depositors in the UK and the Netherlands took few steps to verify the solidity of their deposit-taker. There appears to have been an assumption of immunity from loss on the part of public entity clients. This may be due to an assumption of central government backing as a last resort for municipal depositors, or it may be due to the distance of decision takers from risk management processes which are standard in commercial finance. (This is reminiscent of the junk-bond market collapse at the time of the previous Lehman disaster, implicating Orange County and CalSTRS). The moral risk here seems to be that of torpidity.

Macro implications of deposit insurance

In short, anecdotal evidence shows that deposit insurance (whether actual or assumed) do not seem to encourage risk management at the depositor level. This is not a trivial issue.

Firstly, the mechanics regulating market behaviour are dissociated. We would normally expect a high reward to be associated with a high risk. This regulating factor of fear and greed are essential to the normal functioning of a financial market. Dissociating this mechanism will reduce the apparent risk of obtaining a higher reward.

Secondly, deposit insurance schemes are mandatory in the EU and EEA. They are intended as a micro management tool of risks of one institute, but they have macro implications beyond this. Unravelling the mess of Icesave has put 3 EEA members seriously at odds with each other. We appear to be close to seeing one country (UK) preferring to see the potential default of another country (Iceland) rather than forgoing the payout for depositor insurance to retail clients.

Risk management as a management tool

The crisis has also illustrated the paradox of the notion that tools used to report risks to bank regulators are suitable and adequate as risk management tools. Commentators have pointed out in the past that banks have been obliged to invest more in risk-management than before. Many consultants have been engaged in projects to realise risk-management and risk reporting as banks struggled to meet new requirements.

The tighter risk management regulations have evidently failed to avert the worst type of crisis. The 2 key measures in risk reporting are the value at risk and stress testing.

Risk reporting

Risk reporting is an obligatory activity, permitting regulators and clients to assess how a credit institute has been managed in a previous period using standardized parameters.

Value at risk and stress testing

Risk reporting is built around two notions : defining the amount by which an incremental market price shift would impact portfolio value ; defining the cost in terms of portfolio value of a shift of market prices in certain historical parameters.

The value at risk is the amount that could be lost on bank positions if market values move adversely by a certain amount. It is a summary value of potentially complex combinations of positions and hedges. The tacit assumption is that positions could actually be closed at something close to these values if needed : i.e. that the required markets provide continuous liquidity for sufficient amounts to execute transactions to close all positions.

There are a couple of problems with the assumption : There is no measure of the delay to close positions. If all market participants hold similar positions and try to execute closing trades at the same time (presumably they are all using similar models), then market liquidity in sufficient depth to close positions will not be available at anything like the prices used to calculate VaR. In fact the actual VaR is likely to differ between markets and over time depending on the number and concentration of volumes among participants in a certain market and the distribution and convergence of open positions. Some existing positions may cease to exist as some counterparties become illiquid and cannot honour contracts and portfolio items may have to be entirely written off.

The occurrence of a serious market dislocation is measured and reported separately. This falls into the realm of stress testing. In a stress test, the VaR parameters are stretched to the maximum relevant historic experience. We now know that the relevant experience can be outside existing historical parameters. As a way of monitoring reporting and control procedures, ex post, this is fine. As a way of conducting risk management the methodology is akin to exclusively using the rear-view mirror for driving on the Autobahn. Also stress testing does not take account discontinuous events, where certain market counterparties or indeed certain markets cease to exist.

Risk management

Risk management is a fundamentally different activity to risk-reporting. It provides an assessment of future risks, which together with profit projections from business permit informed analysis of risk/return ratios. This gives management a basis for decision making to maximize shareholder value.

The risks analysed will be specific to the product types and to their respective market environments. Managing this risk is an internal process and the models and analysis used cannot be defined by regulators, who have no responsibility for shareholder value. The characteristics of the market (or markets if we are looking at composite products) need to be understood when assessing risks. The size and distribution of market participants at a wholesale and retail level need to be understood in order to gauge the breadth and depth of the market. The size and concentration of positions held by these participants and the way they interact with each other and with exogenous events must be anticipated and evaluated. These will be the key factors if a bank must significantly reduce market exposure.

In a trading environment, banks are dependent on liquid markets to close or turn positions. This can be a risky business, as exogenous factors can seriously compromise market liquidity, leaving banks with unwanted positions or business lines that they cannot close immediately. At the level of a wholesale market participant handling large positions and high volumes, the question of market liquidity is obviously essential and it will impact business every day. At the level of a bank retailing products to corporate and institutional clients, the bank must assure access to markets via a sufficiently wide selection of stable wholesale counterparties. Risk management must provide management with the information needed to decide on transactions (both existing and future) in the markets covered.

Management must balance the information received on activities to maximize the risk-reward ratio within the parameters agreed with shareholders in the most advantageous locations. Risk-management must provide the qualified input on risk for these decisions, along with tax and legal advisors and of course the business side, who will provide input on the other decisive aspects.

Outside the (very) small circle of (still) profitable investment banks, a large number of public, commercial banks, retail banks and some less successful investment banks had a rough time over the last 2 years. Many of the loss making activities were a direct result of engaging in potentially very profitable business lines (with products originated by investment banks) where markets turned sour and bank management did not want to or could not close positions in risky assets or with shakey counterparties fast enough.

Failure of risk management

In many banks there has evidently been a notable failure of risk management. Either risk management :

• Could not identify the risks (because they did not possess sufficient qualified analysts for the markets and transaction types involved ?)

• Was not consulted in the transaction management process early enough, to advise abandoning products which were becoming untenable or to not enter certain product lines at all.

• Provided correct analysis in a timely manner, but was not understood by management.

While risk reporting must cover 2 distinct cases : daily reporting and stress testing with fixed or limited parameters, risk management cannot be subject to such a distinction. Bank risk management is faced with a reality which does not conform to fixed or historic parameters. Positions and transactions analysed will display a certain delta and a certain gamma and a risk of discontinuity on those curves. This reality of risk from both price change and market dysfunction must be reflected in risk management analysis, if this is to give a real image of the risk profile for bank business.

Interestingly, the seriousness of the current banking crisis seems to indicate that tighter regulatory requirements for reporting risk positions and investment of banks in dedicated risk departments have not made much impact on raising the effectiveness of bank risk management. In the end the banking crisis was a credit crisis, where assets held by a bank lost value and could not be liquidated due to a default by the underlying borrowers or the expectation of such a default. These events are hard to handle In terms of the risk–evaluation typically done in the risk department, where only small incremental changes in value are analysed. This is especially so in the context of a systemic banking crisis. Yet this is surely the fundamental risk questions to be answered in terms of promoting (or protecting) shareholder-value : What positions can be held in which markets with which counterparties and how much it will cost to close out all the positions in one market or with one counterparty.

We must assume either that the maths were wrong in the models used in many banks or there was a lack of coherence in many institutions between restrictive lending decisions (avoiding lending in certain kinds of markets- low quality retail real-estate lending, for example) and more liberal attitudes towards purchases of high yielding real-estate securities, backed by portfolios including exactly the kind of assets the credit policy decided to avoid. These are of course not exclusive. It is possible that risk management departments failed to identify risks and there was a failure to match risk policies in different business areas to develop a consistent risk profile.