Question

Risk management and regulation after the 2008 Financial Crisis
Each study group is assigned to a bank as follows and reponsible for summarizing
their risk management policies. Your group number can be found in the attached
list.
Group Bank
1 Goldman Sachs
2 UBS
3 JP Morgan Chase
4 Citigroup
5 Barclays Capital
6 Morgan Stanley
7 Deutsche Bank
8 Bank of America
9 BNP Paribas
10 Credit Suisse
Download their 2009 and most recent annual reports (10-K for US firms and
20-F or 6-K for foreign firms) from SEC’s website (https://www.sec.gov/edgar/searchedgar/companysearch.html).
Write an essay describing the approach of the bank is following for risk management.
In particular, describe how it computes the various risk measures to
respect the Basel regulations.

Answer 1

Banking risks: features and evaluation methods

Integrated financial management and risk management create conditions for developing the technological base of the new pricing process: profitability is calculated taking into account the credit, market, operational risks (Fig. 1)

Credit risk is defined as the possibility of default by the borrower or counterparty obligations according to their terms (Basel, 2000). For its assessment, the bank must have a strong client base over a long period. It can be used in the behavioral models that estimate the probability of the default of the client, based on his credit history and scoring models according to the application (client demographic information, information about his workplace, loan parameters, etc.). Statistical methods and data mining techniques are used to develop scoring models, including logistic and linear regression, decision trees, segmentation using K-means, neural network (Löffler, Prosch, Schöne, 2005). The set of scoring models according to the application, credit bureaus and information (obtained from systems to prevent fraud) can determine which customer segments can be approved automatically and which need further verification by credit analysts. Information about the most popular credit risks assessment models is systematized in Table 1.

This table includes a few examples of the most often used methods and models for credit risk evaluation and input data. These are, for example, the Altman Z-Score model (Altman, 2008), Moody’s KMV reduced form and the structural models of credit risk (Arora, Bohn, Zhu, 2005), the logistic regression model (Hilbe, 2009), hybrid models.

Market risk is a specific part of the financial risks caused by the emergence of investment and financial activities. Market risk is caused by the influence of the market factors that affect the value of assets, liabilities, and off-balance sheet items.

There are different methodologies for evaluating the losses of financial instruments. Most common is the method of quantifying the market risk value of trading positions (Value at Risk – VaR). The basis for the VaR evaluation is the price tools dynamics for a specified time period in the past. Classical methods of volatility estimation, such as the

FIG. 1. Banking risk management location in the calculation of financial instrument return

parametric method, the Monte Carlo method, historical simulation, are used to assess the potential market risk level (Lobanov, Chugunov, 2003).

The tendency to operational risk is constantly growing with the increase in business and banking, as well as with the globalization of banking services. Operational risk is the risk of loss resulting from inadequate or failing internal processes, personnel actions or systems, or as a result of external factors (Basel, 2006). The concept of operational risk includes legal risk, but excludes strategic risk and the risk of reputation, contains a list of possible causes and problems (inadequate business processes, erroneous staff actions, information systems’ failure, theft, fraud, etc.).

TABLE 1. Models of credit risks evaluation, implemented in practice

Input data

Evaluation method

Model type

The resulting parameter

Financial performance data

Data evaluation based on linear model

Analytical description model (Altman Z-Score model)

Creditability index –scoring variable

Data on liquid bonds, trades that taking place in the market

Data evaluation based on linear model

Market liabilities value models

Credit risk level

Data on borrower characteristics and macroeconomic factors

Data evaluation based on the Poisson process with the risk degree ?

Reduced form models

Probability of default (usually binary variable: 1 – default has occurred; 0 – default has not occurred)

Data on firm value at determined time

Data evaluation based on firm equity functions

Hybrid models

Probability of default; causes of default

The outstanding debt in the form of bonds (B) with zero coupon, nominal value (F) and maturity (T)

Debt estimation emitted by a firm. The cost of the firm is subordinated to a standard geometric Brownian motion

Market (structural) model (KMV, CUSP, Credit Grades)

Probability of default, the probability that firm value falls below the nominal value (F) of bonds

Annual financial statement data

Regression coefficient determination

Models based on statement data (KMV Portfolio Manager; logistic regression model)

Expected loss

Source: compiled by authors.

To manage the operational risk, it is necessary to understand its sources, causes, and the impact on the bank’s activities. This can be achieved only by creating structured incident database over a long period (minimum 3–5 years). However, it is not enough to collect periodic reporting and use organizational methods. There is a need of the professional solution that provides a convenient user interface for incident registration, business processes support for operational risk management, analytics and operational risk level calculation employing complex mathematical methods and models (Table 2).

For risk management purposes, we should use a qualitative and quantitative risk analysis. The qualitative risk analysis includes such tools and techniques as risk probability and impact assessment, the probability and impact matrix, risk data quality assessment, risk categorization, risk urgency assessment. On the other hand, quantitative risk analysis includes data gathering and representation techniques (interviewing, probability distribution), quantitative risk analysis and modeling techniques (sensitivity, decision tree). In fact, the resulting parameter for operational risk is operational loss which consists of the probability of a loss event and a loss given by that event. We can classify a loss event to internal loss data (history of system failures, process failures, external events and their impact on various business lines (value of operational loss), the frequency of occurrences) and reports from external rating agencies (list of defaulted clients, credit rating across clients/sectors, credit score for the clients).

There are a theoretical basis for applying actuarial techniques in operational risk modeling (Mango, 2006), stochastic differential equations’ numerical simulation algorithm for financial problems (Larneback, 2006), the Delphi technique, decision trees, impact diagrams (Summerhayes, 2010). Nowadays, even the largest Ukrainian banks are small on the international scale. An obstacle to the Basel II (and so far Basel III) implementation for Ukrainian banks is the lack of operational risk management systems. It is also necessary to improve the system of corporate management and internal audit in banks.

The Basel II provides three methods for operational risks estimation: the method of basic indicators (Basic Indicator Approach), a standardized method (Standardized Approach), and an advanced method (Advanced Measurement Approach) (Basel, 2006). In the third method, a bank estimates its operational risks using its own internal models.

TABLE 2. Models of operational risk evaluation, implemented in practice

For this method, central banks require qualitative data in all areas of operational risk and permit to use the advanced method for regulatory reporting formation. Also, a bank must have a risk management scheme at the professional level and a profound statistical database of incidents.

Design operational risk management models using the Standardized Approach based on annual revenue / budget of each line of business / department; the Basic Indicator Approach based on the annual revenue / budget; the Advanced Measurement Approach (AMA) based on the internally developed risk measurement framework adhering to the prescribed standards (the methods include IMA, LDA, Scenario-based, Scorecard, etc.). The AMA includes developing internal empirical models to estimate the PD (Probability of Default) for individual clients or groups of clients; assistant risk management leadership teams with the design of quantitative models to estimate The PD, the EAD (Exposure at Default), the LGD (Loss Given Default) and other parameters required for calculating the RWA (Risk Weighted Asset), developing the analytical Value at Risk models.

While the AMA does not specify the use of any particular modeling technique, one common approach in the banking industry is the Loss Distribution Approach (LDA). With LDA, a bank first segments operational losses into homogeneous segments, called units of measure (UoMs). For each unit of measure, the bank then constructs a loss distribution that represents its expectation of total losses that can materialize on a one-year horizon. Given that data sufficiency is a major challenge for the industry, the annual loss distribution cannot be built directly using annual loss figures. Instead, a bank will develop a frequency distribution which describes the number of loss events in a given year, and a severity distribution whigh describes the loss amount of a single loss event. The frequency and severity distributions are assumed to be independent. The convolution of these two distributions then gives rise to the (annual) loss distribution.

New promising approaches to banking risks estimation

The modern technology combines the latest advances of artificial intelligence, numerical mathematics, statistics, heuristic approaches. It allows offering new promising approaches to risks estimation. These approaches give positive results even with small amounts of data. Table 3 gives information about the methods of estimating the probability of default (model types – Lobanov, Chugunov, 2003).

The probability of default (PD) is a financial term describing the likelihood of a default over a particular time horizon. It provides an estimate of the likelihood that a client of a financial institution will be unable to meet its debt obligations. The PD is a key parameter used in the calculation of economic capital or regulatory capital in the Basel II for a banking institution.

Models based on the extreme values theory can find VaR for market and operational risk with the level of reliability higher than 99%. The model parameters are determined for (X1, ..., Xn), which is a sample of independent identically distributed random variables from the distribution of the function extremum:

{}

)(,...,minxGxabXXPnnn­???1 with n ? ?, where {an} and {bn} – numerical sequences (Embrechts, 1997).

The advantages of new approaches to VaR evaluation are its accuracy and correctness assessments even for forecasting a period of one day and a 99% confidence level (for example, extreme values theory). It should be noted that the Basel Committee on Banking Supervision (within the approach based on internal models) does not allow banks to use models with a short-term (less than 250 days) period of observation for capital adequacy calculation. Based on the covariance method, the VaR calculation model (according to the criteria of the Basel Committee on Banking Supervision) is inadequate for assessing

Operational risk

Data on losses from events, the amount of damages or annual loss from operating activities

the expected losses under a sustainable market development and in times of a crisis. Another advantage of the new approaches to risk assessment (especially operational risk) is their ability to give accurate probabilistic estimates even in the absence or lack of statistical data (for example, the Bayesian model).

The Basel II and Basel III provide additional regulatory requirements the fulfilment of which allows the banks to assess the risks and to manage them. They enable to optimize the regulatory capital in terms of the acceptable risk for a certain transaction.

The innovative aspect of regulatory requirements is that the basis for decisions justification should be statistics rather than individual practice and bank senior managers. So, quality and data structure requirements become the mainstream.

The task of the new approaches is not to learn the basic calculation methodology, but to achieve their implementation in a real management of decision making, and this is an extremely important task of the modern banking information systems.

Improvement of banking risk management information support:

approaches and implementation

Risk management information support makes serious demands to analytical banking systems. The systematization of the key business objectives with regulatory and technological requirements allows submitting the banking management information system as a three-tiered solutions, which takes an important place in risk management (Fig. 2).

Each level provides the solution of certain business tasks. Various business tasks conditionally reproduce the “management vertical”. This provides the maximum efficiency by a feedback between the management levels, creates a single information space, ensures the monitoring of implementation by business lines from the top management (strategic management) to the operators and client managers (operating activities) with a direct participation of economists, risk managers, and analysts (operational analysis and management).

The proposed architecture ensures a full data transparency and control over the achievement in the strategic and budgetary areas by comparing the “plan–fact” indicators and the performance factor variance analysis. The upper level is actually the remote banking management and the individual business lines that give the analyst convenient charts and indicators. A classical data warehouse is used for the top-level management realization.

The middle level (operational management and analysis) fulfils the main computer calculations (transfer price calculation, risk calculation, etc.). This level should be close to the transaction ABS lower level, as it provides the requirements for the analytical accounting rate of return and the individual transaction risk. Financial instruments measuring availability at this level are the first step towards creating a system of parallel accounting.

A large number of computational problems that require the use of IT solutions different from the traditional data warehouse are performed at the middle level. The operational ABS with traditional functions is on the lower level.

It is not required to improve the existing ABS in architecture with separated functions of operational data, calculations, and analysis with the appearance of new management challenges. The issue of data availability somewhat complicates the situation due to the necessity of cross-communications, but this is not contrary to the general logic of the management structure and its division level. Accessibility calculation results of individual parameters are solved within the generally accepted approach “service on demand” in the service-oriented architecture.

The necessity of a powerful banking information management support explains the growing interest of Ukrainian banks to analytical information systems (SAP, 2011).

Most of the problems in banking information system analytics are solved by their developers or through the purchase of specialized components from suppliers. This leads to an uncontrolled growth of the number and complexity of subsystems, increasing the support cost and the deterioration of ROI (Return On Investment). This approach usually leads to an unpredictable banking information system development and brings additional risk factors. The recent studies of leading analytical companies evaluate this approach as

FIG. 2. Three-tiered banking management information system

a standstill in terms of the value and prospects of using it in a dynamically developing bank (Gartner, 2012).

The SAS Risk Management for Banking, Oracle Financial Services Liquidity Risk Management and SAP Bank Analyzer are the global market leaders in integrated systems of banking risk management (GRC, 2011).

An effective use of these products should be subject to the considered three-tiered bank management system (Fig. 2). In this sense, it is indicative that the structure of SAP solution “Integrated Finance and Risk Architecture” has made a fundamental step towards the further convergence of construction accounting, international accounting, and management (Fig. 3). The SAP company is one of the first providers of banking information systems that have implemented the concept of analytic risk management and return, as well as reflection financial data in different accounting standards. The IFRS accounting standards require various risk type estimates for financial instruments (deals).

The level that corresponds to the operational management and analysis in this architecture can be developed for risk management tools by the SAP Bank Analyzer (Volkov, 2010). There are built-in features: credit risk calculation (the Basel II methodology); scoring, calibration, and approval client ratings, limits management, asset / liability management (ALM); portfolio credit risk management, market risk

FIG. 3. Integrated IT architecture for risk management

management, operational risk evaluation, cumulative risk reports. The possibility of modeling (PD, LGD, CCF and historical data) is an addition to the measurement of financial products. Consequently, the most modern techniques of credit, market, operational risks, and measurement of financial instruments based on the IFRS standards with regard to market or model data are used for the calculation.

It should be noted that the assessment level may be developed due to the new methods of evaluation (Table 3).