Description
In recent years, financial institutions and their supervisors have placed increased emphasis on the importance of consolidated risk management. Consolidated risk management-sometimes also called integrated or enterprisewide risk management-can have many specific meanings, but in general it refers to a coordinated process for measuring and managing risk on a firmwide basis. Interest in consolidated risk management has arisen for a variety of reasons.
FRBNY Economic Pol icy Review / Mar ch 2001 1
The Chal l enges of Risk
Management in Diver sif ied
Financial Companies
n recent years, financial instituti ons and their supervisors
have placed i ncreased emphasis on the importance of
consolidated risk management. Consolidated risk
management—sometimes also called integrated or
enterpri sewide ri sk management—can have many specific
meanings, but in general it refers to a coordinated process for
measuring and managing risk on a firmwide basis. Interest in
consolidated risk management has arisen for a variety of
reasons. Advances in information technology and financi al
engineering have made it possible to quantify risks more
preci sely. The wave of mergers—both in the United States and
overseas—has resulted in significant consolidation in the
financial services industry as well as in larger, more complex
financial insti tutions. The recently enacted Gramm-Leach-
Bliley Act seems likely to heighten interest in consolidated risk
management, as the legislation opens the door to combinations
of financial activities that had previously been prohi bited.
This arti cle examines the economic rationale for managing
risk on a firmwide, consolidated basis. Our goal is to lay out
some of the key issues that supervisors and risk management
practitioners have confronted in assessi ng and developing
consolidated risk management systems. In doing so, we hope to
clarify for a wider audience why the ideal of consolidated ri sk
management—which may seem uncontroversial or even
obvious—involves significant conceptual and practical issues.
We also hope to suggest areas where research by practitioners
and academics could help resolve some of these i ssues.
Christine M. Cumming is an executive vice president and the director of
research and Beverly J. Hirtle is a vice president at the Federal Reserve Bank
of New York.
The authors would like to thank Gerald Hanweck, Darryll Hendricks, Chris
McCurdy, Brian Peters, Philip Strahan, Stefan Walter, Lawrence White, and
two anonymous referees for many helpful comments. The views expressed are
those of the authorsand do not necessarily reflect the position of the Federal
Reserve Bank of New York or the Federal Reserve System.
• Although the benefits of a consolidated, or
firmwide, system of risk management are
widely recognized, financial firms have
traditionally taken a more segmented
approach to risk measurement and control.
• The cost of integrating information across
business lines and the existence of regulatory
barriers to moving capital and liquidity within
a financial organization appear to have
discouraged firms from adopting consolidated
risk management.
• In addition, there are substantial conceptual
and technical challenges to be overcome in
developing risk management systems that
can assess and quantify different types of risk
across a wide range of business activities.
• However, recent advances in information
technology, changes in regulation, and
breakthroughs in risk management
methodology suggest that the barriers to
consolidated risk management will fall
during the coming months and years.
Christine M. Cumming and Beverly J. Hirtle
I
2 The Chal l enges of Risk Management
The approach we take is to review the arguments made by
supervisors and the financial industry in favor of consoli dated
risk management. While both parties agree on the i mportance
of this type of risk management, this support seems to be
moti vated by quite different concerns. Supervisors appear to
support it out of a safety-and-soundness concern that
significant risks could be overlooked or underestimated in the
absence of fi rmwide risk assessment.
1
In contrast, financial
institutions appear willing to undertake significant efforts to
develop consolidated risk management systems because they
believe that those systems wi ll help them assess the risk and
return of different business li nes and thus allow them to make
more informed decisions about where to invest scarce
resources to maximize profits.
2
While these two views may
reflect qui te di fferent underlying motivations for supporting
consolidated risk management, we argue below that they result
in a common emphasis on the importance of accurate
assessments of risk.
Although both supervisors and fi nancial institutions
support the concept of consolidated risk management, few if
any financial firms have fully developed systems in place today.
The absence thus far of fully implemented consolidated risk
management systems suggests that there are significant costs or
obstacles that have historically led firms to manage ri sk in a
more segmented fashion. We argue that both information costs
and regulatory costs play an important role here by affecting
the trade-off between the value derived from consolidated risk
management and the expense of constructing these complex
risk management systems. In addition, there are substantial
technical hurdles involved in developing ri sk management
systems that span a wide range of businesses and types of risk.
Both of these factors are evolving i n ways that suggest that the
barriers to consolidated risk management are increasingly
likely to fall over the coming months and years.
The remainder of this article is organized as follows. In the
next secti on, we describe the concept of consolidated risk
management in greater detail and provide a more in-depth
discussion of the views of supervisors and the financi al industry
about this process. We then offer a critical analysis of these
views, using a simple portfolio model to help illustrate the
economic rationale behind consolidated risk management.
Next, we discuss the constraints that have slowed many
financial insti tutions i n their implementation of consolidated
risk management systems. We conclude with a discussion of
the major technical challenges and research questions that will
need to be addressed as an i ncreasing number of financial firms
implement firmwide risk management systems.
Consol idat ed Risk Management :
Def init ions and Mot ivat ions
At a very basic level, consolidated risk management entails a
coordinated process of measuring and managing risk on a
firmwide basis. This process has two distinct, although related,
dimensions: coordinated risk assessment and management
across the different types of risk facing the fi rm (market risk,
credi t risk, li quidity risk, operational risk), and integrated risk
evaluation across the firm’s various geographic locations, legal
entities, and business li nes. In theory, both dimensi ons must be
addressed to produce a consolidated, firmwide assessment of
risk. In practice, few financial fi rms currently have in place a
consolidated risk management system that fully incorporates
both dimensions, although many large institutions—both in
the United States and overseas—appear to be devoting
significant resources to developing such systems (Joint Forum
1999a).
3
To understand consolidated risk management, it is
important to recognize the di stinction between risk
measurement and risk management. Risk measurement entails
the quantification of ri sk exposures. This quantification may
take a variety of forms—value-at-risk, earnings-at-risk, stress
scenario analyses, duration gaps—depending on the type of
risk being measured and the degree of sophistication of the
esti mates. Risk management, in contrast, refers to the overall
process that a financial insti tution follows to define a busi ness
Our goal is to lay out some of the key
issues that supervisors and risk
management practitioners have
confronted in assessing and developing
consolidated risk management systems.
The absence thus far of fully implemented
consolidated risk management systems
suggests that there are significant costs or
obstacles that have historically led firms to
manage risk in a more segmented fashion.
FRBNY Economic Pol icy Review / Mar ch 2001 3
strategy, to identify the risks to which it is exposed, to quantify
those ri sks, and to understand and control the nature of the
risks it faces. Risk management is a series of business deci sions,
accompanied by a set of checks and balances—risk limits,
independent risk management functions, risk reporting,
review and oversight by senior management and the board of
directors—in which risk measurement plays an important,
although not all-encompassi ng, role. Thus, consolidated risk
management involves not only an attempt to quantify risk
across a diversified firm, but also a much broader process of
busi ness decision maki ng and of support to management in
order to make informed decisions about the extent of risk taken
both by individual busi ness lines and by the firm as a whole.
Recent trends in the financial services industry have
increased the challenges associated with this process. To begin,
financial i nstitutions increasingly have the opportunity to
become involved in a diverse range of financi al activities. In the
United States, bank holding compani es have been able to
combine traditional banking and securities activiti es since the
late 1980s, when the Federal Reserve permitted the creation of
“ Section 20” securities subsidiaries. The Gramm-Leach-Bliley
Act will now enable affiliations involving banking, securities,
and insurance underwri ting in so-called financial holding
companies (FHCs). Such combinations of diverse financial
activities present significant challenges to consolidated risk
management systems, as greater diversity often means that the
system must encompass a wider range of risk types.
4
Consolidation in the financial services industry has
produced i nstitutions with operations spanning large
geographic areas, both domesti cally and internationally. Such
wide geographic dispersion, especially across time zones, can
make it difficult for a fi rm’s management to keep track of the
activities across all of its operating centers. Financial
institutions have responded to this situation by increasing the
resources devoted to information systems desi gned to track
and monitor exposures worldwi de. Indeed, the development of
coordi nated informati on systems is one of the most important
steps in consolidated risk management.
The supervisory community has advocated that financial
institutions adopt consolidated risk management procedures
in the guidance it has published in the 1990s, especially
guidance for banking companies. In the United States, these
efforts began in 1993 with guidelines for supervisors evaluating
risk management i n derivatives and trading activities, and have
continued to date, most recently with a 1999 Federal Reserve
paper containing broad conceptual guidelines for evaluating
capital adequacy in light of the full range of risks faci ng the
bank or bank holding company.
5
Internationally, the Basel
Committee on Banking Supervision extended the framework
for describing the risk management process to encompass the
role of business strategy and the activities of business line
decision makers.
6
The Committee also set out an approach to
the supervisory revi ew of a bank’s internal assessment of capital
adequacy i n light of a firm’s overall risks as the second pi llar of
the proposed new capital adequacy framework (Basel
Committee on Banking Supervision 1999b).
Recently, an international forum of banking, securities, and
insurance supervisors issued a report containing principles that
supervisors should follow to ensure that financi al
conglomerates are adequately identifying and managi ng risk.
The report’s lead recommendation is that “ supervisors should
take steps . . . to provide that conglomerates have adequate risk
management processes in place to manage group-wide risk
concentrations” (Joint Forum 1999a).
The rationale offered by supervisors for the importance of
consolidated risk management seems to be a concern that, in
the absence of a firmwide assessment, significant risks could be
overlooked or underestimated. The Joi nt Forum report, for
instance, argues that “ the additi ve nature of concentrations and
the risk of transmission of material problems within a
conglomerate point to the value of both conglomerate
management and supervisors conducting a group-wide
assessment of potential concentrations” (Joint Forum 1999a).
The underlying concern is that such underestimated or
overlooked risks receive insuffici ent management attention
and have the potential to produce unexpectedly large losses
that could threaten the firm’s financial health.
Financial market practitioners also cite the interdependent
nature of risks wi thin an organization as a motivation to
develop consolidated risk management systems. For instance,
echoing sentiments in the supervisors’ Joint Forum report,
Lam (1999) argues that “ managing risk by silos simply doesn’t
work, because the risks are highly interdependent and cannot
be segmented and managed solely by independent units” in the
Consolidated risk management involves
not only an attempt to quantify risk across
a diversified firm, but also a much broader
process of business decision making and
of support to management in order to
make informed decisions about the extent
of risk taken both by individual business
lines and by the firm as a whole.
4 The Chal l enges of Risk Management
firm. Similarly, a senior executive at a major U.S. bank asserts
that “ the careful identification and analysis of risk are,
however, only useful insofar as they lead to a capital allocation
system that recogni zes different degrees of risk and includes all
elements of risk” (Labrecque 1998).
In contrast to the supervi sors, however, the primary
implication that Lam and others draw from this finding
concerns the role that consolidated risk management systems
can play i n helping firms to make better-informed deci sions
about how to invest scarce capi tal and human resources. For
instance, Mudge (2000) stresses that a consistent framework
for evaluati ng firmwi de risk and return across diverse financial
activities is a key to evaluating the benefits of potential mergers
among banking and insurance firms. Similarly, Lam (1999)
argues that consolidated risk management systems can help
firms understand the risk/return trade-offs among different
busi ness li nes, customers, and potential acquisitions.
Furthermore, consolidated risk management may allow a firm
to recognize “ natural hedges” —when one enti ty within the
firm has positions or is engaged in activities that hedge the
positions or activities of another part of the firm—that may
become apparent only when risk is exami ned from the
perspective of the consolidated institution. Fi rms that fail to
recognize the diversification effects of such natural hedges may
waste resources on redundant hedging by individual units
within the organization.
Thus, while both supervisors and financial institutions agree
on the importance of consolidated ri sk management and point
to the same dri ving factors, their conclusions about the role
that these systems can play emphasize quite different concerns.
At one level, this di fference is not surprising, given the different
objectives of supervisors and financial instituti ons (safety and
soundness, on the one hand, and profit maximization, on the
other). On another level, these concerns are not necessari ly
mutually exclusive. Indeed, in the next section, we argue that
supervisors’ emphasis on underesti mation of fi rmwide risk
and financial i nstitutions’ emphasis on enhanced under-
standing of the risk/return trade-off among different activities
reflect a common emphasis on the importance of accurate
assessments of risk.
Under st anding t he Rol e
of Consol idat ed Risk Management
The discussion above reflects a well-established belief on the
part of financial institutions and supervisors in the importance
of consolidated risk management. But what economic
fundamentals underlie this belief?In this section, we assess the
views of supervisors and financial institutions and try to place
them in a common framework. We do not attempt to address
the question of why firms choose to manage risk at all.
7
Instead,
we try to understand why it matters whether risk is managed on
a consoli dated basis or at the level of indivi dual businesses or
risks wi thin a firm.
The Supervisors’ View: Spillover Effects
We first consi der the view expressed by supervisors in the Joint
Forum paper (1999a), namely, that in the absence of
consolidated risk management, signi ficant risks could be
overlooked or underestimated. To gain some insight into thi s
view, it is helpful to consider a simple portfolio approach to
assessing the risk of a diversified financial firm. This approach
helps illustrate how the perception of the overall risk facing the
firm would differ if institutions managed their risk in an
integrated way i nstead of by individual businesses or legal
entities within the larger organization.
To begin, suppose that a financial firm has two business
lines, each of which earns profits that vary uncertai nly over
time. Application of standard portfolio theory suggests that the
risk of the overall firm will depend on the variation in each
unit’s profits and the extent to which variation in these profits
is correlated between the two units. In particular, the risk faci ng
the consolidated firm will be less than or equal to the sum of the
risks facing the indivi dual business units within the firm
whenever this correlation is less than perfect. In this situation,
the profit vari ation i n one unit diversifies the risk of the other.
8
The importance of thi s observation for our purposes is that
it suggests that establishing risk monitoring and control (such
as limits) at the business level and then summing up across
business lines would be a conservativeapproach to managi ng
While both supervisors and financial
institutions agree on the importance of
consolidated risk management and point
to the same driving factors, their
conclusions about the role that these
systems can play emphasize quite
different concerns.
FRBNY Economic Pol icy Review / Mar ch 2001 5
and assessing the overall risk facing the firm, since it ignores
any potential diversification effects across business lines. Thi s
conclusion stands in marked contrast to the arguments
advanced by supervisors in favor of consolidated risk
management. How can we reconcile these two outcomes?
The answer, of course, i s that the si mple portfolio example
misses some important “ real world” aspects of financial risk
and risk management. Perhaps the most significant of these is
the assumption that the risks facing each business unit are fixed
and known. In fact, these risks are functions of many factors
that can vary significantly over time. In particular, the simple
portfolio example assumes that the risk profile of one business
line can be measured without regard to the risks undertaken by
the other. This assumption is not a statement about the degree
of correlation between the risks faced by the two busi ness units,
but rather the idea that the underlyi ng volatility of one busi ness
line’s profitability may be affected by the actions of another
busi ness li ne.
An example of this relati onship might be when two or more
geographic centers within a global financial firm have similar
positions that they have each hedged in a particular security or
market. In the absence of a consolidated risk management
system, the various units could be unaware of the positions that
other units within the firm have taken.
9
Each unit assumes that
its position is small enough that i t would be able to roll over its
hedges or otherwise take steps to reduce its ri sk even in the
event of market stress. However, when the vari ous business
units try to take these steps simultaneously, thei r combined
activity reinforces the liquidity problems facing the market,
resulting in sharp, adverse moves i n the market prices of the
hedgi ng and/or underlying instruments. Thus, losses at
individual units exceed the risk assumptions made in each
unit’s i ndividual ri sk management plans and the aggregate
position of the firm is therefore riski er than the sum of the
assumed indi vidual risks of the business units. In essence, the
firm faces the “ portfolio insurance” problem in that the actions
of one unit affect the risks facing another.
10
These spillover effects can be enhanced during times of crisi s
or severe market disrupti on. A firm that manages ri sk on a
unit-by-unit basis may have to spend valuable time simply
determining what its aggregate position i s in the affected
markets, rather than being able to react to quickly developing
market conditions. Since ni mbleness in responding to
problems can affect outcomes favorably, such firms may be at
a disadvantage compared with smaller firms (for instance,
compared with a series of smaller firms that are comparable in
the aggregate to the diversified financial institution) and
compared with large firms with consolidated risk management
systems. Such a situation is an example of how the structure of
the ri sk management system—as di stinct from any ex ante risk-
mitigating acti ons taken by the fi rm’s risk managers—may
affect the aggregate risk facing the firm. Nimbleness is
especi ally i mportant i f market disruption spreads rapidly from
market to market i n a hard-to-anticipate pattern, as it did in
1997-98.
In fact, the financial crisis in the fall of 1998 provides some
interesting insights into the importance of consolidated risk
management and measurement systems when there are
linkages across markets. International bank supervisors
conducted a study of the performance during the market
upheaval of banks’ risk management systems and the value-at-
risk models used to calculate market risk capital requirements
(Basel Committee on Banking Supervision 1999c). The study
examined information on the stress testing done by large banks
in several G-10 countries and found that ex ante stress test
results provided a better picture of actual outcomes during the
third quarter of 1998, when those tests were based on actual
historical experience or hypothetical scenarios that
incorporated simultaneous movements in a range of rates and
prices, rather than on large movements in a single market risk
factor. Thus, firms whose stress testing and risk management
systems recognized potential linkages across markets had more
realisti c estimates of the way events in the fall of 1998 were
likely to affect their firms.
Another way i n which spillover effects can result in
aggregate risk exceeding the sum of the individual risks of
business units within the firm concerns what might be called
reputati onal or contagion risk. As discussed in the Joint Forum
report (1999a), this is the idea that problems in one part of a
diversified firm may affect confidence in other parts of the
firm. The situation that the Joint Forum paper appears to have
in mi nd is one in which such problems cause acute, near-term
funding or liquidity problems across the firm, due to questions
about whether the losses in the troubled business unit are
evidence of as-yet-unrevealed losses in other business lines.
11
Spillover effects can be enhanced during
times of crisis or severe market disruption.
A firm that manages risk on a unit-by-unit
basis may have to spend valuable time
simply determining what its aggregate
position is in the affected markets, rather
than being able to react to quickly
developing market conditions.
6 The Chal l enges of Risk Management
Aside from such near-term concerns, spillover effects can
also have a longer run dimension. For example, innovative
busi nesses or those involving massive technology investments
can engender what some analysts call “ strategic risk.” Failure in
such ventures may be highly visible and thus likely to have
spillover effects on other businesses through the cost of capital,
the cost of funding, and revenue effects through the loss of
customer approval. Thus, other business lines associated with
the troubled entity may see their franchise value erode as a
result of difficulties in an affili ated unit. Such strategic risk may
be particularly important for institutions for which customer
trust is a key competi tive advantage. Adverse publicity, legal
judgments against the firm, evidence of fraud or internal theft,
or high-profile failed business ventures may erode customer
confidence in an institution. In the extreme, such concerns may
reach the point where the affected firm is no longer viable as an
ongoing concern, even though it may technically be solvent.
12
This discussion of spillover effects suggests that supervisors’
concerns that disaggregated ri sk management systems
understate the risks facing diversified financial institutions may
not be without foundation. Certain i mportant risks may be
very difficult, if not impossible, to i ncorporate into ri sk
management systems that focus on indi vidual business units or
types of risk alone within a diversified firm. Consolidated risk
management systems therefore may be necessary to obtain an
accurate picture of the ri sks facing a firm and to have i n place
the procedures needed to manage those risks, both on a day-to-
day basi s and in stress situations. In this light, supervisors’
concerns can be seen not so much as a desire for firms to have
risk management systems that are conservative, but instead for
firms to have risk management systems that are accurate.
Consolidated Risk Management
and the Theory of the Firm
Concerns about understati ng firmwide ri sk exposures
notwithstanding, disaggregated ri sk management systems may
also miss instances i n which the risks from different units
within a diversi fied firm offset one another. The consoli dated
firm would appear to have incentives to manage its ri sk on an
aggregate basis whenever these diversification benefits are non-
negligible. At i ts heart, thi s is the logi c that Lam and others in
the financial services industry have applied in support of
consolidated risk management: the idea that a diversified
financial firm should be vi ewed as a “ portfolio” comprisi ng its
different units and business lines.
This view is closely related to the broader question of how
firms deci de which activities are coordinated within the firm
and which activities are coordinated through markets. This
question has long interested economists, and we can draw on
the i nsights of this “ theory of the firm” literature to enhance
our understanding of the role of consolidated risk
management. Coase (1937) first noted that the effi ciency of
markets might be expected to lead firms to rely on markets and
contracts with third parties to conduct their activities, but that
in fact many decisions are made, coordinated, and executed by
internal mechanisms such as reporting hierarchies, production
organization, and compensation plans. Coase’s insi ght was that
a firm carries out inside the firm those activi ties that it can
manage internally at a cost lower than the information and
transaction costs involved in purchasing corresponding
services or goods outside the firm.
Since the mid-1970s, economists have further developed
and extended the Coase analysis by elaborating more fully on
the roles of contracting for goods and services and the
ownership of assets in determining what is coordinated within
the firm and what i s coordinated by markets. Grossman and
Hart (1986) noted that the combination of uncertainty and
complexity makes contracting with inside or outside parties
difficult. In the presence of less than fully specifi ed contracts,
ownership and control of assets is synonymous with ownership
of the rights not otherwise covered by contract. Thus, the ease
or difficulty of contracting plays a major role in determining
what occurs inside the firm. Ownership demarcates the
boundary of the firm’s internal activities, whi ch often involve
the “ noncontractible” aspects of the firm’s activities. In the
Grossman and Hart analysis, bringing activities under
common ownership (integrati on) makes economic sense
whenever efficiency gains from improved information and
coordination within the firm exceed the efficiency losses
resulting from the reduced entrepreneurial incentive of the
manager who is no longer an owner.
The basic implication of this literature i s that activities will
be performed inside the firm when the complexity or costs of
performi ng them outside the firm are high. For a diversified
financial firm, these insights can be applied to interactions
between the various units wi thin the fi rm. In this setting, we
can think of activities conducted by a corporate parent on a
Certain important risks may be very
difficult, if not impossible, to incorporate
into risk management systems that focus
on individual business units or types of
risk alone within a diversified firm.
FRBNY Economic Pol icy Review / Mar ch 2001 7
firmwide basi s as coordination “ inside” the firm, while
activities conducted independently by separate units of the
firm are analogous to the “ market” activities discussed in Coase
and in Grossman and Hart. Following thi s logic, risk
management and other corporate control activities will be
conducted on a consolidated basis when it is too difficult or
costly for the individual business units to contract among
themselves.
The type of spillover effects and interrelated risks di scussed
above arguably create just such a situation. When the actions of
one business uni t in a diversified firm potentially affect the
risks faced by others, the contracting problem—in this case,
what risk exposures may be undertaken by the various business
units within the fi rm—becomes very complex to solve on a
bilateral basis. In such circumstances, the incentives to create a
centrally run, consolidated risk management system may be
strong.
Fungibility of Financial Resources
That consolidated risk management allows the firm to allocate
capital efficiently further reinforces the interdependence
between a firm’s business units. The fungibility of capital
within the firm—what some have called a firm’s internal
capital market—means that the risks undertaken by one unit
can affect the resources available to another through the
workings of the internal capital market. In considering risk in
relation to the capital resources avai lable to back that risk, then,
an additional dimension is that those resources may also be
called into play to back the activiti es of other units within the
firm.
13
The financial institution’s internal capital market i s itself an
example of coordination within the firm potentially being
more efficient than external markets. Gertner, Scharfstein, and
Stein (1994) attri bute the efficiency of i nternal capital markets
to the strong incentive that owners have to monitor capital use
relative to debtholders, especi ally if many aspects of the firm’s
capital use are not limited by the debtholders’ contract. In
addition, capital allocated to an unsuccessful project can be
shifted to another use within the firm at less cost than would be
involved in liqui dating the assets of the project in the market, if
capital and resources in one use are close enough substitutes for
those in other activities. As discussed earli er, these benefits are
offset by a reducti on in incentives to managers who no longer
act like owners.
Froot and Stein (1998) offer a model of capital allocation
and capital structure for financi al firms that develops the
relationship between risk management and capital allocation
formally.
14
In their model, financial institutions fully hedge
risks for which liquid markets are available. Financial
institutions have incentives to engage in risk management
whenever they face risks that cannot be traded in liquid
markets because they need to hold capital against the
nontradable positions accordi ng to the amount of risk in the
portfolio.
15
The desirability of any given investment depends
on the extent to which i ts nontradable risk is correlated with
the nontradable risks of the firm’s other portfolio positions.
Drawing this point to its logical conclusion, Froot and Stein
argue that “ this line of reasoning suggests that the ri ght
question is not whether or not the bank should centralize its
decisionmaking, but rather how often headquarters should
gather information and use this pooled information to help
guide investment decisions.”
The firm’s liquidity resources (assets that can be liquidated
as well as funding sources that can be tapped) can be viewed as
fungible across the firm in much the same way that capital is
fungible (in the absence of regulatory or other constraints). For
this reason, liquidi ty resources virtually always are coordinated
centrally for the firm as a whole (Basel Committee on Banking
Supervision 2000a). These resources are available to provide
cash needed to meet obligati ons, especially in contingency
situations such as market distress.
This interdependency suggests that consolidated ri sk
management systems should take liquidity considerations into
account. Liquidi ty risk assessment requires knowledge of the
size and nature of the firm’s risk positions, while the firm’s
liquidity risk position should influence the amount and type of
risk that business managers choose to take. One approach to
recognizing this connection i s to extend the concept of capital
adequacy to encompass the abili ty to liquidate assets or easi ly
fund them, as is intended by the Securities and Exchange
Commission’s capital rule for registered broker-dealers.
Alternatively, an integrated risk assessment approach could
consider liquidity risk along with market, credit, and other
risks in scenari o analyses intended to test the impact of the
scenario on capital adequacy (and ultimately solvency) and
liquidity, in a test of dual constrai nts.
That consolidated risk management
allows the firm to allocate capital
efficiently further reinforces the
interdependence between a firm’s
business units.
8 The Chal l enges of Risk Management
Finally, the risks introduced by leverage reinforce the need
to evaluate risk on a fi rmwide basis. Most financial firms are
leveraged, and over the course of the 1990s analysts in financial
institutions and their supervisors have recognized that many
methods can be used to increase leverage in addition to
increasing balance sheet debt to equity, such as taking positions
through the use of derivatives and imbedded optionality. Since
leverage increases the risk supported by capital, a sophisticated
risk assessment should incorporate the combined effects of all
sources of market and credit risks, of li quidi ty risk, and of
leverage on capital. This point was made by the Counterparty
Risk Management Poli cy Group (1999) in its private sector
report on lessons learned from the 1998 de facto failure of
Long-Term Capital Management, a large hedge fund. The
report suggests several measures that can be used to conduct a
risk and capital or liquidity adequacy analysis.
Debtholders and Other Creditors
Financial institutions may have additional incentives to engage
in consolidated risk management because of the concerns of
debtholders and other creditors.
16
In agreeing to extend credit,
these parties must take into account the moral hazard i ncentive
that the firm has to increase its risk exposure—to the benefit of
the firm’s shareholders and the detriment of its creditors—
once the credit has been extended. This situation is particularly
acute for financial firms, which can change their risk profiles
relatively rapidly using derivatives and other liquid financial
instruments. In the face of this uncertainty, creditors may
charge higher rates or offer less favorable nonprice terms (for
instance, shorter maturity or hi gher collateral) than they would
if this incenti ve could be addressed.
Consolidated risk management systems provi de a way for
financial i nstitutions to make a credible commitment against
such behavi or. In particular, these systems faci litate better
disclosure by providing a consistent and comprehensive
assessment of the firm’s true risk exposure that can be used by
creditors to monitor the institution’s activities. In the absence
of such systems, it can be si gnificantly more difficult for
analysts to draw an accurate picture of the firm’s overall risk
exposure, even if the individual units within the firm make
extensive disclosures of thei r risk profiles. Furthermore, the
centralized and independent ri sk management units that nearly
always are a key feature of consolidated risk management
systems provide an i nternal check against any incentives for
individual units or employees within the firm to hide risk
exposures from senior management. Fi nally, the enhanced
disclosure made possible by consolidated risk management
systems may mitigate some of the spillover effects described
above by providing meaningful information about the true
extent and nature of linkages between various businesses
within the consolidated firm.
17
Thus, these systems can provide
an important tool for management to address the moral hazard
concerns of creditors and to obtain better borrowing terms as a
result.
Spillover effects, the fungibility of resources, and the
concerns of debtholders and creditors suggest that firms have
strong incentives to measure risks well, to take advantage of
diversification benefits, and to manage capital and liquidity
efficiently. In the next section, we examine why firms have not
been faster to adopt consolidated ri sk management to take
advantage of even small diversification effects and why both
industry and supervisory efforts have been necessary to
encourage its use.
Obst acl es t o Cr eat ing Consol idat ed
Risk Management Syst ems
That firms have not immediately adopted consolidated risk
management systems suggests that there are significant costs or
obstacles that historically have led firms to manage risk in a
more segmented fashion. While the firm can invest in two
business activities, as discussed above, it fi nds the two activities
to be in some sense segregated, so that taking advantage of
diversification effects engenders costs. The segregation can be
geographical (such as New York versus London) or conceptual
(for example, loans versus over-the-counter options).
Information Costs
Segregation creates two kinds of costs. The first is informati on
costs—the costs of integrating and analyzing information from
the two business lines. Those costs involve both the resources
Consolidated risk management systems . . .
facilitate better disclosure by providing a
consistent and comprehensive assessment
of the firm’s true risk exposure that can be
used by creditors to monitor the
institution’s activities.
FRBNY Economic Pol icy Review / Mar ch 2001 9
involved in transmitting, recording, and processi ng the
information and the amount of decay in the time value of the
information, reflecting the lags in assembling and verifying
information. At any given moment, there may be competing
information technologies with similar scale effects, but a
different mix of costs in terms of monetary outlays and time
to assemble information (for instance, a highly automated
process versus a manual one).
Information costs are shaped largely by technology.
Information systems tend to have substantial fixed costs that
usually increase with the size of the i nformation system, but
low marginal costs until the particular system approaches
capacity. To reflect that, we consider the total information cost
function to be a step functi on increasing discretely as the scale
of the business i ncreases. For a given volume of information,
then, the value of recognizing the impact of diversification—
which i s a function of the amount of diversificati on inherent in
the firm’s activities—needs to exceed the information costs for
the scale of the firm’s business i n order for the firm to invest in
the information infrastructure. In essence, the firm maximizes
its expected profits subject to a capital constraint by choosing
the business mix, the scale of business, and the information
technology (or none) to manage risk.
18
Information costs will tend to limit the size of the business
for a given level of capital. If the firm finds the cost of
information hi gh relative to the diversification benefit, the firm
will manage each business separately, and in doing so, it will
assi gn relatively hi gh amounts of capital to each business line as
if there was no diversification benefit. As a result, the scale of
the firm’s overall business will be lower than it would be when
diversification effects can be realized.
19
Improvements in technology reduce fixed information
costs, make it possible for firms to take greater advantage of
diversification benefits, and increase the scale on which certain
busi nesses can be conducted. For example, improvements in
information technology permi t banks and securities firms to
manage single “ global books,” in contrast to the regional
approach used to manage most international businesses i n the
1970s and 1980s.
Finally, the value of information has risen as the pace of
developments has picked up and the complexity of financial
relationships among markets and counterparties has increased.
If we i nterpret the increased speed of events as an increase in
the variability of the risks and correlations associated with a
financial firm’s di fferent business lines, then, ceteris paribus,
firms would tend to set necessarily more conservative limits on
their activities—perhaps in line with the maximum possi ble
values of the risk exposures of their various uni ts.
20
Since these
maxima would rarely be observed together in practice, there
would appear to be substantial opportunities for gains from
identi fyi ng and responding to changes in the diversification
benefit. But greater volatility in the underlying risk
relationships also changes the set of relevant information
technologies, since at any scale of activity most “ low-tech,”
time-intensive techniques become unacceptably costly,
reflecting the rapid decay in the value of information. Thus, in
a more volatile environment, we mi ght expect the ability to
design and implement effective technology-intensi ve risk
management information systems to represent a significant
dimension of competitiveness for financial institutions seeking
to operate in a large number of markets.
21
Regulatory Costs
Regulatory barriers to moving capital and liquidity withi n a
financial organization impose another cost that inhibits the use
of consolidated risk management. These barriers can take the
form of business line capital and liquidity requirements set by
regulators, prohibitions or limits on capital and funds that can
be transferred from one business line to another, or the
necessity of seeking prior approval or givi ng prior notice to
move funds between business lines. Most commonly, business
lines segregated from one another by such regulatory
requirements are in different locations or different legal
entities, subjecting the two business lines to different
regulations. However, similar types of costs can be imposed by
rating agencies, creditors, or even investors when the
requirements or expectations they set differ across individual
entities.
As with i nformation costs, we can consider the regulatory
costs to reflect both monetary outlays to manage or circumvent
regulatory barriers and the wai ting period or decay in profit
opportunities i n the time needed to comply wi th or overcome
regulatory costs. While in some cases regulatory requirements
can make it virtually impossible to move capital or liquidity
Improvements in technology reduce fixed
information costs, make it possible for
firms to take greater advantage of
diversification benefits, and increase the
scale on which certain businesses can
be conducted.
10 The Chal l enges of Risk Management
from one business line to another i n the short run, in many
cases regulatory requirements can be satisfied at some cost. The
cost of managing and circumventing regulatory requirements
appears to have dropped substantially through the use of
derivatives, securitization techniques, and other financial
engineering. Indeed, a recurring pattern in financial regulation
is the erosi on of regulatory requirements through financial
innovation and regulatory arbitrage and thei r eventual repeal.
That pattern dates back at least to the creation of the Eurodollar
market in the 1960s and the subsequent slow removal of
deposit ceili ngs and many reserve requirements. If regulatory
circumvention is not possible, in the longer term the firm can
plan its organization and its capital and funding strategy to
create more flexibility in managing regulatory requirements,
usually at the cost of holding excess capital and liquidity i n
some units.
Therefore, for a given scale of its various businesses, there
are regulatory costs that the firm can minimize to some extent.
Once again, the firm will invest i n i nformation technology and
management of regulatory requirements only if the
diversification benefits (taking into account the ability to
manage capital and liquidity on a very short-term basis under
contingencies) are seen to exceed the information and
regulatory costs. Moreover, the reduction of regulatory barriers
to moving capital and liquidity within the firm enables the
development or enlargement of the firm’s internal capital
market and increases the gains from pooling risk measurement
information within the firm as well as the firm’s overall
efficiency.
Financial Condition
Intensive work on consolidated risk management has
coincided with the rebuildi ng of the financial strength of many
banking organizations following the difficulties of the late
1980s and early 1990s. For instance, a 1998 Federal Reserve
study of credi t risk models (Federal Reserve System Task Force
on Internal Credit Risk Models 1998) notes that large U.S.
banks have begun to develop both advanced credit risk
modeling and internal capital allocation systems only since the
mid-1990s—just the period over whi ch these institutions
recovered from the financial stresses of the earlier part of the
decade. These internal capital allocation systems are one of the
key elements in banks’ attempts to evaluate the risk-adjusted
performance of their various business uni ts. As such, they
represent an important step in the progress toward full-fledged
consolidated risk management systems.
22
This financial rebuilding may also have contributed to the
growing emphasis on consolidated risk management systems.
As argued above, one key motivation for consolidated risk
management is to enable firms to make more informed
judgments about where to invest their scarce capital resources,
in particular, about where to expand through acquisition or
internal growth. Firms in weakened financial condition are
unlikely to be in a position to fund such growth—even into
lines of business where the institution’s risk/return trade-off is
highly favorable—so they have less incenti ve to invest in the
consolidated risk management systems that would permit
them to identify such opportunities. The improved financial
condition of many institutions si nce the early part of the 1990s
therefore may have provided an addi ti onal incentive for fi rms
to develop and implement consolidated risk management
systems.
Declining informati on costs, eroding regulatory barriers,
and stronger financial condition present fairly stylized
explanations for increased attention by financial institutions to
consolidated risk management and internal capital allocation
activities. However, the optimizati on problem faced by firms is
more complex than we have described. Holmstrom and
Roberts (1998) provide many examples of the rich variety of
mechanisms used to coordinate acti viti es within and among
firms and the multiplicity of factors that i nfluence the
coordination decision. The examples particularly illustrate the
roles that incentives in internal (impli cit) and external
contracts and information flows play in resolving complex
coordination problems, including overcoming regulatory
barri ers.
23
The implication i s that coordination mechanisms
used by individual firms may change as a wide variety of factors
change. The current importance of consolidated risk
management as a goal for many financial institutions could be
enhanced or complemented by further advances in
information technology and monitoring techniques, new
designs for incentive contracts with employees and outside
agents, better public and private information flows, and greater
liquidity of financial markets.
Even so, the decline of information costs and the erosion
and repeal of regulatory barriers have been so great that many
Intensive work on consolidated risk
management has coincided with the
rebuilding of the financial strength of
many banking organizations following
the difficulties of the late 1980s and
early 1990s.
FRBNY Economic Pol icy Review / Mar ch 2001 11
of the principal hurdles to consolidated risk management
within a financial conglomerate involve problems in
measuring, comparing, and aggregating risks across business
lines. The ability to merge banks and i nsurance companies
under the Gramm-Leach-Bliley Act provides financi al
institutions wi th new opportunities to diversify risks and
expand internal capital markets and creates further impetus to
develop consoli dated risk management techniques for financial
conglomerates. Thus, both firms and supervisors are probably
closer today in their common interest i n accurate and precise
risk measurement than they were just five years ago.
Major Technical Chal l enges
and Resear ch Quest ions
The previous sections discussed the economic rationale behind
consolidated risk management and some of the costs facing
diversified financial firms in constructing such systems. In this
section, we turn to some additional practi cal problems
associated with this overall goal. Our goal i s to highlight a series
of practical i ssues where additional research by risk
management practitioners and by academics would be
especially beneficial. In particular, we describe some of the
technical challenges involved in actually estimating an
aggregate measure of risk for a diversified financial institution
and suggest some areas where further research could help both
financial institutions and supervisors understand the strengths
and weaknesses of such aggregate risk management.
At a very general level, there does appear to be an emergi ng
consensus about how various forms of risk should be
quantified. Most risk measurement methods used by major
financial i nstitutions are intended to capture potential losses
over some future horizon due to the risk in question. These
methods can use a probability-weighted approach to
estimating potential losses (as in a value-at-risk or earnings-at-
risk system, where the distribution of future earnings is
calculated) or can provide point estimates of potential losses
under certai n extreme circumstances (as in a stress test or
scenario analysis approach or in an “ expected tail loss”
estimation). The common thread is the focus on potential
future losses, either to earnings or economic value.
24
Beyond this general consensus, however, the picture is
considerably more complex. As noted above, an aggregate risk
measure must incorporate different types of risk (market,
credit, operational) and must bring together risks across
different business lines (banking, insurance, securities).
Although the broad risk concept applied within and across
these two dimensions may be similar, the details differ
considerably, making simple “ bottom-up” aggregation
approaches diffi cult, if not impossi ble, to implement.
Aggregating across business li nes presents challenges
because firms and functional supervisors in the different
business lines have tended to approach risk management and
measurement from quite different perspecti ves. For instance,
banks tradi ti onally have emphasized the risks arising from the
asset side of the balance sheet (credit risk) and from the
interaction of assets, liabilities, and off-balance-sheet positions
(interest rate risk, liquidity risk). Insurers, in contrast, have
tended to place emphasi s on the risks arising from the liabi lity
side of their business (underwriting risk, catastrophe risk).
Securities firms have tended to emphasi ze the combination of
market risk and li quidi ty (meaning both the abi lity to fund or
to sell an asset) in their portfolios. Of course, advances in
financial theory and market practice have eroded these
distinctions somewhat, and many firms now attempt to
measure the way in which risks can interact and affect an entire
institution.
25
Nonetheless, one of the key challenges of
consolidated risk management is to integrate these different
perspectives on risk into a coherent framework.
A related set of challenges ari ses when aggregating across
different types of risk. These challenges reflect the fact that at
many financial institutions, risk measurement and
management began as a bottom-up process, with different
types of risk measured separately. A particular business area
would develop ri sk measurement approaches to capture the
most important risks facing that unit: credi t risk for lendi ng
activities, market risk for trading, interest rate risk for the
treasury/asset-liability management function. This risk-by-risk
approach has resulted in industry standards of risk
measurement that differ significantly across risk types, and
sometimes across activiti es with similar risks, both in the way
that risk is measured and in the extent to which i t is quantified
at all.
To a large extent, the state of development of modeli ng
technology across the various risks reflects the availabi lity of
data and the nature of the risk itself, which can affect the ease
or difficulty involved in accurately modeling the risk. At one
end of the spectrum, the banking and securities i ndustry has a
Our goal is to highlight a series of practical
issues where additional research by risk
management practitioners and by
academics would be especially beneficial.
12 The Chal l enges of Risk Management
now fairly long history of measuring market risk through
value-at-risk models. The fact that value-at-risk models were
among the fi rst statisti cal ri sk models developed reflects the
high-frequency and largely continuous nature of market risk
and its management,
26
the mark-to-market environment in
which most trading activities occur, and the resultant ease of
modeling (normality has often been assumed) and availabili ty
of comparatively long historical data series around which to
calibrate the models.
Credit risk tends to exhibit somewhat lower frequency
variation, as changes in credit status tend to evolve over weeks
or months rather than on a day-to-day basi s. Thus, fewer
historical data are available to ai d in model cali bration, and the
modeling process itself is more complex, as the distribution of
credit losses is quite asymmetric with a long right-hand tail.
27
Financial institutions have made consi derable progress over
the past two or three years in credi t risk modeling, but it is fair
to say that these models are at an earlier stage of development
than the value-at-risk models used for market risk
assessment.
28
Even further down the spectrum is operational risk—the
risk stemming from the failure of computer systems, control
procedures, and human error—which captures a mixture of
events, some of which i nvolve relatively frequent small losses
(settlement errors in a trading operation, for instance) and
others that are characterized by infrequent but often large
losses (widespread computer failure). Consistent data sources
on this form of risk are difficult to obtain, especially for the less
frequent events; statistical modeling is in its early stages; and
the computational requirements may be substantial, given the
number of “ control poi nts” in most operational processes.
Liquidity risk measurement involves many simi lar issues
of sorting the frequency of different types of events and
developing appropriate data. Liquidity risk measurement has
long involved scenario analysis focused on stress events and
based on subjective probabilities of how depositors, other
creditors, and borrowers would respond to the stress event. As
risk measurement techniques have advanced, some financial
institutions are examining the potential for cash-flow-at-risk
analysis, based on more formal measurement of the probability
of events and the sensitivity of cash flows to these events, both
to enhance day-to-day li quidity management and to
strengthen the underpi nnings of liquidity stress scenarios.
Finally, at the far end of the spectrum, other risks—such as
legal, reputational, and strategic risk—are rarely quantified, as
both the data and theoretical techniques for capturing these
risks have yet to be developed extensively.
Even for those risks that are measured, important
differences exist i n the assumptions and techniques used to
esti mate potential losses. One key issue is the time horizon over
which potential losses are to be measured. As noted above, the
risks facing financial institutions vary in the extent to which
they are continuous or discrete, in how quickly new events
develop, and in the si ze of events when they occur (many small
events versus a few large ones). These differences imply the
need for different hori zons to capture different risks effectively.
In fact, we see these differences in the assumpti ons underlying
the risk estimates made by fi nancial firms, with market ri sk
typically measured over a one-day horizon, credit risk typically
measured over a one-year horizon, and operati onal risk
measured over a variety of short and long horizons (an i ndustry
standard has yet to emerge).
These differences present a challenge for calculating
consolidated risk exposures that span several risk types. Should
a single horizon be chosen for all risks and, if so, whi ch one?
Should the time dimension be explicitly factored into the risk
assessment, with paths of risk over time?More generally, issues
such as differing horizons suggest that there is an important set
of research questions concerning methods for calculating
aggregate ri sk measures. At a very basic level, can the different
individual risk measurement approaches typically used within
financial firms be meaningfully aggregated?If so, how?If not,
is it possible to develop a “ top-down” approach that somehow
blends the risks facing the fi rm without measuring them
separately, such as an analysis of income volatility?Is there
some way of combini ng “ top-down” with “ bottom-up”
approaches to consolidated risk measurement?And how does
the growing attention to evaluating performance against risk in
rewarding managers at all levels of the organization factor into
these decisions?
At many financial institutions, risk
measurement and management began as
a bottom-up process, with different types
of risk measured separately.
Perhaps a more fundamental question is
whether a consolidated risk management
system needs to have a fully consolidated
risk measurement methodology at its core.
FRBNY Economic Pol icy Review / Mar ch 2001 13
A related set of issues concerns the mathematical
aggregation of risk measures across businesses and risk types.
In most cases, this process would involve estimati ng
correlations between various risk exposures. An i mportant
challenge in this regard i s measuring the degree of correlation
between risks in businesses that are distinct in terms of the
sources and frequency of variability (for instance, between
insurance underwriting and trading). The data demands of
producing accurate estimates are likely to be enormous. Even
when aggregate risk measures can be calculated, a related
challenge is how to apportion the benefits of diversification
across various business lines. That is, if less-than-perfect
correlation across distinct business lines results in a decrease in
the overall risk facing the firm, how should these benefits be
allocated back to the vari ous business units in the internal
capital allocation process?
This discussion assumes that to produce a consolidated
measurement of ri sk exposure, i t is necessary to develop risk
measures that are highly comparable across risk types.
However, perhaps a more fundamental question is whether a
consolidated risk management system needs to have a fully
consolidated risk measurement methodology at i ts core. In
other words, how much comparability across risk measures is
strictly necessary to have an effective consolidated risk
management system?If risk measures cannot be made perfectly
compatible across risk types and business lines, are there still
benefits to i mperfectly comparable measures?
Our sense is that the answer to this question is likely to be a
resounding yes, largely because the ability to evaluate results
against risks taken has become a major feature of financial
institution management in the 1990s. Some important issues
would need to be explored before understanding the full
implications of this conclusi on. For instance, what ki nd of
biases might enter the assessment of aggregate risk if this
assessment is based on disparate ri sk measures?How might
comparisons of risk and return across business lines be
affected?How can we relate the results of stress scenario
analysis to statistical measures of risk exposure?Are there limits
to how different the various risk measures can be, yet still be
useful in a consoli dated risk management system?These are
important, unresolved issues.
Concl usion
As the above discussion suggests, there is considerable scope
for further research to enhance our understanding of the
benefits and shortcomings of consolidated risk management.
Many of the key research questions involve technical issues in
risk measurement and financial series modeling. While these
questions are vital to understanding how to calculate a
consolidated measure of risk exposure spanning all of a
financial insti tution’s businesses and risk factors, they are not
the only questions of i nterest. Further research into the main
question of this article—the economic rationale for
consolidated risk management—could produce findings that
would be of clear use to supervisors and financial institutions.
In addition, this work could provi de insight into such diverse
topics as the theory of the firm, the costs/benefits of
diversification, the linkages among financial markets, and the
impact of product and geographic deregulation. Our study
presents some initial ideas, but clearly much more work needs
to be done. We hope that this article can serve as a starting
point for further discussion.
Endnot es
14 The Chal l enges of Risk Management
1. It can also be argued that supervisors may place somewhat greater
weight on the risk of severe downside scenarios, given the nature of the
supervisory role, but the private sector appears to be closing any gap
as a result of the insight gained from experiences such as the market
disturbances in 1998.
2. Firms vary in how they use the risk management process to
maximize profits. Some firms use risk-and-return measures in the
selection of their medium-term business mix in order to maximize
long-run expected profits. Firms also use risk management systems to
assist in managing expected profits over short horizons, by seeking to
identify changes in risk and loss potential and adjusting their
portfolios accordingly.
3. In large measure, these efforts are an extension of a longer term
trend toward enhanced risk management and measurement in the
financial services industry. Many of these efforts have focused on
developing risk measurement and management systems for individual
risk types or businesses (for instance, market risk in a securities firm
or credit risk in a bank’s loan portfolio). In consolidated risk
management, however, the focus is on an expansion of these single-
risk-management systems to span diverse financial activities,
customers, and markets.
4. Mergers may occur for many reasons, including the desire to
benefit from exactly the sort of diversification that presents challenges
to risk management and measurement systems. In this discussion, we
distinguish between the broad diversification that may occur when
firms comprise business units involved in distinct business activities
(such as banking, insurance, or securities activities) or geographic
locations and the type of portfolio diversification that occurs when
risk management units take steps to hedge portfolio- or business-level
risk exposures. It is the first type of diversification—which has become
much more feasible given the regulatory and technical developments
discussed in the text—that presents the sort of challenges we discuss in
this article.
5. The evaluation of the adequacy of risks in light of a full risk
assessment is discussed in Federal Reserve SR Letter 99-18. Earlier in
the decade, the Federal Reserve issued SR Letter 93-69, on the
management of trading activities; SR Letter 97-32, on information
security; SR Letter 00-04, on outsourcing; and a series of papers on the
management of credit risk in both primary and secondary market
activities (SR Letters 99-3, 98-25, and 97-21). The Office of the
Comptroller of the Currency and the Federal Deposit Insurance
Corporation have issued guidance using a comparable framework for
a similar range of topics.
6. This framework is best developed in “ Principles for the
Management of Credit Risk,” published in September 2000. The
Committee has also published work on interest rate risk, in 1997;
operational risk, in 1998; and liquidity risk, in 2000.
7. The work of Modigliani and Miller (1958) and Miller and
Modigliani (1961) suggests that any risk-altering actions taken by a
firm’s management are redundant and resource-wasting because
shareholders can achieve their optimal degree of diversification
independently. See Cummins, Phillips, and Smith (1998) for a
discussion of the factors—such as bankruptcy costs, taxes, and costly
external financing—that may make it worthwhile for firms to engage
in risk management.
8. This relationship can be expressed mathematically as
,
where and are the profit volatilities of business units A and B
and is the correlation between them.
9. This situation was not uncommon among globally dispersed
institutions prior to the introduction of enhanced information
systems in the early-to-mid-1990s. Later in this article, we discuss the
role of information costs and information systems in diversified
financial institutions.
10. Morris and Shin (1999) describe this problem in the context of
multiple firms operating in a single market. They describe the errors
in risk assessment that can occur when risk management systems
assume that the firm’s activities are similar to playing roulette
(gambling against nature), when in fact the risks are more like those in
poker (where the actions of the other players matter). The same
analogy can be applied to risks within a firm.
11. Or, as discussed below, such contagion fears may arise because
market observers believe that the resources of all of the firm’s business
units will be used to “rescue” a troubled unit, calling into question the
solvency of all of the businesses within the firm.
12. The large investments that many financial institutions are making
in electronic trading and banking are examples of strategic risk related
to establishing the competitive position of a firm in a fast-changing
and greatly contested market. The problems many financial
institutions experienced in the mid-1990s—when customers
experienced large losses in connection with derivatives and complex
trading strategies—are examples of strategic risk related to damage to
the firm’s reputation.
?
FI RM
?
A
2
?
B
2
2??
A
?
B
+ + ?
A
?
B
+ ? =
?
A
?
B
?
Endnot es (Cont inued)
FRBNY Economic Pol icy Review / Mar ch 2001 15
13. Froot and Stein (1998) consider a variant of this risk—the
bankwide cost of capital effect—that involves the impact of increased
capital costs on all units within a firm when one unit takes on large
amounts of risk.
14. In the Froot and Stein analysis, banks choose their capital
structure, risk management policies, and investment policies jointly,
rather than impose a short-run capital constraint. However, when
capital is costly, banks economize on the amount of capital they hold
and therefore take risk management concerns into account in their
investment policies.
15. The example Froot and Stein give is the counterparty risk on a
foreign exchange swap. With the advent of credit derivatives and other
credit risk management techniques, such risks are increasingly
tradable, by which Froot and Stein mean that the risks can be offset
to achieve a zero net present value. Nontradable risks can include
unhedged proprietary positions premised on subjective expected rates
of return deviating from those of the market. Note that the reliance on
markets for hedging for liquid risks and internal capital allocation for
nontradable risks is another version of the contractible/
noncontractible distinction discussed earlier.
16. Other creditors here could include suppliers, consultants, and
other contractors who provide products or services in return for the
promise of future payment.
17. This would be especially true if there were meaningful disclosures
about intrafirm exposures, as called for in a recent report by the Joint
Forum (1999b).
18. As information systems become more “ scalable,” the step function
may become flatter, in effect making it easier to realize and manage the
diversification benefits from combining activities.
19. This is also consistent with the analysis of Holmstrom and
Milgrom (1994), which derives analytically that enhancements to
performance measurement tend to permit greater employee freedom
(such as higher limits), although the authors caution that their analysis
requires a careful specification of the exact problem.
20. Correlations and volatilities have changed substantially over time.
Examples include the sharp drop in volatilities in short-term interest
rates associated with the decline in inflation in the 1980s and early
1990s; sharp increases in the correlations and short-term volatilities of
U.S. long-term fixed income instruments in times of distress; and a
rise in the idiosyncratic risk of equities in the 1990s, the last example
documented in Campbell, Lettau, Malkiel, and Xu (2001).
21. Gibson (1998) derives similar conclusions about the impact of
declining information costs. In his approach, risk measurement is a
means to monitor risk-taking by employees when information about
the managerial effort of those employees (or outside agents, such as
mutual fund managers) is not observable by the employer.
22. Typically, these internal capital allocation systems fall short of a
full-fledged consolidated risk measurement system, either because
they incorporate only a limited range of the risks facing a financial
institution (for example, just credit risk or market risk, but not
operational or other forms of risk) or because they are applied only to
a subset of the institution’s activities.
23. The specific regulatory barrier they cite is the limitations on
foreign ownership of domestic airlines.
24. Other potential definitions of risk could involve pure volatility
measures, such as standard deviations of earnings or economic value,
or sensitivity measures that capture the derivative of earnings or
economic value with respect to particular risk factors, such as the
“ value of a basis point.”
25. Lewis (1998), for instance, describes how one insurance company
examines stress scenarios that affect all aspects of the firm, such as an
earthquake that simultaneously causes extremely high insurance
claims and disrupts financial markets—and thus the firm’s
investments and investment income—for some period of time.
26. Of course, some market price series exhibit sharp, discontinuous
jumps, such as those associated with emerging market developments
and unexpected changes in exchange rate regimes. These factors have
tended to be incorporated into value-at-risk models after the initial
phases of model development.
27. To some extent, both the lack of data and the lower frequency
variation reflect the current GAAP (Generally Accepted Accounting
Principles) accounting standards, which do not require the daily
marking-to-market to which trading account positions are subject.
Thus, shorter term variation in value may not be reflected in the
accounting data typically available for use in credit risk models.
28. See Basel Committee on Banking Supervision (1999a) for a
discussion of the state of development of credit risk models.
Ref er ences
16 The Chal l enges of Risk Management
Basel Committeeon Banking Supervision. 1999a. “Credit Risk
Modeling: Current Practices and Applications.” April. Basel,
Switzerland: Bank for International Settlements.
———. 1999b. “A New Capital Adequacy Framework.” June. Basel,
Switzerland: Bank for International Settlements.
———. 1999c. “ Performance of Models-Based Capital Charges for
Market Risk.” September. Basel, Switzerland: Bank for
International Settlements.
———. 2000a. “Sound Practices for Managing Liquidity in Banking
Organizations.” February. Basel, Switzerland: Bank for
International Settlements.
———. 2000b. “Principles for the Management of Credit Risk.”
September. Basel, Switzerland: Bank for International Settlements.
Board of Governors of theFederal ReserveSystem. 1993. “Examining
Risk Management and Internal Controls for Trading Activities of
Banking Organizations.” SR Letter 93-69. December 20.
———. 1997a. “Risk Management and Capital Adequacy of Exposures
Arising from Secondary Market Credit Activities.” SR Letter 97-21.
July 11.
———. 1997b. “Sound Practice Guidance for Information Security
for Networks.” SR Letter 97-32. December 4.
———. 1998. “Sound Credit Risk Management and the Use of
Internal Credit Risk Ratings at Large Banking Organizations.”
SR Letter 98-25. September 21.
———. 1999a. “Supervisory Guidance Regarding Counterparty
Credit Risk Management.” SR Letter 99-3. February 1.
———. 1999b. “Assessing Capital Adequacy in Relation to Risk at
Large Banking Organizations and Others with Complex Risk
Profiles.” SR Letter 99-18. July 1.
———. 2000. “Outsourcing Information and Transaction
Processing.” SR Letter 00-04. February 29.
Campbell, John, Martin Lettau, Burton Malkiel, and Yexuai Xu. 2001.
“Have Individual Stocks Become More Volatile: An Empirical
Exploration of Idiosyncratic Risk.” Jour nal of Finance 56, no. 1
(February): 1-43.
Coase, Ronald. 1937. “The Nature of the Firm.” Economica 4, no. 4
(November): 386-405.
Counterparty Risk Management Policy Group. 1999. “Improving
Counterparty Risk Management Practices.” June.
Cummins, J. David, Richard D. Phillips, and Stephen D. Smith. 1998.
“ The Rise of Risk Management.” Federal Reserve Bank of Atlanta
Economic Review, first quarter: 30-40.
Federal ReserveSystem Task Forceon Internal Credit Risk Models. 1998.
“ Credit Risk Models at Major U.S. Banking Institutions: Current
State of the Art and Implications for Assessments of Capital
Adequacy.” May.
Froot, Kenneth A., and Jeremy C. Stein. 1998. “ Risk Management,
Capital Budgeting, and Capital Structure Policy for Financial
Institutions: An Integrated Approach.” Jour nal of Financial
Economics 47, no. 1 (January): 55-82.
Gertner, Robert H., David S. Scharfstein, and Jeremy C. Stein. 1994.
“ Internal versus External Capital Markets.” Quar t er l y Jour nal
of Economics 109, no. 4 (November): 1211-30.
Gibson, Michael S. 1998. “The Implications of Risk Management
Information Systems for the Organization of Financial Firms.”
Board of Governors of the Federal Reserve System International
Finance Discussion Paper no. 632, December.
Global Derivatives Study Group. 1993. “Derivatives: Practices and
Principles.” July. Washington, D.C.: Group of Thirty.
Grossman, Sanford J., and Oliver D. Hart. 1986. “The Costs and
Benefits of Ownership: A Theory of Vertical and Lateral
Integration.” Jour nal of Pol it ical Economy 94,
no. 4: 691-719.
Holmstrom, Bengt, and Paul Milgrom. 1994. “ The Firm as an Incentive
System.” Amer ican Economic Review 84, no. 4 (September):
972-91.
Holmstrom, Bengt, and John Roberts. 1998. “The Boundaries of the
Firm Revisited.” Jour nal of Economic Per spect ives 12,
no. 4 (fall): 73-94.
Ref er ences (Cont inued)
FRBNY Economic Pol icy Review / Mar ch 2001 17
Joint Forum (Basel Committeeon Banking Supervision, International
Organization of Securities Commissioners, International Association
of InsuranceSupervisors). 1999a. “Risk Concentration Principles.”
December. Basel, Switzerland: Bank for International Settlements.
———. 1999b. “Intra-Group Transactions and Exposures Principles.”
December. Basel, Switzerland: Bank for International Settlements.
Labrecque, Thomas G. 1998. “Risk Management: One Institution’s
Experience.” Federal Reserve Bank of New York Economic
Pol icy Review 4, no. 3 (October): 237-40.
Lam, James. 1999. “Enterprise-Wide Risk Management: Staying
Ahead of the Convergence Curve.” Jour nal of Lending and
Cr edit Risk Management 81, no. 10 (June): 16-9.
Lewis, Robert. 1998. “Capital from an Insurance Company
Perspective.” Federal Reserve Bank of New York Economic
Pol icy Review 4, no. 3 (October): 183-5.
Miller, Merton H., and Franco Modigliani. 1961. “Dividend Policy,
Growth, and the Valuation of Shares.” Jour nal of Business 34
(October): 411-33.
Modigliani, Franco, and Merton H. Miller. 1958. “The Cost of Capital,
Corporation Finance, and the Theory of Investment.” Amer ican
Economic Review 48 (June): 261-97.
Morris, Stephen, and Hyun Song Shin. 1999. “Risk Management with
Interdependent Choice.” Bank of England Financial St abil it y
Review, no. 7 (November): 141-50.
Mudge, Dan. 2000. “The Urge to Merge.” Risk Magazine. February,
p. 64.
Theviews expressed in this articlearethoseof theauthors and do not necessarily reflect theposition of theFederal Reserve Bank
of New York or the Federal Reserve System. The Federal Reserve Bank of New York provides no warranty, express or
implied, as to theaccuracy, timeliness, completeness, merchantability, or fitness for any particular purpose of any
information contained in documents produced and provided by theFederal ReserveBank of New York in any form or
manner whatsoever.
doc_411717560.pdf
In recent years, financial institutions and their supervisors have placed increased emphasis on the importance of consolidated risk management. Consolidated risk management-sometimes also called integrated or enterprisewide risk management-can have many specific meanings, but in general it refers to a coordinated process for measuring and managing risk on a firmwide basis. Interest in consolidated risk management has arisen for a variety of reasons.
FRBNY Economic Pol icy Review / Mar ch 2001 1
The Chal l enges of Risk
Management in Diver sif ied
Financial Companies
n recent years, financial instituti ons and their supervisors
have placed i ncreased emphasis on the importance of
consolidated risk management. Consolidated risk
management—sometimes also called integrated or
enterpri sewide ri sk management—can have many specific
meanings, but in general it refers to a coordinated process for
measuring and managing risk on a firmwide basis. Interest in
consolidated risk management has arisen for a variety of
reasons. Advances in information technology and financi al
engineering have made it possible to quantify risks more
preci sely. The wave of mergers—both in the United States and
overseas—has resulted in significant consolidation in the
financial services industry as well as in larger, more complex
financial insti tutions. The recently enacted Gramm-Leach-
Bliley Act seems likely to heighten interest in consolidated risk
management, as the legislation opens the door to combinations
of financial activities that had previously been prohi bited.
This arti cle examines the economic rationale for managing
risk on a firmwide, consolidated basis. Our goal is to lay out
some of the key issues that supervisors and risk management
practitioners have confronted in assessi ng and developing
consolidated risk management systems. In doing so, we hope to
clarify for a wider audience why the ideal of consolidated ri sk
management—which may seem uncontroversial or even
obvious—involves significant conceptual and practical issues.
We also hope to suggest areas where research by practitioners
and academics could help resolve some of these i ssues.
Christine M. Cumming is an executive vice president and the director of
research and Beverly J. Hirtle is a vice president at the Federal Reserve Bank
of New York.
The authors would like to thank Gerald Hanweck, Darryll Hendricks, Chris
McCurdy, Brian Peters, Philip Strahan, Stefan Walter, Lawrence White, and
two anonymous referees for many helpful comments. The views expressed are
those of the authorsand do not necessarily reflect the position of the Federal
Reserve Bank of New York or the Federal Reserve System.
• Although the benefits of a consolidated, or
firmwide, system of risk management are
widely recognized, financial firms have
traditionally taken a more segmented
approach to risk measurement and control.
• The cost of integrating information across
business lines and the existence of regulatory
barriers to moving capital and liquidity within
a financial organization appear to have
discouraged firms from adopting consolidated
risk management.
• In addition, there are substantial conceptual
and technical challenges to be overcome in
developing risk management systems that
can assess and quantify different types of risk
across a wide range of business activities.
• However, recent advances in information
technology, changes in regulation, and
breakthroughs in risk management
methodology suggest that the barriers to
consolidated risk management will fall
during the coming months and years.
Christine M. Cumming and Beverly J. Hirtle
I
2 The Chal l enges of Risk Management
The approach we take is to review the arguments made by
supervisors and the financial industry in favor of consoli dated
risk management. While both parties agree on the i mportance
of this type of risk management, this support seems to be
moti vated by quite different concerns. Supervisors appear to
support it out of a safety-and-soundness concern that
significant risks could be overlooked or underestimated in the
absence of fi rmwide risk assessment.
1
In contrast, financial
institutions appear willing to undertake significant efforts to
develop consolidated risk management systems because they
believe that those systems wi ll help them assess the risk and
return of different business li nes and thus allow them to make
more informed decisions about where to invest scarce
resources to maximize profits.
2
While these two views may
reflect qui te di fferent underlying motivations for supporting
consolidated risk management, we argue below that they result
in a common emphasis on the importance of accurate
assessments of risk.
Although both supervisors and fi nancial institutions
support the concept of consolidated risk management, few if
any financial firms have fully developed systems in place today.
The absence thus far of fully implemented consolidated risk
management systems suggests that there are significant costs or
obstacles that have historically led firms to manage ri sk in a
more segmented fashion. We argue that both information costs
and regulatory costs play an important role here by affecting
the trade-off between the value derived from consolidated risk
management and the expense of constructing these complex
risk management systems. In addition, there are substantial
technical hurdles involved in developing ri sk management
systems that span a wide range of businesses and types of risk.
Both of these factors are evolving i n ways that suggest that the
barriers to consolidated risk management are increasingly
likely to fall over the coming months and years.
The remainder of this article is organized as follows. In the
next secti on, we describe the concept of consolidated risk
management in greater detail and provide a more in-depth
discussion of the views of supervisors and the financi al industry
about this process. We then offer a critical analysis of these
views, using a simple portfolio model to help illustrate the
economic rationale behind consolidated risk management.
Next, we discuss the constraints that have slowed many
financial insti tutions i n their implementation of consolidated
risk management systems. We conclude with a discussion of
the major technical challenges and research questions that will
need to be addressed as an i ncreasing number of financial firms
implement firmwide risk management systems.
Consol idat ed Risk Management :
Def init ions and Mot ivat ions
At a very basic level, consolidated risk management entails a
coordinated process of measuring and managing risk on a
firmwide basis. This process has two distinct, although related,
dimensions: coordinated risk assessment and management
across the different types of risk facing the fi rm (market risk,
credi t risk, li quidity risk, operational risk), and integrated risk
evaluation across the firm’s various geographic locations, legal
entities, and business li nes. In theory, both dimensi ons must be
addressed to produce a consolidated, firmwide assessment of
risk. In practice, few financial fi rms currently have in place a
consolidated risk management system that fully incorporates
both dimensions, although many large institutions—both in
the United States and overseas—appear to be devoting
significant resources to developing such systems (Joint Forum
1999a).
3
To understand consolidated risk management, it is
important to recognize the di stinction between risk
measurement and risk management. Risk measurement entails
the quantification of ri sk exposures. This quantification may
take a variety of forms—value-at-risk, earnings-at-risk, stress
scenario analyses, duration gaps—depending on the type of
risk being measured and the degree of sophistication of the
esti mates. Risk management, in contrast, refers to the overall
process that a financial insti tution follows to define a busi ness
Our goal is to lay out some of the key
issues that supervisors and risk
management practitioners have
confronted in assessing and developing
consolidated risk management systems.
The absence thus far of fully implemented
consolidated risk management systems
suggests that there are significant costs or
obstacles that have historically led firms to
manage risk in a more segmented fashion.
FRBNY Economic Pol icy Review / Mar ch 2001 3
strategy, to identify the risks to which it is exposed, to quantify
those ri sks, and to understand and control the nature of the
risks it faces. Risk management is a series of business deci sions,
accompanied by a set of checks and balances—risk limits,
independent risk management functions, risk reporting,
review and oversight by senior management and the board of
directors—in which risk measurement plays an important,
although not all-encompassi ng, role. Thus, consolidated risk
management involves not only an attempt to quantify risk
across a diversified firm, but also a much broader process of
busi ness decision maki ng and of support to management in
order to make informed decisions about the extent of risk taken
both by individual busi ness lines and by the firm as a whole.
Recent trends in the financial services industry have
increased the challenges associated with this process. To begin,
financial i nstitutions increasingly have the opportunity to
become involved in a diverse range of financi al activities. In the
United States, bank holding compani es have been able to
combine traditional banking and securities activiti es since the
late 1980s, when the Federal Reserve permitted the creation of
“ Section 20” securities subsidiaries. The Gramm-Leach-Bliley
Act will now enable affiliations involving banking, securities,
and insurance underwri ting in so-called financial holding
companies (FHCs). Such combinations of diverse financial
activities present significant challenges to consolidated risk
management systems, as greater diversity often means that the
system must encompass a wider range of risk types.
4
Consolidation in the financial services industry has
produced i nstitutions with operations spanning large
geographic areas, both domesti cally and internationally. Such
wide geographic dispersion, especially across time zones, can
make it difficult for a fi rm’s management to keep track of the
activities across all of its operating centers. Financial
institutions have responded to this situation by increasing the
resources devoted to information systems desi gned to track
and monitor exposures worldwi de. Indeed, the development of
coordi nated informati on systems is one of the most important
steps in consolidated risk management.
The supervisory community has advocated that financial
institutions adopt consolidated risk management procedures
in the guidance it has published in the 1990s, especially
guidance for banking companies. In the United States, these
efforts began in 1993 with guidelines for supervisors evaluating
risk management i n derivatives and trading activities, and have
continued to date, most recently with a 1999 Federal Reserve
paper containing broad conceptual guidelines for evaluating
capital adequacy in light of the full range of risks faci ng the
bank or bank holding company.
5
Internationally, the Basel
Committee on Banking Supervision extended the framework
for describing the risk management process to encompass the
role of business strategy and the activities of business line
decision makers.
6
The Committee also set out an approach to
the supervisory revi ew of a bank’s internal assessment of capital
adequacy i n light of a firm’s overall risks as the second pi llar of
the proposed new capital adequacy framework (Basel
Committee on Banking Supervision 1999b).
Recently, an international forum of banking, securities, and
insurance supervisors issued a report containing principles that
supervisors should follow to ensure that financi al
conglomerates are adequately identifying and managi ng risk.
The report’s lead recommendation is that “ supervisors should
take steps . . . to provide that conglomerates have adequate risk
management processes in place to manage group-wide risk
concentrations” (Joint Forum 1999a).
The rationale offered by supervisors for the importance of
consolidated risk management seems to be a concern that, in
the absence of a firmwide assessment, significant risks could be
overlooked or underestimated. The Joi nt Forum report, for
instance, argues that “ the additi ve nature of concentrations and
the risk of transmission of material problems within a
conglomerate point to the value of both conglomerate
management and supervisors conducting a group-wide
assessment of potential concentrations” (Joint Forum 1999a).
The underlying concern is that such underestimated or
overlooked risks receive insuffici ent management attention
and have the potential to produce unexpectedly large losses
that could threaten the firm’s financial health.
Financial market practitioners also cite the interdependent
nature of risks wi thin an organization as a motivation to
develop consolidated risk management systems. For instance,
echoing sentiments in the supervisors’ Joint Forum report,
Lam (1999) argues that “ managing risk by silos simply doesn’t
work, because the risks are highly interdependent and cannot
be segmented and managed solely by independent units” in the
Consolidated risk management involves
not only an attempt to quantify risk across
a diversified firm, but also a much broader
process of business decision making and
of support to management in order to
make informed decisions about the extent
of risk taken both by individual business
lines and by the firm as a whole.
4 The Chal l enges of Risk Management
firm. Similarly, a senior executive at a major U.S. bank asserts
that “ the careful identification and analysis of risk are,
however, only useful insofar as they lead to a capital allocation
system that recogni zes different degrees of risk and includes all
elements of risk” (Labrecque 1998).
In contrast to the supervi sors, however, the primary
implication that Lam and others draw from this finding
concerns the role that consolidated risk management systems
can play i n helping firms to make better-informed deci sions
about how to invest scarce capi tal and human resources. For
instance, Mudge (2000) stresses that a consistent framework
for evaluati ng firmwi de risk and return across diverse financial
activities is a key to evaluating the benefits of potential mergers
among banking and insurance firms. Similarly, Lam (1999)
argues that consolidated risk management systems can help
firms understand the risk/return trade-offs among different
busi ness li nes, customers, and potential acquisitions.
Furthermore, consolidated risk management may allow a firm
to recognize “ natural hedges” —when one enti ty within the
firm has positions or is engaged in activities that hedge the
positions or activities of another part of the firm—that may
become apparent only when risk is exami ned from the
perspective of the consolidated institution. Fi rms that fail to
recognize the diversification effects of such natural hedges may
waste resources on redundant hedging by individual units
within the organization.
Thus, while both supervisors and financial institutions agree
on the importance of consolidated ri sk management and point
to the same dri ving factors, their conclusions about the role
that these systems can play emphasize quite different concerns.
At one level, this di fference is not surprising, given the different
objectives of supervisors and financial instituti ons (safety and
soundness, on the one hand, and profit maximization, on the
other). On another level, these concerns are not necessari ly
mutually exclusive. Indeed, in the next section, we argue that
supervisors’ emphasis on underesti mation of fi rmwide risk
and financial i nstitutions’ emphasis on enhanced under-
standing of the risk/return trade-off among different activities
reflect a common emphasis on the importance of accurate
assessments of risk.
Under st anding t he Rol e
of Consol idat ed Risk Management
The discussion above reflects a well-established belief on the
part of financial institutions and supervisors in the importance
of consolidated risk management. But what economic
fundamentals underlie this belief?In this section, we assess the
views of supervisors and financial institutions and try to place
them in a common framework. We do not attempt to address
the question of why firms choose to manage risk at all.
7
Instead,
we try to understand why it matters whether risk is managed on
a consoli dated basis or at the level of indivi dual businesses or
risks wi thin a firm.
The Supervisors’ View: Spillover Effects
We first consi der the view expressed by supervisors in the Joint
Forum paper (1999a), namely, that in the absence of
consolidated risk management, signi ficant risks could be
overlooked or underestimated. To gain some insight into thi s
view, it is helpful to consider a simple portfolio approach to
assessing the risk of a diversified financial firm. This approach
helps illustrate how the perception of the overall risk facing the
firm would differ if institutions managed their risk in an
integrated way i nstead of by individual businesses or legal
entities within the larger organization.
To begin, suppose that a financial firm has two business
lines, each of which earns profits that vary uncertai nly over
time. Application of standard portfolio theory suggests that the
risk of the overall firm will depend on the variation in each
unit’s profits and the extent to which variation in these profits
is correlated between the two units. In particular, the risk faci ng
the consolidated firm will be less than or equal to the sum of the
risks facing the indivi dual business units within the firm
whenever this correlation is less than perfect. In this situation,
the profit vari ation i n one unit diversifies the risk of the other.
8
The importance of thi s observation for our purposes is that
it suggests that establishing risk monitoring and control (such
as limits) at the business level and then summing up across
business lines would be a conservativeapproach to managi ng
While both supervisors and financial
institutions agree on the importance of
consolidated risk management and point
to the same driving factors, their
conclusions about the role that these
systems can play emphasize quite
different concerns.
FRBNY Economic Pol icy Review / Mar ch 2001 5
and assessing the overall risk facing the firm, since it ignores
any potential diversification effects across business lines. Thi s
conclusion stands in marked contrast to the arguments
advanced by supervisors in favor of consolidated risk
management. How can we reconcile these two outcomes?
The answer, of course, i s that the si mple portfolio example
misses some important “ real world” aspects of financial risk
and risk management. Perhaps the most significant of these is
the assumption that the risks facing each business unit are fixed
and known. In fact, these risks are functions of many factors
that can vary significantly over time. In particular, the simple
portfolio example assumes that the risk profile of one business
line can be measured without regard to the risks undertaken by
the other. This assumption is not a statement about the degree
of correlation between the risks faced by the two busi ness units,
but rather the idea that the underlyi ng volatility of one busi ness
line’s profitability may be affected by the actions of another
busi ness li ne.
An example of this relati onship might be when two or more
geographic centers within a global financial firm have similar
positions that they have each hedged in a particular security or
market. In the absence of a consolidated risk management
system, the various units could be unaware of the positions that
other units within the firm have taken.
9
Each unit assumes that
its position is small enough that i t would be able to roll over its
hedges or otherwise take steps to reduce its ri sk even in the
event of market stress. However, when the vari ous business
units try to take these steps simultaneously, thei r combined
activity reinforces the liquidity problems facing the market,
resulting in sharp, adverse moves i n the market prices of the
hedgi ng and/or underlying instruments. Thus, losses at
individual units exceed the risk assumptions made in each
unit’s i ndividual ri sk management plans and the aggregate
position of the firm is therefore riski er than the sum of the
assumed indi vidual risks of the business units. In essence, the
firm faces the “ portfolio insurance” problem in that the actions
of one unit affect the risks facing another.
10
These spillover effects can be enhanced during times of crisi s
or severe market disrupti on. A firm that manages ri sk on a
unit-by-unit basis may have to spend valuable time simply
determining what its aggregate position i s in the affected
markets, rather than being able to react to quickly developing
market conditions. Since ni mbleness in responding to
problems can affect outcomes favorably, such firms may be at
a disadvantage compared with smaller firms (for instance,
compared with a series of smaller firms that are comparable in
the aggregate to the diversified financial institution) and
compared with large firms with consolidated risk management
systems. Such a situation is an example of how the structure of
the ri sk management system—as di stinct from any ex ante risk-
mitigating acti ons taken by the fi rm’s risk managers—may
affect the aggregate risk facing the firm. Nimbleness is
especi ally i mportant i f market disruption spreads rapidly from
market to market i n a hard-to-anticipate pattern, as it did in
1997-98.
In fact, the financial crisis in the fall of 1998 provides some
interesting insights into the importance of consolidated risk
management and measurement systems when there are
linkages across markets. International bank supervisors
conducted a study of the performance during the market
upheaval of banks’ risk management systems and the value-at-
risk models used to calculate market risk capital requirements
(Basel Committee on Banking Supervision 1999c). The study
examined information on the stress testing done by large banks
in several G-10 countries and found that ex ante stress test
results provided a better picture of actual outcomes during the
third quarter of 1998, when those tests were based on actual
historical experience or hypothetical scenarios that
incorporated simultaneous movements in a range of rates and
prices, rather than on large movements in a single market risk
factor. Thus, firms whose stress testing and risk management
systems recognized potential linkages across markets had more
realisti c estimates of the way events in the fall of 1998 were
likely to affect their firms.
Another way i n which spillover effects can result in
aggregate risk exceeding the sum of the individual risks of
business units within the firm concerns what might be called
reputati onal or contagion risk. As discussed in the Joint Forum
report (1999a), this is the idea that problems in one part of a
diversified firm may affect confidence in other parts of the
firm. The situation that the Joint Forum paper appears to have
in mi nd is one in which such problems cause acute, near-term
funding or liquidity problems across the firm, due to questions
about whether the losses in the troubled business unit are
evidence of as-yet-unrevealed losses in other business lines.
11
Spillover effects can be enhanced during
times of crisis or severe market disruption.
A firm that manages risk on a unit-by-unit
basis may have to spend valuable time
simply determining what its aggregate
position is in the affected markets, rather
than being able to react to quickly
developing market conditions.
6 The Chal l enges of Risk Management
Aside from such near-term concerns, spillover effects can
also have a longer run dimension. For example, innovative
busi nesses or those involving massive technology investments
can engender what some analysts call “ strategic risk.” Failure in
such ventures may be highly visible and thus likely to have
spillover effects on other businesses through the cost of capital,
the cost of funding, and revenue effects through the loss of
customer approval. Thus, other business lines associated with
the troubled entity may see their franchise value erode as a
result of difficulties in an affili ated unit. Such strategic risk may
be particularly important for institutions for which customer
trust is a key competi tive advantage. Adverse publicity, legal
judgments against the firm, evidence of fraud or internal theft,
or high-profile failed business ventures may erode customer
confidence in an institution. In the extreme, such concerns may
reach the point where the affected firm is no longer viable as an
ongoing concern, even though it may technically be solvent.
12
This discussion of spillover effects suggests that supervisors’
concerns that disaggregated ri sk management systems
understate the risks facing diversified financial institutions may
not be without foundation. Certain i mportant risks may be
very difficult, if not impossible, to i ncorporate into ri sk
management systems that focus on indi vidual business units or
types of risk alone within a diversified firm. Consolidated risk
management systems therefore may be necessary to obtain an
accurate picture of the ri sks facing a firm and to have i n place
the procedures needed to manage those risks, both on a day-to-
day basi s and in stress situations. In this light, supervisors’
concerns can be seen not so much as a desire for firms to have
risk management systems that are conservative, but instead for
firms to have risk management systems that are accurate.
Consolidated Risk Management
and the Theory of the Firm
Concerns about understati ng firmwide ri sk exposures
notwithstanding, disaggregated ri sk management systems may
also miss instances i n which the risks from different units
within a diversi fied firm offset one another. The consoli dated
firm would appear to have incentives to manage its ri sk on an
aggregate basis whenever these diversification benefits are non-
negligible. At i ts heart, thi s is the logi c that Lam and others in
the financial services industry have applied in support of
consolidated risk management: the idea that a diversified
financial firm should be vi ewed as a “ portfolio” comprisi ng its
different units and business lines.
This view is closely related to the broader question of how
firms deci de which activities are coordinated within the firm
and which activities are coordinated through markets. This
question has long interested economists, and we can draw on
the i nsights of this “ theory of the firm” literature to enhance
our understanding of the role of consolidated risk
management. Coase (1937) first noted that the effi ciency of
markets might be expected to lead firms to rely on markets and
contracts with third parties to conduct their activities, but that
in fact many decisions are made, coordinated, and executed by
internal mechanisms such as reporting hierarchies, production
organization, and compensation plans. Coase’s insi ght was that
a firm carries out inside the firm those activi ties that it can
manage internally at a cost lower than the information and
transaction costs involved in purchasing corresponding
services or goods outside the firm.
Since the mid-1970s, economists have further developed
and extended the Coase analysis by elaborating more fully on
the roles of contracting for goods and services and the
ownership of assets in determining what is coordinated within
the firm and what i s coordinated by markets. Grossman and
Hart (1986) noted that the combination of uncertainty and
complexity makes contracting with inside or outside parties
difficult. In the presence of less than fully specifi ed contracts,
ownership and control of assets is synonymous with ownership
of the rights not otherwise covered by contract. Thus, the ease
or difficulty of contracting plays a major role in determining
what occurs inside the firm. Ownership demarcates the
boundary of the firm’s internal activities, whi ch often involve
the “ noncontractible” aspects of the firm’s activities. In the
Grossman and Hart analysis, bringing activities under
common ownership (integrati on) makes economic sense
whenever efficiency gains from improved information and
coordination within the firm exceed the efficiency losses
resulting from the reduced entrepreneurial incentive of the
manager who is no longer an owner.
The basic implication of this literature i s that activities will
be performed inside the firm when the complexity or costs of
performi ng them outside the firm are high. For a diversified
financial firm, these insights can be applied to interactions
between the various units wi thin the fi rm. In this setting, we
can think of activities conducted by a corporate parent on a
Certain important risks may be very
difficult, if not impossible, to incorporate
into risk management systems that focus
on individual business units or types of
risk alone within a diversified firm.
FRBNY Economic Pol icy Review / Mar ch 2001 7
firmwide basi s as coordination “ inside” the firm, while
activities conducted independently by separate units of the
firm are analogous to the “ market” activities discussed in Coase
and in Grossman and Hart. Following thi s logic, risk
management and other corporate control activities will be
conducted on a consolidated basis when it is too difficult or
costly for the individual business units to contract among
themselves.
The type of spillover effects and interrelated risks di scussed
above arguably create just such a situation. When the actions of
one business uni t in a diversified firm potentially affect the
risks faced by others, the contracting problem—in this case,
what risk exposures may be undertaken by the various business
units within the fi rm—becomes very complex to solve on a
bilateral basis. In such circumstances, the incentives to create a
centrally run, consolidated risk management system may be
strong.
Fungibility of Financial Resources
That consolidated risk management allows the firm to allocate
capital efficiently further reinforces the interdependence
between a firm’s business units. The fungibility of capital
within the firm—what some have called a firm’s internal
capital market—means that the risks undertaken by one unit
can affect the resources available to another through the
workings of the internal capital market. In considering risk in
relation to the capital resources avai lable to back that risk, then,
an additional dimension is that those resources may also be
called into play to back the activiti es of other units within the
firm.
13
The financial institution’s internal capital market i s itself an
example of coordination within the firm potentially being
more efficient than external markets. Gertner, Scharfstein, and
Stein (1994) attri bute the efficiency of i nternal capital markets
to the strong incentive that owners have to monitor capital use
relative to debtholders, especi ally if many aspects of the firm’s
capital use are not limited by the debtholders’ contract. In
addition, capital allocated to an unsuccessful project can be
shifted to another use within the firm at less cost than would be
involved in liqui dating the assets of the project in the market, if
capital and resources in one use are close enough substitutes for
those in other activities. As discussed earli er, these benefits are
offset by a reducti on in incentives to managers who no longer
act like owners.
Froot and Stein (1998) offer a model of capital allocation
and capital structure for financi al firms that develops the
relationship between risk management and capital allocation
formally.
14
In their model, financial institutions fully hedge
risks for which liquid markets are available. Financial
institutions have incentives to engage in risk management
whenever they face risks that cannot be traded in liquid
markets because they need to hold capital against the
nontradable positions accordi ng to the amount of risk in the
portfolio.
15
The desirability of any given investment depends
on the extent to which i ts nontradable risk is correlated with
the nontradable risks of the firm’s other portfolio positions.
Drawing this point to its logical conclusion, Froot and Stein
argue that “ this line of reasoning suggests that the ri ght
question is not whether or not the bank should centralize its
decisionmaking, but rather how often headquarters should
gather information and use this pooled information to help
guide investment decisions.”
The firm’s liquidity resources (assets that can be liquidated
as well as funding sources that can be tapped) can be viewed as
fungible across the firm in much the same way that capital is
fungible (in the absence of regulatory or other constraints). For
this reason, liquidi ty resources virtually always are coordinated
centrally for the firm as a whole (Basel Committee on Banking
Supervision 2000a). These resources are available to provide
cash needed to meet obligati ons, especially in contingency
situations such as market distress.
This interdependency suggests that consolidated ri sk
management systems should take liquidity considerations into
account. Liquidi ty risk assessment requires knowledge of the
size and nature of the firm’s risk positions, while the firm’s
liquidity risk position should influence the amount and type of
risk that business managers choose to take. One approach to
recognizing this connection i s to extend the concept of capital
adequacy to encompass the abili ty to liquidate assets or easi ly
fund them, as is intended by the Securities and Exchange
Commission’s capital rule for registered broker-dealers.
Alternatively, an integrated risk assessment approach could
consider liquidity risk along with market, credit, and other
risks in scenari o analyses intended to test the impact of the
scenario on capital adequacy (and ultimately solvency) and
liquidity, in a test of dual constrai nts.
That consolidated risk management
allows the firm to allocate capital
efficiently further reinforces the
interdependence between a firm’s
business units.
8 The Chal l enges of Risk Management
Finally, the risks introduced by leverage reinforce the need
to evaluate risk on a fi rmwide basis. Most financial firms are
leveraged, and over the course of the 1990s analysts in financial
institutions and their supervisors have recognized that many
methods can be used to increase leverage in addition to
increasing balance sheet debt to equity, such as taking positions
through the use of derivatives and imbedded optionality. Since
leverage increases the risk supported by capital, a sophisticated
risk assessment should incorporate the combined effects of all
sources of market and credit risks, of li quidi ty risk, and of
leverage on capital. This point was made by the Counterparty
Risk Management Poli cy Group (1999) in its private sector
report on lessons learned from the 1998 de facto failure of
Long-Term Capital Management, a large hedge fund. The
report suggests several measures that can be used to conduct a
risk and capital or liquidity adequacy analysis.
Debtholders and Other Creditors
Financial institutions may have additional incentives to engage
in consolidated risk management because of the concerns of
debtholders and other creditors.
16
In agreeing to extend credit,
these parties must take into account the moral hazard i ncentive
that the firm has to increase its risk exposure—to the benefit of
the firm’s shareholders and the detriment of its creditors—
once the credit has been extended. This situation is particularly
acute for financial firms, which can change their risk profiles
relatively rapidly using derivatives and other liquid financial
instruments. In the face of this uncertainty, creditors may
charge higher rates or offer less favorable nonprice terms (for
instance, shorter maturity or hi gher collateral) than they would
if this incenti ve could be addressed.
Consolidated risk management systems provi de a way for
financial i nstitutions to make a credible commitment against
such behavi or. In particular, these systems faci litate better
disclosure by providing a consistent and comprehensive
assessment of the firm’s true risk exposure that can be used by
creditors to monitor the institution’s activities. In the absence
of such systems, it can be si gnificantly more difficult for
analysts to draw an accurate picture of the firm’s overall risk
exposure, even if the individual units within the firm make
extensive disclosures of thei r risk profiles. Furthermore, the
centralized and independent ri sk management units that nearly
always are a key feature of consolidated risk management
systems provide an i nternal check against any incentives for
individual units or employees within the firm to hide risk
exposures from senior management. Fi nally, the enhanced
disclosure made possible by consolidated risk management
systems may mitigate some of the spillover effects described
above by providing meaningful information about the true
extent and nature of linkages between various businesses
within the consolidated firm.
17
Thus, these systems can provide
an important tool for management to address the moral hazard
concerns of creditors and to obtain better borrowing terms as a
result.
Spillover effects, the fungibility of resources, and the
concerns of debtholders and creditors suggest that firms have
strong incentives to measure risks well, to take advantage of
diversification benefits, and to manage capital and liquidity
efficiently. In the next section, we examine why firms have not
been faster to adopt consolidated ri sk management to take
advantage of even small diversification effects and why both
industry and supervisory efforts have been necessary to
encourage its use.
Obst acl es t o Cr eat ing Consol idat ed
Risk Management Syst ems
That firms have not immediately adopted consolidated risk
management systems suggests that there are significant costs or
obstacles that historically have led firms to manage risk in a
more segmented fashion. While the firm can invest in two
business activities, as discussed above, it fi nds the two activities
to be in some sense segregated, so that taking advantage of
diversification effects engenders costs. The segregation can be
geographical (such as New York versus London) or conceptual
(for example, loans versus over-the-counter options).
Information Costs
Segregation creates two kinds of costs. The first is informati on
costs—the costs of integrating and analyzing information from
the two business lines. Those costs involve both the resources
Consolidated risk management systems . . .
facilitate better disclosure by providing a
consistent and comprehensive assessment
of the firm’s true risk exposure that can be
used by creditors to monitor the
institution’s activities.
FRBNY Economic Pol icy Review / Mar ch 2001 9
involved in transmitting, recording, and processi ng the
information and the amount of decay in the time value of the
information, reflecting the lags in assembling and verifying
information. At any given moment, there may be competing
information technologies with similar scale effects, but a
different mix of costs in terms of monetary outlays and time
to assemble information (for instance, a highly automated
process versus a manual one).
Information costs are shaped largely by technology.
Information systems tend to have substantial fixed costs that
usually increase with the size of the i nformation system, but
low marginal costs until the particular system approaches
capacity. To reflect that, we consider the total information cost
function to be a step functi on increasing discretely as the scale
of the business i ncreases. For a given volume of information,
then, the value of recognizing the impact of diversification—
which i s a function of the amount of diversificati on inherent in
the firm’s activities—needs to exceed the information costs for
the scale of the firm’s business i n order for the firm to invest in
the information infrastructure. In essence, the firm maximizes
its expected profits subject to a capital constraint by choosing
the business mix, the scale of business, and the information
technology (or none) to manage risk.
18
Information costs will tend to limit the size of the business
for a given level of capital. If the firm finds the cost of
information hi gh relative to the diversification benefit, the firm
will manage each business separately, and in doing so, it will
assi gn relatively hi gh amounts of capital to each business line as
if there was no diversification benefit. As a result, the scale of
the firm’s overall business will be lower than it would be when
diversification effects can be realized.
19
Improvements in technology reduce fixed information
costs, make it possible for firms to take greater advantage of
diversification benefits, and increase the scale on which certain
busi nesses can be conducted. For example, improvements in
information technology permi t banks and securities firms to
manage single “ global books,” in contrast to the regional
approach used to manage most international businesses i n the
1970s and 1980s.
Finally, the value of information has risen as the pace of
developments has picked up and the complexity of financial
relationships among markets and counterparties has increased.
If we i nterpret the increased speed of events as an increase in
the variability of the risks and correlations associated with a
financial firm’s di fferent business lines, then, ceteris paribus,
firms would tend to set necessarily more conservative limits on
their activities—perhaps in line with the maximum possi ble
values of the risk exposures of their various uni ts.
20
Since these
maxima would rarely be observed together in practice, there
would appear to be substantial opportunities for gains from
identi fyi ng and responding to changes in the diversification
benefit. But greater volatility in the underlying risk
relationships also changes the set of relevant information
technologies, since at any scale of activity most “ low-tech,”
time-intensive techniques become unacceptably costly,
reflecting the rapid decay in the value of information. Thus, in
a more volatile environment, we mi ght expect the ability to
design and implement effective technology-intensi ve risk
management information systems to represent a significant
dimension of competitiveness for financial institutions seeking
to operate in a large number of markets.
21
Regulatory Costs
Regulatory barriers to moving capital and liquidity withi n a
financial organization impose another cost that inhibits the use
of consolidated risk management. These barriers can take the
form of business line capital and liquidity requirements set by
regulators, prohibitions or limits on capital and funds that can
be transferred from one business line to another, or the
necessity of seeking prior approval or givi ng prior notice to
move funds between business lines. Most commonly, business
lines segregated from one another by such regulatory
requirements are in different locations or different legal
entities, subjecting the two business lines to different
regulations. However, similar types of costs can be imposed by
rating agencies, creditors, or even investors when the
requirements or expectations they set differ across individual
entities.
As with i nformation costs, we can consider the regulatory
costs to reflect both monetary outlays to manage or circumvent
regulatory barriers and the wai ting period or decay in profit
opportunities i n the time needed to comply wi th or overcome
regulatory costs. While in some cases regulatory requirements
can make it virtually impossible to move capital or liquidity
Improvements in technology reduce fixed
information costs, make it possible for
firms to take greater advantage of
diversification benefits, and increase the
scale on which certain businesses can
be conducted.
10 The Chal l enges of Risk Management
from one business line to another i n the short run, in many
cases regulatory requirements can be satisfied at some cost. The
cost of managing and circumventing regulatory requirements
appears to have dropped substantially through the use of
derivatives, securitization techniques, and other financial
engineering. Indeed, a recurring pattern in financial regulation
is the erosi on of regulatory requirements through financial
innovation and regulatory arbitrage and thei r eventual repeal.
That pattern dates back at least to the creation of the Eurodollar
market in the 1960s and the subsequent slow removal of
deposit ceili ngs and many reserve requirements. If regulatory
circumvention is not possible, in the longer term the firm can
plan its organization and its capital and funding strategy to
create more flexibility in managing regulatory requirements,
usually at the cost of holding excess capital and liquidity i n
some units.
Therefore, for a given scale of its various businesses, there
are regulatory costs that the firm can minimize to some extent.
Once again, the firm will invest i n i nformation technology and
management of regulatory requirements only if the
diversification benefits (taking into account the ability to
manage capital and liquidity on a very short-term basis under
contingencies) are seen to exceed the information and
regulatory costs. Moreover, the reduction of regulatory barriers
to moving capital and liquidity within the firm enables the
development or enlargement of the firm’s internal capital
market and increases the gains from pooling risk measurement
information within the firm as well as the firm’s overall
efficiency.
Financial Condition
Intensive work on consolidated risk management has
coincided with the rebuildi ng of the financial strength of many
banking organizations following the difficulties of the late
1980s and early 1990s. For instance, a 1998 Federal Reserve
study of credi t risk models (Federal Reserve System Task Force
on Internal Credit Risk Models 1998) notes that large U.S.
banks have begun to develop both advanced credit risk
modeling and internal capital allocation systems only since the
mid-1990s—just the period over whi ch these institutions
recovered from the financial stresses of the earlier part of the
decade. These internal capital allocation systems are one of the
key elements in banks’ attempts to evaluate the risk-adjusted
performance of their various business uni ts. As such, they
represent an important step in the progress toward full-fledged
consolidated risk management systems.
22
This financial rebuilding may also have contributed to the
growing emphasis on consolidated risk management systems.
As argued above, one key motivation for consolidated risk
management is to enable firms to make more informed
judgments about where to invest their scarce capital resources,
in particular, about where to expand through acquisition or
internal growth. Firms in weakened financial condition are
unlikely to be in a position to fund such growth—even into
lines of business where the institution’s risk/return trade-off is
highly favorable—so they have less incenti ve to invest in the
consolidated risk management systems that would permit
them to identify such opportunities. The improved financial
condition of many institutions si nce the early part of the 1990s
therefore may have provided an addi ti onal incentive for fi rms
to develop and implement consolidated risk management
systems.
Declining informati on costs, eroding regulatory barriers,
and stronger financial condition present fairly stylized
explanations for increased attention by financial institutions to
consolidated risk management and internal capital allocation
activities. However, the optimizati on problem faced by firms is
more complex than we have described. Holmstrom and
Roberts (1998) provide many examples of the rich variety of
mechanisms used to coordinate acti viti es within and among
firms and the multiplicity of factors that i nfluence the
coordination decision. The examples particularly illustrate the
roles that incentives in internal (impli cit) and external
contracts and information flows play in resolving complex
coordination problems, including overcoming regulatory
barri ers.
23
The implication i s that coordination mechanisms
used by individual firms may change as a wide variety of factors
change. The current importance of consolidated risk
management as a goal for many financial institutions could be
enhanced or complemented by further advances in
information technology and monitoring techniques, new
designs for incentive contracts with employees and outside
agents, better public and private information flows, and greater
liquidity of financial markets.
Even so, the decline of information costs and the erosion
and repeal of regulatory barriers have been so great that many
Intensive work on consolidated risk
management has coincided with the
rebuilding of the financial strength of
many banking organizations following
the difficulties of the late 1980s and
early 1990s.
FRBNY Economic Pol icy Review / Mar ch 2001 11
of the principal hurdles to consolidated risk management
within a financial conglomerate involve problems in
measuring, comparing, and aggregating risks across business
lines. The ability to merge banks and i nsurance companies
under the Gramm-Leach-Bliley Act provides financi al
institutions wi th new opportunities to diversify risks and
expand internal capital markets and creates further impetus to
develop consoli dated risk management techniques for financial
conglomerates. Thus, both firms and supervisors are probably
closer today in their common interest i n accurate and precise
risk measurement than they were just five years ago.
Major Technical Chal l enges
and Resear ch Quest ions
The previous sections discussed the economic rationale behind
consolidated risk management and some of the costs facing
diversified financial firms in constructing such systems. In this
section, we turn to some additional practi cal problems
associated with this overall goal. Our goal i s to highlight a series
of practical i ssues where additional research by risk
management practitioners and by academics would be
especially beneficial. In particular, we describe some of the
technical challenges involved in actually estimating an
aggregate measure of risk for a diversified financial institution
and suggest some areas where further research could help both
financial institutions and supervisors understand the strengths
and weaknesses of such aggregate risk management.
At a very general level, there does appear to be an emergi ng
consensus about how various forms of risk should be
quantified. Most risk measurement methods used by major
financial i nstitutions are intended to capture potential losses
over some future horizon due to the risk in question. These
methods can use a probability-weighted approach to
estimating potential losses (as in a value-at-risk or earnings-at-
risk system, where the distribution of future earnings is
calculated) or can provide point estimates of potential losses
under certai n extreme circumstances (as in a stress test or
scenario analysis approach or in an “ expected tail loss”
estimation). The common thread is the focus on potential
future losses, either to earnings or economic value.
24
Beyond this general consensus, however, the picture is
considerably more complex. As noted above, an aggregate risk
measure must incorporate different types of risk (market,
credit, operational) and must bring together risks across
different business lines (banking, insurance, securities).
Although the broad risk concept applied within and across
these two dimensions may be similar, the details differ
considerably, making simple “ bottom-up” aggregation
approaches diffi cult, if not impossi ble, to implement.
Aggregating across business li nes presents challenges
because firms and functional supervisors in the different
business lines have tended to approach risk management and
measurement from quite different perspecti ves. For instance,
banks tradi ti onally have emphasized the risks arising from the
asset side of the balance sheet (credit risk) and from the
interaction of assets, liabilities, and off-balance-sheet positions
(interest rate risk, liquidity risk). Insurers, in contrast, have
tended to place emphasi s on the risks arising from the liabi lity
side of their business (underwriting risk, catastrophe risk).
Securities firms have tended to emphasi ze the combination of
market risk and li quidi ty (meaning both the abi lity to fund or
to sell an asset) in their portfolios. Of course, advances in
financial theory and market practice have eroded these
distinctions somewhat, and many firms now attempt to
measure the way in which risks can interact and affect an entire
institution.
25
Nonetheless, one of the key challenges of
consolidated risk management is to integrate these different
perspectives on risk into a coherent framework.
A related set of challenges ari ses when aggregating across
different types of risk. These challenges reflect the fact that at
many financial institutions, risk measurement and
management began as a bottom-up process, with different
types of risk measured separately. A particular business area
would develop ri sk measurement approaches to capture the
most important risks facing that unit: credi t risk for lendi ng
activities, market risk for trading, interest rate risk for the
treasury/asset-liability management function. This risk-by-risk
approach has resulted in industry standards of risk
measurement that differ significantly across risk types, and
sometimes across activiti es with similar risks, both in the way
that risk is measured and in the extent to which i t is quantified
at all.
To a large extent, the state of development of modeli ng
technology across the various risks reflects the availabi lity of
data and the nature of the risk itself, which can affect the ease
or difficulty involved in accurately modeling the risk. At one
end of the spectrum, the banking and securities i ndustry has a
Our goal is to highlight a series of practical
issues where additional research by risk
management practitioners and by
academics would be especially beneficial.
12 The Chal l enges of Risk Management
now fairly long history of measuring market risk through
value-at-risk models. The fact that value-at-risk models were
among the fi rst statisti cal ri sk models developed reflects the
high-frequency and largely continuous nature of market risk
and its management,
26
the mark-to-market environment in
which most trading activities occur, and the resultant ease of
modeling (normality has often been assumed) and availabili ty
of comparatively long historical data series around which to
calibrate the models.
Credit risk tends to exhibit somewhat lower frequency
variation, as changes in credit status tend to evolve over weeks
or months rather than on a day-to-day basi s. Thus, fewer
historical data are available to ai d in model cali bration, and the
modeling process itself is more complex, as the distribution of
credit losses is quite asymmetric with a long right-hand tail.
27
Financial institutions have made consi derable progress over
the past two or three years in credi t risk modeling, but it is fair
to say that these models are at an earlier stage of development
than the value-at-risk models used for market risk
assessment.
28
Even further down the spectrum is operational risk—the
risk stemming from the failure of computer systems, control
procedures, and human error—which captures a mixture of
events, some of which i nvolve relatively frequent small losses
(settlement errors in a trading operation, for instance) and
others that are characterized by infrequent but often large
losses (widespread computer failure). Consistent data sources
on this form of risk are difficult to obtain, especially for the less
frequent events; statistical modeling is in its early stages; and
the computational requirements may be substantial, given the
number of “ control poi nts” in most operational processes.
Liquidity risk measurement involves many simi lar issues
of sorting the frequency of different types of events and
developing appropriate data. Liquidity risk measurement has
long involved scenario analysis focused on stress events and
based on subjective probabilities of how depositors, other
creditors, and borrowers would respond to the stress event. As
risk measurement techniques have advanced, some financial
institutions are examining the potential for cash-flow-at-risk
analysis, based on more formal measurement of the probability
of events and the sensitivity of cash flows to these events, both
to enhance day-to-day li quidity management and to
strengthen the underpi nnings of liquidity stress scenarios.
Finally, at the far end of the spectrum, other risks—such as
legal, reputational, and strategic risk—are rarely quantified, as
both the data and theoretical techniques for capturing these
risks have yet to be developed extensively.
Even for those risks that are measured, important
differences exist i n the assumptions and techniques used to
esti mate potential losses. One key issue is the time horizon over
which potential losses are to be measured. As noted above, the
risks facing financial institutions vary in the extent to which
they are continuous or discrete, in how quickly new events
develop, and in the si ze of events when they occur (many small
events versus a few large ones). These differences imply the
need for different hori zons to capture different risks effectively.
In fact, we see these differences in the assumpti ons underlying
the risk estimates made by fi nancial firms, with market ri sk
typically measured over a one-day horizon, credit risk typically
measured over a one-year horizon, and operati onal risk
measured over a variety of short and long horizons (an i ndustry
standard has yet to emerge).
These differences present a challenge for calculating
consolidated risk exposures that span several risk types. Should
a single horizon be chosen for all risks and, if so, whi ch one?
Should the time dimension be explicitly factored into the risk
assessment, with paths of risk over time?More generally, issues
such as differing horizons suggest that there is an important set
of research questions concerning methods for calculating
aggregate ri sk measures. At a very basic level, can the different
individual risk measurement approaches typically used within
financial firms be meaningfully aggregated?If so, how?If not,
is it possible to develop a “ top-down” approach that somehow
blends the risks facing the fi rm without measuring them
separately, such as an analysis of income volatility?Is there
some way of combini ng “ top-down” with “ bottom-up”
approaches to consolidated risk measurement?And how does
the growing attention to evaluating performance against risk in
rewarding managers at all levels of the organization factor into
these decisions?
At many financial institutions, risk
measurement and management began as
a bottom-up process, with different types
of risk measured separately.
Perhaps a more fundamental question is
whether a consolidated risk management
system needs to have a fully consolidated
risk measurement methodology at its core.
FRBNY Economic Pol icy Review / Mar ch 2001 13
A related set of issues concerns the mathematical
aggregation of risk measures across businesses and risk types.
In most cases, this process would involve estimati ng
correlations between various risk exposures. An i mportant
challenge in this regard i s measuring the degree of correlation
between risks in businesses that are distinct in terms of the
sources and frequency of variability (for instance, between
insurance underwriting and trading). The data demands of
producing accurate estimates are likely to be enormous. Even
when aggregate risk measures can be calculated, a related
challenge is how to apportion the benefits of diversification
across various business lines. That is, if less-than-perfect
correlation across distinct business lines results in a decrease in
the overall risk facing the firm, how should these benefits be
allocated back to the vari ous business units in the internal
capital allocation process?
This discussion assumes that to produce a consolidated
measurement of ri sk exposure, i t is necessary to develop risk
measures that are highly comparable across risk types.
However, perhaps a more fundamental question is whether a
consolidated risk management system needs to have a fully
consolidated risk measurement methodology at i ts core. In
other words, how much comparability across risk measures is
strictly necessary to have an effective consolidated risk
management system?If risk measures cannot be made perfectly
compatible across risk types and business lines, are there still
benefits to i mperfectly comparable measures?
Our sense is that the answer to this question is likely to be a
resounding yes, largely because the ability to evaluate results
against risks taken has become a major feature of financial
institution management in the 1990s. Some important issues
would need to be explored before understanding the full
implications of this conclusi on. For instance, what ki nd of
biases might enter the assessment of aggregate risk if this
assessment is based on disparate ri sk measures?How might
comparisons of risk and return across business lines be
affected?How can we relate the results of stress scenario
analysis to statistical measures of risk exposure?Are there limits
to how different the various risk measures can be, yet still be
useful in a consoli dated risk management system?These are
important, unresolved issues.
Concl usion
As the above discussion suggests, there is considerable scope
for further research to enhance our understanding of the
benefits and shortcomings of consolidated risk management.
Many of the key research questions involve technical issues in
risk measurement and financial series modeling. While these
questions are vital to understanding how to calculate a
consolidated measure of risk exposure spanning all of a
financial insti tution’s businesses and risk factors, they are not
the only questions of i nterest. Further research into the main
question of this article—the economic rationale for
consolidated risk management—could produce findings that
would be of clear use to supervisors and financial institutions.
In addition, this work could provi de insight into such diverse
topics as the theory of the firm, the costs/benefits of
diversification, the linkages among financial markets, and the
impact of product and geographic deregulation. Our study
presents some initial ideas, but clearly much more work needs
to be done. We hope that this article can serve as a starting
point for further discussion.
Endnot es
14 The Chal l enges of Risk Management
1. It can also be argued that supervisors may place somewhat greater
weight on the risk of severe downside scenarios, given the nature of the
supervisory role, but the private sector appears to be closing any gap
as a result of the insight gained from experiences such as the market
disturbances in 1998.
2. Firms vary in how they use the risk management process to
maximize profits. Some firms use risk-and-return measures in the
selection of their medium-term business mix in order to maximize
long-run expected profits. Firms also use risk management systems to
assist in managing expected profits over short horizons, by seeking to
identify changes in risk and loss potential and adjusting their
portfolios accordingly.
3. In large measure, these efforts are an extension of a longer term
trend toward enhanced risk management and measurement in the
financial services industry. Many of these efforts have focused on
developing risk measurement and management systems for individual
risk types or businesses (for instance, market risk in a securities firm
or credit risk in a bank’s loan portfolio). In consolidated risk
management, however, the focus is on an expansion of these single-
risk-management systems to span diverse financial activities,
customers, and markets.
4. Mergers may occur for many reasons, including the desire to
benefit from exactly the sort of diversification that presents challenges
to risk management and measurement systems. In this discussion, we
distinguish between the broad diversification that may occur when
firms comprise business units involved in distinct business activities
(such as banking, insurance, or securities activities) or geographic
locations and the type of portfolio diversification that occurs when
risk management units take steps to hedge portfolio- or business-level
risk exposures. It is the first type of diversification—which has become
much more feasible given the regulatory and technical developments
discussed in the text—that presents the sort of challenges we discuss in
this article.
5. The evaluation of the adequacy of risks in light of a full risk
assessment is discussed in Federal Reserve SR Letter 99-18. Earlier in
the decade, the Federal Reserve issued SR Letter 93-69, on the
management of trading activities; SR Letter 97-32, on information
security; SR Letter 00-04, on outsourcing; and a series of papers on the
management of credit risk in both primary and secondary market
activities (SR Letters 99-3, 98-25, and 97-21). The Office of the
Comptroller of the Currency and the Federal Deposit Insurance
Corporation have issued guidance using a comparable framework for
a similar range of topics.
6. This framework is best developed in “ Principles for the
Management of Credit Risk,” published in September 2000. The
Committee has also published work on interest rate risk, in 1997;
operational risk, in 1998; and liquidity risk, in 2000.
7. The work of Modigliani and Miller (1958) and Miller and
Modigliani (1961) suggests that any risk-altering actions taken by a
firm’s management are redundant and resource-wasting because
shareholders can achieve their optimal degree of diversification
independently. See Cummins, Phillips, and Smith (1998) for a
discussion of the factors—such as bankruptcy costs, taxes, and costly
external financing—that may make it worthwhile for firms to engage
in risk management.
8. This relationship can be expressed mathematically as
,
where and are the profit volatilities of business units A and B
and is the correlation between them.
9. This situation was not uncommon among globally dispersed
institutions prior to the introduction of enhanced information
systems in the early-to-mid-1990s. Later in this article, we discuss the
role of information costs and information systems in diversified
financial institutions.
10. Morris and Shin (1999) describe this problem in the context of
multiple firms operating in a single market. They describe the errors
in risk assessment that can occur when risk management systems
assume that the firm’s activities are similar to playing roulette
(gambling against nature), when in fact the risks are more like those in
poker (where the actions of the other players matter). The same
analogy can be applied to risks within a firm.
11. Or, as discussed below, such contagion fears may arise because
market observers believe that the resources of all of the firm’s business
units will be used to “rescue” a troubled unit, calling into question the
solvency of all of the businesses within the firm.
12. The large investments that many financial institutions are making
in electronic trading and banking are examples of strategic risk related
to establishing the competitive position of a firm in a fast-changing
and greatly contested market. The problems many financial
institutions experienced in the mid-1990s—when customers
experienced large losses in connection with derivatives and complex
trading strategies—are examples of strategic risk related to damage to
the firm’s reputation.
?
FI RM
?
A
2
?
B
2
2??
A
?
B
+ + ?
A
?
B
+ ? =
?
A
?
B
?
Endnot es (Cont inued)
FRBNY Economic Pol icy Review / Mar ch 2001 15
13. Froot and Stein (1998) consider a variant of this risk—the
bankwide cost of capital effect—that involves the impact of increased
capital costs on all units within a firm when one unit takes on large
amounts of risk.
14. In the Froot and Stein analysis, banks choose their capital
structure, risk management policies, and investment policies jointly,
rather than impose a short-run capital constraint. However, when
capital is costly, banks economize on the amount of capital they hold
and therefore take risk management concerns into account in their
investment policies.
15. The example Froot and Stein give is the counterparty risk on a
foreign exchange swap. With the advent of credit derivatives and other
credit risk management techniques, such risks are increasingly
tradable, by which Froot and Stein mean that the risks can be offset
to achieve a zero net present value. Nontradable risks can include
unhedged proprietary positions premised on subjective expected rates
of return deviating from those of the market. Note that the reliance on
markets for hedging for liquid risks and internal capital allocation for
nontradable risks is another version of the contractible/
noncontractible distinction discussed earlier.
16. Other creditors here could include suppliers, consultants, and
other contractors who provide products or services in return for the
promise of future payment.
17. This would be especially true if there were meaningful disclosures
about intrafirm exposures, as called for in a recent report by the Joint
Forum (1999b).
18. As information systems become more “ scalable,” the step function
may become flatter, in effect making it easier to realize and manage the
diversification benefits from combining activities.
19. This is also consistent with the analysis of Holmstrom and
Milgrom (1994), which derives analytically that enhancements to
performance measurement tend to permit greater employee freedom
(such as higher limits), although the authors caution that their analysis
requires a careful specification of the exact problem.
20. Correlations and volatilities have changed substantially over time.
Examples include the sharp drop in volatilities in short-term interest
rates associated with the decline in inflation in the 1980s and early
1990s; sharp increases in the correlations and short-term volatilities of
U.S. long-term fixed income instruments in times of distress; and a
rise in the idiosyncratic risk of equities in the 1990s, the last example
documented in Campbell, Lettau, Malkiel, and Xu (2001).
21. Gibson (1998) derives similar conclusions about the impact of
declining information costs. In his approach, risk measurement is a
means to monitor risk-taking by employees when information about
the managerial effort of those employees (or outside agents, such as
mutual fund managers) is not observable by the employer.
22. Typically, these internal capital allocation systems fall short of a
full-fledged consolidated risk measurement system, either because
they incorporate only a limited range of the risks facing a financial
institution (for example, just credit risk or market risk, but not
operational or other forms of risk) or because they are applied only to
a subset of the institution’s activities.
23. The specific regulatory barrier they cite is the limitations on
foreign ownership of domestic airlines.
24. Other potential definitions of risk could involve pure volatility
measures, such as standard deviations of earnings or economic value,
or sensitivity measures that capture the derivative of earnings or
economic value with respect to particular risk factors, such as the
“ value of a basis point.”
25. Lewis (1998), for instance, describes how one insurance company
examines stress scenarios that affect all aspects of the firm, such as an
earthquake that simultaneously causes extremely high insurance
claims and disrupts financial markets—and thus the firm’s
investments and investment income—for some period of time.
26. Of course, some market price series exhibit sharp, discontinuous
jumps, such as those associated with emerging market developments
and unexpected changes in exchange rate regimes. These factors have
tended to be incorporated into value-at-risk models after the initial
phases of model development.
27. To some extent, both the lack of data and the lower frequency
variation reflect the current GAAP (Generally Accepted Accounting
Principles) accounting standards, which do not require the daily
marking-to-market to which trading account positions are subject.
Thus, shorter term variation in value may not be reflected in the
accounting data typically available for use in credit risk models.
28. See Basel Committee on Banking Supervision (1999a) for a
discussion of the state of development of credit risk models.
Ref er ences
16 The Chal l enges of Risk Management
Basel Committeeon Banking Supervision. 1999a. “Credit Risk
Modeling: Current Practices and Applications.” April. Basel,
Switzerland: Bank for International Settlements.
———. 1999b. “A New Capital Adequacy Framework.” June. Basel,
Switzerland: Bank for International Settlements.
———. 1999c. “ Performance of Models-Based Capital Charges for
Market Risk.” September. Basel, Switzerland: Bank for
International Settlements.
———. 2000a. “Sound Practices for Managing Liquidity in Banking
Organizations.” February. Basel, Switzerland: Bank for
International Settlements.
———. 2000b. “Principles for the Management of Credit Risk.”
September. Basel, Switzerland: Bank for International Settlements.
Board of Governors of theFederal ReserveSystem. 1993. “Examining
Risk Management and Internal Controls for Trading Activities of
Banking Organizations.” SR Letter 93-69. December 20.
———. 1997a. “Risk Management and Capital Adequacy of Exposures
Arising from Secondary Market Credit Activities.” SR Letter 97-21.
July 11.
———. 1997b. “Sound Practice Guidance for Information Security
for Networks.” SR Letter 97-32. December 4.
———. 1998. “Sound Credit Risk Management and the Use of
Internal Credit Risk Ratings at Large Banking Organizations.”
SR Letter 98-25. September 21.
———. 1999a. “Supervisory Guidance Regarding Counterparty
Credit Risk Management.” SR Letter 99-3. February 1.
———. 1999b. “Assessing Capital Adequacy in Relation to Risk at
Large Banking Organizations and Others with Complex Risk
Profiles.” SR Letter 99-18. July 1.
———. 2000. “Outsourcing Information and Transaction
Processing.” SR Letter 00-04. February 29.
Campbell, John, Martin Lettau, Burton Malkiel, and Yexuai Xu. 2001.
“Have Individual Stocks Become More Volatile: An Empirical
Exploration of Idiosyncratic Risk.” Jour nal of Finance 56, no. 1
(February): 1-43.
Coase, Ronald. 1937. “The Nature of the Firm.” Economica 4, no. 4
(November): 386-405.
Counterparty Risk Management Policy Group. 1999. “Improving
Counterparty Risk Management Practices.” June.
Cummins, J. David, Richard D. Phillips, and Stephen D. Smith. 1998.
“ The Rise of Risk Management.” Federal Reserve Bank of Atlanta
Economic Review, first quarter: 30-40.
Federal ReserveSystem Task Forceon Internal Credit Risk Models. 1998.
“ Credit Risk Models at Major U.S. Banking Institutions: Current
State of the Art and Implications for Assessments of Capital
Adequacy.” May.
Froot, Kenneth A., and Jeremy C. Stein. 1998. “ Risk Management,
Capital Budgeting, and Capital Structure Policy for Financial
Institutions: An Integrated Approach.” Jour nal of Financial
Economics 47, no. 1 (January): 55-82.
Gertner, Robert H., David S. Scharfstein, and Jeremy C. Stein. 1994.
“ Internal versus External Capital Markets.” Quar t er l y Jour nal
of Economics 109, no. 4 (November): 1211-30.
Gibson, Michael S. 1998. “The Implications of Risk Management
Information Systems for the Organization of Financial Firms.”
Board of Governors of the Federal Reserve System International
Finance Discussion Paper no. 632, December.
Global Derivatives Study Group. 1993. “Derivatives: Practices and
Principles.” July. Washington, D.C.: Group of Thirty.
Grossman, Sanford J., and Oliver D. Hart. 1986. “The Costs and
Benefits of Ownership: A Theory of Vertical and Lateral
Integration.” Jour nal of Pol it ical Economy 94,
no. 4: 691-719.
Holmstrom, Bengt, and Paul Milgrom. 1994. “ The Firm as an Incentive
System.” Amer ican Economic Review 84, no. 4 (September):
972-91.
Holmstrom, Bengt, and John Roberts. 1998. “The Boundaries of the
Firm Revisited.” Jour nal of Economic Per spect ives 12,
no. 4 (fall): 73-94.
Ref er ences (Cont inued)
FRBNY Economic Pol icy Review / Mar ch 2001 17
Joint Forum (Basel Committeeon Banking Supervision, International
Organization of Securities Commissioners, International Association
of InsuranceSupervisors). 1999a. “Risk Concentration Principles.”
December. Basel, Switzerland: Bank for International Settlements.
———. 1999b. “Intra-Group Transactions and Exposures Principles.”
December. Basel, Switzerland: Bank for International Settlements.
Labrecque, Thomas G. 1998. “Risk Management: One Institution’s
Experience.” Federal Reserve Bank of New York Economic
Pol icy Review 4, no. 3 (October): 237-40.
Lam, James. 1999. “Enterprise-Wide Risk Management: Staying
Ahead of the Convergence Curve.” Jour nal of Lending and
Cr edit Risk Management 81, no. 10 (June): 16-9.
Lewis, Robert. 1998. “Capital from an Insurance Company
Perspective.” Federal Reserve Bank of New York Economic
Pol icy Review 4, no. 3 (October): 183-5.
Miller, Merton H., and Franco Modigliani. 1961. “Dividend Policy,
Growth, and the Valuation of Shares.” Jour nal of Business 34
(October): 411-33.
Modigliani, Franco, and Merton H. Miller. 1958. “The Cost of Capital,
Corporation Finance, and the Theory of Investment.” Amer ican
Economic Review 48 (June): 261-97.
Morris, Stephen, and Hyun Song Shin. 1999. “Risk Management with
Interdependent Choice.” Bank of England Financial St abil it y
Review, no. 7 (November): 141-50.
Mudge, Dan. 2000. “The Urge to Merge.” Risk Magazine. February,
p. 64.
Theviews expressed in this articlearethoseof theauthors and do not necessarily reflect theposition of theFederal Reserve Bank
of New York or the Federal Reserve System. The Federal Reserve Bank of New York provides no warranty, express or
implied, as to theaccuracy, timeliness, completeness, merchantability, or fitness for any particular purpose of any
information contained in documents produced and provided by theFederal ReserveBank of New York in any form or
manner whatsoever.
doc_411717560.pdf