Risk Oversight: Banks' Challenges

Table of Contents:

There are many pre-requisites for risk oversight, some of them being related to risk data, others to risk models and finally, but not least, to the risk-supervising organization. Risk data is a challenge, notably in credit risk, where data holes with respect to low default portfolios remain. Risk models are equally challenging. Without measures of risks, tracking risks for management purposes would not be feasible. Still, model outputs are no more reliable than the inputs are. Furthermore, transforming model-based measures into instrumental variables for decision makers who perceive models as black boxes, has remained a challenge. Finally, organizational issues refer to the decentralization of the risk management process in large banks. Model Challenges

Tracking risks for management purposes requires models. Even the candid observer would intuitively understand that the only way to quantify risks, which are invisible since they address future random events, is to model them. The same observer would easily understand that many observable risk indicators, such as credit ratings, or economic and industry indexes, are no substitutes for quantified measures, and that they are subject to uncertainty.

Risk models quantify risks in relation with their underlying "risk factors." But risk factors are no substitutes for early warning signals or for risk-controlling tools. Without instrumental tools, risk measures are neither suitable nor sufficient for risk controlling. The value-at-risk is a good example: it provides a measure of risk but is not sufficient to control risks.

Models are often perceived as black boxes by those who do not design them. Models are as good as the data that is being plugged in. Moreover, the "black-box" perception of models does not help. The separation between scientists that design and calibrate models and the immense crowd of end users make the latter feel powerless for lack of instrumental drivers, and lack of transparency and confidence in model valuation. The same remarks apply to portfolio models.

Diversification of portfolios is a natural hedge that has always existed. But modeling diversification of credit risk lagged well behind diversification of market portfolios, even though it has always been the foundation of lending activities. Dependencies are the mirror image of diversification. The less dependent are individual risks, the higher the benefits from diversification are. Dependency measures can vary significantly around their perceived or measured values. As we now know, the diversification effects of portfolios sold by banks and off-loaded onto the financial markets have been strongly underestimated under stress conditions, leaving both banks and rating agencies forced to recognize losses that they did not anticipate.

The separation between model designers and end users mitigates the capability of the bank hierarchy to reveal hidden risks in models due to unreliable data inputs or improper usage of models, leaving the task of assessing model risk, the risk that a model misrepresents reality, in the hands of specialists. This does not mean that models are the culprits of misrepresentation of values. But it does mean that the usage of otherwise sound models can be unreliable.

Understanding of models should be more widespread than it is, and end users would benefit from minimal information about model reliability, or model risk. Whether it is the responsibility of risk modelers or that of end users does not resolve the "black box" effect and results in misperception of how sound models are used. Whoever is in charge, transparency should be enhanced enough so that all parties in risk-taking decisions become better aware of uncertainty built in models. The separation between specialists and end users does not help. Organizational Challenges

The organizational process might not be as bank-wide as it is commonly pretended. Giant banks have to rely on front offices, with their "embedded" risk managers, for controlling risk. Embedded risk managers are close enough to business to understand what is going on. But embedded risk managers might be too close to business to make them a reliable pillar of bank-wide risk management. Distance between the central risk management unit and front offices remained a challenge that embedded risk managers did not resolve.

Putting the pieces together results in a contrasted image. On the one hand, tools and data exist and, on the other hand, one may wonder if bank-wide management is more a concept than a reality. The answer depends on banks and internal transparency, which varies widely with the nature of the bank and its culture. Once implemented in a giant organization, the efficiency of otherwise sound tools could be questioned.

< Prev   CONTENTS   Next >