No, this isn’t a confessional by Jerome Kerviel. Instead, it’s a few excerpts of a very good paper by the Senior Supervisors Group (regulators from France, Germany, Switzerland, Britain and the United States) who went poking around 11 major financial institutions to find out how they botched their risk management so badly last year. The report was presented privately in February and released today by the New York Fed (hat tip Mark Thoma).
The paper, “Observations on Risk Management Practices During the Recent Market Turbulence,” is remarkable in how damning it is. Oh, it’s correctly anodyne, it simply sets forth the good and bad practices in a number of categories. The lapses speak for themselves. They are glaring and multi-dimensional.
If I were to put the findings in simple categories, the shortcomings would include:
A “see no evil” approach to risk models. There was a lack of critical thinking, particularly when better models might curtal business. There was often a naive (or perhaps more accurately, an unduly optmistic) use of VAR, and at many firms, a credulous attitude towards ratings.Inmates in control. Far too much discretion was given to desk and business unit managers.
Insufficient attention to firm-wide risk. Risk was too often managed and measured in a disaggregated fashion, with inadequate concern given to stress events that could hit multiple markets.
Weak liquidity management. This is a shocker. Botching liquidity management will bring a firm down fast. But it appears treasury departments weren’t well integrated into a lot of firms’ risk practices.
Senior management putting profits before prudence. This has been widely suspected, with some sightings (for instance, Merrill forced out the head of its structured finance business because he recommended against expanding it further in 2006) and it indeed appears to have been a common pattern.
Some representative sections follow.
Why worry about evaluating credit risk when you have rating agencies:
At firms that performed better in late 2007, management had established, before the turmoil began, rigorous internal processes requiring critical judgment and discipline in the valuation of holdings of complex or potentially illiquid securities. These firms were skeptical of ratings agencies’ assessments of complex structured credit securities and consequently had developed in-house expertise to conduct independent assessments of the credit quality of assets underlying the complex securities to help value their exposures appropriately…..Subsequent to the onset of the turmoil, these firms were also more likely to test their valuation estimates by selling a small percentage of relevant assets to observe a price or by looking for other clues, such as disputes over the value of collateral, to assess the accuracy of their valuations of the same or similar assets.In contrast, firms that faced more significant challenges in late 2007 … generally had not established or made rigorous use of internal processes to challenge valuations. They continued to price the super-senior tranches of CDOs at or close to par despite observable deterioration in the performance of the underlying RMBS collateral and declining market liquidity. Management did not exercise sufficient discipline over the valuation process: those firms generally lacked relevant internal valuation models and sometimes relied to passively on external views of credit risk from rating agencies and pricing services to determine values for their exposures. Given that the firms surveyed for this review are major participants in credit markets, some firms’ dependence on external assessments such as rating agencies’ views of the risk inherent in these securities contrasts with more sophisticated internal processes they already maintain to assess credit risk in other business lines. Furthermore, when considering how the value of their exposures would behave in the future, they often continued to rely on estimates of asset correlation that reflected more favorable market conditions.
“Don’t bring me bad news”:
Less successful firms had difficulty getting senior management and business-line management to
embrace the use of forward-looking scenarios with large underlying price movements and to participate in the
development and use of such tools. According to some risk managers, the larger the shock imposed, the less plausible the
stress tests or scenarios in the eyes of business area and senior management.
Ignore those icebergs, full steam ahead:
An overarching difference is apparent in the balance that senior management achieved between expanding the firms’ exposures in what turned out to be high-risk activities and fostering an appropriate risk management culture to administer those activities. [...] For example, firms that experienced material unexpected losses in relevant business lines typically appeared to have been under pressure over the short term either to expand the business aggressively, to a point beyond the capacity of the relevant control infrastructure, or to defend a market leadership position. In some cases, concerns about the firms reputation in the marketplace may have motivated aggressive managerial decisions in the months prior to the turmoil. [...][S]enior management at … firms that recorded relatively large unexpected losses tended to champion the expansion of risk without commensurate focus on controls across the organization or at the business-line level. At these firms, senior management’s drive to generate earnings was not accompanied by clear guidance on the tolerance for expanding exposures to risk. For example, balance sheet limits may have been freely exceeded rather than serving as a constraint to business lines. The focus on growth without an appropriate focus on controls resulted in a substantial accumulation of assets and contingent liquidity risk that was not well recognized.
“AAA CDOs? Sure, those are safe”:
For example, several firms misestimated basis risk in their approaches to managing the CDO warehousing and
packaging business and significantly underestimated the risk of the super-senior positions they retained as a result. The practice at some firms of valuing super-senior tranches of subprime CDOs at or close to par value and assuming that their risk profile could be approximated using the historical corporate Aaa spread volatility as a proxy failed to recognize these instruments’ asymmetric sensitivity to underlying risk (in contrast to an unstructured corporate bond of the same rating). The first loss protection built into the securitization structure created an asymmetric exposure to losses in the underlying assets, so that the senior tranche became more sensitive to default rates as credit quality deteriorated. As volatility spiked up and credit spreads widened, the increasing sensitivity of the instrument to underlying risk led to accelerating mark-to-market losses. In general, the construction of CDOs tends to make them more sensitive to systematic shocks. In contrast, highly rated corporate debt issuances tend to be more sensitive to “idiosyncratic” risk, or risks associated with characteristics specific to the corporation that issued the debt.
There’s a lot more where this came from; do read the paper.
Francois 
Posts
I think that one of the problems with risk management in the very opaque derivative world which has brought the market to this dangerous place is that these instruments were so murky and so complex that non-specialists were unable to understand them. Internal and external auditors,ratings agencies and regulators did not have the depth of background or understanding or background to truly inderstand the layers of complexity buried in this stuff. If they had been capable of understanding they would have quickly jumped over the divide and joined the party to garner a piece of the bonus pir for themselves. Lacking that understanding they were forced to rely on traders and salepeople for guidance in understanding these Byzantine instruments. We can see how that worked out.
As they said in ancient Rome, “Quis custodiet ipsos custodes?