Honey, I Blew Up the Bank

No, this isn’t a confessional by Jerome Kerviel. Instead, it’s a few excerpts of a very good paper by the Senior Supervisors Group (regulators from France, Germany, Switzerland, Britain and the United States) who went poking around 11 major financial institutions to find out how they botched their risk management so badly last year. The report was presented privately in February and released today by the New York Fed (hat tip Mark Thoma).

The paper, “Observations on Risk Management Practices During the Recent Market Turbulence,” is remarkable in how damning it is. Oh, it’s correctly anodyne, it simply sets forth the good and bad practices in a number of categories. The lapses speak for themselves. They are glaring and multi-dimensional.

If I were to put the findings in simple categories, the shortcomings would include:

A “see no evil” approach to risk models. There was a lack of critical thinking, particularly when better models might curtal business. There was often a naive (or perhaps more accurately, an unduly optmistic) use of VAR, and at many firms, a credulous attitude towards ratings.

Inmates in control. Far too much discretion was given to desk and business unit managers.

Insufficient attention to firm-wide risk. Risk was too often managed and measured in a disaggregated fashion, with inadequate concern given to stress events that could hit multiple markets.

Weak liquidity management. This is a shocker. Botching liquidity management will bring a firm down fast. But it appears treasury departments weren’t well integrated into a lot of firms’ risk practices.

Senior management putting profits before prudence. This has been widely suspected, with some sightings (for instance, Merrill forced out the head of its structured finance business because he recommended against expanding it further in 2006) and it indeed appears to have been a common pattern.

Some representative sections follow.

Why worry about evaluating credit risk when you have rating agencies:

At firms that performed better in late 2007, management had established, before the turmoil began, rigorous internal processes requiring critical judgment and discipline in the valuation of holdings of complex or potentially illiquid securities. These firms were skeptical of ratings agencies’ assessments of complex structured credit securities and consequently had developed in-house expertise to conduct independent assessments of the credit quality of assets underlying the complex securities to help value their exposures appropriately…..Subsequent to the onset of the turmoil, these firms were also more likely to test their valuation estimates by selling a small percentage of relevant assets to observe a price or by looking for other clues, such as disputes over the value of collateral, to assess the accuracy of their valuations of the same or similar assets.

In contrast, firms that faced more significant challenges in late 2007 … generally had not established or made rigorous use of internal processes to challenge valuations. They continued to price the super-senior tranches of CDOs at or close to par despite observable deterioration in the performance of the underlying RMBS collateral and declining market liquidity. Management did not exercise sufficient discipline over the valuation process: those firms generally lacked relevant internal valuation models and sometimes relied to passively on external views of credit risk from rating agencies and pricing services to determine values for their exposures. Given that the firms surveyed for this review are major participants in credit markets, some firms’ dependence on external assessments such as rating agencies’ views of the risk inherent in these securities contrasts with more sophisticated internal processes they already maintain to assess credit risk in other business lines. Furthermore, when considering how the value of their exposures would behave in the future, they often continued to rely on estimates of asset correlation that reflected more favorable market conditions.

“Don’t bring me bad news”:

Less successful firms had difficulty getting senior management and business-line management to
embrace the use of forward-looking scenarios with large underlying price movements and to participate in the
development and use of such tools. According to some risk managers, the larger the shock imposed, the less plausible the
stress tests or scenarios in the eyes of business area and senior management.

Ignore those icebergs, full steam ahead:

An overarching difference is apparent in the balance that senior management achieved between expanding the firms’ exposures in what turned out to be high-risk activities and fostering an appropriate risk management culture to administer those activities. […] For example, firms that experienced material unexpected losses in relevant business lines typically appeared to have been under pressure over the short term either to expand the business aggressively, to a point beyond the capacity of the relevant control infrastructure, or to defend a market leadership position. In some cases, concerns about the firms reputation in the marketplace may have motivated aggressive managerial decisions in the months prior to the turmoil. […]

[S]enior management at … firms that recorded relatively large unexpected losses tended to champion the expansion of risk without commensurate focus on controls across the organization or at the business-line level. At these firms, senior management’s drive to generate earnings was not accompanied by clear guidance on the tolerance for expanding exposures to risk. For example, balance sheet limits may have been freely exceeded rather than serving as a constraint to business lines. The focus on growth without an appropriate focus on controls resulted in a substantial accumulation of assets and contingent liquidity risk that was not well recognized.

“AAA CDOs? Sure, those are safe”:

For example, several firms misestimated basis risk in their approaches to managing the CDO warehousing and
packaging business and significantly underestimated the risk of the super-senior positions they retained as a result. The practice at some firms of valuing super-senior tranches of subprime CDOs at or close to par value and assuming that their risk profile could be approximated using the historical corporate Aaa spread volatility as a proxy failed to recognize these instruments’ asymmetric sensitivity to underlying risk (in contrast to an unstructured corporate bond of the same rating). The first loss protection built into the securitization structure created an asymmetric exposure to losses in the underlying assets, so that the senior tranche became more sensitive to default rates as credit quality deteriorated. As volatility spiked up and credit spreads widened, the increasing sensitivity of the instrument to underlying risk led to accelerating mark-to-market losses. In general, the construction of CDOs tends to make them more sensitive to systematic shocks. In contrast, highly rated corporate debt issuances tend to be more sensitive to “idiosyncratic” risk, or risks associated with characteristics specific to the corporation that issued the debt.

There’s a lot more where this came from; do read the paper.

Print Friendly, PDF & Email


  1. john jansen

    I think that one of the problems with risk management in the very opaque derivative world which has brought the market to this dangerous place is that these instruments were so murky and so complex that non-specialists were unable to understand them. Internal and external auditors,ratings agencies and regulators did not have the depth of background or understanding or background to truly inderstand the layers of complexity buried in this stuff. If they had been capable of understanding they would have quickly jumped over the divide and joined the party to garner a piece of the bonus pir for themselves. Lacking that understanding they were forced to rely on traders and salepeople for guidance in understanding these Byzantine instruments. We can see how that worked out.
    As they said in ancient Rome, “Quis custodiet ipsos custodes?

  2. Francois

    There is an important, yet not spelled out, theme in this piece. Ego, pride and prejudice is seeping from this report.

    “For example, firms that experienced material unexpected losses in relevant business lines typically appeared to have been under pressure over the short term either to expand the business aggressively, [“What?? We are not the leaders yet? You’ll see what happen to those who mock us! You just watch!”] to a point beyond the capacity of the relevant control infrastructure, or to defend a market leadership position.[ You want WHAT? Risk management? We ARE managing risk, we are the market leaders and it’ll stay that way…got THAT you bleeding heat pinko-pussy?? BTW, who is you working for? Are you with us or against us?]”

    Me think there is a no lack of executives, but a huge shortage of ADULT executives.

    Goldman Sachs has proved beyond a reasonable doubt that a strong risk assessment team that has the attention of senior management is worth every penny and inconvenience to egos is just further proof that life may suck at times.

  3. Yves Smith


    A buddy at Goldman said something like, “I don’t think we’re all that good, It’s just our competitors have managed to self-destruct.”

  4. Anonymous

    This confirms my suspicion that a lot of the problem was everybody relying on somebody else’s due diligence. Saves on operating costs I guess.

  5. a

    “There was often a naive (or perhaps more accurately, an unduly optmistic) use of VAR.”

    Give me an effing break. It’s the regulators who thrust VAR down our throat. There was nothing better to measure the risk in my department than a good ol’ minus x% scenario on the markets, with 100% correlation. That gave a pretty good idea of the over-all riskiness of the position. But no, the regulators needed a magic number which was “the same” across all banks, to determine the amount of regulatory capital needed. And they fell upon VAR, with the connivance of certain American IBs, who had already instituted this measure.

    The regulators have to face up to their responsibilities. Either they accept that they need to be able to understand a bank’s books, or they don’t. Up to now they have chosen the latter. So we have an incoherence in that there are some banks which are too big too fail. Yet their regulatory capital, which is meant to prevent failure, is based on a VAR system which apparently the regulators now realize is completely flawed and which was chosen so that regulators would not have to understand a banks’ books.

    If some banks are too big to fail, then surely it is up to the regulators to determine how much capital these banks need to hold. If the regulators have any job, then surely it is that. And if it is up to the regulators to determine this number, then surely it must be based on a sensible system, which would preclude VAR.

    Let us see now how serious these hypocrites in the central banks are. Regulatory capital for credit and operational risks is about to be determined by Basel II, which uses essentially the same VAR system as for market risk. Will these regulators assume their responsibilities and junk Basel II? I don’t think so.

  6. Yves Smith


    I’m not defending the regulators; I think they did a horrid job in letting banks get into businesses that the regulators didn’t understand. They should have taken another approach: driving these activities onto exchanges; segregating the depositary business (so that the risky businesses could go belly up); restricting certain businesses to separately licensed specialists; requiring that they be private partnerships (if someone has skin in the game, he’ll be a lot more cautious). I’m not recommending these ideas, merely pointing out that alternatives existed,

    The point, as you alluded to, is that you can’t let institutions that cannot be allowed to fail, and therefore have a huge put option on taxpayers. go off and take big risks.

    Now to VAR. In the rapid “free market” ideology that has operated full bore for the last decade plus, regulators have been on the defensive. Arthur Levitt at the SEC (mind you, a Clinton appointee) regularly had Congress threatening to cut his funding even deeper when he attempted to do enforcement. And we’re not talking Spitzer type stuff (Levit came from the industry), just doing what was set forth in the SEC’s charter.

    So in that climate, it would be pretty impossible for a regulator to impose a standard (in terms of valuation of complex instruments and assessment of risk exposures for determination of capital requirements), It would have to be one widely used in the field.

    Now looking at the BIS website, they had a very extensive consultative process, multiple rounds, with quantitative impact studies. So the opportunity to take on VAR existed, but evidently no one (or group of institutions) did. (Cynically, I wonder if firms decided not to fight VAR because it wouldn’t get in the way of how they wanted to conduct business).

    Also, as you must know, statutory capital is only one risk management axis. No firm relies on statutory capital requirements as their sole or even main guide..

Comments are closed.