Categories of |
Financial risk |
---|
![]() |
Credit risk |
Market risk |
Liquidity risk |
Investment risk |
Business risk |
Profit risk |
Non-financial risk |
Financial risk management is the practice of protecting economic value in a firm by managing exposure to financial risk - principally credit risk and market risk, with more specific variants as listed aside - as well as some aspects of operational risk. As for risk management more generally, financial risk management requires identifying the sources of risk, measuring these, and crafting plans to mitigate them. [1] [2] See Finance § Risk management for an overview.
Financial risk management as a "science" can be said to have been born [3] with modern portfolio theory, particularly as initiated by Professor Harry Markowitz in 1952 with his article, "Portfolio Selection"; [4] see Mathematical finance § Risk and portfolio management: the P world.
The discipline can be qualitative and quantitative; as a specialization of risk management, however, financial risk management focuses more on when and how to hedge, [5] often using financial instruments to manage costly exposures to risk. [6]
In all cases, the last "line of defence" against risk is capital, "as it ensures that a firm can continue as a going concern even if substantial and unexpected losses are incurred". [12]
Neoclassical finance theory prescribes that (1) a firm should take on a project only if it increases shareholder value. [13] Further, the theory suggests that (2) firm managers cannot create value for shareholders or investors by taking on projects that shareholders could do for themselves at the same cost; see Theory of the firm and Fisher separation theorem.
Given these, there is therefore a fundamental debate relating to "Risk Management" and shareholder value. [5] [14] [15] The discussion essentially weighs the value of risk management in a market versus the cost of bankruptcy in that market: per the Modigliani and Miller framework, hedging is irrelevant since diversified shareholders are assumed to not care about firm-specific risks, whereas, on the other hand hedging is seen to create value in that it reduces the probability of financial distress.
When applied to financial risk management, this implies that firm managers should not hedge risks that investors can hedge for themselves at the same cost. [5] This notion is captured in the so-called "hedging irrelevance proposition": [16] "In a perfect market, the firm cannot create value by hedging a risk when the price of bearing that risk within the firm is the same as the price of bearing it outside of the firm."
In practice, however, financial markets are not likely to be perfect markets. [17] [18] [19] [20] This suggests that firm managers likely have many opportunities to create value for shareholders using financial risk management, wherein they are able to determine which risks are cheaper for the firm to manage than for shareholders. Here, market risks that result in unique risks for the firm are commonly the best candidates for financial risk management. [21]
As outlined, businesses are exposed, in the main, to market, credit and operational risk. A broad distinction [12] exists though, between financial institutions and non-financial firms - and correspondingly, the application of risk management will differ. Respectively: [12] For Banks and Fund Managers, "credit and market risks are taken intentionally with the objective of earning returns, while operational risks are a byproduct to be controlled". For non-financial firms, the priorities are reversed, as "the focus is on the risks associated with the business" - ie the production and marketing of the services and products in which expertise is held - and their impact on revenue, costs and cash flow, "while market and credit risks are usually of secondary importance as they are a byproduct of the main business agenda". (See related discussion re valuing financial services firms as compared to other firms.) In all cases, as above, risk capital is the last "line of defence".
Banks and other wholesale institutions face various financial risks in conducting their business, and how well these risks are managed and understood is a key driver [22] behind profitability, as well as of the quantum of capital they are required to hold. [23] Financial risk management in banking has thus grown markedly in importance since the Financial crisis of 2007–2008. [24] (This has given rise [24] to dedicated degrees and professional certifications.)
Specific banking frameworks |
---|
Market risk |
Credit risk |
|
Counterparty credit risk |
Operational risk |
For investment banks the major focus is on credit and market risk, and especially through regulatory capital, includes operational risk. Credit risk is inherent in the business of banking, but additionally, these institutions are exposed to counterparty credit risk. Both are to some extent offset by margining and collateral; and the management is of the net-position. Large banks are also exposed to Macroeconomic systematic risk - risks related to the aggregate economy the bank is operating in [25] (see Too big to fail).
The discipline [26] [27] [7] [8] is, as outlined, simultaneously concerned with (i) managing, and as necessary hedging, the various positions held by the institution - both trading positions and long term exposures; and (ii) calculating and monitoring the resultant economic capital, as well as the regulatory capital under Basel III — which, importantly, covers also leverage and liquidity — with regulatory capital as a floor.
Correspondingly, and broadly, the analytics [27] [26] are based as follows: For (i) on the "Greeks", the sensitivity of the price of a derivative to a change in its underlying factors; as well as on the various other measures of sensitivity, such as DV01 for the sensitivity of a bond or swap to interest rates, and CS01 or JTD for exposure to credit spread. For (ii) on value at risk, or "VaR", an estimate of how much the investment or area in question might lose with a given probability in a set time period, with the bank holding "economic"- or “risk capital” correspondingly; common parameters are 99% and 95% worst-case losses - i.e. 1% and 5% - and one day and two week (10 day) horizons. [28] These calculations are mathematically sophisticated, and within the domain of quantitative finance.
The regulatory capital quantum is calculated via specified formulae: risk weighting the exposures per highly standardized asset-categorizations, applying the aside frameworks, and the resultant capital — at least 12.9% [29] of these Risk-weighted assets (RWA) — must then be held in specific "tiers" and is measured correspondingly via the various capital ratios. In certain cases, banks are allowed to use their own estimated risk parameters here; these "internal ratings-based models" typically result in less required capital, but at the same time are subject to strict minimum conditions and disclosure requirements. As mentioned, additional to the capital covering RWA, the aggregate balance sheet will require capital for leverage and liquidity; this is monitored via [30] the LR, LCR, and NSFR ratios.
The financial crisis exposed holes in the mechanisms used for hedging (see Fundamental Review of the Trading Book § Background, Tail risk § Role of the 2007–2008 financial crisis, Value at risk § Criticism, and Basel III § Criticism). As such, the methodologies employed have had to evolve, both from a modelling point of view, and in parallel, from a regulatory point of view.
Regarding the modelling, changes corresponding to the above are: (i) For the daily direct analysis of the positions at the desk level, as a standard, measurement of the Greeks now inheres the volatility surface — through local- or stochastic volatility models — while re interest rates, discounting and analytics are under a "multi-curve framework". Derivative pricing now embeds considerations re counterparty risk and funding risk, amongst others, [31] through the CVA and XVA "valuation adjustments"; these also carry regulatory capital. (ii) For Value at Risk, the traditional parametric and "Historical" approaches, are now supplemented [32] [27] with the more sophisticated Conditional value at risk / expected shortfall, Tail value at risk, and Extreme value theory. For the underlying mathematics, these may utilize mixture models, PCA, volatility clustering, copulas, and other techniques. [33] Extensions to VaR include Margin-, Liquidity-, Earnings- and Cash flow at risk, as well as Liquidity-adjusted VaR. For both (i) and (ii), model risk is addressed [34] through regular validation of the models used by the bank's various divisions; for VaR models, backtesting is especially employed.
Regulatory changes, are also twofold. The first change, entails an increased emphasis [35] on bank stress tests. [36] These tests, essentially a simulation of the balance sheet for a given scenario, are typically linked to the macroeconomics, and provide an indicator of how sensitive the bank is to changes in economic conditions, whether it is sufficiently capitalized, and of its ability to respond to market events. The second set of changes, sometimes called "Basel IV", entails the modification of several regulatory capital standards (CRR III is the EU implementation). In particular FRTB addresses market risk, and SA-CCR addresses counterparty risk; other modifications are being phased in from 2023.
To operationalize the above, Investment banks, particularly, employ dedicated "Risk Groups", i.e. Middle Office teams monitoring the firm's risk-exposure to, and the profitability and structure of, its various business units, products, asset classes, desks, and / or geographies. [37] By increasing order of aggregation:
Periodically, [49] these all are estimated under a given stress scenario — regulatory and, [50] often, internal — and risk capital, [22] together with these limits if indicated, [22] [51] is correspondingly revisited (or optimized [52] ). The approaches taken center either on a hypothetical or historical scenario, [35] [27] and may apply increasingly sophisticated mathematics [53] [27] to the analysis. More generally, these tests provide estimates for scenarios beyond the VaR thresholds, thus “preparing for anything that might happen, rather than worrying about precise likelihoods". [54] A reverse stress test, in fact, starts from the point at which "the institution can be considered as failing or likely to fail... and then explores scenarios and circumstances that might cause this to occur". [55]
A key practice, [56] incorporating and assimilating the above, is to assess the Risk-adjusted return on capital, RAROC, of each area (or product). Here, [57] "economic profit" is divided by allocated-capital; and this result is then compared [57] [23] to the target-return for the area — usually, at least the equity holders' expected returns on the bank stock [57] — and identified under-performance can then be addressed. (See similar below re. DuPont analysis.) The numerator, risk-adjusted return, is realized trading-return less a term and risk appropriate funding cost as charged by Treasury to the business-unit under the bank's funds transfer pricing (FTP) framework; [58] direct costs are (sometimes) also subtracted. [56] The denominator is the area's allocated capital, as above, increasing as a function of position risk; [59] [60] [56] several allocation techniques exist. [43] RAROC is calculated both ex post as discussed, used for performance evaluation (and related bonus calculations), and ex ante - i.e. expected return less expected loss - to decide whether a particular business unit should be expanded or contracted. [61]
Other teams, overlapping the above Groups, are then also involved in risk management. Corporate Treasury is responsible for monitoring overall funding and capital structure; it shares responsibility for monitoring liquidity risk, and for maintaining the FTP framework. Middle Office maintains the following functions also: Product Control is primarily responsible for insuring traders mark their books to fair value — a key protection against rogue traders — and for "explaining" the daily P&L; with the "unexplained" component, of particular interest to risk managers. Credit Risk monitors the bank's debt-clients on an ongoing basis, re both exposure and performance. In the Front Office - since counterparty and funding-risks span assets, products, and desks - specialized XVA-desks are tasked with centrally monitoring and managing overall CVA and XVA exposure and capital, typically with oversight from the appropriate Group. [31] "Stress Testing" may similarly be centralized.
Performing the above tasks — while simultaneously ensuring that computations are consistent [62] over the various areas, products, teams, and measures — requires that banks maintain a significant investment [63] in sophisticated infrastructure, finance / risk software, and dedicated staff. Risk software often deployed is from FIS, Kamakura, Murex, Numerix (FINCAD) and Refinitiv. Large institutions may prefer systems developed entirely "in house" - notably [64] Goldman Sachs ("SecDB"), JP Morgan ("Athena"), Jane Street, Barclays ("BARX"), BofA ("Quartz") - while, more commonly, the pricing library will be developed internally, especially as this allows for currency re new products or market features.
Commercial and retail banks [65] [66] [67] are, by nature, more conservative than Investment banks. Their focus is on steady income from lending and deposits – i.e. as opposed to profits from (proprietary) trading and deal making. The biggest concern here is credit risk—risk of loan defaults from individuals or businesses. Liquidity risk, in this context not having enough liquid assets to meet withdrawal demands, is also a major focus; while interest rate risk concerns the impact of interest rate changes on net interest margins (spread between deposit and loan rates).
For these banks, regulatory oversight is often tighter due to their direct impact on the financial system. Thus they are also highly regulated under Basel III and national banking laws, and will also be subject to regular stress testing by central banks. Additionally, however, they must maintain high capital and liquidity ratios to protect depositors. (See e.g. CAMELS rating system.)
Given their business model and risk appetite, as outlined, various differences result re risk management at investment banks.
In corporate finance, and financial management more generally, [68] [10] financial risk management, as above, is concerned with business risk - risks to the business’ value, within the context of its business strategy and capital structure. [69] The scope here - ie in non-financial firms [12] - is thus broadened [9] [70] [71] (re banking) to overlap enterprise risk management, and financial risk management then addresses risks to the firm's overall strategic objectives, incorporating various (all) financial aspects [72] of the exposures and opportunities arising from business decisions, and their link to the firm’s appetite for risk, as well as their impact on share price. In many organizations, risk executives are therefore involved in strategy formulation: "the choice of which risks to undertake through the allocation of its scarce resources is the key tool available to management." [73]
Re the standard framework, [72] then, the discipline largely focuses on operations, i.e. business risk, as outlined. Here, the management is ongoing [10] — see following description — and is coupled with the use of insurance, [74] managing the net-exposure as above: credit risk is usually addressed via provisioning and credit insurance; likewise, where this treatment is deemed appropriate, specifically identified operational risks are also insured. [71] Market risk, in this context, [12] is concerned mainly with changes in commodity prices, interest rates, and foreign exchange rates, and any adverse impact due to these on cash flow and profitability, and hence share price.
Correspondingly, the practice here covers two perspectives; these are shared with corporate finance more generally:
Multinational corporations are faced with additional challenges, particularly as relates to foreign exchange risk, and the scope of financial risk management modifies significantly in the international realm. [85] Here, dependent on time horizon and risk sub-type — transactions exposure [88] (essentially that discussed above), accounting exposure, [89] and economic exposure [90] — so the corporate will manage its risk differently. The forex risk-management discussed here and above, is additional to the per transaction "forward cover" that importers and exporters purchase from their bank (alongside other trade finance mechanisms).
Hedging-related transactions will attract their own accounting treatment, and corporates (and banks) may then require changes to systems, processes and documentation; [91] [92] see Hedge accounting, Mark-to-market accounting, Hedge relationship, Cash flow hedge, IFRS 7, IFRS 9, IFRS 13, FASB 133, IAS 39, FAS 130.
It is common for large corporations to have dedicated risk management teams — typically within FP&A or corporate treasury — reporting to the CRO; often these overlap the internal audit function (see Three lines of defence). For small firms, it is impractical to have a formal risk management function, but these typically apply the above practices, at least the first set, informally, as part of the financial management function; see discussion under Financial analyst.
The discipline relies on a range of software, [93] correspondingly, from spreadsheets (invariably as a starting point, and frequently in total [94] ) through commercial EPM and BI tools, often BusinessObjects (SAP), OBI EE (Oracle), Cognos (IBM), and Power BI (Microsoft). [95]
Fund managers, classically, [96] define the risk of a portfolio as its variance [11] (or standard deviation), and through diversification the portfolio is optimized so as to achieve the lowest risk for a given targeted return, or equivalently the highest return for a given level of risk; these risk-efficient portfolios form the "Efficient frontier" (see Markowitz model). The logic here is that returns from different assets are highly unlikely to be perfectly correlated, and in fact the correlation may sometimes be negative. In this way, market risk particularly, and other financial risks such as inflation risk (see below) can at least partially be moderated by forms of diversification.
A key issue, however, is that the (assumed) relationships are (implicitly) forward looking. As observed in the late-2000s recession, historic relationships can break down, resulting in losses to market participants believing that diversification would provide sufficient protection (in that market, including funds that had been explicitly set up to avoid being affected in this way [97] ). A related issue is that diversification has costs: as correlations are not constant it may be necessary to regularly rebalance the portfolio, incurring transaction costs, negatively impacting investment performance; [98] and as the fund manager diversifies, so this problem compounds (and a large fund may also exert market impact). See Modern portfolio theory § Criticisms.
Addressing these issues, more sophisticated approaches have been developed, both to defining risk, and to the optimization itself. (Respective examples: (tail) risk parity, focuses on allocation of risk, rather than allocation of capital; the Black–Litterman model modifies the "Markowitz optimization", to incorporate the views of the portfolio manager. [99] ) Relatedly, modern financial risk modeling employs a variety of techniques — including value at risk, [100] historical simulation, stress tests, and extreme value theory — to analyze the portfolio and to forecast the likely losses incurred for a variety of risks and scenarios.
Here, guided by the analytics, Fund Managers (and traders) will apply specific risk hedging techniques. [96] [11] As appropriate, these may relate to the portfolio as a whole or to individual holdings:
Further, and more generally, various safety-criteria may guide overall portfolio construction. The Kelly criterion [113] will suggest - i.e. limit - the size of a position that an investor should hold in her portfolio. Roy's safety-first criterion [114] minimizes the probability of the portfolio's return falling below a minimum desired threshold. Chance-constrained portfolio selection similarly seeks to ensure that the probability of final wealth falling below a given "safety level" is acceptable.
Managers may also employ factor models [115] (generically APT) to measure exposure to macroeconomic and market risk factors [116] using time series regression. Ahead of an anticipated movement in any of these factors, the Manager may then, as indicated, reduce holdings, hedge, or purchase offsetting exposure. Inflation for example, although impacting all securities, [117] can be managed [118] [119] at the portfolio level by appropriately [120] increasing exposure to inflation-sensitive stocks (e.g. consumer staples), and / or by investing in tangible assets, commodities and inflation-linked bonds; the latter may also provide a direct hedge. [121]
In parallel with all above, [122] [123] managers — active and passive — periodically monitor and manage tracking error, i.e. underperformance vs a "benchmark". Here, they will use attribution analysis preemptively so as to diagnose the source early, and to take corrective action: realigning, often factor-wise, on the basis of this "feedback". [123] [124] As relevant, they will similarly use style analysis to address style drift. See also Fixed-income attribution.
Given the complexity of these analyses and techniques, Fund Managers typically rely on sophisticated software (as do banks, above). Widely used platforms are provided by BlackRock (Aladdin), Refinitiv (Eikon), Finastra, Murex, Numerix, MPI and Morningstar.
Financial institutions
Corporations
Portfolios
{{cite book}}
: CS1 maint: multiple names: authors list (link)