Risk Management in Financial Institutions

If savers and investors and buyers and sellers could locate each other efficiently, purchase any and all assets at no cost, and make their decisions with freely available, perfect information, there would be no need for financial institutions. However, in real economies, market participants seek the services of financial institutions because they can provide market knowledge, transaction efficiency, and contract enforcement. Such firms operate in two ways: (1) they may actively discover, underwrite, and service investments using their own resources, or (2) they may merely act as agents for market participants who contract with them for some of these services. In the latter case, investors assemble their portfolios from securities that the firms bring to them.

Because of the ways in which institutions may operate in the financial sector, two issues arise. First, when and under what circumstances should the firms use their own resources to provide financial services, rather than offering them through a simple agency transaction? Second, to the extent that the institution offers such services by using its own resources, how should it manage its portfolio to achieve the highest value added for its stakeholders?

In addressing these two issues, we define the appropriate role for institutions in the financial sector and focus on the role of risk management in firms that use their own balance sheets to provide financial products. Our objective is to explain when an institution is better off transferring risks to the purchaser of the assets that the firm has issued or created, and when the firm itself should absorb the risks of these financial products. However, once the firm absorbs the risks, it must efficiently manage them. So, we have developed a framework for efficient, effective risk management for the firm that chooses to manage risks within its balance sheet and achieve the highest value added. To develop our analysis of risk and return in financial institutions, we first define the appropriate role of risk management. Next, we detail the services that financial firms provide, define several different types of risks, and discuss how they occur as an inherent part of financial institutions’ business activities.

Some institutions manage risks, while others contract to avoid them. We contrast these two methods in two different institutions — a passive institution, namely, a real estate mortgage investment conduit (REMIC), and one of the most actively managed financial firms, a commercial bank. We also integrate the lessons learned to determine when and to what extent a financial institution should engage in active risk management, and we outline the requirements and principles necessary to successfully implement a firm’s system. Finally, we ask specific questions to extend the current knowledge of risk management techniques and procedures.

At the outset, however, we want to make one point clear. The structure of systematic risk in the financial market is not affected by the operation of competitive financial institutions. Such risk can be traded or hedged, but it does not disappear in aggregate. That these institutions make the capital formation process more efficient and, hence, more attractive by providing services to investors, creditors, and shareholders is the value added of the financial sector.1 In addition, the firms reduce nonmarket wealth transfers in financial contracting between traders of different wealth, knowledge, or avarice. Financial institutions provide more efficient discovery, evaluation, and dissemination of information about legitimate investment opportunities, which presumably reduce monopoly positions and inefficient risk taking. At the same time, such institutions may bring some production efficiency to the market. They reduce transactions cost through efficient processing-cost structures or information-cost sharing. This kind of economy of scale is part and parcel of the financial sector and performs an important service.

Risk in Financial Services

Why does risk matter? How can a firm mitigate the risks integral to the sector’s products? Understanding these questions leads to a greater appreciation of the challenge that managers in the financial community face, specifically, why managers want to reduce risk and what approaches they can take to alleviate an inherent part of the financial services offered.

Why Does Risk Matter?

According to standard economic theory, firm managers should maximize expected profits without regard to the variability of reported earnings. However, literature on the reasons for managers’ concern about the volatility of financial performance dates back to 1984, when Stulz offered a viable economic reason for firm managers’ concern.2 Since then, there have been alternative theories and explanations; a recent review of the literature presented four reasons to justify active risk management:3

1. Managerial self-interest
2. Tax effects
3. Cost of financial distress
4. Capital market imperfections

In each explanation, the volatility of profit leads to lower value to at least some of the firm’s stakeholders. In the first, it is noted that managers have limited ability to diversify their investment in their own firm, due to limited wealth and the concentration of human capital returns in the firm they manage. This fosters risk aversion and a preference for stability. In the second, it is noted that, with progressive tax schedules, the expected tax burden is lessened by reduced volatility in reported taxable income. The third and fourth explanations focus on the fact that a decline in profitability has a more than proportional impact on the firm’s fortunes. Financial distress is costly, and the cost of external financing increases rapidly when a firm’s viability is in question. Any one of these reasons is sufficient to motivate managers to be concerned about risk and carefully assess both the level of risk associated with any financial product and potential risk-mitigation techniques.4

How Can a Firm Mitigate Risk?

Managers can consider three generic risk-mitigation strategies (see Table 1):

1. Eliminate or avoid risks by simple business practices.
2. Transfer risks to other participants.
3. Actively manage risks at the firm level.

Risk avoidance involves reducing the chances of idiosyncratic losses by eliminating risks that are superfluous to the institution’s business purpose. Common risk-avoidance activities are underwriting standards, hedges or asset-liability matches, diversification, reinsurance or syndication, and due diligence investigation. The goal is to rid the firm of risks that are unessential to the financial service provided or to absorb only an optimal quantity of a particular risk.

What remains is some portion of systematic risk and the risks that are unique to an institution’s business franchise. In both, risk mitigation is incomplete and can be enhanced. Any systematic risk not required to do business can be minimized. Whether this is done is a business decision that the firm can clearly indicate to stockholders. Likewise, in operational risk, the firm can address the risks of providing service — including fraud, oversight failure, lack of control, and managerial limitations. Aggressive risk-avoidance activities in both these areas will constrain risk, while reducing the profitability from the business activity. Accordingly, the firm can communicate the level of effort it makes to reduce these risks to shareholders and justify the costs.

The firm can eliminate some risks or at least substantially reduce them by transferring them. Markets exist for the claims that many of these financial institutions issue and/or the assets they create. Individual market participants can buy or sell financial claims to diversify or concentrate the risk in their portfolios. To the extent that the market understands the financial risks of the assets that the firm creates or holds, the assets can be sold in the open market at their fair market value. If the institution has no comparative advantage in managing attendant risks, it has no reason to absorb or manage such risks rather than transfer them. In essence, for the firm, there is no value added associated with absorbing the risks.

However, the firm should absorb another class of assets or activities in which the risk is inherent. In these cases, risk management must be aggressive, and there must be good reason for using further resources to manage firm-level risk. These financial assets or activities have one or more of these characteristics:

1. The equity claimants, or others for whom the institution has a fiduciary interest, may own claims that the investors cannot trade or hedge easily themselves. For example, defined-benefit pension plan participants can neither trade their claims nor hedge them on an equivalent after-tax basis. This also applies to the policies of mutual insurance companies, which are complex bundles of insurance and equity.
2. The nature of the embedded risk may be complex and difficult to reveal to nonfirm-level interests, such as banks, which hold complex, illiquid, and proprietary assets. Communication in such cases may be more difficult or expensive than hedging the underlying risk.5 Moreover, revealing information about customers or clients may give competitors an undue advantage.
3. If moral hazard exists, it may be in the stakeholders’ interest to require risk management as part of standard operating procedures. For example, providers of insurance, e.g., the FDIC, can insist that institutions with insured claims follow appropriate business policies.

4. Risk management is central to the firm’s business purpose. An index fund invests in an index without hedging systematic risk. A security dealer engaged in proprietary trading and arbitrage will generally not be fully hedged. In all these circumstances, risk is absorbed and risk management activity requires the monitoring of business activity risk and return. This is part of the cost of doing business as it absorbs management’s attention.

Once we define legitimate risk management rationales, we can identify noneconomic or redundant risk management practices, which reduce risks through ill-considered hedges or through inappropriate diversification. For example, during the 1980s, many companies diversified into unrelated businesses. Their managements sought to escape the cyclical nature of the profitability in their basic franchise. Regardless of outcome, these investments could not help shareholders unless management had valuable skills in these areas. Clearly, without skilled management, owners of the firms’ stock could have made such investments themselves.

A Taxonomy of Financial Institutions, Services, and Risks

Subdividing risk-mitigation strategies into the three categories, i.e., avoidance, transference, and active firm-level risk management, while conceptually useful, is difficult to apply to the full array of financial institutions and their activities. Accordingly, we present a taxonomy of various financial institutions’ services and the different types of risks.

A wide variety of organizations qualify as financial institutions, including depositories (banks, thrifts, and credit unions), insurance companies (life, property and casualty, auto and health), investment companies (open- and closed-end funds, REMICs and REITs, or real estate investment trusts), pension funds (defined benefit and defined contribution), origination firms (insurance and security brokers, investment management companies, and mortgage bankers), market makers (specialists, dealers, and reinsurance companies), exchanges (stock, insurance, and derivatives), clearing houses, and largely unregulated firms and finance companies (consumer and commercial, captive and lease finance, and pawnbrokers).6

Some financial institutions act as principals, while others are agents for investors in transactions. Some actively assume systematic and unsystematic risks, while similar firms eschew risk altogether. What they have in common is their business focus on transacting the financial instruments generated by economic activity. To some extent, each type of institution provides one or more distinct financial services to facilitate the flow of funds between savers and investors.

Basic Financial Services

We can separate the services that the institutions provide into six distinct activities: origination, distribution, packaging, servicing, intermediation, and market making.7

Origination involves locating, evaluating, and creating new financial claims issued by the institution’s clients. The originator first assembles and evaluates information about the transaction. On the one hand, if the originator plans to maintain ownership of the new asset, it must set its own standards of acceptable risk and return in order to act as principal as well. On the other hand, if the originator plans to act as an agent and sell the product, it must abide by the underwriting standards of other principals. An example of the latter is a mortgage banker that must originate mortgages in conformance with agency standards to sell such mortgages in an agency-sponsored pool.

Distribution is the act of raising funds by selling newly originated products to customers that have the available resources to finance them. The institution can either broker the transaction or act as principal. In brokering, newly originated assets are placed with investors who directly remit to the issuing firm. The institution never takes ownership of the asset but merely facilitates its placement in a third party’s portfolio. As principal, the initiating institution purchases the originated assets and sells or distributes them from its own inventory. Most retail sales are made on a brokered basis, while institutional distribution is most frequently conducted with the firm acting as principal.

Servicing is the collection of payments from issuers and payment of collected funds to claimants. In addition, a servicer maintains payment records, monitors contracts, and pursues defaults. In less developed economies, this aspect of financial service is relatively invisible. The same institution originates and holds most assets, particularly in the fixed-income area. Accordingly, the customer service aspect of lending is less obvious. In developed economies, servicing is a distinct business activity in the financial markets.

Packaging, which has developed relatively recently, involves collecting individual financial assets into pools and possibly decomposing the cash flow from such assets into different financial claims. Such repackaging of financial flows is done to increase liquidity or tailor cash flows for specific customers. For example, securitizing mortgages creates a liquid market for residential mortgages in agency-sponsored pools, while a REMIC divides the principal and interest flows from the pools into different classes of bonds.

Intermediation is the simultaneous issue and purchase of different financial claims by a single financial entity. It occurs when an institution purchases one type of financial instrument for its own account and finances the transaction by issuing a claim against its own balance sheet. Three types of such financial intermediation are common: (1) insurance underwriting, whereby the issuer assumes the policy’s contingent liability, (2) loan underwriting, whereby the intermediary uses its own resources in extending credit to a borrower, and (3) security underwriting, which involves buying securities as principal to distribute to investors.

Market making is a dealer’s buying and selling of identical financial instruments. The market-making firm is usually, but not always, a principal in the transaction. A market maker acts as an intermediary when it finances inventory by issuing its own claims, e.g., security underwriting. Gains and losses associated with the change in inventory value accrue to the market maker’s financial benefit or loss. Recently, several commercial auction firms have made markets for loans as the seller’s agent. In this case, buyers and sellers take principal risks, and the auctioneer gets a commission, acting more as an agent for bringing together buyers and sellers than as a market maker.

It is important to distinguish between principal and agency activities in all these services because the risks and incentives are quite different. A principal commits capital and risks both time and money. The capital requirements can be substantial. A principal owns a portfolio and suffers from systematic and idiosyncratic risks. In contrast, an agent works for someone else and risks only time. In an agency business, investment of capital is modest, and the risks are wholly idiosyncratic.

Risks in Providing Financial Services

The risks associated with providing financial services differ by the service rendered. In general, the services of originators, distributors, servicers, and packagers are provided more or less on an agency basis. These services facilitate market access for buyers and sellers of financial instruments and are of little risk to the service provider. Intermediation and market making, however, are largely principal businesses. They place a principal and its capital between direct trades by buyers and sellers. In these areas, the financial institution retains the bulk of the service risk, and effective risk management is most crucial. Neither an intermediary nor a market maker are perfectly hedged against all risks, and thus its investors bear an array of financial risks associated with the institution’s activities.

There are five generic risks to these financial institutions: systematic, credit, counterparty, operational, and legal.

Systematic risk is the risk of asset value change associated with systemic factors. As such, it can be hedged but cannot be completely diversified. In fact, systematic risk can be seen as undiversifiable risk. Financial institutions assume this risk whenever assets owned or claims issued can change in value as a result of broader economic conditions. Systematic risk comes in many forms. For example, as interest rates change, different assets have somewhat different, unpredictable values. Energy prices affect transportation firms’ stock prices and real estate values differently. Large-scale weather effects can strongly influence both real and financial asset values for better or worse.

Some financial institutions minutely decompose systematic risk. Institutions whose balance sheets react substantially to specific systemic changes may try to estimate the impact of the particular systematic risks on performance, attempt to manage them, and thus limit their sensitivity to variations in these undiversifiable factors. Accordingly, many institutions heavily involved in the fixed-income market attempt to track interest rate risk more closely and rigorously than those that have little rate risk in their portfolios.8 They measure and manage the firm’s vulnerability to interest rate variation, even though they cannot do so perfectly. Likewise, international investors are aware of foreign exchange risk and try to measure and restrict their exposure to it.9 Similarly, investors with high concentrations in one commodity need to be concerned with commodity price risk and perhaps overall price inflation, while investors with high single-industry investments monitor both specific industry concentration risk and the forces that affect the fortunes of the industry involved.

Credit risk arises from a debtor’s nonperformance. It results from either an inability or an unwillingness to perform in the precommitted, contracted manner. It can affect the lender who underwrote the contract, other lenders to the creditor, and the debtor’s own shareholders. Credit risk is diversifiable but difficult to hedge perfectly, because most of the default risk may result from systematic risk. The idiosyncratic nature of some portion of these losses, however, remains a problem for creditors despite the beneficial effect of diversification on total uncertainty. This is particularly true for creditors that lend in local markets and take on highly illiquid assets.10

Counterparty risk comes from a trading partner’s nonperformance. This may arise from a counterparty’s refusal to perform due to an adverse price caused by systematic factors or from some other political or legal constraint that the principals did not anticipate. Diversification is the major way to control nonsystematic counterparty risk, which is like credit risk but is generally considered a transient risk associated with trading, rather than a standard creditor-default risk associated with an investment portfolio. A counterparty’s failure to settle a trade can arise from factors other than credit problems.11

Operational risk is associated with the problems of accurately processing, settling, and taking or making delivery on trades in exchange for cash. It also arises in record keeping, computing correct payment amounts, processing system failures, and complying with various regulations. Individual operating problems seldom occur in well-run organizations but can expose a firm to costly outcomes.

Legal risks, endemic in financial contracting, are separate from the legal ramifications of credit, counterparty, and operational risks. New statutes, court opinions, and regulations can put formerly well-established transactions into contention even when all parties have previously performed adequately and are fully able to do so in the future. For example, the bankruptcy law enacted in 1979 created new risks for corporate bondholders. Environmental regulations have radically affected real estate values for older properties. A second type of legal risk arises from the activities of an institution’s management or employees; fraud, violations of securities laws, and so on can lead to catastrophic loss.

To some extent, all financial institutions face these risks. Nonprincipals or agents primarily face operational risk. Since institutions in this case do not own the underlying assets in which they trade, systematic, credit, and counterparty risks accrue directly to the asset holder. If the asset holder experiences a financial loss, however, it often attempts legal recourse against the agent. Therefore, institutions engaged in only agency transactions bear some legal risk, if only indirectly.

Our focus, however, is on the businesses in which the institutions participate as principals. Principals must decide how much business to originate, how much to sell, how much to contract to agents, and how much to finance and manage themselves. Principals must weigh both the expected profit and the various risks to assure stockholders that they have achieved the stated goal of maximizing shareholder value. The result of these decisions permits a wide range of financial institutions to coexist.

A View of Financial Institutions

Two quite different types of financial intermediaries coexist in the financial market at opposite ends of the spectrum (see Table 2). The first is the simplest form of intermediary, a passive investment company. As an example, we describe a REMIC, which shows how passive ownership and financing by an intermediary, combined with efficient contracting and information sharing, provide value to investors and, at the same time, eliminate the need for claim holders to monitor the intermediary’s actions. Despite substantial systematic, credit, and operational risks, the REMIC does no active asset management. The nature of a REMIC’s structure and contracting illuminates how active management adds value to a financial institution. If simple rules and outside contacts can satisfy investors, the role of active risk management is circumscribed.

To illustrate the second type of intermediary, we describe a commercial banking firm. In this case, transparency becomes a substantial issue, and active management of the underlying asset portfolio and risk exposure becomes standard procedure. The contrast between the two examples is quite vivid, as risk management is conducted exclusively outside the financial institutional structure in the REMIC but occupies substantial management time in the commercial bank.

REMICs

A REMIC is an investment trust created in the Tax Reform Act of 1986. It is a tax-free legal entity that can own qualifying real estate mortgages and issue two types of beneficial interests: regular (debt) claims and a residual claim. Although it can issue only one class of residual interest, it can sell multiple and complex classes of regular interests. The REMIC makes all payments to regular interests according to rules specified when it is established. Basically, the REMIC structure allows principal and coupon payments from mortgages that the REMIC owns to be divided in different ways.12 The residual interest, which cannot exceed a small percentage of the asset principal value, receives all principal and interest payments not pledged to regular interests or required for trust administration costs.

A REMIC has a trustee but no management, its assets cannot be significantly changed after it is established, and it exists only until its assets are repaid completely. However, it can contract for services and sue and be sued in contract disputes. For a fee, a trustee acts as fiduciary for the beneficial interests, monitors contractors, makes payments to claimants, and keeps records. Thus a REMIC is an independent, passive, tax-free financial intermediary.13 It buys real estate mortgages, issues claims to finance the purchase, and contracts for all other services. Subcontractors — specifically, loan originators, loan underwriters, servicers of the loans, foreclosure and resale agents for loan defaults, the trustee, and an underwriter for REMIC interests — provide the services. In effect, the REMIC and its contractors replace the conventional, actively managed, vertically integrated financial institution.

The REMIC finances its assets, which other economic agents originate, by issuing regular and residual interests that are underwritten and sold to investors. The REMIC trustee, who administers the trust as fiduciary for regular and residual interest holders, contracts for the master servicing and subservicing of the assets. The REMIC’s investors analyze the reputation of the servicer, subservicer, and trustees. The investors analyze their own loans with data from the underwriter and also analyze the REMIC structure and payment rules.

REMICs use enhancements to increase the value of the interest holders’ claims when the REMIC’s assets are not agency mortgage pools. One structure used frequently is overcollateralization. The senior class of regular interest holders has first claim on collateral payments. The REMIC pays whatever principal and interest that is not required for the senior class to the subordinated class (up to its scheduled payments), which has secondary claim on this cash flow. There can also be a super-subordinated class, which receives that which is not due to the more senior classes, up to a maximum amount. Finally, the residual interest is paid. In addition, rating is frequently used to certify quality. Rating agencies like Standard and Poor’s and Moody’s have established criteria for rating degrees of overcollateralization or subordination based on historical default rates in depressed economic times.

Overall, the total cash proceeds from stratifying and analyzing the mortgages, disseminating the information to investors in different markets, and structuring, underwriting and selling REMIC interests determine the value of the REMIC trust.14 This structure also illustrates how financial institutions can be organized. Contracting for specialized services can substitute for vertical integration in financial services. And institutions that are completely passive — communicating risks about the underlying portfolio but not actively managing them — can be viable.

Commercial Banks

Unlike REMICs, commercial banks — at the opposite end of the spectrum in terms of portfolio and risk management practice — are actively managed, dynamic portfolio institutions. A state or federal agency grants a banking charter with only equity capital in place. Assets and deposit liabilities grow, subject only to capital allocation requirements.15

Asset choice is subject to prudent supervision but, beyond regulatory standards, banks have broad discretion. Except for some marginal fixed assets and mandatory cash positions, assets vary from one institution to another and from one time to another for the same institution. By broad classification, however, the bulk of banking assets are held in fixed income instruments.16 By convention, these are separated into two categories: investment securities and loans. The former include open-market instruments of the money and capital markets. The latter are debt instruments originated by the bank, for which there may or may not be a liquid secondary market.

The lack of a clear secondary market for a substantial part of a bank’s asset portfolio can be traced to two different but fundamental problems. First, the basis of a credit decision is generally proprietary information gleaned from the bank’s customers or derived at substantial cost to the originating bank. Communicating this information convincingly or revealing its implication for the value of the underlying asset portfolio is difficult and costly.17

Second, many instruments in the asset portfolio have no standard open-market counterparts. Because assets are nonstandard and illiquid, no observable market quote can be used to revalue the asset over time. Credit deterioration and systematic risks can cause the theoretical market value to vary, but no accurate signal of this value change is easily observable or credible for investors.

The problems associated with assets are mirrored by the bank’s liabilities. Deposits are issued for various terms or on demand. The market value of these liabilities changes with interest rates and perhaps also with exchange rate fluctuation. However, deposits are illiquid and are often offered at rates associated with the bank’s monopoly position in its market area. Again, market valuation becomes difficult.

Such problems are exacerbated by GAAP or regulatory authorities’ accounting rules. In most circumstances and in most countries, assets are held at purchase price or book value. Liabilities are virtually never marked-to-market, and reserve accounting has little resemblance to its theoretical counterpart, a valuation reserve.

The net result of illiquid markets and opaque accounting practices is that it is not easy to understand a bank’s portfolio value from the balance sheet entries. Assets are both illiquid and imperfectly priced by outside agents. Liabilities are mispriced by regulatory mandate, and equity value has the errors of both compounded. Unlike the REMIC, there is sufficient uncertainty about the market value of a bank’s assets and liabilities to lead to substantial divergence between the book and market values of assets and liabilities. Thus a direct estimate of equity market value of the institution is difficult, if not impossible.

In addition, the current state of a bank’s balance sheet does not indicate its future value. Discretionary portfolio trading, associated with the maturity differences among assets or liabilities, and active portfolio origination of new credits and claims cause the true market value of assets and equity to change over time.

In light of these features of a banking firm’s portfolio, appropriate asset management must include active risk management.18 Concern about the probability of default leads commercial banks to measure, manage, and reduce their exposure to various types of risks. In effect, given the nature of the banking business, risk management becomes integral to the origination and monitoring of illiquid assets and the distribution of liabilities, which is distinctly different from the operation of a passive, fairly transparent REMIC.

When to Practice Risk Management

The contrast between the REMIC and the commercial bank is stark. The debt and equity claims that both the REMIC and the commercial bank issue are risky in almost any sense. Yet, in the case of the REMIC, investors buy the instruments and seldom hold the intermediary accountable for their performance. The trustee monitors the service and foreclosure firm for a fee but is not held liable for market performance. Theoretically, the REMIC is the ultimate passive intermediary. Conversely, active management is critical to the commercial bank’s activity. The bank originates and manages illiquid assets whose values in the open market are imprecise and over time. Unlike the REMIC, the bank has no predetermined life span or constraints on asset replacement.

Differences between Institutions

The difference between a REMIC and a bank is the transparency or permanency of each organization’s investor interests. An investor in a REMIC can obtain a very detailed description of its assets, contracts, and payment schemes for regular interests. The rules for operation are quite clear. Thus the many unexpected events that severely affect the REMIC’s value do not lead to questions of confidence or competence on the part of the trust.

In a typical, actively managed financial firm, however, such information is only available to managers because of the uncertainty concerning the economic value of financial claims. Either because of product tieins, as in insurance products, or because of ambiguity in underlying asset value, pricing these assets and therefore shareholder value is problematic for the intermediary. In addition, the extent of dynamic asset change and the rules followed for such portfolio adjustment are rarely communicated or subject to monitoring, due to the features of the assets held.

We can generalize from the distinctions between these two institutional types by imagining principal financial institutions arrayed in a two-dimensional space in which one axis measures how transparent its actions are to investors and the other axis measures how actively its investments are managed (see Figure 1). For simplicity, institutions are either transparent, translucent, or opaque in information and either active or passive in operation. Discretionary risk management activity is concentrated in the actively managed, opaque institutions, clustered in the top right corner. On the other hand, transparent institutions with rather passive investment strategies are in the lower left. In these institutions, rules substitute for management.

There are also institutions at the other extremes. In the upper left are the actively managed institutions such as open-end mutual funds, which are fully transparent but actively managed in a manner clearly defined by their prospectus. These institutions limit risk management to eliminating unnecessary risk. They shed nonessential risk at the same time that they seek those risks essential to the value-added activity. At the other extreme are agency mortgage pools, which flourish only with implicit government guarantees. The opaqueness of these portfolios makes the institutions’ asset value uncertain, and only through credit enhancements can the investor be convinced of the timeliness of future cash flows.

Institutions can also flourish inside this two-dimensional space, labeled translucent, because some information is available, but it is often not timely or wholly credible. At institutions in the vertical, intermediate range, a substantial amount of energy is spent communicating with stakeholders and presenting clear statements of investments or investment policy. These actions are attempts to clarify the institutions’ positions and perhaps move them into the transparent area.

Fees associated with intermediation services tend to correlate with the extent of active management. For example, index funds generally carry lower management fees than either actively managed investment funds or depository institutions. In part, this is because the latter have higher operating costs associated with more portfolio transactions and a higher turnover rate. However, this is also due to the presumed greater value added that the managers provide. They have discretion because of their expertise in the chosen market and their associated reputation for above-average performance and skill in active risk management.19 In essence, one value-added activity that managers perform is to control risk at the firm level in order to increase portfolio value to stakeholders.

Active Risk Management Techniques

What techniques can a firm use to limit and proactively manage risk? What necessary procedures can be implemented to adequately manage risks for which firm management is responsible?

If management is going to control risk, it must establish certain procedures. The goal of a risk management system is to measure and manage the firm’s exposure to various risks that management has identified as central to its franchise. For each risk category, the firm employs a four-step procedure to measure and manage firm-level exposure (see Table 3). In general, a firm uses these tools to accurately define the risk, limit exposure to acceptable levels, and encourage decision makers to manage risk in a manner that is consistent with management’s goals and objectives.

Step 1. Establish Standards and Reports.

Standard setting and financial reporting are the sine qua non of any risk management system. Underwriting standards, risk categorizations, and review standards are all traditional tools of risk control. Management needs consistent evaluation and rating of exposure to understand the embedded risks in the portfolio and the extent to which it must mitigate or absorb these risks.

Standardized financial reporting is essential for investors to gauge asset quality and firm-level risk. The need goes beyond public reports and audited statements to management information on asset quality and risk posture. Such internal reports need similar standardization and need to be more frequent, with daily or weekly reports substituting for the quarterly GAAP reports.

Step 2. Impose Position Limits and Rules.

A firm must impose limits to cover exposures to counterparties, credit, and overall position concentrations relative to systematic risks. In general, each person who can commit capital — traders, lenders, and portfolio managers — should have a well-defined limit.

Summary reports to management can show counter-party, credit, and capital exposure by business unit periodically. In large organizations with thousands of positions maintained and daily transactions, accurate and timely reporting is quite difficult but perhaps even more essential.

Step 3. Set Investment Guidelines and Strategies.

A firm should outline investment guidelines and strategies for risk taking in the immediate future in terms of commitments to a particular market area, the extent of assetliability mismatching, or the need to hedge against systematic risk at a particular time. Guidelines can advise on the appropriate level of active management, given the state of the market and senior management’s willingness to absorb the risks implied by the aggregate portfolio. Such guidelines lead to hedging and assetliability matching. In addition, securitization and syndication are rapidly growing techniques for participants who want to reduce their exposure in line with management’s guidelines. These transactions facilitate asset financing, reduce systematic risk, and allow management to concentrate on customer needs for origination and servicing rather than funding.

Step 4. Align Incentive Contracts and Compensation.

To the extent that management can enter into incentive-compatible contracts with line managers and relate compensation to the risks they bear, the need for elaborate, costly controls lessens. However, such incentive contracts require accurate position valuation, proper cost and capital accounting systems, substantial cost accounting analysis, and risk weighting that may take years to establish. Notwithstanding the difficulty, well-designed compensation contracts align the goals of managers with other stakeholders in a desirable way.20 Most financial debacles can be traced to the incompatibility of incentives.

Implementing Firmwide Risk Management

Firmwide risk management entails a significant commitment of time and resources. It requires a focus on the central businesses of a firm, bottom-to-top review of lending or origination, trading or market making, and intermediation with a risk management perspective. It leads to the construction of databases and reporting systems quite different from standard accounting systems. In this process, there are some guiding principals for successful implementation:

First, risk management must be integral to an institution’s business plan. Decisions to enter, leave, or concentrate on an existing business activity require careful assessment of both risks and potential returns. A firm must define risk management practices for each business activity it pursues. It must eliminate those activities not part of its focus so that it does not assume avoidable risks because of a lack of management oversight.

Second, a firm must define the specific risks of each activity and develop ways to measure them. Similarly, it must develop databases to measure risk consistently across the entire organization.21 Credit risk evaluation techniques, for example, should be the same in corporate lending as in correspondent banking. Only then will aggregate credit quality reports have meaning for senior management.

Third, a firm must establish procedures so that risk management begins at the point nearest to the assumption of risk. This means it must adapt trade-entry procedures, customer documentation, client engagement methods, trading limits, maximum loan sizes, hedging strategies, and a myriad of other normal activities to maintain management control, generate consistent data, and eliminate needless exposure to risk.22

Fourth, a firm must develop databases and measurement systems in accordance with how it conducts business. For example, most accounting systems for trading operations record trades on the basis of settlement day. However, to measure trading-desk risks, risk management systems must record positions on a trade-date basis, which means that the risk management system must access the trade-entry system directly. Moreover, for accurate daily reports, trades must be recorded, entered, and checked frequently. Next-day corrections of bad trade information are not timely enough.

Finally, none of these procedures or databases are effective or meaningful until the firm establishes an overall risk management system that senior managers use.23 It must use the system to evaluate businesses, individual performance, and its value added. The system must be the ongoing focus of management analysis and discussion and, over time, become part of board meeting presentations. To achieve this, the business units being monitored must check risk reports regularly and tailor reports for their users. The system must be part of management’s oversight, control, and compensation.

Agenda for Risk Management Improvements

The REMIC model of a financial institution shows that risk management is not inherent in institutions managing risky asset portfolios, even those with complex claims. Asset disclosure, public operating rules, and the market for financial services seem to work well, at least for these simple, single-purpose entities. However, such institutions need transparency and passivity so that stakeholders can evaluate the underlying portfolio and its value added on their own.

For institutions with dynamic, opaque portfolios, the challenge is to manage the firm’s value and its risk exposure clearly and concisely. This involves limiting unnecessary risk, transferring other risks, which need not be absorbed, and managing the risks that remain. As noted, appropriate risk management involves a considerable commitment. The four-step process, both feasible and practical, is currently in place at some institutions.24

Yet, even the most ambitious application of risk management principles will not eliminate risk or ensure positive returns. Substantially more research is needed to further advance our knowledge in this area. Challenges remain in two areas: First, there are methodological issues to settle in the application of risk management techniques to the whole firm. Second, there are issues related to the value of risk management techniques in a more sophisticated market that is willing to accept both direct claims and claims from transparent institutions.

We close with a few questions that warrant further study.

1. How much disclosure of embedded risk is required or even desirable for opaque, actively managed institutions? With changing portfolios, should risk management strategies be disclosed in addition to current risk profiles?
2. Are reporting procedures sufficiently generic to report accurately not only balance sheet values but also embedded risk of nontransparent firms?
3. Are there optimal rules for active management? Can we replace active, discretionary management with well-specified portfolio adjustment rules to make the opaque institution more transparent?
4. If there is no single rule for optimal risk management, how can an institution determine its particular optimal risk-return trade-off? Will this differ across institutions with similar product lines or be relatively constant for all members of an industry group?
5. Given the many different kinds of risk, how can a firm aggregate them to measure its total risk exposure? Recent approaches measure risk using the concept of “value at risk” or “risk-adjusted return on capital.” Will either emerge as a single index of institutional risk?
6. Can we demonstrate that active management adds value to intermediation? Can we demonstrate that institutions engaged in such activities are systematically valued as they would have been if they made no attempt to reduce the variability of returns?
7. What is the evolution of the financial structure and market share of various institutions? Has the development of broader capital markets made actively managed institutions outmoded? Will narrow transparent institutions replace the current opaque ones, so that this entire issue will eventually disappear?