U. S. House Subcommittee On Capital Markets, Insurance, and Government Sponsored Enterprises James Rech’s Offer in AAA Testimony of March 5, 2009: “…discuss with the committee the key concepts and elements that we (AAA) believe are needed for the effective oversight and monitoring of systemic risk.” Comments/additions by Michel Rochette, FSA Enterprise Risk Adivosory, LLC EXECUTIVE SUMMARY Oversight of Insurance Focuses on Soundness for the Policyholder – Solvency - and Value? To the other stakeholders. the Shareholder The actuarial approach to risk management has focused for many years on ensuring that an organization has adequate cash resources – CAPITAL ? to meet its objectives as well as its obligations over the life of the obligations. This has been accomplished through the extensive use of financial analysis and modeling of assets and liabilities as well as evaluating the systemic – SPECIFIC more THAN SYSTEMIC, which has a broader definition in Finance - impact (and incentives) of the product design on each of the parties involved - would say stakeholders. Both policyholders and shareholders need to benefit from a transaction where the provisioning for future uncertainty must protect – the policyholders – and create value for - the shareholder and the policyholder from the actual risks to which they are exposed. This engineering approach (to consider the long term impact of product design and subsequent valuation to both parties) is unique in the financial services industry. Method and Scope of Risk Oversight is More Important Than Who Does It Developing a sound understanding of those risks - which risks? - has occurred over time and has meant less insurance exposure to the effects of the financial crisis than has occurred in the other segments of the financial services industry. - don't agree with that. Insurers have been heavily affected by recent credit losses, a financial risk - We suggest that this is not due, per se, to one set of regulators doing a better job than another, but rather reflects the theory of risk management under which they were operating. We further suggest that the primary soundness of the systemic regulator concept can succeed only if it is based on a firm understanding of risk and risk management. A solution that focuses primarily on just modifying a fragmented regulatory structure will only be cosmetic. One of the many issues that have fed the current crisis is the accumulation of risk in areas that fall in between the various regulators’ areas of responsibility. With each regulator appropriately focused on their own part of the system, this new systemic risk regulator needs to have responsibility for oversight of risk across all sectors. If the scope of this new regulator is limited to exclude one or more areas, then the natural reaction of the financial market participants will be to find some way to put their excess risks in that area. - which is called Capital arbitrage - That may well mean that the SRR
will need to pay close attention to risks that leave the country as well as those that remain. Oversight and Management of Complex Risk is a Straightforward Process of Creating Accountability and Transparency This paper describes a sound approach for complex risk management issues drawn from what is already being successfully applied in current practice. It is based on a very straightforward, but disciplined process: - You could refer here to accepted ERM frameworks like ANZ, ISO 31000, which are more in line with the insurance approach more than COSO, which is a control framework. a) Identify risk b) Measure risk c) Manage risk -Would a reference to contagion models as used in insurance be useful? Think of Pandemic, Aids crisis...and the like? What to Expect This note will explore, as a starting point, key concepts needed to maintain a resilient financial market. : 1. Identify risk a. What is systemic risk and what are its causes? b. When does risk disappear and when is it just merely transferred? c. What are the major types of risk exchanges and tools currently used to manage the risks in that exchange process? 2. Measurement and reporting needed for managing Systemic Risk in a stable fashion a. Use an approach for managing/regulating risks with unknown exposure levels (Track impact of leverage and concentration exposures) b. Use scenario testing to understand the impact of tail events on the system and also allow for crisis management options to be planned in advance c. Use double entry risk process so awareness of risk exposure does not “disappear� d. Use risk limits and automatic stabilizers e. Review and asses impact of innovation by either the market (product designs) or the regulator (reporting requirements, allowable transactions). 3. Summary of tools that can be used by a proposed systemic risk regulator, including countercyclical options.
MAIN BODY I) Identify Risk A) Working Definition of Systemic Risk. When the impact of failure between two parties extends beyond impacting the two parties involved in the transaction to impact many or most participants in the market place and cannot be hedged away by the market participants. It has been defined elsewhere as “a type of tragedy of the commons, in which the benefits of exploiting finite capital resources accrue to individual market participants, each of whom is motivated to maximize use of the resource, whereas the costs of exploitation, which” [though unknown] “affect the real economy, and are distributed among an even wider class of persons.1 It is only in the emergence of the breakdown that the market gains awareness of the impact that these unmeasured costs have imposed on the larger group. This definition clarifies why traditional regulatory approaches that focus on the known and measurable risks have fallen short. The successful management of systemic risk will include understanding the possible impact of risks which are not currently known and measurable. B) Causes of Systemic Risk 1) Level of Leveraging. The degree to which individuals and/or institutions are allowed to take a risk position without the funds to back their obligations2 2) Level of Risk Concentrations. 3) Risk that “Disappears” and is not captured in the accounting requirements. This can create a market mispricing of risk for the following reasons: (a) Accounting has and may well always lag in capturing elements of risk. By definition, what is unknown is also not measurable and thus not understood by the market participants. There has been a vigorous international effort over the last fifteen years to look to improved accounting standards that capture and reflect to the market the actual risks of the firm, but as of yet, no consensus has arisen. There is usually a gap of time between when the market in general becomes aware of a need for more specific risk pricing information and its actual availability. For example, the limits of book value accounting requirements contributed to the build up of the systemic risk impact of the savings and loan crisis since it did not report on interest rate risk between the assets and liabilities. Companies could report profits which had not been “charged” for the future risk that had been assumed by the company. At some point the general market knew there were asset/liability mismatches and wanted the 1
P. 206 The Georgetown Law Journal Vol 97:193 or Duke Law School Legal Studies , Research Paper Series, Research Paper No. 163 March 2008 Systemic Risk Steven L. Schwarcz Stanley A. Star Professor of Law and Business Dune University School of Law Founding Co 2 Leverage can also be described as the opposite of stop loss reinsurance. With stop loss, a firm gives away the risk and keeps the certain cashflows for a small price. With leveraging, A promises B the certain cashflows and keeps just the uncertain parts. If there is too much leverage A can end up giving away more than 100% of the certain cashflows.
information, but it could not be quantified in the specific situations.3 Once the lack of pricing information was realized, a move to more market focused reporting requirements occurred, but those reporting requirements did not capture credit risk, the cost of not being able to raise capital when it was needed (liquidity risk), nor the risk of mortgages whose underwriting risk characteristics had been lost in the derivative building process. Once again, reported profits were not charged for the future risk assumed by the entity. If leveraged, these disappearing risks can become magnified to system threatening proportions. (b) The accounting may give credit for the value of the diversification gains to the two parties involved in the risk transactions, and not capture the cost of the risk transfer to others. But, the risk to the total system is unchanged and may, in fact, be increased if the risk transactions create moral hazards or the illusion of a free lunch (as is typical when the accounting information lacks the information needed to appropriately price the risk). (c) There is a disconnect between the underlying cash flows of the risk and the value quoted in the market (arbitrage spread). This is especially troublesome if the risk characteristics that drive the cash flows are lost for later valuation or the pricing ignores relevant risk measures.4 Because of these issues the going concern accounting objectives are often not the same as those needed for successful, prudent oversight of risk exposures. 4) Perceived arbitrage spreads that can be leveraged. While many believe that there is alpha that can be earned in a marginal manner in the market place, most research shows that by the time the supposed alpha or arbitrage spreads get packaged into mass marketed products, the alpha disappears (or is seen to have been relied on due to an incomplete risk model). This issue is a concern systemically only when money can be borrowed or leveraged to bet on the supposed sure outcome and many participants start to do so. 5) Incentive compensation schemes based, for example, on sales or short term profits (compensation is misaligned with risk) 6) Lack of required risk measurement reporting which leads to system crashing concentrations in unregulated sectors C) Can Risk Disappear (or is it just transferred)? Traditionally, risk has been described as a "standard deviation" around an event. Events could be the annual 3
There is an interesting side issue in the S&L crisis for some commentators have pointed out that the role of government changes in financial regulation were an additional introduction of systemic risk here due to the combination of creating the mortgage agencies and money markets while maintaining prescribed limits on the amount of interest the S&L’s could credit to their policyholders. The fact that the accounting method could not report the changed risk characteristics of the S&L assets and liabilities exacerbated the systemic impact. 4 While not the focus of this note for now, this also is seen in the debate over global warming and pollution. While in general, all agree there are future costs to current actions that could impact the planetary system, there is no way to capture the future impact of these costs in today’s pricing information process. An educated guess, and market, can be created through the use of carbon taxes, for example, but it will still be a mandated estimate of the future costs, in an attempt to induce investment in alternative energy sources. Interestingly enough, the important strategy here is to align the market’s ability to innovate and add value with some minimal structure that does not mandate solutions, but encourages innovation.
aggregate benefits under a portfolio of insured lives, cash flows from a mortgage backed security, or the profits from a portfolio of financial institutions. The definition of risk as standard deviations has been implemented in a wide variety of applications (though at the danger of misusing information by assuming Normal distributions as has occurred with the VaR measures). In insurance and reinsurance, part of the business strategy centers around the fact that risk (in terms of standard deviation of claims compared to premiums collected) to the insurer and policyholder is reduced through aggregation of independent individual risks into insurance portfolios. This is often cited as the "law of large numbers" or as Hans Buhlmann's outlined, the "Stability Theorem for Risks" (P&C business - See "Mathematical Methods in Risk Theory"). Insurance risk reduction is maximized by building larger and larger insurance portfolios to reduce the average difference between the experienced claims and the expected claims from the portfolio. When insurers accomplish this task, they reduce the risk to themselves and to policyholders within the insurance portfolio. If they can combine insurance portfolios, which separately may even be riskier, they can still reduce risk to the combined portfolios, as long the insured events in the portfolios are not fully dependent. This risk reduction concept works regardless of whether the risk aggregator is a life, health, P&C carrier, reinsurer, pension fund, hedge fund, stock portfolio manager, ETF, MBS tranche, etc. Once the programs become large enough, the idiosyncratic risk is minimized and we are left with what is commonly referred to as the non-diversifiable systematic risk. Some systematic risks can be born totally within the system, but there is a limit to the risk taking capacity of the system. For example, at the limit the life insurance portfolio for example, with the lowest risk would include all lives in the world. But if a cataclysmic event occurs which takes 10% of all the life on the earth, we have certainly impacted all the survivors in the system as there is not enough funds to pay them. Without going to that far of an extreme, we should realize that the traditional analysis often ignores the far reaches of the tail. Promising a future value becomes exponentially more expensive, the more iron clad the guarantee. Yet in the real world participants habitually "drop off" the highly unlikely extreme events because they are mistakenly thought to be impossible to occur (like 10% of the world dying) and so they end up by default transferring the systemic risk into “the system”. A current example of this sort of thinking is the Florida Catastrophe pool. The market cost of providing insurance coverage privately was thought to be too high by the Florida legislature. They substituted a government pool that priced coverage at a level that supported premiums to homeowners at a level that they found to be acceptable. This leaves the pool in a situation where following a bad storm season in 2008, the Florida pool will need to be rescued by the federal government in 2009 or 2010 if there is another bad storm year. They did not account for the “unlikely” severe storms and therefore shifted those risks onto a larger system, the Federal government. -Moral Hazard here!-
In conclusion, the ability to rearrange portfolio risk is essential to insurance and finance, but it can not be made to disappear; only transferred back and forth between the corporate/policyholder interaction and the larger society (which now includes not just the US, but the whole world, due to the slick way participants bet on the tail never happening.) D) Types of Risk Exchanges and Tools to Manage the Risks in Those Exchanges Different risk exchanges work in very different manners, have different exposures to systemic risks and have varying existing mechanisms to protect against systemic risks. While the Systemic Risk Regulator (SRR) should have responsibility for risk in all exchanges, the approach needs to be adjusted to the situation and needs of each exchange. Between and within each exchange, there are a range of offerings providing trade-offs between returns, liquidity and guarantees. Obtaining more of one characteristic will come at the expense of the others. Thus, when an offering in one of these exchanges provides value above a risk free rate, either the risk and uncertainty of the level of return is also present, or the ability to access the funds for a period of time (liquidity) is more limited. We list below five major types of risk exchange mechanisms: 1) Insurance – Money is paid to protect something of value to the policyholder whether life, property or a lifetime income. The value of insurance to the individual is as a reliable guaranteed payment in the case of a loss. Individual insurance firm soundness is assured prospectively by reserve and capital requirements. In cases where those mechanisms fail, soundness can also be assured retrospectively through guarantee funds which assess remaining market participants (to meet failed promises in the case of a specific company) in proportion to their size in the market5. An additional mechanism, which has a countercyclical effect, is the Asset Valuation Reserve (AVR). The concept of the AVR is that of a fund internal to each company that accumulates capital gains in good years and offsets capital losses in poor years. 2) Investments – Money is given to a corporation in exchange for either debt or equity participation in that firm. Its “value” is the hope of future earnings, but it does include the possibility of loss of some or all of the principal invested. There are no guarantees made or expected. Transparency of the firm to the shareholder will increase confidence in the realization of expected benefits. Risk of individual firms failing to meet expectations (specific risk) can be managed by diversifying investments in the market. 3) Exchanges – An intermediary lines up participants on opposite sides of the outcome. The soundness of this risk exchange is managed through lower or higher margins or levels of collateral from participants. Margin requirements are an extremely narrow limit to leverage of exchange participants because they only apply to margin within the exchange. Collateral assures that participants have the ability to settle transactions. However, collateral requirements are retrospective. They provide only limited protection against future market moves and are less effective when the market experiences large swings. Some instruments, such as CDS are subject to very large swings in value because the amount of potential payment in the event of a surprise 5
This protection, in extreme cases, may not have sufficient volume to provide this backing.
default can be much higher than the prior day’s collateral. - I don't think that mentioning CDS as an example is an appropriate example as CDS are not transacted on exchanges right now although discussions are underway to create such exchanges! 4) 5) Private Transactions – When a risk is transferred outside of an exchange. These transactions provide whatever security is negotiated. There are no limits on leverage and collateral is negotiated as well. The security of these contracts is totally at the discretion of the parties to the transaction. - Not really, if you think of ISDA contracts in credit risk tranactions, this is pretty well defined ! - Particularly troublesome have been the common features of private transactions whereby collateral is not required unless there is some trigger event. The trouble with these agreements comes when the party who might be required to put up collateral makes no preparation for that possibility, and holds no internal reserves in cash for that possible need. 6) Banking – Use of savings accounts as a basis for loans used to drive growth and opportunity in the economy. The key risk management issue is balancing the level of leverage allowed to banks for loans while ensuring there are sufficient guarantees to depositors in the event of a bust in the economic cycle. This is a more complex “exchange/gambling” type arrangement where the countercyclical desire is to encourage savers to trust their funds with a bank in a time of panic instead of taking their funds out which would worsen the panic as occurred in the Great Depression with thousands of banks failing each year for a period of several years. The Central Bank has historically provided counter cyclical monetary actions that are intended to head off systemic problems, but it has not been a particularly risk based approach. Important implications of these five types of risk “buckets”6. (a) While there is a critical need for an overall systemic risk regulator, there are unique aspects of systemic risk causes and its management that are driven by which “bucket” you are in. While the same broad process of risk management is used in all cases it is critical that the actual measurement and management levers or actions are tailored to the specific, applicable risk bucket and the risk control mechanisms used in that bucket. The systemic risk regulator function will need access to the various types of expertise needed for the different risk exchange methods. There needs to be a risk based focus in all cases that goes across buckets. Most recently the breakdown in the bond insurance silo has crossed over and impacted the banks. (b) Historically, risk oversight has focused on an entity as opposed to the actual functions or risk exchange methods that are involved. The historical 6
As a side note, compare the risk structure of the banking mode of operation--money borrowed short and lent long (leverage controlled by capital level) with the insurance mode of operation--assets held that have cash flows that match the expected outflows for obligations (capital used to handle fluctuations at a level that gives adequate coverage of the tail of the distribution). If banks operated like insurers, the present value of demands of depositors would be assessed over a wide range of scenarios and sufficient reserves plus capital held to cover the tail risk.
decisions to separate the institutions of banking, investments and insurance recognized this, but the last 20 years of financial reform and innovation show the importance of clarifying that institutions may lack the risk oversight tools needed for innovative products. In addition, there has been a steady movement of firms to participate in several of these exchanges and particularly a movement towards more and more transactions in the unregulated “over the counter” private market. Probably encouraged by the repeal of Glass act of the 1930s although there are discussions to rethink this aspect II) Measurement and reporting needed for managing Systemic Risk in a stable fashion A) Keeping track of leverage is at the heart of the systematic risk regulator job. When risk is believed to have disappeared through diversification or offsetting transactions, leveraged away cashflows will eventually become much more risky than was thought, especially in the event that the belief that the risk disappeared proves to be inaccurate. This leverage can show up in many forms. A Credit Default Swap (CDS) has a high leverage component. A long position in a CDS is equivalent to a long position in a bond and borrowing the same amount at a risk free rate. So a CDS position should count as leverage to the tune of the notional amount. The systemic risk regulator will need to keep track of leverage in whatever form the banks (or other firms) invent to take on leverage. - or declare CDS, for example, insurance as NYState did, so that their exposures have to be reserved in advance, thus providing capital and reducing leverage B) C) A corporate risk management function does not typically manage the actual risks of the organization; the operating units in the organization do that. - It provides an oversight D) The risk role is to ensure a common language of risk, transparent accountability for who owns the risk, and ensure individual business units cannot bring down the organization. It defines the kinds of questions that need to be answered. This implies the Systemic Risk Regulator is not an Uber Regulator, but identifies for what ever regulatory oversight structure is identified the kinds of questions that should be asked through the use of scenario testing to probe impact of various unlikely, but possible stressors. An example from the Australian Prudential Regulatory Authority (APRA) is a useful examples of how scenario testing can work to prevent future problems. In 2003 they realized: “Looking ahead, the main potential source of risk to financial stability would be a substantial correction in the housing market, impacting on the balance sheets of authorized deposit-taking institutions through mortgage defaults. The concern would be a sharp jump in mortgage defaults …”7 Therefore, APRA requested that its banks and mortgage insurance companies execute a series of stress tests, which included a 30 percent one-year reduction in housing prices plus an increase in defaults. This stress test identified several weaknesses within the system, which resulted in changes being made to capital requirements and reductions to acceptable concentration risks. As a result, today, 7
http://www.apra.gov.au/Speeches/03_20.cfm.
PMI Australia has a rating higher than that of its parent and Australia has obtained international recognition as a strong and robust bank and mortgage insurer market. 8 E) Risk can and should be recognized in advance of potential losses. This means that steps to reduce the impact and/or severity of future losses will have a cost now. In simpler terms, this accepts that “There is No Free Lunch”. If there is “No Free Lunch” and risk does not “disappear”, then this requires the discipline of a double entry kind of Risk Balance sheet. The risk balance sheet would, among other things keep record of the risks that firms believe have “disappeared” due to diversification and offsetting transactions. The key feature is that it serve the purpose that double entry accounting does for documenting what happens to risks that are taken by the organization. Double entry accounting paved the way for the trade and growth of the Renaissance by strengthening trust between participants in the market. This same discipline needs to be focused on the creation and transference of risk throughout the system. Anytime insurance protection or a yield is offered, the double entry process could identify what risk is being taken on for the potential of additional yield. In the case of insurance, in addition to the exchange of dollars for protection, are there limits or caps on the protection or risk sharing mechanisms involved between the two parties that will also impact the future returns and what risks will impact the possible range of returns?9 It would also be desirable that the risk balance sheet provide a record of the volume of transactions that are thought to provide “alpha” or returns with no risk.10 To summarize with an example, a recent Business Week discussion thread of March 12 (posted by Michael Mandel) suggested that Wall Street was out bargained by the European banks who provided the leverage that fueled the boom via investment in US securities, but then left Wall Street (including AIG and the bond insurers) with all of the risk. If this is indeed the case, a properly prepared risk balance sheet would have revealed these exposures and the susceptibility of the firms involved. F) Identification (and authorization), in advance of potential actions that can be taken by the firm, national (and international) regulators when risk indicators fall 8
It is true that the Australian financial system is increasingly impacted by the disruption in international financial markets, including the slowdown in funding flows in the banking system and declines in the equity markets as well as the broader economic impacts from a global recession. However, economic commentators are suggesting that Australia is better placed than elsewhere as they have more room to use monetary and fiscal policy to address any slowdown in growth as their interest rates are higher and their budget is in surplus. 9 For example, additional yield can be offered in exchange for taking on: 1) Financial Risk such as interest rate, equity or credit Risk 2) Liquidity Risk 3) Exposure to activities of other agents 4) Longevity Risk 5) Operational Risk (Fraud, Political, Poor Management etc) 10
“For example, whether you owned $5bn or $50bn of (supposedly) low-risk super senior debt in a CDO, the likelihood of losses was, proportionally, the same. But the consequences of a miscalculation were obviously much bigger if you had a $50bn exposure.” Lloyd Blankfein, CEO of Goldman Sachs, appeared in The Financial Times on February 11, 2009. The fact that Blankfein needed to say this suggests that he feels that banks may have needed a reminder of this point.
outside of acceptable ranges. For example in insurance, many companies set risk limit triggers based on amount of premium. Once that level is reached, no more coverage is provided. (May want to include more examples of automatic stabilizers). From a regulator perspective it may include increased audits or changes in required reserves and/or capital. - How would you coordinate that in an international context, through college of supervisors as is proposed elsewhere? III) Summary of Tools (and questions) that can be used by a systemic risk regulator A) Organized way of thinking about unknown risks 1) Beyond financial risk there will be Operational Risk issues and Moral Hazard issues. Simply reviewing the impact to a business strategy to possible operational breakdowns. For example: (a) what if the markets (or a segment) can’t trade for a day, week or month, for whatever reason: Liquidity risk (b) What if an IT issue disrupts major servers worldwide or impacts a major operating framework/software such as Windows or Oracle IT vulnerability (c) What if phone or satellite systems can’t operate for a day, week, or month B) Monitor indicators that indicate a perceived free lunch is combined with leveraging opportunities to double up on the free lunch. I think that this is probably of the best and actionable proposals, to make risk management forward looking 1) Leverage in the economy – household debt/GDP 2) Leverage in institutions – total assets/capital 3) Money supply measures (especially growth of these) 4) Volatility, turnover & bid spreads in major financial markets 5) Credit spreads 6) Growth in derivatives markets – particularly options 7) Major changes (especially concentrations) in market sectors 8) Real interest rates – actual or implied 9) Equity dividend yields 10) Commercial real estate yields or IRRs 11) Residential property affordability – median price/AWE 12) Commodity prices 13) Corporate profit margins 14) Criteria used to set bonus levels paid by financial firms C) Require summary of key risk exposures of firm be provided to regulator. This would function like the dashboard on a car that monitors the functionality of all critical elements. D) Double entry risk tracking process 1) Can it show gross and net risks of all organizations? Rolled up to get aggregate risk balance sheet for the entire economy. Tells when risk aggregations grow faster than the economy. Tells where the risks are aggregating. (a) Will this be limited to the extent the risks are captured in the accounting requirements? E) Internal model requirements and expectations
1) Models can often be used to reveal what may be missing from public considerations through (a) Scenario Testing (b) Tracking and Reporting on the analysis of Actual to Expected results 2) Use of independent processes or measures to validate internal model results F) Countercyclical Options This is a good one, in line with the countercyclical desires of a regulatory systemic system. 1) Oversee and review use of structural design requirements that impact systemic risk 2) Limits on leverage 3) Guarantee funds 4) Catastrophe Pools 5) Minimum capital / reserve requirements 6) Margin/collateral requirements Already in place in some markets.