Remarks by OFR Director Richard Berner at the 14th Annual Risk Management Convention of the Global Association of Risk Professionals

Thank you for inviting me to join you; it’s a pleasure to be here. This morning I want to discuss the outlook for financial risk from our perspective at the Office of Financial Research.

First, I want to thank Rich Apostolik, the GARP Board of Trustees, and many of the chief risk officers in the audience for engaging with us on our mutual interests, such as helping to create a culture of risk awareness within organizations—from entry level to board level—and promoting best practices for financial risk management.

The financial crisis highlighted deficiencies in the understanding of the risks in the financial system and limitations in financial data. Market participants and regulators broadly misperceived the extent of leverage and maturity transformation. They did not see the migration of such activities to the so-called shadow banking system, or the economic exposures of supervised firms to these activities. And they collectively underestimated how disruptions could spread across interconnected companies and markets, and impair the functioning of the financial system, with severe consequences for the economy.

The crisis spurred financial reform, including the creation of the Financial Stability Oversight Council and the Office of Financial Research. Our work at the OFR is aimed at collecting and improving the quality of financial data and developing tools to evaluate risks to the financial system.

Out of the crisis has come a widespread appreciation for a different approach to policymaking. Financial stability is now a statutory policy objective for every federal financial regulator, policy analysis is focused on assessing threats to financial stability, and policymakers are creating more tools to combat those threats—developing what we call the macroprudential toolkit.

A different perspective is essential because, as we saw in the years preceding 2008, the standard data and tools used to measure risks provided little indication of the vulnerabilities that were growing in the financial system.

There is thus a need to improve the quality and scope of financial data to monitor activity across the financial system. The analytical toolkit needs improvement to assess these fundamental sources of vulnerability and instability in the financial system. It needs to be more forward-looking, and to test the resilience of the financial system to a wide range of events and incentives.

Likewise, parallel improvements in financial risk management are also needed to expand the range of data and the tools used to uncover risks and vulnerabilities in institutions, individually and collectively, across the financial system.

Our work on assessing risks and promoting best practices for financial risk management dovetails with yours. We can help weave macro considerations, namely, risks that spread across the financial system, into your work. We can also weave micro factors that focus on individual firms into our work. Such joint efforts promise to pay dividends for financial stability and risk managers around the globe.

Against that backdrop, I want to assess the outlook for financial risk by outlining risks and vulnerabilities in the financial system, to offer suggestions for best practices in risk management, and to propose some opportunities for collaboration between the OFR and you in the risk management community.

The Outlook for Financial Risk

Policymakers took aggressive steps during the recent crisis to repair financial markets and institutions, and both have recovered significantly. Stock prices have reached new highs, implied volatility has declined to pre-crisis lows, and risk appetite has clearly returned. But that recovery does not inevitably imply a new and destructive cycle of risk-taking. In fact, the adoption of financial reforms here and abroad has, in my view, brightened the financial risk outlook, and I am more optimistic as a result.

Among the reforms:

• Financial markets and companies are more transparent.
• Our financial system is significantly less leveraged, reducing our vulnerability to a future crisis. U.S. banks have raised their capital levels to approximately $1 trillion, up 75percent from three years ago.
• Liquidity requirements will also increase, to enable companies to fund themselves from cash reserves for at least a month.
• A new framework is in place to protect the financial system, the economy, and taxpayers from the consequences of the failure of a large, complex financial company.
• And finally, important market reforms—especially in the market for OTC derivatives—have helped to improve the outlook for financial stability.

The Financial Stability Oversight Council and the OFR

Beyond these improvements, regulators are also better equipped to monitor and respond to threats to the financial system. The work of the Financial Stability Oversight Council, its member agencies and organizations, and the OFR has been instrumental to that end.

Let me explain two ways that our work on data and analysis informs the Council’s deliberations and can be helpful to you as risk managers to limit the buildup of risk.

First, we are working to expand the scope and quality of data.

A key part of the OFR mission is to fill the gaps in existing data, by prioritizing key analytical questions about threats to financial stability and assessing data needs to answer them.

Accurate assessment of data gaps and sharing data appropriately should enable us as policymakers to get more bang for our data collection buck, reduce the industry’s reporting burden, and provide more and better information for you as risk managers. To pinpoint gaps, the OFR has completed an initial inventory of purchased and collected data among Council member agencies and an inventory of internally developed data is under way. To improve the scope of data available to policymakers and to help us minimize duplication, the OFR has established data-sharing agreements with a number of Council member agencies and continues to work on new ones as needed.

To improve data quality, the OFR is working to establish standards for data collection and usage. Standards enable us to aggregate and compare data on an apples-to-apples basis. They enable firms to report the same data to us as they use to manage risks and run their management information systems, thereby reducing reporting burdens. Standards also reduce industry costs for collecting, cleaning, and aggregating data.

Accordingly, the OFR is playing a leadership role in the initiative to establish a global Legal Entity Identifier (LEI). The LEI is a code that uniquely identifies parties to financial transactions. These identifier codes are like the barcodes that uniquely identify products. The OFR’s Chief Counsel was recently named Chair of the LEI Regulatory Oversight Committee. With the planned launch of the global system this month, the goal of standardizing the identification of these entities will move closer to reality. As a result, financial company CROs and financial regulators worldwide will gain a better view of true exposures and counterparty risks across the global financial system.

We plan to follow up on our work on the global LEI system by developing best practices for other data standards, such as in the hierarchies that illustrate relationships among entities.

To fulfill our mission, we must manage, analyze, and safeguard large volumes of data. The OFR is required by statute to protect the integrity of these financial data with a robust security framework and we take that requirement very seriously. No goal is more important than collecting data in a secure manner and safeguarding the data held.

The second way our work informs the Council’s deliberations and can be helpful to you as risk managers is by improving our analytical toolkit.

As with our data initiatives, we are complementing, not duplicating the work of others, be they regulators, academics, or practitioners.

• We are leveraging our expertise through partnerships and collaboration in what we call a virtual research community. The OFR has launched an array of initiatives to meet its mandate to foster a network of outside researchers, academics, industry groups, and risk managers.
• We have issued six papers in the OFR’s Working Paper Series to foster debate on key issues, including risk management.
• We convened seminars and workshops to evaluate tools like stress tests; we have also held annual conferences to evaluate the macroprudential toolkit and to assess the evolving nature of financial intermediation.
• We formed a Financial Research Advisory Committee of 30 distinguished professionals in economics, finance, financial services, data management, information technology, and—of particular interest today—risk management to advise us. In fact, five members of the Committee are, or have served as, chief risk officers.
• We are supporting the Financial Stability Oversight Council by monitoring and conducting research on key risks, including those in money market funds and credit default swaps. We are also providing data and analysis to inform the Council’s work on the designation of nonbanks for enhanced prudential standards and supervision by the Federal Reserve.

To sum up, the regulators’ work to strengthen the financial system, and our work to help the Council assess and monitor threats to financial stability, are starting to pay off.

Remaining Risks and Vulnerabilities

However, other developments make me less sanguine, partly because they embody risks and vulnerabilities that are neither immediately evident nor easily monitored in markets. Today, the signals from financial markets are relatively benign; and it’s of course legitimate to think that periods of low market volatility and rising risk appetite like this one may simply reflect recovery.

More broadly, low volatility, interest rate spreads, CDS spreads, and repo haircuts are all traditionally viewed as signs of low financial market risks. However, it is more likely that eventually just the opposite is true. These developments often signal rising market risks, because they give investors and risk managers incentives and wherewithal to take on leverage.

Traditionally analysts view such indicators as exogenous barometers of risk. However, just the opposite is likely to be true. They are endogenous indicators of risk appetite and investor sentiment.

You might say that anyone who has spent a week on a trading desk could have told you that. But recognition of that dynamic in either academic or policy analysis is only starting to appear. A recent paper by Danielson, Shin, and Zygrand argues that leverage and volatility are endogenously co-determined, and that low volatility promotes increased leverage and risk.¹Similarly, Fed Governor Jeremy Stein recently observed that low volatility gives market participants incentives to write deep, out-of-the-money puts to enhance returns, and in ways that hide risk.² That’s because one can, and I quote, “beat the benchmark simply by holding [it] and stealthily writing puts against it, since this put-writing both raises the mean and lowers the measured variance of the portfolio.” By stealthily, Governor Stein means that generally our measurement systems don’t adequately capture the low-probability future risks that such strategies introduce. Those gaps in our measurement system at the firm level are multiplied many times across the financial system.

This reality should change our thinking about early warning indicators, asset allocation, and our macroprudential toolkit. It should also change our thinking about risk management. As my colleague Rick Bookstaber puts it, “[Treating such indicators as exogenous means that] higher leverage and risk taking in general will be apparently justified by the lower volatility of the market and by the greater ability to diversify as indicated by the lower correlations.”³

Promoting Best Practices in Risk Management

I would like to turn to a discussion of best practices in risk management, which will highlight some of the remaining risks and vulnerabilities in our financial system.

I think we agree that effective risk management relies on a combination of quantitative tools, data management, and governance procedures that enable us to recognize and address risks and vulnerabilities. Our second OFR Working Paper covers this subject in more detail. In case you haven’t seen this paper, it is entitled, “Forging Best Practices in Risk Management” and it is posted on our website. I think we would all agree with the conclusions expressed there—that gaps in risk management remain, that they represent potential threats to your firms, and I would add, that they represent vulnerabilities and threats to financial stability.

Risk Governance and Incentives

Key elements of a strong risk culture include adequate resources and independence for the risk function, a board of directors with the proper information and expertise to understand the firm’s risk-taking, and compensation schemes that align the risks taken by individual units with the long-term objectives of the firm. Despite some progress, vulnerabilities clearly remain.

Liquidity Risk Management

Excessive reliance on short-term funding amplifies shocks to firms and to the financial system. Repo markets, money market funds, asset-backed commercial paper, securities lending, and rehypothecation—the reuse of collateral by a broker to borrow for its own use—all came under stress during the financial crisis, and firms with the greatest reliance on these funding sources were among those at greatest risk. We still see structural vulnerabilities in money-market funds and in repo markets, and future cyclical risks that today’s low-volatility, low-interest-rate environment may hide.

Data and Information Technology

The financial crisis has highlighted the varied level of integration that firms have achieved in their risk management infrastructures. Some of the firms that fared best had developed a firm-wide view of their risks, aggregated across diverse lines of business. Most large complex financial institutions have not yet fully developed this capability.

Market Risk and Credit Risk

These are the traditional focal areas of risk management and, in many respects, they are the best developed aspects of the field. Yet, in periods of stress, it is virtually impossible to distinguish between market risk and credit risk. Portfolios typically involve normal correlations based on short-term risk horizons, but under stress, correlations with equities and among the other asset classes rise, increasing the volatility of the portfolio and its beta-sensitivity. This “dediversification” usually occurs when investors have taken on more risk and leverage.

Using value-at-risk analysis beats no analysis for sure. But aside from the well-known shortcomings of VAR analysis—that it depends on contemporaneous volatility, underestimates worst-case loss, and may not capture correlations across a portfolio or firm—low VAR creates incentives for more leverage. Likewise, in such an environment, even rigorous stress tests may look deceptively good. Thus, an important lesson of the financial crisis is the need to build longer horizons into the measurement of market risk and credit risk to capture the behavior of financial markets under a range of business conditions.

Operational Risk

As highlighted in the Council’s 2012 Annual Report, strong cyber security and mitigants to a broad range of operational risks are key elements of protecting financial stability and an ongoing challenge for financial institutions. The Flash Crash on May 6, 2010—when the Dow Jones Industrial Average plunged nine percent and then recovered within minutes—pointed to the new types of operational risk that emerge from high-speed trading and highlighted the importance of a sound infrastructure. Ensuring the prevention of unauthorized trading and fraud also should remain a priority for operational risk management.

The Micro-Macro Interface

Firm-level risk management focuses on risks to a single institution. But actions that a single institution may take to mitigate its risks—withdrawing funding, selling impaired assets, or exiting a market—can amplify risks in the system as a whole when undertaken simultaneously by many firms, as in the case of a classic bank run. Indeed, risk management practices that may seem sound in isolation can have destabilizing, procyclical effects when widely adopted.

My colleague Jonathan Sokobin yesterday offered a detailed analysis of how the OFR’s broader mandate can help you as risk managers understand the macroprudential implications of firm-level practices. He discussed the issues of aggregation and feedback in risk management, and of new tools such as agent-based modeling, to assess emerging risks. I commend his remarks to your attention.

Stress Testing

The discipline of stress testing has undergone a renaissance since the crisis. But many questions remain about its further evolution. We have devoted some effort to come up with answers. Two of our published working papers, a third paper that will be released shortly, and our 2012 Annual Report discuss stress test methodologies. As I noted, we also held a workshop on stress testing; participants included a mix of practitioners, academics, and supervisors.

From that workshop, we framed a three-part research agenda:

1. What should be the conceptual foundations of regulatory stress testing, that is, what are the objectives of stress tests and where do they fit with broader supervisory objectives?
2. What are the modeling needs, with respect to defining scenarios, for example? And,
3. How can stress tests be made more useful for macroprudential supervision?

Opportunities for Collaboration

Let me conclude by discussing collaboration. I see three areas for fruitful collaboration between us that will help the OFR to achieve its mission and help you better to manage risks.

First, we welcome collaboration and suggestions to help us assess gaps in data that we both need to monitor and manage risks. And we welcome your support for the adoption of data standards that will enable all of us to have confidence that the data we employ in our analysis and monitoring have integrity and can be relied on to provide accurate signals and comparisons.

Second, we welcome dialogue about improving the risk management toolkit. For example, consider the use of a standard or benchmark portfolios that your organization is supporting. Having the banks run their risk systems against pre-defined sets of underlying financial instruments might provide a transparent basis for comparing bank approaches to risk measurement. It might give us a way to view the banks’ risk approaches on an “apples-to-apples” basis.

In addition, as indicated in our mandate, our working papers, and our sponsorship of workshops, we welcome work on improving stress tests at the micro and macro levels. Enhancing stress tests by accounting for the interactions across firms and markets will represent a major advance in these tools.

Finally, we can collaborate on promoting best practices in risk management. That brings me full circle back to where I started today: Working together to help create a culture of risk awareness within organizations, from entry level to board level, with a marriage of the micro risks and macro risks, will help us forge those best practices and reduce risks to financial stability.

These are daunting challenges. To help meet them, I look forward to continued engagement in the months and years ahead.

---