. 1
( 16)


Asset and Risk Management

Risk Oriented Finance

Louis Esch, Robert Kieffer and Thierry Lopez

C. Berb´ , P. Damel, M. Debay, J.-F. Hannosset
Asset and Risk Management
For other titles in the Wiley Finance Series
please see www.wiley.com/¬nance
Asset and Risk Management

Risk Oriented Finance

Louis Esch, Robert Kieffer and Thierry Lopez

C. Berb´ , P. Damel, M. Debay, J.-F. Hannosset
Published by John Wiley & Sons Ltd, The Atrium, Southern Gate, Chichester,
West Sussex PO19 8SQ, England
Telephone (+44) 1243 779777
Copyright ™ 2005 De Boeck & Larcier s.a.
Editions De Boeck Universit´
Rue des Minimes 39, B-1000 Brussels
First printed in French by De Boeck & Larcier s.a. “ ISBN: 2-8041-3309-5
Email (for orders and customer service enquiries): cs-books@wiley.co.uk
Visit our Home Page on www.wileyeurope.com or www.wiley.com
All Rights Reserved. No part of this publication may be reproduced, stored in a retrieval system or transmitted in
any form or by any means, electronic, mechanical, photocopying, recording, scanning or otherwise, except under the
terms of the Copyright, Designs and Patents Act 1988 or under the terms of a licence issued by the Copyright
Licensing Agency Ltd, 90 Tottenham Court Road, London W1T 4LP, UK, without the permission in writing of the
Publisher. Requests to the Publisher should be addressed to the Permissions Department, John Wiley & Sons Ltd,
The Atrium, Southern Gate, Chichester, West Sussex PO19 8SQ, England, or emailed to permreq@wiley.co.uk, or
faxed to (+44) 1243 770620.
Designations used by companies to distinguish their products are often claimed as trademarks. All brand names and
product names used in this book are trade names, service marks, trademarks or registered trademarks of their
respective owners. The Publisher is not associated with any product or vendor mentioned in this book.
This publication is designed to provide accurate and authoritative information in regard to the subject matter
covered. It is sold on the understanding that the Publisher is not engaged in rendering professional services. If
professional advice or other expert assistance is required, the services of a competent professional should be sought.

Other Wiley Editorial Of¬ces
John Wiley & Sons Inc., 111 River Street, Hoboken, NJ 07030, USA
Jossey-Bass, 989 Market Street, San Francisco, CA 94103-1741, USA
Wiley-VCH Verlag GmbH, Boschstr. 12, D-69469 Weinheim, Germany
John Wiley & Sons Australia Ltd, 33 Park Road, Milton, Queensland 4064, Australia
John Wiley & Sons (Asia) Pte Ltd, 2 Clementi Loop #02-01, Jin Xing Distripark, Singapore 129809
John Wiley & Sons Canada Ltd, 22 Worcester Road, Etobicoke, Ontario, Canada M9W 1L1
Wiley also publishes its books in a variety of electronic formats. Some content that appears
in print may not be available in electronic books.

Library of Congress Cataloging-in-Publication Data
Esch, Louis.
Asset and risk management : risk oriented ¬nance / Louis Esch, Robert Kieffer, and Thierry
p. cm.
Includes bibliographical references and index.
ISBN 0-471-49144-6 (cloth : alk. paper)
1. Investment analysis. 2. Asset-liability management. 3. Risk management. I. Kieffer,
Robert. II. Lopez, Thierry. III. Title.
HG4529.E83 2005
332.63 2042”dc22

British Library Cataloguing in Publication Data
A catalogue record for this book is available from the British Library
ISBN 0-471-49144-6
Typeset in 10/12pt Times by Laserwords Private Limited, Chennai, India
Printed and bound in Great Britain by Antony Rowe Ltd, Chippenham, Wiltshire
This book is printed on acid-free paper responsibly manufactured from sustainable forestry
in which at least two trees are planted for each one used for paper production.
Contents ix

11.4.1 Independent allocation 288
11.4.2 Joint allocation: ˜value™ and ˜growth™ example 289
11.5 Allocation of performance level 289
11.6 Gross performance level and risk withdrawal 290
11.7 Analysis of style 291

Introduction 294

12 Techniques for Measuring Structural Risks in Balance Sheets 295
12.1 Tools for structural risk analysis in asset and liability management 295
12.1.1 Gap or liquidity risk 296
12.1.2 Rate mismatches 297
12.1.3 Net present value (NPV) of equity funds and sensitivity 298
12.1.4 Duration of equity funds 299
12.2 Simulations 300
12.3 Using VaR in ALM 301
12.4 Repricing schedules (modelling of contracts with ¬‚oating rates) 301
12.4.1 The conventions method 301
12.4.2 The theoretical approach to the interest rate risk on ¬‚oating
rate products, through the net current value 302
12.4.3 The behavioural study of rate revisions 303
12.5 Replicating portfolios 311
12.5.1 Presentation of replicating portfolios 312
12.5.2 Replicating portfolios constructed according to convention 313
12.5.3 The contract-by-contract replicating portfolio 314
12.5.4 Replicating portfolios with the optimal value method 316


Appendix 1 Mathematical Concepts 325
1.1 Functions of one variable 325
1.1.1 Derivatives 325
1.1.2 Taylor™s formula 327
1.1.3 Geometric series 328
1.2 Functions of several variables 329
1.2.1 Partial derivatives 329
1.2.2 Taylor™s formula 331
1.3 Matrix calculus 332
1.3.1 De¬nitions 332
1.3.2 Quadratic forms 334

Appendix 2 Probabilistic Concepts 339
2.1 Random variables 339
2.1.1 Random variables and probability law 339
2.1.2 Typical values of random variables 343

Collaborators xiii

Foreword by Philippe Jorion xv

Acknowledgements xvii

Introduction xix
Areas covered xix
Who is this book for? xxi

Introduction 2

1 The Regulatory Context 3
1.1 Precautionary surveillance 3
1.2 The Basle Committee 3
1.2.1 General information 3
1.2.2 Basle II and the philosophy of operational risk 5
1.3 Accounting standards 9
1.3.1 Standard-setting organisations 9
1.3.2 The IASB 9

2 Changes in Financial Risk Management 11
2.1 De¬nitions 11
2.1.1 Typology of risks 11
2.1.2 Risk management methodology 19
2.2 Changes in ¬nancial risk management 21
2.2.1 Towards an integrated risk management 21
2.2.2 The ˜cost™ of risk management 25
2.3 A new risk-return world 26
2.3.1 Towards a minimisation of risk for an anticipated return 26
2.3.2 Theoretical formalisation 26
vi Contents

Introduction 30

3 Equities 35
3.1 The basics 35
3.1.1 Return and risk 35
3.1.2 Market ef¬ciency 44
3.1.3 Equity valuation models 48
3.2 Portfolio diversi¬cation and management 51
3.2.1 Principles of diversi¬cation 51
3.2.2 Diversi¬cation and portfolio size 55
3.2.3 Markowitz model and critical line algorithm 56
3.2.4 Sharpe™s simple index model 69
3.2.5 Model with risk-free security 75
3.2.6 The Elton, Gruber and Padberg method of portfolio
management 79
3.2.7 Utility theory and optimal portfolio selection 85
3.2.8 The market model 91
3.3 Model of ¬nancial asset equilibrium and applications 93
3.3.1 Capital asset pricing model 93
3.3.2 Arbitrage pricing theory 97
3.3.3 Performance evaluation 99
3.3.4 Equity portfolio management strategies 103
3.4 Equity dynamic models 108
3.4.1 Deterministic models 108
3.4.2 Stochastic models 109

4 Bonds 115
4.1 Characteristics and valuation 115
4.1.1 De¬nitions 115
4.1.2 Return on bonds 116
4.1.3 Valuing a bond 119
4.2 Bonds and ¬nancial risk 119
4.2.1 Sources of risk 119
4.2.2 Duration 121
4.2.3 Convexity 127
4.3 Deterministic structure of interest rates 129
4.3.1 Yield curves 129
4.3.2 Static interest rate structure 130
4.3.3 Dynamic interest rate structure 132
4.3.4 Deterministic model and stochastic model 134
4.4 Bond portfolio management strategies 135
4.4.1 Passive strategy: immunisation 135
4.4.2 Active strategy 137
4.5 Stochastic bond dynamic models 138
4.5.1 Arbitrage models with one state variable 139
4.5.2 The Vasicek model 142
Contents vii

4.5.3 The Cox, Ingersoll and Ross model 145
4.5.4 Stochastic duration 147

5 Options 149
5.1 De¬nitions 149
5.1.1 Characteristics 149
5.1.2 Use 150
5.2 Value of an option 153
5.2.1 Intrinsic value and time value 153
5.2.2 Volatility 154
5.2.3 Sensitivity parameters 155
5.2.4 General properties 157
5.3 Valuation models 160
5.3.1 Binomial model for equity options 162
5.3.2 Black and Scholes model for equity options 168
5.3.3 Other models of valuation 174
5.4 Strategies on options 175
5.4.1 Simple strategies 175
5.4.2 More complex strategies 175

Introduction 180

6 Theory of VaR 181
6.1 The concept of ˜risk per share™ 181
6.1.1 Standard measurement of risk linked to ¬nancial products 181
6.1.2 Problems with these approaches to risk 181
6.1.3 Generalising the concept of ˜risk™ 184
6.2 VaR for a single asset 185
6.2.1 Value at Risk 185
6.2.2 Case of a normal distribution 188
6.3 VaR for a portfolio 190
6.3.1 General results 190
6.3.2 Components of the VaR of a portfolio 193
6.3.3 Incremental VaR 195

7 VaR Estimation Techniques 199
7.1 General questions in estimating VaR 199
7.1.1 The problem of estimation 199
7.1.2 Typology of estimation methods 200
7.2 Estimated variance“covariance matrix method 202
7.2.1 Identifying cash ¬‚ows in ¬nancial assets 203
7.2.2 Mapping cash¬‚ows with standard maturity dates 205
7.2.3 Calculating VaR 209
7.3 Monte Carlo simulation 216
7.3.1 The Monte Carlo method and probability theory 216
7.3.2 Estimation method 218
viii Contents

7.4 Historical simulation 224
7.4.1 Basic methodology 224
7.4.2 The contribution of extreme value theory 230
7.5 Advantages and drawbacks 234
7.5.1 The theoretical viewpoint 235
7.5.2 The practical viewpoint 238
7.5.3 Synthesis 241

8 Setting Up a VaR Methodology 243
8.1 Putting together the database 243
8.1.1 Which data should be chosen? 243
8.1.2 The data in the example 244
8.2 Calculations 244
8.2.1 Treasury portfolio case 244
8.2.2 Bond portfolio case 250
8.3 The normality hypothesis 252

Introduction 256

9 Portfolio Risk Management 257
9.1 General principles 257
9.2 Portfolio risk management method 257
9.2.1 Investment strategy 258
9.2.2 Risk framework 258

10 Optimising the Global Portfolio via VaR 265
10.1 Taking account of VaR in Sharpe™s simple index method 266
10.1.1 The problem of minimisation 266
10.1.2 Adapting the critical line algorithm to VaR 267
10.1.3 Comparison of the two methods 269
10.2 Taking account of VaR in the EGP method 269
10.2.1 Maximising the risk premium 269
10.2.2 Adapting the EGP method algorithm to VaR 270
10.2.3 Comparison of the two methods 271
10.2.4 Conclusion 272
10.3 Optimising a global portfolio via VaR 274
10.3.1 Generalisation of the asset model 275
10.3.2 Construction of an optimal global portfolio 277
10.3.3 Method of optimisation of global portfolio 278

11 Institutional Management: APT Applied to Investment Funds 285
11.1 Absolute global risk 285
11.2 Relative global risk/tracking error 285
11.3 Relative fund risk vs. benchmark abacus 287
11.4 Allocation of systematic risk 288
x Contents

2.2 Theoretical distributions 347
2.2.1 Normal distribution and associated ones 347
2.2.2 Other theoretical distributions 350
2.3 Stochastic processes 353
2.3.1 General considerations 353
2.3.2 Particular stochastic processes 354
2.3.3 Stochastic differential equations 356

Appendix 3 Statistical Concepts 359
3.1 Inferential statistics 359
3.1.1 Sampling 359
3.1.2 Two problems of inferential statistics 360
3.2 Regressions 362
3.2.1 Simple regression 362
3.2.2 Multiple regression 363
3.2.3 Nonlinear regression 364

Appendix 4 Extreme Value Theory 365
4.1 Exact result 365
4.2 Asymptotic results 365
4.2.1 Extreme value theorem 365
4.2.2 Attraction domains 366
4.2.3 Generalisation 367

Appendix 5 Canonical Correlations 369
5.1 Geometric presentation of the method 369
5.2 Search for canonical characters 369

Appendix 6 Algebraic Presentation of Logistic Regression 371

Appendix 7 Time Series Models: ARCH-GARCH and EGARCH 373
7.1 ARCH-GARCH models 373
7.2 EGARCH models 373

Appendix 8 Numerical Methods for Solving Nonlinear Equations 375
8.1 General principles for iterative methods 375
8.1.1 Convergence 375
8.1.2 Order of convergence 376
8.1.3 Stop criteria 376
8.2 Principal methods 377
8.2.1 First order methods 377
8.2.2 Newton“Raphson method 379
8.2.3 Bisection method 380
Contents xi

8.3 Nonlinear equation systems 380
8.3.1 General theory of n-dimensional iteration 381
8.3.2 Principal methods 381

Bibliography 383

Index 389

Christian Berb´ , Civil engineer from Universit´ libre de Bruxelles and ABAF ¬nancial
e e
analyst. Previously a director at PricewaterhouseCoopers Consulting in Luxembourg, he
is a ¬nancial risk management specialist currently working as a wealth manager with
Bearbull (Degroof Group).

Pascal Damel, Doctor of management science from the University of Nancy, is conference
master for management science at the IUT of Metz, an independent risk management
consultant and ALM.

Michel Debay, Civil engineer and physicist of the University of Li` ge and master of
¬nance and insurance at the High Business School in Li` ge (HEC), currently heads the
Data Warehouse Unit at SA Kredietbank in Luxembourg.

Jean-Fran¸ ois Hannosset, Actuary of the Catholic University of Louvain, currently man-
ages the insurance department at Banque Degroof Luxembourg SA, and is director of
courses at the Luxembourg Institute of Banking Training.
by Philippe Jorion

Risk management has truly undergone a revolution in the last decade. It was just over 10
years ago, in July 1993, that the Group of 30 (G-30) of¬cially promulgated best practices
for the management of derivatives.1 Even though the G-30 issued its report in response
to the string of derivatives disasters of the early 1990s, these best practices apply to all
¬nancial instruments, not only derivatives.
This was the ¬rst time the term ˜Value-at-Risk™ (VaR) was publicly and widely men-
tioned. By now, VaR has become the standard benchmark for measuring ¬nancial risk.
All major banks dutifully report their VaR in quarterly or annual ¬nancial reports.
Modern risk measurement methods are not new, however. They go back to the concept
of portfolio risk developed by Harry Markowitz in 1952. Markowitz noted that investors
should be interested in total portfolio risk and that ˜diversi¬cation is both observed and
sensible™. He provided tools for portfolio selection. The new aspect of the VaR revolution
is the application of consistent methods to measure market risk across the whole institution
or portfolio, across products and business lines. These methods are now being extended
to credit risk, operational risk, and to the ¬nal frontier of enterprise-wide risk.
Still, risk measurement is too often limited to a passive approach, which is to measure or
to control. Modern risk-measurement techniques are much more useful than that. They can
be used to manage the portfolio. Consider a portfolio manager with a myriad of securities
to select from. The manager should have strong opinions on most securities. Opinions,
or expected returns on individual securities, aggregate linearly into the portfolio expected
return. So, assessing the effect of adding or subtracting securities on the portfolio expected
return is intuitive. Risk, however, does not aggregate in a linear fashion. It depends on the
number of securities, on individual volatilities and on all correlations. Risk-measurement
methods provide tools such as marginal VaR, component VaR, and incremental VaR, that
help the portfolio manager to decide on the best trade-off between risk and return. Take
a situation where a manager considers adding two securities to the portfolio. Both have
the same expected return. The ¬rst, however, has negative marginal VaR; the second has
positive marginal VaR. In other words, the addition of the ¬rst security will reduce the

The G-30 is a private, nonpro¬t association, founded in 1978 and consisting of senior representatives of the private and
public sectors and academia. Its main purpose is to affect the policy debate on international economic and ¬nancial issues.
The G-30 regularly publishes papers. See www.group30.org.
xvi Foreword

portfolio risk; the second will increase the portfolio risk. Clearly, adding the ¬rst security
is the better choice. It will increase the portfolio expected return and decrease its risk.
Without these tools, it is hard to imagine how to manage the portfolio. As an aside, it is
often easier to convince top management of investing in risk-measurement systems when
it can be demonstrated they can add value through better portfolio management.
Similar choices appear at the level of the entire institution. How does a bank decide
on its capital structure, that is, on the amount of equity it should hold to support its
activities? Too much equity will reduce its return on equity. Too little equity will increase
the likelihood of bankruptcy. The answer lies in risk-measurement methods: The amount
of equity should provide a buffer adequate against all enterprise-wide risks at a high
con¬dence level. Once risks are measured, they can be decomposed and weighted against
their expected pro¬ts. Risks that do not generate high enough payoffs can be sold off or
hedged. In the past, such trade-offs were evaluated in an ad-hoc fashion.
This book provides tools for going from risk measurement to portfolio or asset man-
agement. I applaud the authors for showing how to integrate VaR-based measures in the
portfolio optimisation process, in the spirit of Markowitz™s portfolio selection problem.
Once risks are measured, they can be managed better.

Philippe Jorion
University of California at Irvine

We want to acknowledge the help received in the writing of this book. In particular, we
would like to thank Michael May, managing director, Bank of Bermuda Luxembourg S.A.
and Christel Glaude, Group Risk Management at KBL Group European Private Bankers.
Part I
The Massive Changes in the World
of Finance

1 The Regulatory Context
2 Changes in Financial Risk Management
2 Asset and Risk Management

The ¬nancial world of today has three main aspects:

• An insurance market that is tense, mainly because of the events of 11 September 2001
and the claims that followed them.
• Pressure of regulations, which are compelling the banks to quantify and reduce the
risks hitherto not considered particular to banks (that is, operational risks).
• A prolonged ¬nancial crisis together with a crisis of con¬dence, which is pressurising
the ¬nancial institutions to manage their costs ever more carefully.

Against this background, the risk management function is becoming more and more
important in the ¬nance sector as a whole, increasing the scope of its skills and giving
the decision-makers a contribution that is mostly strategic in nature. The most notable
result of this is that the perception of cost is currently geared towards the creation of
value, while as recently as ¬ve years ago, shareholders™ perceptions were too heavily
weighted in the direction of the ˜cost of doing business™.
It is these subjects that we propose to develop in the ¬rst two chapters.
The Regulatory Context

One of the aims of precautionary surveillance is to increase the quality of risk management
in ¬nancial institutions. Generally speaking:

• Institutions whose market activity is signi¬cant in terms of contribution to results or
expenditure of equity fund cover need to set up a risk management function that is
independent of the ˜front of¬ce™ and ˜back of¬ce™ functions.
• When the establishment in question is a consolidating business, it must be a decision-
making centre. The risk management function will then be responsible for suggesting a
group-wide policy for the monitoring of risks. The management committee then takes
the risk management policy decisions for the group as a whole.
• To do this, the establishment must have adequate ¬nancial and infrastructural resources
for managing the risk. The risk management function must have systems for assessing
positions and measuring risks, as well as adequate limit systems and human resources.

The aim of precautionary surveillance is to:

• Promote a well-thought-out and prudent business policy.
• Protect the ¬nancial stability of the businesses overseen and of the ¬nancial sector as
a whole.
• Ensure that the organisation and the internal control systems are of suitable quality.
• Strengthen the quality of risk management.

We do not propose to enter into methodological details on the adequacy1 of equity capital
in relation to credit, market and operational risks.
On the other hand, we intend to spend some time examining the underlying philosophy
of the work of the Basle Committee2 on banking controls, paying particular attention to
the qualitative dynamic (see 1.2.2 below) on the matter of operational risks.

1.2.1 General information

The Basle Committee on Banking Supervision is a committee of banking supervisory authorities,
which was established by the central bank governors of the Group of Ten countries in 1975. It
consists of senior representatives of bank supervisory authorities and central banks from Belgium,

Interested readers should read P. Jorion, Financial Risk Manager Handbook (Second Edition), John Wiley & Sons, Inc.
2003, and in particular its section on regulation and compliance.
Interested readers should consult http://www.bis.org/index.htm.
4 Asset and Risk Management
Canada, France, Germany, Italy, Japan, Luxembourg, the Netherlands, Sweden, Switzerland, the
United Kingdom and the United States. It usually meets at the Bank for International Settlements
in Basle, where its permanent Secretariat is located.3 The current situation
The aim of the capital adequacy ratio is to ensure that the establishment has suf¬cient
equity capital in relation to credit and market risks. The ratio compares the eligible equity
capital with overall equity capital requirements (on a consolidated basis where necessary)
and must total or exceed 100 % (or 8 % if the denominator is multiplied by 12.5). Two
methods, one standard and the other based on the internal models, allow the requirements
in question to be calculated.
In addition, the aim of overseeing and supervising major risks is to ensure that the
credit risk is suitably diversi¬ed within the banking portfolios (on a consolidated basis
where necessary). The point of the ˜New Accord™4

The Basle Committee on Banking Supervision has decided to undertake a second round of
consultation on more detailed capital adequacy framework proposals that, once ¬nalised, will
replace the 1988 Accord, as amended.
The new framework is intended to align capital adequacy assessment more closely with the key
elements of banking risks and to provide incentives for banks to enhance their risk measurement
and management capabilities.

The Committee™s ongoing work has af¬rmed the importance of the three pillars of the
new framework:
1. Minimum capital requirements.
2. Supervisory review process.
3. Market discipline.
A. First aspect: minimum capital requirements

The primary changes to the minimum capital requirements set out in the 1988 Accord are in
the approach to credit risk and in the inclusion of explicit capital requirements for operational
risk. A range of risk-sensitive options for addressing both types of risk is elaborated. For credit
risk, this range begins with the standardised approach and extends to the “foundation” and
“advanced” internal ratings-based (IRB) approaches. A similar structure is envisaged for opera-
tional risk. These evolutionary approaches will motivate banks to continuously improve their risk
management and measurement capabilities so as to avail themselves of the more risk-sensitive
methodologies and thus more accurate capital requirements.
B. Second aspect: supervisory review process

The Committee has decided to treat interest rate risk in the banking book under Pillar 2 (super-
visory review process). Given the variety of underlying assumptions needed, the Committee
The Bank for International Settlements, Basle Committee on Banking Supervision, Vue d™ensemble du Nouvel accord de
Bˆ le sur les fonds propres, Basle, January 2001, p. 1.
Interested readers should also consult: The Bank for International Settlements, Basle Committee on Banking Control, The
New Basle Capital Accord, January 2001; and The Bank for International Settlements, Basle Committee on Banking Control,
The New Basle Capital Accord: An Explanatory Note, January 2001.
The Regulatory Context 5
believes that a better and more risk-sensitive treatment can be achieved through the supervisory
review process rather than through minimum capital requirements. Under the second pillar of the
New Accord, supervisors should ensure that each bank has sound internal processes in place to
assess the adequacy of its capital based on a thorough evaluation of its risks. The new framework
stresses the importance of bank™s management developing an internal capital assessment process
and setting targets for capital that are commensurate with the bank™s particular risk pro¬le and
control environment.

C. Third aspect: Market discipline

The Committee regards the bolstering of market discipline through enhanced disclosure as a
fundamental part of the New Accord.5 The Committee believes the disclosure requirements
and recommendations set out in the second consultative package will allow market partici-
pants to assess key pieces of information on the scope of application of the revised Accord,
capital, risk exposures, assessment and management processes, and capital adequacy of banks.
The risk-sensitive approaches developed by the Committee rely extensively on banks™ internal
methodologies giving banks more discretion in calculating their capital requirements. Separate
disclosure requirements are put forth as prerequisites for supervisory recognition of internal
methodologies for credit risk, credit risk mitigation techniques and asset securitisation. In the
future, disclosure prerequisites will also attach to advanced approaches to operational risk. In
the view of the Committee, effective disclosure is essential to ensure that market participants
can better understand banks™ risk pro¬les and the adequacy of their capital positions.

1.2.2 Basle II and the philosophy of operational risk6
In February 2003, the Basle Committee published a new version of the document Sound
Practices for the Management and Supervision of Operational Risk. It contains a set of
principles that make up a structure for managing and supervising operational risks for
banks and their regulators.
In fact, risks other than the credit and market risks can become more substantial as
the deregulation and globalisation of ¬nancial services and the increased sophistication
of ¬nancial technology increase the complexity of the banks™ activities and therefore that
of their risk pro¬le.
By way of example, the following can be cited:

• The increased use of automated technology, which if not suitably controlled, can trans-
form the risk of an error during manual data capture into a system breakdown risk.
• The effects of e-business.
• The effects of mergers and acquisitions on system integration.
• The emergence of banks that offer large-scale services and the technical nature of the
high-performance back-up mechanisms to be put in place.

See also Point 1.3, which deals with accounting standards.
This section is essentially a summary of the following publication: The Bank for International Settlements, Basle Com-
mittee on Banking Control, Sound Practices for the Management and Supervision of Operational Risk, Basle, February 2003. In
addition, interested readers can also consult: Cruz M. G., Modelling, Measuring and Hedging Operational Risk, John Wiley &
Sons, Ltd, 2003; Hoffman D. G., Managing Operational Risk: 20 Firm-Wide Best Practice Strategies, John Wiley & Sons, Inc.,
2002; and Marshall C., Measuring and Managing Operational Risks in Financial Institutions, John Wiley & Sons, Inc., 2001.
6 Asset and Risk Management

• The use of collateral,7 credit derivatives, netting and conversion into securities, with
the aim of reducing certain risks but the likelihood of creating other kinds of risk (for
example, the legal risk “ on this matter, see Point in the section on ˜Positioning
the legal risk™).
• Increased recourse to outsourcing and participation in clearing systems. A precise de¬nition?
Operational risk, therefore, generally and according to the Basle Committee speci¬cally,
is de¬ned as ˜the risk of loss resulting from inadequate or failed internal processes, people
and systems or from external events™. This is a very wide de¬nition, which includes legal
risk but excludes strategic and reputational risk.
The Committee emphasises that the precise approach chosen by a bank in the manage-
ment of its operational risks depends on many different factors (size, level of sophistica-
tion, nature and complexity of operations, etc.). Nevertheless, it provides a more precise
de¬nition by adding that despite these differences, clear strategies supervised by the board
of directors and management committee, a solid ˜operational risk™ and ˜internal control™
culture (including among other things clearly de¬ned responsibilities and demarcation of
tasks), internal reporting, and plans for continuity8 following a highly damaging event,
are all elements of paramount importance in an effective operational risk management
structure for banks, regardless of their size and environment.
Although the de¬nition of operational risk varies de facto between ¬nancial institutions,
it is still a certainty that some types of event, as listed by the Committee, have the potential
to create substantial losses:

• Internal fraud (for example, insider trading of an employee™s own account).
• External fraud (such as forgery).
• Workplace safety.
• All matters linked to customer relations (for example, money laundering).
• Physical damage to buildings (terrorism, vandalism etc.).
• Telecommunication problems and system failures.
• Process management (input errors, unsatisfactory legal documentation etc.). Sound practices
The sound practices proposed by the Committee are based on four major themes (and are
subdivided into 10 principles):

• Development of an appropriate risk management environment.
• Identi¬cation, assessment, monitoring, control and mitigation in a risk management
• The role of supervisors.
• The role of disclosure.

On this subject, see
On this subject, see
The Regulatory Context 7

Developing an appropriate risk management environment
Operational risk management is ¬rst and foremost an organisational issue. The greater the
relative importance of ethical behaviour at all levels within an institution, the more the
risk management is optimised.
The ¬rst principle is as follows. The board of directors should be aware of the major
aspects of the bank™s operational risks as a distinct risk category that should be managed,
and it should approve and periodically review the bank™s operational risk management
framework. The framework should provide a ¬rm-wide de¬nition of operational risk and
lay down the principles of how operational risk is to be identi¬ed, assessed, monitored,
and controlled/mitigated.
In addition (second principle), the board of directors should ensure that the bank™s
operational risk management framework is subject to effective and comprehensive inter-
nal audit9 by operationally independent, appropriately trained and competent staff. The
internal audit function should not be directly responsible for operational risk management.
This independence may be compromised if the audit function is directly involved in
the operational risk management process. In practice, the Committee recognises that the
audit function at some banks (particularly smaller banks) may have initial responsibility
for developing an operational risk management programme. Where this is the case, banks
should see that responsibility for day-to-day operational risk management is transferred
elsewhere in a timely manner.
In the third principle senior management should have responsibility for implement-
ing the operational risk management framework approved by the board of directors. The
framework should be consistently implemented throughout the whole banking organi-
sation, and all levels of staff should understand their responsibilities with respect to
operational risk management. Senior management should also have responsibility for
developing policies, processes and procedures for managing operational risk in all of the
bank™s material products, activities, processes and systems.
Risk management: Identi¬cation, assessment, monitoring and mitigation/control
The fourth principle states that banks should identify and assess the operational risk inher-
ent in all material products, activities, processes and systems. Banks should also ensure
that before new products, activities, processes and systems are introduced or undertaken,
the operational risk inherent in them is subject to adequate assessment procedures.
Amongst the possible tools used by banks for identifying and assessing operational
risk are:

• Self- or risk-assessment. A bank assesses its operations and activities against a menu
of potential operational risk vulnerabilities. This process is internally driven and often
incorporates checklists and/or workshops to identify the strengths and weaknesses of the
operational risk environment. Scorecards, for example, provide a means of translating
qualitative assessments into quantitative metrics that give a relative ranking of different
types of operational risk exposures. Some scores may relate to risks unique to a speci¬c
business line while others may rank risks that cut across business lines. Scores may
address inherent risks, as well as the controls to mitigate them. In addition, scorecards
may be used by banks to allocate economic capital to business lines in relation to
performance in managing and controlling various aspects of operational risk.
8 Asset and Risk Management

• Risk mapping. In this process, various business units, organisational functions or process
¬‚ows are mapped by risk type. This exercise can reveal areas of weakness and help
prioritise subsequent management action.
• Risk indicators. Risk indicators are statistics and/or metrics, often ¬nancial, which can
provide insight into a bank™s risk position. These indicators tend to be reviewed on
a periodic basis (such as monthly or quarterly) to alert banks to changes that may be
indicative of risk concerns. Such indicators may include the number of failed trades,
staff turnover rates and the frequency and/or severity of errors and omissions.
• Measurement. Some ¬rms have begun to quantify their exposure to operational risk
using a variety of approaches. For example, data on a bank™s historical loss expe-
rience could provide meaningful information for assessing the bank™s exposure to
operational risk.

In its ¬fth principle, the Committee asserts that banks should implement a process to
regularly monitor operational risk pro¬les and material exposures to losses. There should
be regular reporting of pertinent information to senior management and the board of
directors that supports the proactive management of operational risk.
In addition (sixth principle), banks should have policies, processes and procedures
to control and/or mitigate material operational risks. Banks should periodically review
their risk limitation and control strategies and should adjust their operational risk pro¬le
accordingly using appropriate strategies, in light of their overall risk appetite and pro¬le.
The seventh principle states that banks should have in place contingency and business
continuity plans to ensure their ability to operate on an ongoing basis and limit losses in
the event of severe business disruption.
Role of supervisors
In the eighth principle banking supervisors should require that all banks, regardless of
size, have an effective framework in place to identify, assess, monitor and control/mitigate
material operational risks as part of an overall approach to risk management.
In the ninth principle supervisors should conduct, directly or indirectly, regular inde-
pendent evaluation of a bank™s policies, procedures and practices related to operational
risks. Supervisors should ensure that there are appropriate mechanisms in place which
allow them to remain apprised of developments at banks.
Examples of what an independent evaluation of operational risk by supervisors should
review include the following:

• The effectiveness of the bank™s risk management process and overall control environ-
ment with respect to operational risk;
• The bank™s methods for monitoring and reporting its operational risk pro¬le, including
data on operational losses and other indicators of potential operational risk;
• The bank™s procedures for the timely and effective resolution of operational risk events
and vulnerabilities;
• The bank™s process of internal controls, reviews and audit to ensure the integrity of the
overall operational risk management process;
• The effectiveness of the bank™s operational risk mitigation efforts, such as the use
of insurance;
• The quality and comprehensiveness of the bank™s disaster recovery and business con-
tinuity plans; and
The Regulatory Context 9

• The bank™s process for assessing overall capital adequacy for operational risk in relation
to its risk pro¬le and, if appropriate, its internal capital targets.
Role of disclosure
Banks should make suf¬cient public disclosure to allow market participants to assess their
approach to operational risk management.

The ¬nancial crisis that started in some Asian countries in 1998 and subsequently spread to
other locations in the world revealed a need for reliable and transparent ¬nancial reporting,
so that investors and regulators could take decisions with a full knowledge of the facts.

1.3.1 Standard-setting organisations10
Generally speaking, three main standard-setting organisations are recognised in the ¬eld
of accounting:

• The IASB (International Accounting Standards Board), dealt with below in 1.3.2.
• The IFAC (International Federation of Accountants).
• The FASB (Financial Accounting Standards Board).

The International Federation of Accountants, or IFAC,11 is an organisation based in
New York that combines a number of professional accounting organisations from vari-
ous countries. Although the IASB concentrates on accounting standards, the aim of the
IFAC is to promote the accounting profession and harmonise professional standards on a
worldwide scale.
In the United States, the standard-setting organisation is the Financial Accounting
Standards Board or FASB.12 Although it is part of the IASB, the FASB has its own
standards. Part of the FASB™s mandate is, however, to work together with the IASB in
establishing worldwide standards, a process that is likely to take some time yet.

1.3.2 The IASB13
In 1998 the ministers of ¬nance and governors of the central banks from the G7 nations
decided that private enterprises in their countries should comply with standards, prin-
ciples and good practice codes decided at international level. They then called on all the
countries involved in the global capital markets to comply with these standards, principles
and practices.
Many countries have now committed themselves, including most notably the European
Union, where the Commission is making giant strides towards creating an obligation for
all quoted companies, to publish their consolidated ¬nancial reports in compliance with
IAS standards.
The IASB or International Standards Accounting Board is a private, independent
standard-setting body based in London. In the public interest, the IASB has developed
http://www.cga-canada.org/fr/magazine/nov-dec02/Cyberguide f.htm.
Interested readers should consult http://www.ifac.org.
Interested readers should consult http://www.fasb.org.
Interested readers should consult http://www.iasc.org.uk/cmt/0001.asp.
10 Asset and Risk Management

a set of standardised accounting rules that are of high quality and easily understandable
(known as the IAS Standards). Financial statements must comply with these rules in order
to ensure suitable transparency and information value for their readers.
Particular reference is made to Standard IAS 39 relating to ¬nancial instruments, which
is an expression of the IASB™s wish to enter the essence of balance-sheet items in terms
of fair value. In particular, it demands that portfolios derived from cover mechanisms
set up in the context of asset and liability management be entered into the accounts at
market value (see Chapter 12), regardless of the accounting methods used in the entries
that they cover.
In the ¬eld of ¬nancial risk management, it should be realised that in addition to the
impact on asset and liability management, these standards, once adopted, will doubtless
affect the volatility of the results published by the ¬nancial institutions as well as affecting
equity capital ¬‚uctuations.
Changes in Financial Risk Management

Within a ¬nancial institution, the purpose of the risk management function is twofold.
1. It studies all the quanti¬able and non-quanti¬able factors (see 2.1.1 below) that in
relation to each individual person or legal entity pose a threat to the return generated
by rational use of assets and therefore to the assets themselves.
2. It provides the following solutions aimed at combating these factors.
” Strategic. The onus is on the institution to propose a general policy for monitoring
and combating risks, ensure sensible consolidation of risks at group management
level where necessary, organise the reports sent to the management committee, par-
ticipate actively in the asset and liability management committee (see Chapter 12)
and so on.
” Tactical. This level of responsibility covers economic and operational assessments
when a new activity is planned, checks to ensure that credit has been spread safely
across various sectors, the simulation of risk coverage for exchange interest rate
risk and their impact on the ¬nancial margin, and so on.
” Operational. These are essentially ¬rst-level checks that include monitoring of
internal limits, compliance with investment and stop loss criteria, traders™ lim-
its, etc.

2.1.1 Typology of risks
The risks linked to ¬nancial operations are classically divided into two major categories:
1. Ex ante non-quanti¬able risks.
2. Ex ante quanti¬able risks. Standard typology
It is impossible to overemphasise the importance of proactive management in the avoid-
ance of non-quanti¬able risks within ¬nancial institutions, because:

1. Although these risks cannot be measured, they are, however, identi¬able, manageable
and avoidable.
2. The ¬nancial consequences that they may produce are measurable, but a posteri-
ori only.

The many non-quanti¬able risks include:

1. The legal risk (see, which is likely to lead to losses for a company that carries
on ¬nancial deals with a third-party institution not authorised to carry out deals of
that type.
12 Asset and Risk Management

2. The media risk, when an event undermines con¬dence in or the image of a given
3. The operational risk (see below), although recent events have tended to make
this risk more quanti¬able in nature.

The quanti¬able risks include:

1. The market risk, which is de¬ned as the impact that changes in market value variables
may have on the position adopted by the institution. This risk is subdivided into:
” interest rate risk;
” FX risk;
” price variation risk;
” liquidity risk (see
2. The credit risk that arises when an opposite party is unable or unwilling to ful¬l his
contractual obligations:
” relative to the on-balance sheet (direct);
” relative to the off-balance sheet (indirect);
” relating to delivery (settlement risk). Operational risk1
According to the Basle Committee, operational risk is de¬ned as the risk of direct or
indirect loss resulting from inadequate or failed internal processes, people and systems or
from external events.
In the ¬rst approach, it is dif¬cult to classify risks of this type as ones that could
be quanti¬ed a priori, but there is a major change that makes the risk quanti¬able a
priori. In fact, the problems of corporate governance, cases of much-publicised inter-
nal checks that brought about the downfall of certain highly acclaimed institutions, the
combination of regulatory pressure and market pressure have led the ¬nancial commu-
nity to see what it has been agreed to call operational risk management in a completely
different light.
Of course operational risk management is not a new practice, its ultimate aim being
to manage the added volatility of the results as produced by the operational risk. The
banks have always attached great importance to attempts at preventing fraud, maintaining
integrity of internal controls, reducing errors and ensuring that tasks are appropriately
Until recently, however, the banks counted almost exclusively on internal control mech-
anisms within operational entities, together with the internal audit,2 to manage their
operational risks.
This type of management, however, is now outdated. We have moved on from oper-
ational risk management fragmented into business lines to transfunctional integrity; the
attitude is no longer reactive but proactive. We are looking towards the future instead of
back to the past, and have turned from ˜cost avoidance™ to ˜creation of value™.

See also Point 1.2.2.
Interested readers should consult the Bank for International Settlements, Basle Committee for Banking Controls, Internal
Audit in Banks and the Supervisor™s Relationship with Auditors, Basle, August 2001.
Changes in Financial Risk Management 13

The operational risk management of today also includes:

• Identifying and measuring operational risks.
• Analysing potential losses and their causes, as well as ways of reducing and prevent-
ing losses.
• Analysing risk transfer possibilities.
• Allocating capital speci¬cally to operational risk.

It is speci¬cally this aspect of measurement and quanti¬cation that has brought about the
transition from ex post to ex ante. In fact, methodological advances in this ¬eld have been
rapid and far-reaching, and consist essentially of two types of approach.

• The qualitative approach. This is a process by which management identi¬es the risks
and controls in place in order to manage them, essentially by means of discussions and
workshops. As a result, the measurement of frequency and impact is mostly subjective,
but it also has the advantage of being prospective in nature, and thus allows risks that
cannot be easily quanti¬ed to be understood.
• The quantitative approach. A speci¬c example, although not the only one, is the loss
distribution approach, which is based on a database of past incidents treated statistically
using a Value at Risk method. The principal strength of this method is that it allows
the concept of correlation between risk categories to be integrated, but its prospective
outlook is limited because it accepts the hypothesis of stationarity as true.

Halfway between these two approaches is the scorecards method, based on risk indicators.
In this approach, the institution determines an initial regulatory capital level for operational
risk, at global level and/or in each trade line. Next, it modi¬es this total as time passes,
on the basis of so-called scorecards that attempt to take account of the underlying risk
pro¬le and the risk control environment within the various trade lines. This method has
several advantages:

• It allows a speci¬c risk pro¬le to be determined for each organisation.
• The effect on behaviour is very strong, as managers in each individual entity can act
on the risk indicators.
• It allows the best practices to be identi¬ed and communicated within the organisation.

It is, however, dif¬cult to calibrate the scorecards and allocate speci¬c economic funds.

A re¬ned quanti¬cation of operational risk thus allows:

• Its cost (expected losses) to be made clear.
• Signi¬cant exposures (unexpected losses) to be identi¬ed.
• A framework to be produced for pro¬t-and-cost analysis (and excessive controls to
be avoided).

In addition, systematic analysis of the sources and causes of operational losses leads to:

• Improvements in processes and quality.
• Optimal distribution of best practices.
14 Asset and Risk Management

A calculation of the losses attributable to operational risk therefore provides a framework
that allows the controls to be linked to performance measurement and shareholder value.
That having been said, this approach to the mastery of operational risk must also
allow insurance programmes to be rationalised (concept of risk transfer), in particular by
integrating the business continuity plan or BCP into it. The triptych: Operational risk “ risk transfer “ BCP
See Figure 2.1.

A. The origin, de¬nition and objective of Business Continuity Planning
A BCP is an organised set of provisions aimed at ensuring the survival of an organisation
that has suffered a catastrophic event.
The concept of BCP originated in the emergency computer recovery plans, which have
now been extended to cover the human and material resources essential for ensuring
continuity of a business™s activities. Because of this extension, activities that lead to the
constitution of a BCP relate principally to everyone involved in a business and require
coordination by all the departments concerned.
In general, the BCP consists of a number of interdependent plans that cover three
distinct ¬elds.

• The preventive plan: the full range of technical and organisational provisions applied
on a permanent basis with the aim of ensuring that unforeseen events do not render
critical functions and systems inoperative.
• The emergency plan: the full range of provisions, prepared and organised in advance,
required to be applied when an incident occurs in order to ensure continuity of critical
systems and functions or to reduce the period of their non-availability.
• The recovery plan: the full range of provisions, prepared and organised in advance,
aimed at reducing the period of application of the emergency plan and re-establishing
full service functionality as soon as possible.

Insurance risk management
• Identification
• Evaluation
• Transfer
• Prevention
• A posteriori management


Figure 2.1 Triptych
Changes in Financial Risk Management 15

B. The insurance context
After the events of 11 September 2001, the thought processes and methods relating to
the compilation of a BCP were re¬ned. Businesses were forced to realise that the issue
of continuity needed to be overseen in its entirety (prevention, insurance, recovery plan
and/or crisis management).
The tensions prevailing in the insurance market today have only increased this aware-
ness; reduction in capacity is pushing business towards a policy of self-insurance and, in
consequence, towards the setting up of new processes believed to favour a more rapid
recovery after the occurrence of a major incident.
Several major actors in the market are currently re¬‚ecting on the role that they should
play in this context, and some guidelines have already been laid down.
The insurance and reinsurance companies thus have an essential communication role to
play. They have a wealth of information that is unrivalled and clearly cannot be rivalled,
on ˜prejudicial™ events and their causes, development, pattern and management. Sharing of
insured persons™ experiences is a rich source of information for learning about processes,
methods and errors so that clients may bene¬t from them. Another source is training.
The wealth of information available to them also allows insurers and reinsurers to
provide well-informed advice based on a pragmatic approach to the problems encountered.
In this context, the integration of BCP into the risk management function, provided that
insurance management is also integrated, will bring the bene¬ts of shared information and
allow better assessment of the practical opportunities for implementation
Similarly, the undisputed links between certain insurance policies and the BCP also
argue for integration, together with operational risk management, which must play an
active role in the various analyses relating to the continuity plan.

C. The connection between insurance and the BCP
In order to illustrate our theme, here we examine three types of policy.

• The ˜all risks™ policy, which guarantees the interests of the person taking out the
insurance in all ¬xed and movable assets owned or used by that person. The policy
may include an extension of the ˜extra expenses™ cover. Such expenses correspond to
the charges that the institution has to bear in order to function ˜normally™ following an
incident (for example: hire of premises or equipment, additional working hours etc.). In
this case, the insurance compensates for the full range of measures taken in the event
of a BCP.
• The ˜Business Interruption™ policy, which guarantees the institution against loss of
income, interest and additional charges and business expenses arising from interruption
of its activity in its premises following the occurrence of an insured event. The objective,
in ¬ne, is to compensate losses that affect results following the occurrence of an incident
covered by another guarantee (direct damage to property owned by the institution,
for example). In this case also, the links are clear: the agreements concluded will
compensate for the inevitable operating losses between the occurrence of the event and
the resumption of activities as made possible more quickly by the BCP.
• The ˜crisis management™ policy, which guarantees payment of consultants™ costs
incurred by the institution in an effort to deal with its crisis situation, that is, to draw
up plans of action and procedures to manage the crisis and ensure the communication
and legal resources needed to contain it and minimise its initial effects. If an event
16 Asset and Risk Management

that satis¬es the BCP implementation criteria occurs, this insurance policy will provide
additional assistance in the effort to reduce the consequences of the crisis. In addition,
this type of agreement usually sets out a series of events likely to lead to a ˜crisis
situation™ (death of a key ¬gure, government inquiry or investigation, violent incidents
in the work place etc.). Bringing such a policy into parallel can thus provide an
interesting tool for optimising developments in the BCP.

D. The connection between operational risk and the BCP
The starting hypothesis generally accepted for compiling a BCP takes account of the
consequences, not the causes, of a catastrophic event. The causes, however, cannot be
fully ignored and also need to be analysed to make the continuity plan as ef¬cient as
As operational risk is de¬ned as the risk of direct or indirect loss resulting from inade-
quate or failed internal processes, people and systems or from external events, there is a
strong tendency for the measures provided for by the BCP to be designed following the
occurrence of an operational risk.

E. Speci¬c expressions of the synergy
The speci¬c expression of the synergy described above can be:

• Use of the BCP in the context of negotiations between the institution and the insurers.
The premium payable and cover afforded under certain insurance policies (all risks and
Business Interruption) may be directly in¬‚uenced by the content of the institution™s
BCP. Coordination of the said BCP within the risk management function thus favours
orientation of the provisions in the direction ˜desired™ by the insurers and allows the
strategies put in place to be optimised.
• Once set up, the plan must be re¬ned as and when the operational risks are identi¬ed
and evaluated, thus giving it added value.
• Insurance policies can play a major ¬nancial role in the application of the steps taken
to minimise the effects of the crisis, and in the same order of ideas.
• The possibility of providing ˜captive cover™ to deal with the expenses incurred in the
application of the steps provided for in the BCP may also be of interest from the
¬nancial viewpoint. Liquidity risk:3 the case of a banking institution
This type of risk arises when an institution is unable to cover itself in good time or at a
price that it considers reasonable.
A distinction is drawn between ongoing liquidity management, which is the role of the
banking treasury, and liquidity crisis management.
The Basle Committee asserts that these two aspects must be covered by the banking
institutions™ asset and liability management committees.
A crisis of liquidity can be reproduced in a simulation, using methods such as the
maximum cash out¬‚ow, which allows the survival period to be determined.

Interested readers should consult the Bank for International Settlements, Basle Committee for Banking Controls, Sound
Practices for Managing Liquidity in Banking Organisations, Basle, February 2000.
Changes in Financial Risk Management 17

A. Maximum Cash Out¬‚ow and Survival Period
The ¬rst stage consists of identifying the liquidity lines:

1. Is the institution a net borrower or net lender in the ¬nancial markets, and does it have
a strategic liquidity portfolio?
2. Can the bond and treasury bill portfolios be liquidated through repos and/or resales?
3. Can the ˜credit™ portfolios of the synthetic asset swap type be liquidated by the same
means? And, last but not least:
4. What would be the potential level of assistance that may be expected from the reference
shareholder or from other companies in the same group?

An extreme liquidity crisis situation can then be simulated, on the premise that the insti-
tution cannot borrow on the markets and does not rely on assistance from its reference
shareholder or other companies within the group.
A number of working hypotheses can be taken as examples. On the crisis day (D) let
us suppose that:

• The institution has had no access to borrowing on the interbank market for ¬ve work-
ing days.
• Both private and institutional clients have immediately withdrawn all their cash deposits
within the legal framework:
” All current accounts are repaid on D + 1.
” All deposits with 24 and 48 hours™ notice are repaid on D + 1 and D + 2 respec-
” All savings accounts are repaid on D + 1.
• The institution has to meet all its contractual obligations in terms of cash out¬‚ows:
” The institution repays all the borrowings contracted out by it and maturing between
D and D + 5.
” The institution meets all the loans contracted out by it with start dates between D
and D + 5.
• The only course of action that the institution can take to obtain further liquidity is to
sell its assets.
” It is assumed, for example, that the treasury bill portfolio can be liquidated one-
quarter through repos on D + 1 and three-quarters by sales on D + 2.
” It is assumed, for example, that the debenture and ¬‚oating-rate note portfolios can
be liquidated via repo or resale 85 % on D + 1, if the currency (GB£) allows, and
by sale on D + 2.
” It is assumed, for example, that the synthetic asset swap portfolio can be liqui-
dated 30 % on D + 3, 30 % on D + 4 and the balance on D + 5 taking account of
the ratings.

The cash in and cash out movements are then simulated for each of the days being
reviewed. As a result, the cash balance for each day will be positive or negative. The sur-
vival period is that for which the institution shows a positive cash balance. See Figure 2.2.
In the following example it will be noted that in view of the hypothetical catastrophic
situation adopted, the institution is nevertheless capable of facing a serious liquidity crisis
for three consecutive dealing days without resorting to external borrowing.
18 Asset and Risk Management


Liquidity millions of US$
0 1 2 3 4 5
Number of days

Figure 2.2 Survival period

It should, however, be noted that recourse to repos in particular will be much more
effective if the ¬nancial institution optimises its collateral management. We now intend
to address this point.

B. Collateral management4
Collateral management is one of the three techniques most commonly used in ¬nancial
markets in order to manage credit risks, and most notably counterparty risk. The main
reason for the success of collateral management is that the transaction-related costs are
limited (because the collateral agreement contracts are heavily standardised). The three
¬elds in which collateral management is encountered are:

1. The repos market.
2. The OTC derivatives market (especially if the institution has no rating).
3. Payment and settlement systems.

The assets used as collateral are:

• Cash (which will be avoided as it in¬‚ates the balance sheet, to say nothing of the
operational risks associated with transfers and the risk of depositor bankruptcy).
• Government bonds (although the stocks are becoming weaker).
• The effects of major indices (because these are liquid, as their capitalisation classi¬es
them as such indices).
• Bonds issued by the private sector (although particular attention will be paid to rat-
ing here).

Generally speaking, the counterparty receiving the collateral is clearly less exposed in
terms of counterparty risk. There is, however, a credit risk on the collateral itself: the
issuer risk (inherent in the bill) and the liquidity risk (associated with the bill). The
risks linked to the collateral must be ˜monitored™, as both the product price variation

Interested readers should consult the Bank for International Settlements, BIS Quarterly Review, Collateral in Wholesale
Financial Markets, Basle, September 2001, pp. 57“64. Also: Bank for International Settlements, Committee on the Global
Financial System, Collateral in Wholesale Financial Markets: Recent Trends, Risk Management and Market Dynamics, Basle,
March 2001.
Changes in Financial Risk Management 19

that necessitates the collateral and the collateral price variation have an effect on the
coverage of the potential loss on the counterparty and the collateral that the counterparty
will have provided.
Collateral management is further complicated by the dif¬culty in estimating the corre-
lation between collateral price ¬‚uctuations and the ˜collateralised™ derivative. A negative
correlation will signi¬cantly increase the credit risk, as when the value of the collateral
falls, the credit risk increases.
The question of adjustment is of ¬rst importance. Too much sophistication could lead
to the risk of hesitation by the trader over whether to enter into ˜collateralised™ deals.
Conversely, too little sophistication risks a shift from counterparty risk to issuer and
liquidity risk, and what is the good of that?
Collateral management improves the ef¬ciency of the ¬nancial markets; it makes access
to the market easier. If it is used, more participants will make the competition keener;
prices will be reduced and liquidity will increase. Cases of adverse effects have, however,
been noted, especially in times of stress.
The future of collateral management is rosy: the keener the competition in the ¬nance
markets, the tighter the prices and the greater the need for those involved to run addi-
tional risks.

2.1.2 Risk management methodology
While quanti¬able risks, especially market risks, can of course be measured, a good under-
standing of the risk in question will depend on the accuracy, frequency and interpretation
of such measurement. Value of one basis point (VBP)
The VBP quanti¬es the sensitivity of a portfolio to a parallel and unilateral upward or
downward movement of the interest rate curve for a resolution of one one-hundredth per
cent (or a basis point). See Figure 2.3.
This simple method quanti¬es the sensitivity of an asset or portfolio of assets to interest
rates, in units of national currency; but it must be noted that the probability of a parallel
¬‚uctuation in the curve is low, and that the method does not take account of any curvature
or indeed any alteration in the gradient of the curve.


6.01 %
6.00 %
5.99 % VBP

Maturity dates

Figure 2.3 VBP
20 Asset and Risk Management

Finally, it should be noted that the measurement is immediate and the probability of
occurrence is not grasped. Scenarios and stress testing
Scenarios and stress testing allow the rates to be altered at more than one point in the
curve, upwards for one or more maturity dates and downwards for one or more maturity
dates at the same time. See Figure 2.4.


Stress testing

Maturity dates

Figure 2.4 Stress testing

This method is used for simulating and constructing catastrophe scenarios (a forecast
of what, it is assumed, will never happen). More re¬ned than the VBP, this method is
more dif¬cult to implement but the time and probability aspects are not involved. Value at risk (VaR)
Regardless of the forecasting technique adopted, the VaR is a number that represents the
maximum estimated loss for a portfolio that may be multi-currency and multi-product
(expressed in units of national currency) due to market risks for a speci¬c time horizon
(such as the next 24 hours), with a given probability of occurrence (for example, ¬ve
chances in 100 that the actual loss will exceed the VaR). See Figure 2.5.
In the case of the VaR, as Figure 2.5 shows, we determine the movement of the curve
that with a certain chance of occurrence (for example, 95 %) for a given time horizon
(for example, the next 24 hours) will produce the least favourable ¬‚uctuation in value for
the portfolio in question, this ¬‚uctuation being of course estimated. In other words, the


Maturity dates

Figure 2.5 VaR
Changes in Financial Risk Management 21
Table 2.1 VBP, stress testing and VaR

VBP Stress testing VaR

Indication ˜Uniform™ sensitivity ˜Multi-way™ sensitivity Maximum estimated
Time Immediate Immediate Time horizon
Probability No No Yes
Advantages Simple More realistic curve Standard and complete
Disadvantages Not greatly re¬ned Probability of scenario Methodological choice
occurring? and hypotheses

actual loss observed must not exceed the VaR in more than 5 % of cases (in our example);
otherwise, the VaR will be a poor estimation of the maximum loss.
This method, which we explore in detail in Chapter 6, is complementary in comparison
with VBP and stress testing. In other words, none of these methods should be judged
suf¬cient in itself, but the full range of methods should produce a suf¬ciently strong and
reliable risk matrix.
As can be seen from the comparison in Table 2.1, the VaR represents a priori the most
comprehensive method for measuring market risk. However, methodological choices must
be made and well-thought-out hypotheses must be applied in order to produce a realistic
VaR value easily. If this is done, VaR can then be considered as the standard market for
assessing risks inherent in market operations.

2.2.1 Towards an integrated risk management
As Figure 2.6 shows, the risk management function is multidisciplinary, the common
denominator being the risk vector. From this, an ˜octopus™ pattern is evident; there is
only one step, but. . . Scope of competence
The risk management function must operate within a clearly de¬ned scope of competence,
which will often be affected by the core business of the institution in question.
Although it is generally agreed that the job of monitoring the market risk falls to risk
management, for example, what happens to the risk of reputation, the legal risk (see, and the strategic risk? And let us not forget the operational risk: although the
Basle Committee (see Chapter 1) explicitly excludes it from the ¬eld of skills of internal
audit and includes it in the ¬eld of skills of risk management, it must be noted that a
signi¬cant number of institutions have not yet taken that step.
Naturally, this leads to another problem. The controlling aspect of a risk management
function is dif¬cult to de¬ne, as one is very often limited to certain back-of¬ce control
checks and there is also a tendency to confuse the type of tasks assigned to internal audit
with those proper to risk management.
22 Asset and Risk Management
Property, Causality, liability
Risk management

. 1
( 16)