It seems that the pre-crisis risk agenda had become too heavily skewed towards quantitative measurement. As a result, these models are losing influence in risk functions. A new emphasis is being placed on pragmatic risk management instead.
The crisis challenges all the basic assumptions that credit modeling and other forms of modeling are accurate and that internal models are an appropriate mechanism for regulation.
Basel II established a framework that demands to set regulatory capital aside for three distinct risk types: market, credit and operational risk. Some argue that banks failed to cope with a crisis in which market and credit risks overlapped with and reinforced liquidity and funding risks because they were too busy implementing their internal capital calculation systems.
Now, regulators are facing intense political pressure to reopen Basel II. It certainly doesn’t mean the end of modeling: quantitative analysis is one of the industry’s pillars, and it would be impossible to abandon it. Technology vendors are looking to improve the capabilities and functionality of their systems to cope with current market conditions.
Instead of getting rid of the models, banks need to find a better way to use them.
The integrated model is an obstacle to effective capital allocation within a bank and makes the risk profile of the institution opaque to external stakeholders. One way to manage risk more effectively is to have specific business activities with specific risk profiles and to manage them separately.
One of the problems is that models can give the illusion of confidence. It’s hard for senior executives or board members to have a debate about a VAR number or to understand how reliable it is. So, instead of giving decision-makers numbers such as VAR, which shows how much money can be lost by a single trader, desk or portfolio at a given level of confidence, banks should spend more time looking at gross exposure numbers.
Banks need to start using simpler metrics and ask basic questions such as “Is this a business we should be in?” and “Do we understand it, can we manage it, what are the risks we are taking here?.”
At the tactical level, a number of firms are creating new roles for a kind of super-auditor responsible for reviewing the operations of the risk function. Currently, existing audits tend to be carried out by staff who lack the expertise and authority to be a guarantor of the risk function’s effectiveness.