Exchange Ideas

Systems Risk

"Systems Risk" is in the position that Operational Risk was a decade ago (pre Basel II) in that everyone knows that Information Technology is a major issue in Financial Services but the industry has not found satisfactory ways of analysing and measuring the associated risks. Many business surveys point to IT being of vital interest to Boards and senior management, but we (the IT profession) keep screwing up - I would argue because, in part, neither the IT function nor business has yet learned how to manage risk.

 

« 4 Scenes from a Scandal | Main | Fiasco at Heathrow Airport - a case of People Risk »

March 11, 2008

Foundations Crumbling?

At the height of the subprime crisis, the Bank for International Settlements (BIS) published a research paper, which concluded that "undue reliance on [credit] ratings, therefore, can lead to mispriced and mismanaged risk exposures as well as unfavourable market dynamics if these exposures have to be unwound."

The BIS researchers did not, however, go one small step further to observe that, if correct, their findings appear also to undermine one of the core foundations of Basel II, namely the calculation of Credit Risk capital for securitised assets under Pillar 1.

Confirming what firms are already experiencing in the CDO (Collateralized Debt Obligations) markets, the BIS researchers [1] concluded, "ratings are not an appropriate metric [my emphasis] to fully capture and summarise the risks embodied in structured instruments."
[Note the authors do not single out only CDOs!].

Furthermore the authors conclude, "While this may be obvious for risk factors that are not covered by ratings (such as liquidity), investors need to appreciate that this [inappropriateness of ratings] also applies to default risk in that EL [Expected Loss] and PD [Probability of Default] do not give an indication of the higher moments of the loss distribution."

During the tortuous process that give birth to the Basel II regulations, there was one piece of solid ground that was undisputed: rating agencies (such as Standard and Poor's or Moody's) were the 'gold standard' for credit ratings of borrowers and issuers of securities. And, therefore, it could be reasonably assumed that credit risk capital could reasonably be based on these ratings.

In Basel-speak, rating agencies are not 'rating agencies' but ECAIs (External Credit Assessment Institutions)[2]. To be 'eligible' as an ECAI, Basel II insists that such agencies must be Objective, Independent, Credible, Transparent, Open and Skilled [it is rumored that Motherhood and Apple-Pie were removed as eligibility criteria late in the deliberations]. The subprime crisis has raised questions about such stringent eligibility criteria for the leading rating agencies, in particular independence and objectivity.

Under the so-called "Standardised Approach" for calculating Credit Risk capital under Pillar 1 of Basel II, the 'risk weights' that are to be applied to credit claims against banks, securities firms and corporate borrowers should be directly tied to published credit ratings (e.g. 'AAA'). These risk weights are then used to compute the capital required to hold against such credit risks.

Under the more complex, but more 'risk sensitive', Internal Ratings Based (IRB) approach of Basel II, firms are required to derive their own internal assessments or 'grades' for borrowers, issuers and trading counterparties, to calculate a 'Probability of Default' or PD. This makes sense as many, if not most, of the entities, or individuals, to which a bank extends credit are 'un-rated'. For some assets, however, such as securitisations and Asset Backed Commercial Paper (ABCP) programs, Basel II requires that 'external risk assessments' of PDs must be from eligible ECAIs. These instruments, of course, are precisely the risk shifting and liquidity instruments that are under scrutiny in the subprime crisis.

If a rating agency, staffed by expert analysts, with large databases of historical information on credit behaviour and banks of supercomputers on which to run sophisticated credit models, cannot compute a reliable credit rating, what chance does a medium sized, or even large, bank have in calculating rates of default on the same securities?

Basel has recognized that there may be circumstances where rating agencies might not satisfy their strict eligibility criteria, such as a
"temporary market change or exogenous shock [where] supervisors would be expected to monitor the ECAIs' assessments to ensure that the higher default experience is not the result of a loosening of credit risk assessment standards".

The subprime crisis would appear to be just such an 'exogenous shock'!

Unfortunately, other than adjusting risk weightings (undoubtedly upwards), there is little clue as to what banking supervisors would do in such circumstances; there is little evidence of a Plan B if agency ratings cannot be relied upon.

The question must be asked: Why was research into the potential problems of rating complex structured finance instruments, not conducted before the final Basel II rules were issued?

The BIS researchers point out that it is the process of packaging securities into separately rated 'tranches' that "results in a nonlinear relationship between the credit quality of underlying assets and that of tranched products [i.e. the resulting securities]." But the process of 'tranching' is not unique to CDOs and is fundamental all securitisation! What other highly-rated securities have the same potential flaws?

Obviously much more research is needed into the securitisation process to identify the sources of (and hopefully the solutions to) rating problems. When the subprime dust settles, the obvious will become apparent again; rating agencies are, after all, commercial organizations, subject to market pressures as any other listed company and are, therefore, ill suited to being 'surrogate' regulators. In the meantime, calculations of credit risk capital must be viewed as being somewhat speculative, since the components with 'non-linear' risks cannot easily be separated from other assets in a securitised pool.

But is the industry about to make the same mistake again?

The Solvency II regulations on Insurance are moving towards using essentially the same approach as Basel II for developing 'Internal Models' for the calculation of risk capital. In looking at the capital to cover counterparty and investment risks in such internal models, regulators propose to tie capital to the 'grade' of the issuer/ borrower. For example, in a recently released consultative prudential standard [3], the lead Australian regulator (APRA) ties these grades directly to ratings issued by the four major rating agencies and then aligns these grades with "Investment Capital Factors". Nowhere does there appear to be an indication as to how such credit risks may be evaluated without agency ratings!

As the subprime crisis is showing, Basel II is an experiment in financial services regulation that is still unfolding. We can but hope that the increasingly shaky foundations upon which Basel II is standing does not turn into a not-so-bargain basement for insurers.


References
[1] Fender I, Tarashev N & Zhu H, "Credit fundamentals, ratings and value-at-risk: CDOs versus corporate exposures", March 2008, Bank for International Settlements www.bis.org

[2] Under US securities laws, rating agencies are also known as "Nationally Recognized Statistical Rating Organizations" or NRSROs.

[3] "GPS 114 Capital Adequacy: Investment Risk Capital Charge", DRAFT, December 2007, APRA www.apra.gov.au

Posted by pjmcconnell at March 11, 2008 12:11 AM

Comments

Post a comment




Remember Me?

(you may use HTML tags for style)

What can I do with PRMIA online?