Hi all. I’m thinking I should write this post in English as well, to increase the range a bit. I got the idea for this article today, again in a Twitter discussion. It was about banking. As you might have heard, Dexia is exposed to the default of Detroit. Dexia is a sensitive topic in Belgium, since the government has granted guarantees for an enormous amount. If that stuff goes wrong, Belgian taxpayers are going to need a drink. But anyway, that’s not what I want to talk about here. Today I want to talk about risk management in banking, because I sense that people are very interested in this topic, yet cannot find enough material out there to understand how it all works. So let me tell you what comes to my mind when I hear risk management in banking. By the way, my PhD topic is about risk management in banking as well, but I’ll explain that later.
Okay, so everybody knows banks are exposed to all kinds of risks. Let’s talk about the main ones. But first, what is risk? Risk means that there’s a chance you’re going to lose money. It means you don’t know what is going to happen when you buy or sell something. Risk is about unexpected things. Things that you expect to happen are not risks. When you buy a stock, there’s the risk of a fall in value. When you loan money to somebody, there’s the risk of him or her not paying back. And so on.
Banks borrow from some people and lend it back out to others. A unique function of banks is that fact that they usually borrow money on shorter timeframes than they lend money out. Say I bring 100.000 EUR to the bank and buy a one year savings certificate (kasbon in Dutch) with an interest rate of 2%. The bank then takes my 100.000 EUR and lends it out to a company wanting to invest in new equipment, which they will pay back over a period of five years at a rate of 4%. This process is called maturity transformation. Notice that the bank earns a handsome 2% a year or 2.000 EUR as a compensation for this maturity transformation.
Immediately we can distinguish several types of risk. First, there’s credit risk. If the company goes bankrupt, the bank is not going to get all its money back, but still owes me my 100.000 EUR. Next, we have interest rate risk, also an important one. Say one year passes and my savings certificate matures. Obviously, the bank doesn’t have my money since they gave it to the company for five years. So they need to find somebody else who will lend money to the bank, just like I did a year ago. Say they find such a person but market conditions have changed and the relevant interest rate is now 3%. The bank borrows 100.000 from somebody else and pays them 3% a year. Note that the profit margin has gone down from 2% to 1%. The corporate loan stills pays 4% a year but the bank now needs to pay out 3% instead of 2% to the holder of the savings certificate. So interest rates changing is also a source of risk, since it has an impact on profits. Credit risk and interest rate risk are the most important risks banks face. There’s also liquidity risk, operational risk, reputational risk, strategic risk, and so on. But these are less important. Credit and interest rate risk make up the bulk of total risk for banks.
How do banks manage their risk?
So now that we know a bit about the risks banks are exposed to, we might ask ourselves how banks take care of these risks. You can basically do two things: you get rid of the risk (hedging) or you keep the risk but make sure it will not take you down in bad times (holding capital).
You can hedge all kinds of risks by buying products with a bad name, such as credit default swaps (CDS) or interest rate swaps (IRS). Assuming these instruments trade at fair prices, they actually are a wonderful invention because they allow people to share risks. Say I loan money to somebody but I don’t like interest rate risk. I buy an IRS and now I’m only exposed to the credit risk, which makes me feel better. The other person is now exposed to the interest rate risk, but that is exactly what he or she wanted. Everybody is happy. Remember that in financial markets, risk is rewarded by return. There’s no point in bearing risk if there’s not going to be a compensation. So markets will price products in such a way that risk will be rewarded, on average. Riskier products are cheaper than safer products. If you don’t bear risks, you’re going to earn the risk-free rate, which to the best of my knowledge is negative or zero today.
Now say you don’t want to get rid of the risk, because you want to make some money. Well, where there is risk, there should be capital (or equity). The more capital a bank has, the more trouble it can handle. Or in other words: the lower the leverage, the safer the bank. High leverage (little equity and a lot of debt) means that when you suffer some losses, your equity will get a serious blow. It might even become negative. Low leverage (a lot of equity and little debt) means that you can take a series of blows without the danger of going bankrupt. This is why banks should hold capital, in order to make sure that a small or large blow will not cause bankruptcy. It’s important to realize that capital is NOT money lying around doing nothing. No, capital is also invested in assets, but the difference with regular debt is that regular debt should be paid back in full at some point in time.
How much capital to hold?
Banks need to be able to survive a lot of worst-case scenarios. They won’t be able to do that if they don’t hold too much capital. So the amount of capital they hold should ensure that the bank is able to survive a lot of potential future scenarios. For example, a bank that strives for an A-rating (defined as a 0.07% probability of default within the year) would need to be able to survive 99.93% of all possible scenarios that can occur within the next year. So the amount of capital they need to hold should be enough so that the bank is able to survive those 99.93% of all scenarios. This amount of capital is also called economic capital.
So, how do we compute economic capital for the entire bank? Well, in practice, banks first calculate economic capital for separate risk types. They calculate how much capital they need to hold in order to cover their credit risk, then how much capital they need to hold in order to cover their interest rate risk, and so on. Then, when all these numbers are available, they add them together using a correlation matrix or something like that. You can’t just take the sum, since there is diversification. Interest rate risk and credit risk are correlated: usually not all bad things happen at the same point in time. It’s the same principle when you’re investing in stocks. Not all stocks go down at the same time, there is diversification. Holding more stocks means your position becomes less risky. So adding everything together as a sum would overstate your risk. Therefore, something like a correlation matrix is used, which is not very sound. You could view it as a “shredder”. You worked hard to get reliable estimates of economic capital for separate risk types, but then you must add them together using some dubious method. For example, what are those correlations? How would you be able to verify they are correct? And aren’t these correlations unique for each bank? Indeed, it’s not the best method.
My PhD topic
This is where my PhD topic comes in, on the idea of integrating risk. We no longer calculate economic capital for each risk type separately. Instead, we calculate it in one go, for all risks at the same time. The main difficulty is that now you need to define the relationships between different risks. For example: what happens to default probabilities when interest rates change? Does economic growth impact defaults and interest rates, and if so: in what way? This area of financial economics is not very well developed yet. So, first we define how all these risk drivers act together in a unified framework. Then, we calculate economic capital based on this framework, so that you get an estimate which is based on a sound and reliable method. Correlations between risk drivers are the same for all banks. It’s just the banks’ exposure to different risks that might differ. So it makes the job of the regulator a bit easier. Also, we can now verify if our numbers make any sense or if they correspond to reality, since everything can be traced back to basic observable economic variables.
So in a nutshell, this is what I’m working on. I hope that I could give some people a better idea of what risk management is about (although I must emphasize that I really am only scratching the surface) and a better idea of what I’m working on. Feel free to ask questions.