Risk Library
   Documents by Author
     International Organization of Securities...
       Risk Management and Control Guidance for...
         I. Introduction
         II. The Role of Risk Management and Cont...
         III. Firm and Supervisory Considerations
         IV. Elements of a Risk Management and Co...
         Appendix A
         Appendix B


Risk Management and Control Guidance for Securities Firms and their Supervisors

II. The Role of Risk Management and Controls

The implementation of strong and effective risk management and controls within securities firms promotes stability throughout the entire financial system. Specifically, internal risk management controls provide four important functions:

    • to protect the firm against market, credit, liquidity, operational, and legal risks;
    • to protect the financial industry from systemic risk;
    • to protect the firm's customers from large non-market related losses (e.g., firm failure, misappropriation, fraud, etc.); and
    • to protect the firm and its franchise from suffering adversely from reputational risk.

Sound and effective risk management and controls promote both securities firm and industry stability which, in turn, inspires confidence in the investing public and counterparties. Securities firms have economic and commercial incentives to employ strong risk management internal control systems. Without such controls, a firm is vulnerable to risk.

The importance of effective risk management and controls in protecting against serious and unanticipated loss is perhaps best illustrated by some recent cases where risk management and controls broke down or were not properly implemented, as follows:

Market Risk

Market risk inherent in any investment is the risk that the investment will not be as profitable as the investor expected because of fluctuations in the market. Market risk involves the risk that prices or rates will adversely change due to economic forces. Such risks include adverse effects of movements in equity and interest rate markets, currency exchange rates, and commodity prices. Market risk can also include the risks associated with the cost of borrowing securities, dividend risk, and correlation risk.

An example of the danger inherent of market risk is highlighted in the bankruptcy of Orange County. Orange County's Treasurer used the Orange County Investment Pool's resources to invest in a significant amount of derivative securities, namely "structured notes" and "inverse floaters". When interest rates rose, the rates on these derivatives securities declined along with the market value of those notes (since they were at rates below those generally available in the market). This resulted in a $1.7 billion loss to the Orange County Investment Pool.

Gibson Greetings, Inc. ("Gibson") faced similar market risk when it began aggressively purchasing interest rate derivatives to take advantage of falling rates. When interest rates began to climb, Gibson sustained a $20 million loss on its derivatives contracts. Likewise, Procter & Gamble ("P&G") took a $157 million charge to unwind interest rate derivative contracts that were tied to interest rates in Germany and the United States. When the interest rates rose in both countries above the derivative's contractual hurdle rate (which required P&G to pay interest rates that were 1 412 basis points above the then commercial paper rate), the leveraged derivatives became too costly for P&G.

Credit Risk

Credit risk involves the possibility that one of the parties to the contract will not perform on its obligations. Credit risk comprises risk of loss resulting from counterparty default on loans, swaps, options, and during settlement. Securities firms are faced with credit risk whenever they enter into a loan agreement, an OTC contract, or extend credit. Credit risk can be minimized by risk management and controls and procedures that require counterparties to maintain adequate collateral, make margin payments, and have contractual provisions for netting.

Credit risk has been recently highlighted in the many U.S. banks who reported in January 1998 that their latest quarterly results were hurt by the Pacific Rim economic crisis. For example, J.P. Morgan reclassified approximately $600 million of its loans as "non-performing" due to the turmoil in Asia. Its fourth quarter profits fell to $1.33 a share from $2.04 a year earlier (35% lower than last year), which were below market expectations of $1.57 a share.

Liquidity Risk

Liquidity risk is the risk that a party to a securities instrument may not be able to sell or transfer that instrument quickly and at a reasonable price, and as a result, incur a loss. Liquidity risk includes the risk that a firm will not be able to unwind or hedge a position.

An example of liquidity risk is illustrated by the March 1994 $600 million loss of Askin Management. Askin specialized in mortgage-backed debt instruments known on Wall Street as "toxic waste" because they carried the highest credit and interest rate risk. When interest rates rose sharply, trading in these debt instruments ceased. No market participant would quote Askin a price on his positions anywhere near what he had paid for them. Furthermore, Kidder, Peabody & Co. lost $25.5 million loaned to Askin to leverage these positions.

Operational Risk

Operational risk is the risk that improper operation of trade processing or management systems will result in financial loss. Operational risk encompasses the risk of loss due to the breakdown in controls within the firm including, but not limited to, unidentified limit excesses, unauthorized trading, fraud in trading or in back office functions including inadequate books and records and a lack of basic internal accounting controls, inexperienced personnel, and unstable and easily accessed computer systems.

The importance of operational risk management and controls is highlighted by the collapse of Barings in February of 1995. Britain's Board of Banking Supervision concluded that Barings' failure was due to immense losses from unauthorized and hidden derivatives trading of an employee of Barings Futures Pte. Limited in Singapore, that went virtually undetected by management. The trader had been left unsupervised in his dual role as head of futures trading settlements. Barings' failure to independently monitor the trader's activities, as well as its failure to separate front and back office functions, created operational risk which resulted in large losses and, ultimately, the total collapse of the firm.

Similar poor management led to even larger losses at Japan's Daiwa Bank Ltd. ("Daiwa") in the bond market. In 1995, it was discovered that a bond trader at Daiwa was able to conceal approximately $1 billion in trading losses because of his access to Daiwa's accounting books. As with Barings, the Daiwa trader was in control of accounts as well as trading activities. Separation of trading and support functions, a fundamental risk management practice, was violated in both.

Another example of operational risk can be found in the situation involving allegations of $350 million in false trading profit of government securities in Kidder, Peabody & Co. in Spring 1994. At that time, Kidder had determined that nearly $350 million in "profits" that had been attributed to a trader's trading activity were phantom and arose out of manipulation of the firm's trading and accounting system. This incident resulted in the sale of Kidder's assets to a competitor and ultimately Kidder's liquidation.

Maintaining adequate books and records and internal controls is essential to effectively managing operational risk. In its effort to strengthen its internal control structure, Salomon Inc., in mid-1993, commissioned a detailed review because of some unreconciled differences reported internally by the Company's Financial Division staff and its independent auditors, Arthur Andersen LLP, of material general ledger accounts of Salomon Inc. This review's objective was to ensure the general ledger accounts were properly supported and that appropriate reconciliation procedures were in place. The detailed account review uncovered significant unsupported balances which required pre-tax charges against earnings of $303 million in 1994. Subsequently, the company has made improvements in its reconciliation and control procedures.

In January 1996, strong risk management controls at Salomon Inc. revealed trading losses arising from mismarked options positions. The trader had assigned incorrect volatilities to mask trading losses. The firm's internal control structure, which included routine spot checks carried out by its risk management area, reacted as it was intended by catching these discrepancies and minimizing the losses to $15 million.

Operational risk is controlled through proper management procedures including adequate books and records and basic internal accounting controls, a strong internal audit function which is independent of the trading and revenue side of the business, clear limits on personnel, and risk management and control policies. Had proper management oversight, as well as the fundamental risk management and control practice of separating backroom and trading functions, been in place, the losses at Barings and Daiwa could perhaps have been avoided, or at the very least, minimized. The obvious importance of maintaining proper risk management and controls is underscored by these financial failures.

Legal Risk

Legal risk arises from the possibility that an entity may not be able to enforce a contract against another party. Legal risk arises from possible risk of loss due to an unenforceable contract or an "ultra vires" act2 of a counterparty. Legal risk involves the potential illegality of the contract, as well as the possibility that the other party entered into the contract without proper authority.

For example, the U.K. decision in Hazell v. Hammersmith & Fulham L.B.C., 2 W.L.R. 372 (1991), ruled that swaps transactions entered into by local government authorities were ultra vires, and therefore legally unenforceable contracts. This ruling cost banks approximately $1 billion in defaulted swap payments. The need for legal clarity is highlighted by the fact that legal counsel in Hazell had made continuous assurances that the swaps contracts were legal and enforceable.

Currently, Orange County has asserted an ultra vires claim in its suit against Merrill Lynch claiming that Merrill Lynch should have known that the contract violated several provisions of the California Constitution, hence rendering the contracts unenforceable.3 In today's global environment, major securities firms are faced with substantial litigation both as plaintiff and defendant because of the nature and scope of their business activities.

Systemic Risk

Systemic risk refers to (1) the scenario that a disruption at a firm, in a market segment, or to a settlement system could cause a "domino effect" throughout the financial markets toppling one financial institution after another or (2) a "crisis of confidence" among investors, creating illiquid conditions in the marketplace. Systemic risk encompasses the risk that failure in one firm or one segment of the market would trigger failure in segments of or throughout the entire financial markets.

Over-the-counter derivatives illustrate the supervisory concern with respect to systemic risk. The fact that some financial and securities activities are concentrated in a small number of financial institutions and can be used for unhedged, proprietary speculation creates the potential for a domino effect of systemic risk if a major financial institution is collapsing. This risk is more than a possibility due to the potential for substantial market and trading losses which can results in rapid, global transmission of defaults to the counterparties. This risk is further exacerbated by the interconnection of obligations among the same institutions and with the cash markets.

Although the domestic and international financial markets have withstood large firm losses as seen in the Barings and Daiwa cases, these isolated defaults occurred in the absence of significant market movement. Defaults of unprecedented nature and magnitude could occur in the event of heavy volatility across capital markets, such as currency and equity crashes.

Systemic risk is perhaps the greatest challenge to supervisors and to the financial markets. A uniform, flexible framework of risk management and controls, coupled with adequate capital standards is essential to the continued orderly operation of the global financial markets.


2. An ultra vires act is defined as any act performed without legal authority because such act is beyond the scope of powers granted to a corporation, state or municipality.

3. The California Constitution provides that debts of the country which exceed the revenue for the current year must be approved by two thirds of the voters. (California Const. art. XVI, section 18.)

Contact us * Risk Library * Documents by Author * International Organization of Securities Commissions (IOSCO) * Risk Management and Control Guidance for Securities Firms and their Supervisors