Our task is to design a comprehensive model for evaluating the quality of risk management disclosure which fits the characteristics of all financial firms irrespective of their core business activities, their market shares, their organisational structures and ultimately their risk exposures. We first state five propositions for high quality risk management disclosure in the annual reports of financial firms.

For reasons stated in the introduction, we propose to analyse the quality of the risk management disclosure practices following a functional approach. Given the current state of accounting and regulatory standards, this approach recognises that the quality of disclosure for trading and non-trading activities may differ significantly. These quality differences may arise from differences in the valuation methods, the quantitative models and the depth of credit risk analysis. This approach to disclosure analysis is inspired by Merton (1992), who argues for a functional approach to the regulation of financial firms. This approach is here extended to evaluating the quality of the risk management disclosure by a minimal set of quantitative and qualitative information for each type of activity and for each risk category, as presented in section IV.

Finally, since the present study attempts to develop an evaluation framework that relies on identifiable and comparable risk measurement standards, we limit the analysis to the quality of the market and credit risks disclosure policies, for both the trading and the non-trading activities. Indeed, as stated above, for these two risk categories we can rely on an established body of knowledge and models, which allow for meaningful comparisons of these risks on a quantitative basis, not just for simple securities but for complex derivative securities and aggregate positions as well. Indeed, the main qualitative aspects of market and credit risks management are now sufficiently well established to allow for meaningful comparisons across annual reports. For an overview of the current state of the art on market and credit risk disclosure requirements for US regulated financial firms, see the companion paper by R Frey entitled "Disclosure of Risk Information: Current US Practice". It provides a comprehensive overview of the current mandated practices that provide a basis for the comparison of market and credit risk management disclosure quality across the annual reports of financial firms.

Needless to say, the standard evaluation framework developed in this study can and should, in a second stage, be extended to encompass liquidity risks, operational risks, insurance risks and other sources of uncertainties. These risks are relevant in general, but also specifically in the case of internationally active financial conglomerates.

III.2 The Risk Management Disclosure General Propositions

In this section we define the five general propositions according to which the market and credit risk management disclosure quality should be evaluated for the trading and non- trading books of the financial firm.

Proposition 1: The disclosure of risk management practices should enhance the confidence of market participants in the willingness of the firm to provide information about the specific and aggregate risk exposures as well as to make efforts to monitor and optimise these risk levels in accordance with the targeted risk and equity profiles.

Any meaningful disclosure policy thus relies on the premise that the firm has adopted a clear definition of its risk management objectives and of the operational procedures which translate those goals into efficient risk management decisions. This presupposes that the firm has a well-defined risk appetite and that it optimises its aggregate trading and non-trading portfolios of activities accordingly. The risk management monitoring procedures must be communicated consistently and comprehensively to market participants in order to enhance their confidence. This objective, as stated in proposition I of Gibson and Zimmermann (1996b), should shape not only the disclosure of risks but also the disclosure of the risk management decision process. By disclosure to market participants the firm can mitigate the distortions of market participant decisions caused by the difference between the perceived and the actual risk exposures.

For that purpose, senior management should lay out and communicate a well-defined top-down risk management policy. They should adopt an organisational structure that promotes a flexible risk culture (across responsibility levels and business units) with incentives to disclose information about risk exposures and their monitoring. More specifically, the following information on the overall risk management practices of the firm should be included in the annual reports:

• The degree of involvement of the board of directors and senior management in approving strategies and policies for the aggregate risk management of the firm.
• A description of risk management policies for each business activity (trading versus non-trading) and for each significant risk factor. This includes information on reporting procedures, frequency, level and type of information provided as well as procedures for new products trading approval, limit procedures and sanctions.
• A description of the segregation of responsibilities and duties, in particular the extent of the separation of the risk taking and risk control functions of the Executive Board. What is the effective independence and action scope of the internal control function?
• Does senior management ensure that the control procedures and risk management policies are effectively implemented and respected?
• Compensation policy, particularly information on the remuneration policy of those involved in trading and the consistency between the risk management culture of the firm and its remuneration policy.
• Is the management of all risks integrated? To what extent do the different risk control units at the product and market levels interact in order share information?
• Are the knowledge base and the level of training of the Board of Directors, the senior management and the risk controllers sufficient and regularly updated?
• Is the performance of the risk management function evaluated and disclosed to the shareholders of the firm?

Proposition 2: The risk management disclosure policy should be complete. It should encompass and appropriately weight all core businesses and risk factors. The policy starts with a proper identification of each business activity and of the risk factors that affect earnings and value-added at this level. However the policy should also disclose, quantitatively and qualitatively, the aggregate risk exposures of the firm and the risk structure of the on- and off-balance sheet activities.

It is crucial that the risk management policy of the firm be comprehensive and that it does not overlook the needs of a specific business unit. For example, an emerging-markets trading desk may currently face higher market volatility or liquidity risks and thus require a stronger monitoring of its trading policies than under normal market conditions. Proposition 2 also implies that risk management disclosure should encompass meaningful qualitative and quantitative information on both the trading and non-trading activities of an institution. For example, through third parties guarantees or collateral, many banks face larger direct and secondary credit risk exposures on their loan book than on their derivatives trading exposures. This requires more stringent risk management policies and disclosure rules on the loan book concerning short- and long-term potential losses (especially due to credit quality deterioration), recovery risk and concentration risk.

A sound risk management disclosure policy must comprehensively inform about the nature of the core activities. Further it must allow market participants to have confidence that the firm has identified the main risk factors and implemented the appropriate procedures to manage those risks efficiently at the individual and the aggregate level.

Proposition 3: The risk management disclosure policy should incorporate consensus risk assessment practices, focus on materiality and symmetry with respect to the type of information (good and bad news, quantifiable and qualitative risks) released in the annual report.

Though there is widespread debate about best practice for risk assessment, at a minimum the firm's disclosure practices should adopt the consensus risk assessment practices. For instance, concentration risk can easily be confirmed if disclosed appropriately. Further, the firm should adapt to the rapid pace of innovation in the consensus practices to measure individual and aggregate risks. Second, only material events and risk exposures should be disclosed rather than the economic verbiage and superficial information releases often found in annual reports. Third, perverse incentives may induce managers to disclose information asymmetrically. Examples of violations of the symmetry principle are not hard to find. Managers often voluntarily disclose their winning bets (as a proof of their market timing skills) in contrast to their reticence concerning trading losses. Firms disclose substantial information on well-quantified risks (e.g. market risks) and little information on poorly measured risks (e.g. liquidity or operational risks).

Proposition 4: Disclosure practices should be standardised in order to facilitate risk management comparisons across firms and products-market segments, in particular regarding the minimum set of quantitative and qualitative information about the management of each risk factor.

Proposition 4 strongly states the need for standardisation and comparability in the presentation of risk management information. Often risks are not even defined in a standardised way. For instance operational risk has a unique definition for each financial firm in the sample of 79 firms referred to above. Without standardisation it is impossible for market participants to evaluate whether the firm can manage its risks efficiently. Toward that end, Section IV provides a simple step by step framework for evaluating the quality of market and credit risk management disclosure, based on standardised minimal requirements for the quantitative and qualitative information in the annual report. This should facilitate comparisons of risk management practices across firms and their product-market segments.

Proposition 5: Disclosure quality should be analysed across both functions and risk factors, based on the risk management process of the firm. This starts by distinguishing between the informational needs of trading (including the client-related and proprietary) and non-trading activities.

This last proposition allows a financial institution to disclose and discuss its risk management practices according to its main functions and to concentrate on the areas which are the most relevant in terms of size, turnover, concentration and source of profit. It provides consistency between the economic objectives and constraints on the one hand, and the related risk management implications of each activity on the other. As mentioned in the introduction, this partitioning can adapt the degree, the precision and the quantification of the relevant information to the level of sophistication of the accounting valuation standards currently utilised in the trading and non-trading books. Similarly, it recognises the important differences across functions: time horizon, liquidity of the assets, frequency of reporting and frequency of marking-to-market or marking-to-model. For instance, the analysis of credit risk for the trading activities of a bank may focus more on short horizons while the analysis is longer term (generally more than one year) for the assets in the banking book. Functional separation puts an end to the myth that risk management disclosure is only derivatives trading disclosure. Finally, it promotes a more thorough analysis of, and thus a more suitable disclosure policy for, the non-trading activities of financial firms.

Based on these propositions we next present the quantitative and qualitative information requirements for market and credit risks in the trading and non-trading activities of a financial firm, which provide a basis for evaluating the quality of the risk management disclosure.