* Ecole des HEC, BFSH 1, 1015 Lausanne, Switzerland, Phone +41 21 692 34 68, e-mail: Rajna.Gibson@hec.unil.ch.

Acknowledgements: This research has been supported by IFCI, Geneva.

1. Introduction

The purpose of the present study is to propose a standard framework for evaluating risk management disclosure quality based on qualitative and quantitative information. To effectively allocate their investment dollars to firms with the best risk-adjusted investment opportunities, the shareholders must be able to assess not only the firm's risks, but also the firm's risk management process, i.e. the policies, procedures and models used by the risk managers. There are three significant barriers to the definition and enforcement of a standard evaluation framework. The first barrier is the rapid pace of innovation in the risk management area. The second barrier is the evolution of the structural architecture of the financial services industry: the entry of new players (e.g. insurance companies, hedge funds, internet banks) and the disappearance of banks into enormous financial conglomerates. The third and most significant barrier to the development of meaningful, harmonious and enforceable standard evaluation framework is the poor understanding of its core concept: economic valuation. Marking-to-market valuation is certainly more appealing, under normal market conditions, than book valuation. However its extension to on- and off-balance sheet assets pose a multitude of problems: 1) the lack of liquidity of the asset or the underlying instrument, 2) informational asymmetries and 3) poorly quantifiable risk factors, such as legal, political, credit and operational.

The goal of the standard framework for evaluating the risk management disclosure quality is to enable market participants to form an objective opinion about risk management practices, across firms, across market segments and over time. The framework emphasizes the quality, rather than just the quantity, of risk management disclosure. We limit our attention to disclosure in annual reports, to market and credit risks and to financial firms. We choose the annual report as the only data source for our framework because it is publicly available, widely disseminated, reasonably standardised and legally mandated. We deliberately limit the risk categories to market and credit risks to focus on measurable, comparable and objective criteria for judging risk management disclosure practices. We limit the framework to banks and other regulated financial firms that are active in the international capital markets because there is still a wide discrepancy in the regulatory and accounting standards for other types of firms.

Thus, the framework consists of five general propositions, which provide general guidance for evaluating the quality of the risk management disclosure, and the detailed qualitative and quantitative information requirements to satisfy these propositions.

2. Academic Perspective on Disclosure

The quality of information disclosure has been the subject of an increasing stream of academic research focusing on the economic functions of increased transparency and its value added to market participants. In an imperfect market, it has been emphasised that financial analysts can never perfectly substitute for the deficiency of a firm's disclosure policy. Thus we review the determinants and limits of a firm's voluntary disclosure policies.

The finance literature offers some explanations for the willingness of a firm to be transparent, i.e. to voluntarily disclose accurate, complete and timely information. In particular transparency can reduce the transaction cost of stock trading by lowering moral hazard and adverse selection problems. Many studies document a strong tendency among analysts to follow similar firms and to have similar opinions about those firms (see Welch 1996). Firms, in turn, may voluntarily disclose in order to satisfy the disclosure criteria required by most analysts. A third motivation for voluntarily disclosure is that transparent firms benefit from a lower cost of capital for new equity issues.

There are however several factors which reduce incentives for transparency. Among them are the threat of product-market competition (see Darrough and Stoughton (1990) and Chen (1994)), tax avoidance considerations, conflicts of interest among various classes of shareholders and finally the management's fear of losing the confidence of a diffused ownership by revealing more highly variable marked-to-market profits.

Thus, disclosure policies which balance these conflicting goals may not result in complete, timely and accurate information of the risk exposures and the risk management practices of a firm. Even if a manager faced appropriately incentives to disclose, one must be aware of the difficulty in measuring financial and non-financial risks.

3. Five Risk Management Disclosure Propositions

Our task is to design a comprehensive model for evaluating the quality of risk management disclosure which fits the characteristics of all financial firms irrespective of their core business activities, their market shares, their organisational structures and ultimately their risk exposures. Needless to say, the standard evaluation framework developed in this study can and should, in a second stage, be extended to encompass liquidity risks, operational risks, insurance risks and other sources of uncertainties. We state five propositions for high quality risk management disclosure in the annual reports of financial firms.

Proposition 1: The disclosure of risk management practices should enhance the confidence of market participants in the willingness of the firm to provide information about the specific and aggregate risk exposures as well as to make efforts to monitor and optimise these risk levels in accordance with the targeted risk and equity profiles.

Proposition 2: The risk management disclosure policy should be complete. It should encompass and appropriately weight all core businesses and risk factors. The policy starts with a proper identification of each business activity and of the risk factors that affect earnings and value-added at this level. However the policy should also disclose, quantitatively and qualitatively, the aggregate risk exposures of the firm and the risk structure of the on- and off-balance sheet activities.

Proposition 3: The risk management disclosure policy should incorporate consensus risk assessment practices, focus on materiality and symmetry with respect to the type of information (good and bad news, quantifiable and qualitative risks) released in the annual report.

Proposition 4: Disclosure practices should be standardised in order to facilitate risk management comparisons across firms and products-market segments, in particular regarding the minimum set of quantitative and qualitative information about the management of each risk factor.

Proposition 5: Disclosure quality should be analysed across both functions and risk factors, based on the risk management process of the firm. This starts by distinguishing between the informational needs of trading (including the client-related and proprietary) and non-trading activities.

Proposition 5 implies that the risk management disclosure should be partitioned along the main economic functions of the firm, in other words along their trading and non-trading activities, for three reasons. First, the assets in the trading book are generally more liquid (i.e. actively traded) and their marking-to-market is, under normal market conditions, less problematic than for assets in the non-trading book. Second, the time horizon pertaining to both trading and non-trading activities is different and thus requires different economic valuation techniques. Third, regulatory and accounting practices across countries and institutions are less harmonious for on- and off-balance sheet valuation principles. We also believe that a functional evaluation of the quality of risk management disclosure parallels the functional organisation of much of the financial services industry and more recently its regulation. Economic functions are slow to change while structures (for example banks, insurance companies and exchanges) and products can evolve quickly and become extinct. Thus the functional approach offers the advantage of flexibility, homogeneity and adaptability to the particular innovation path of the financial services industry. The functional approach to disclosure also enables identification and attribution of responsibilities and assessment of management performance across the various segments of the financial services industry. Indeed, a financial firm that has mostly non-trading activities should not be directly compared or penalised relative to another firm that relies heavily on the trading book to generate income (and thus has an easier task of disclosure).

4. The Information Requirements for the Framework
1. Disclosure for trading (including client-related and proprietary) activities

Risk management disclosure starts with a discussion of the firm's policy regarding the identification and monitoring of the market and credit risks associated with its trading activities. In the same vein, the annual report should discuss the internal organisation adopted to manage those risks and identify the top to bottom levels of risk management responsibilities. The report should also mention whether the firm manages those risks separately or on an integrated basis as well as the type of market risks covered (for instance, equity, foreign exchange, interest rates and commodity risks).

The report should summarise recent economic performance as well as associated major economic, political and institution specific risk factors. The average daily revenue from trading and its standard deviation should also be disclosed, compared to last year figures and analysed with respect to its origination, by asset class, currency, industry, geographical region and credit rating concentrations. Finally, the report should mention if the firm's target trading profit objective was achieved and, if not, explain the origins of the under-performance. A profit forecast provides a good indication of the firm's risk appetite.

The full paper provides a detailed discussion of the qualitative and quantitative information requirements and sample tables with which to evaluate the quality of the market and credit risk management disclosure practices for the trading activities. These include market Value-at-Risk (VAR) matrices broken quarterly and by maturity, into currency, interest rate, equity and commodity risk, with a 10-day and one-day holding period. Credit risk tables present information on counterparty rating, economic sector and geographic region. To further identify concentration risk, the tables present exposures to the top 10 counterparties and top five currencies.

In particular, qualitative information should include descriptions of the market and credit risk models, the quality of the data, the treatment of derivative securities, the backtesting methods (static versus dynamic, BIS exceptions rule or not) and the stress testing procedures. Most importantly, the stress testing disclosure should indicate whether a firm seriously assesses catastrophic events and the limits of its VAR models, in particular with respect to the trading book composition. The sensitivity of the P&L, and of its major constituents, to stress testing should also be disclosed.

2. Disclosure for Non-Trading Activities

Currently, only a few banks disclose market and credit risk management figures for their non-trading activities. The disclosure is voluntary and non-systematic. The depth of coverage is quite different from one bank to another. This situation will change in the near future due to recent regulatory harmonisation efforts (e.g. the 1997 BIS guidelines on interest rate risk management for banks) and due to developments in quantitative tools both for asset/liability management and for loan portfolios and off-balance sheet item credit exposure monitoring. Needless to say, recent losses in the domestic real estate market and the international emerging and OECD debt markets (the Asian, Japanese and more recently Russian financial crises, etc.) will contribute to reinforce this trend.

Derivatives trading is no longer considered to be the only wild beast which can lead a first class financial firm to go bankrupt (remembering Barings) since the same threat can also result from a high concentration of bad loans in domestic or international financial markets. Finally, the recent merger trend has created not only mega-banks but also financial conglomerates (such as the Credit Suisse Group) for which trading is only one of numerous business lines involved. These developments will contribute to the need to assess, globally and accurately, the risk exposures faced by a consolidated entity.

The full paper provides a detailed discussion of the qualitative and quantitative information requirements and sample tables with which to evaluate the quality of the market and credit risk management disclosure practices of the non-trading activities. The market risk disclosure should present the VAR, along with its assumptions and its time horizon justification, as well as a discussion of the asset-liability and hedging policies. The credit risk disclosure should present an overview of the general policy, a detailed counterparty risk analysis and a concentration risk analysis. Though the discussion focuses on loans, the major conclusions here extend to all on- and off-balance sheet items, as described in Table 2 in the Appendix of this paper.

5. Conclusion

The framework is preliminary and should be extended to other important risk factors such as liquidity and operational risks, as the measurement methods are well defined and broadly used. The functional approach to the evaluation of risk management disclosure should be extended to financial conglomerates. Risk management is still a new and evolving field that is far from offering structured and unified solutions to problems such as financial and non-financial risks monitoring, risk aggregation, and risk-based capital allocation. The professional community is still struggling with the definition of a sound 'global' risk management policy, including its underlying principles, its evaluation and its value-added to market participants.

Finally, let us recall the primary objective of sound risk management disclosure: to enhance the confidence of market participants in the firm's ability to identify, measure and manage its risks appropriately. Unfortunately, this primary goal is too often lost or distorted by the conflict between the objectives of the shareholders and the regulatory authorities for risk management. The shareholders may wish to take risks which, due to measurement problems or externalities, the regulatory authorities may wish to limit. This may cause managers to adopt strategies that shift risk to less quantifiable categories and thus manage risk less efficiently. We hope that our proposed framework stimulates further consideration of these and other issues.