As outlined, businesses are exposed, in the main, to market, credit and operational risk. A broad distinction behind profitability, as well as of the
quantum of capital they are required to hold. Financial risk management in banking has thus grown markedly in importance since the
2008 financial crisis. (This has given rise (see
Too big to fail). Central to both commercial and investment banking is the function of
maturity transformation, where institutions fund long-term assets using short-term liabilities. Commercial banks typify this by issuing
demand deposits (which can be withdrawn at any time) to fund long-dated assets like
mortgages, while investment banks often finance longer-term
trading inventory or
structured products through short-term
repurchase agreements (repos). While this "borrowing short and lending long" strategy is profitable — normally capturing the spread between
lower short-term rates and higher long-term rates — it creates an inherent mismatch on the balance sheet. This structural mismatch generates the primary risks that banks must manage - outlined in the preceding paragraph - but here especially: liquidity risk (the inability to meet short-term obligations without selling assets) and
interest rate risk (changes in the
yield curve affecting asset and liability values
differently), making
Asset and liability management (ALM) a critical discipline. The
Basel Accords mandate the predominant risk management framework. Under
"Pillar I" regulators define the minimum
regulatory capital requirements for quantifiable risks — principally
credit risk,
market risk, and
operational risk as outlined — using either standardised or approved internal‑model approaches. Under
"Pillar II", banks must conduct an internal capital adequacy assessment (
ICAAP) to capture all material risks, holding sufficient "
economic capital" for those. These calculations are mathematically sophisticated, and within
the domain of quantitative finance. The regulatory capital quantum is calculated via specified formulae: risk weighting the exposures per highly standardized asset-categorizations, applying the aside frameworks, and the resultant capital — at least 12.9% of these
Risk-weighted assets (RWA) — must then be held
in specific "tiers" and is measured correspondingly via the
various capital ratios. In certain cases, banks are allowed to use their own estimated risk parameters here; these
"internal ratings-based models" typically result in less required capital, but at the same time
are subject to strict minimum conditions and disclosure requirements. As mentioned, additional to the capital covering RWA, the aggregate
balance sheet will require capital for
leverage and
liquidity; this is monitored via Extensions to VaR include
Margin-,
Liquidity-,
Earnings- and
Cash flow at risk, as well as
Liquidity-adjusted VaR. For both (i) and (ii),
model risk is addressed through regular
validation of the models used by the bank's various divisions; for VaR models,
backtesting is especially employed. Regulatory changes, are also twofold. The first change, entails an
increased emphasis on
bank stress tests. These tests, essentially
a simulation of the
balance sheet for a
given scenario, are typically linked to the macroeconomics, and provide an indicator of how sensitive the bank is to changes in economic conditions, whether it is
sufficiently capitalized, and of its ability to respond to market events. The second set of changes, sometimes called "
Basel IV", entails the modification of several regulatory capital standards (
CRR III is the EU implementation). In particular
FRTB addresses market risk, and
SA-CCR addresses counterparty risk; other modifications
are being phased in from 2023. To
operationalize the above,
Investment banks, particularly, employ dedicated
"Risk Groups", i.e.
Middle Office teams monitoring the firm's risk-exposure to, and the profitability and structure of, its various
business units,
products,
asset classes, desks, and /
or geographies.
limit values for each of the Greeks, or other sensitivities, that their
traders must not exceed, and traders
will then hedge, offset, or reduce periodically if not daily; see the techniques
listed below. These limits are set given a range of plausible changes in prices and rates, coupled with the board-specified
risk appetite re overnight-losses. • Desks, or areas, will similarly be
limited as to their VaR quantum (total or incremental, and under various calculation regimes), corresponding to their allocated against thresholds set for various types of risk, and / or re a single counterparty,
sector or geography. •
Leverage will be monitored, at very least
re regulatory requirements via LR, the
Leverage Ratio, as leveraged positions
could lose large amounts for a relatively small move in the price of the underlying. • Relatedly,
liquidity risk is monitored: LCR, the
Liquidity Coverage Ratio, measures the ability of the bank to survive a short-term stress, covering its total net cash outflows over the next 30 days with "
high quality liquid assets"; NSFR, the
Net Stable Funding Ratio, assesses its ability to finance assets and commitments within a year (addressing also,
maturity transformation risk). Any
"gaps", also,
must be managed. •
Systemically Important Banks hold additional capital such that their
total loss absorbency capacity, TLAC, is sufficient given both RWA and leverage. (See also "MREL" for EU institutions.) Periodically, these all are estimated under a given stress scenario —
regulatory and, often,
internal — and risk capital, is correspondingly revisited (or optimized). The approaches taken center either on a hypothetical or
historical scenario, A reverse stress test, in fact, starts from the point at which "the institution can be considered as failing or likely to fail... and then explores scenarios and circumstances that might cause this to occur".
Economic Capital (EC) reflects the
total risk capital that the bank requires to cover "all" its risks as a
going concern assessed on a realistic basis, including survival in a worst-case scenario. The modelling - at least once annually - must be such that A key practice, incorporating and assimilating the above, is to assess the
Risk-adjusted return on capital, RAROC, of each area (or product). Here,
"economic profit" is divided by allocated-capital; and this result is then compared
direct costs are (sometimes) also subtracted. RAROC is calculated both
ex post as discussed, used for performance evaluation (and related
bonus calculations), and
ex ante - i.e.
expected return less
expected loss - to decide whether a particular business unit should be expanded or contracted. Other teams, overlapping the above Groups, are then also involved in risk management.
Corporate Treasury is responsible for monitoring overall funding and capital structure; it shares responsibility for monitoring liquidity risk, and for maintaining the FTP framework. Middle Office
maintains the following functions also:
Product Control is primarily responsible for insuring traders
mark their books to fair value — a key protection against
rogue traders — and for
"explaining" the daily P&L; with the
"unexplained" component, of particular interest to risk managers. Credit Risk
monitors the bank's debt-clients on an ongoing basis, re both exposure
and performance; while (large) exposures are initially approved by an "
investment committee". In the
Front Office — since counterparty and funding-risks span assets, products, and desks — specialized
XVA-desks are tasked with centrally
monitoring and managing overall CVA and XVA exposure and capital, typically with oversight from the appropriate Group. "Stress Testing" is similarly centralized.
over the various areas, products, teams,
and measures — requires that banks maintain a significant investment in
sophisticated infrastructure,
finance / risk software, and
dedicated staff. Risk software often deployed is from
FIS,
Kamakura,
Murex,
Numerix (FINCAD) and
Refinitiv. Large institutions may prefer systems developed entirely
"in house" - notably
Goldman Sachs (
SecDB),
JP Morgan (Athena),
Jane Street (Core),
Barclays (BARX),
BofA (Quartz),
Citadel (Apollo),
Morgan Stanley (SecMaster) - while, more commonly, the
pricing library will be
developed internally, especially as this allows for currency re new products or market features.
Commercial and retail banking for retail and commercial banks
Commercial and
retail banks are, by nature, more conservative than Investment banks, earning steady income from lending and deposits; their focus is more on the "
banking book" than the "
trading book". The biggest concern here - as mentioned - is the credit risk due to
loan defaults from individuals or businesses. Liquidity risk, in this context not having enough liquid assets to meet
withdrawal demands, is also a major focus; while interest rate risk concerns the impact of interest rate changes on
net interest margins (the spread between deposit and loan rates). For these banks, regulatory oversight is often tighter due to their direct impact on the financial system. Thus they are also
highly regulated under Basel III and national banking laws, and will also be subject to regular stress testing by central banks; and all regulations above then apply (with local exceptions; e.g. an LCR "threshold" in the US). Additional to these, however, they must maintain high capital and liquidity ratios to
protect depositors; see
CAMELS rating system. Given their business model and risk appetite, than for assets typical in investment banking. See, e.g., the
ALLL and
NPL ratios. • At the same time, credit exposure for these banks is to significantly more clients than at investment banks. For retail banks, "
consumer credit risk" is often diversified across a vast number of borrowers, and these employ statistical models for (ongoing
"behavioral")
credit scoring and
probability of default. Commercial banks deal with mid-sized
corporate loans and
bonds, and apply
accounting- and
financial analysis to determine creditworthiness; the approach differs re investment banking in that the broad client base allows for (necessitates) automation, with
close monitoring on
an exception basis.
AI /
ML is increasingly employed at all stages. • Concentration risk, relatedly, differs in its
management: the concern is sector concentration as opposed to "name concentration". Here, in calculating VaR for a credit portfolio, banks will incorporate a
joint default probability for the various sectors and / or industries. • Both retail and commercial banks employ strict
liquidity management to ensure enough cash for
customer withdrawals: at a minimum meeting the above NSFR and LCR requirements; but also complying with their regulator's
reserve requirement. See also
liquidity at risk. • Both use
interest rate hedging (e.g., swaps) but here, in the main, to protect their profit margin against rate fluctuations, and the resultant "margin compression"; i.e., as opposed to addressing market risk
per se. Re the latter, they will often employ the abovementioned
cash flow at risk and
earnings at risk models. They also hold specific capital for
interest rate risk in the banking book, "IRRBB", which deals with the risks associated with a change in interest rates, including
interest rate gaps,
basis risk, yield curve risk, and
option risk. • Banks'
Economic Capital models, here, are focused more on
credit- and
operational risk. ICAAP applies; although allows for modelling which may be simpler, and with less stringent review by regulators. The Risk Management function typically exists
independent of operations - although may sit in Treasury - and reports directly to the board. The scope here - ie in non-financial firms (re banking) to overlap
enterprise risk management, and financial risk management then addresses risks to the firm's overall
strategic objectives, incorporating various (all) financial aspects of the exposures and opportunities arising from business decisions, and their link to the firm’s
appetite for risk, as well as their impact on
share price. In many organizations, risk executives
are therefore involved in strategy formulation: "the choice of which risks to undertake through the allocation of its scarce resources is the key tool available to management." Relatedly,
strategic projects and
major corporate investments must first undergo
thorough analysis, with approval by an
Investment Committee. Re the standard framework, — see following description — and is coupled with
the use of insurance, managing the net-exposure as above:
credit risk is usually addressed via
provisioning and
credit insurance; likewise,
where this treatment is deemed appropriate,
specifically identified operational risks are also insured. is concerned mainly with changes in
commodity prices,
interest rates, and
foreign exchange rates, and any adverse impact due to these on
cash flow and
profitability, and hence share price. Correspondingly, the practice here covers two perspectives; these are shared with corporate finance more generally: • Both risk management and corporate finance share the goal of enhancing, or at least preserving, firm
value. preempting any underperformance vs
shareholders' required return. In larger firms, specialist
Risk Analysts complement this work with
model-based analytics more broadly; in some cases, employing
sophisticated stochastic models, in, for example,
financing activity prediction problems, and for
risk analysis ahead of a major investment. • Firm exposure to long term market (and business) risk is a direct result of previous
capital investment decisions. Where applicable here their investment bankers — risk analysts will manage and hedge
interest rate- and
foreign exchange hedges (see further below). Because company specific, "
over-the-counter" (OTC)
contracts tend to be costly to create and monitor — i.e. using
financial engineering and / or
structured products —
"standard" derivatives that trade on well-established
exchanges are often preferred.
Multinational corporations are faced with additional challenges, particularly as relates to
foreign exchange risk, and the scope of financial risk management modifies significantly in the international realm (essentially that discussed above),
accounting exposure, and
economic exposure — so the corporate
will manage its risk differently. The forex risk-management discussed here and above, is additional to the per transaction
"forward cover" that
importers and
exporters purchase from their bank (alongside other
trade finance mechanisms). Hedging-related transactions will attract their own
accounting treatment, and corporates (and banks) may then require changes to systems, processes and documentation; see
Hedge accounting,
Mark-to-market accounting,
Hedge relationship,
Cash flow hedge,
IFRS 7,
IFRS 9,
IFRS 13,
FASB 133,
IAS 39,
FAS 130. It is common for large corporations to have dedicated risk management teams — typically within
FP&A or
corporate treasury — reporting to the
CRO; often these overlap the
internal audit function (see
Three lines of defence). For small firms, it is impractical to have a formal risk management function, but these typically apply the above practices, at least the first set, informally, as part of the
financial management function; see
discussion under
Financial analyst. The discipline relies on a
range of software, correspondingly, from
spreadsheets (invariably as a starting point, and frequently in total) through commercial
EPM and
BI tools, often
BusinessObjects (
SAP),
OBI EE (
Oracle),
Cognos (
IBM), and
Power BI (
Microsoft).
Insurance to model rare events such as "
100-year floods". Pictured is
Kaskaskia, Illinois, entirely submerged during the
Great Flood of 1993.
Insurance companies make profit through
underwriting — selecting which risks to insure, charging a risk-appropriate
premium, and then
paying claims as they occur —
and by investing the premiums they collect from insured parties. They will, in turn, manage their own risks are concerned more with longevity risk and
interest rate risk; Short-Term Insurers (
Property,
Health,
Casualty) emphasize
catastrophe- and claims volatility risks. Fundamental here, therefore, are risk selection and
pricing discipline, which as outlined, prevent insurers from taking on unprofitable business. For
expected claims — i.e. those covered, on average, by the
pricing model’s assumptions re claim
frequency and severity —
reserves are set aside (
actuarial, with
statutory reserves as a floor). These will cover both known claims, reported but unpaid, as well as those which are
incurred but not reported (IBNR). To absorb
unexpected losses, insurance companies maintain a minimum level of capital plus an additional
solvency margin. Capital requirements are based on
the risks an insurer faces, such as underwriting risk, market risk, credit risk, and operational risk, and
are governed by frameworks such as
Solvency II (Europe) and Risk-Based Capital (U.S.). To further mitigate large-scale risks — i.e. to reduce exposure to catastrophic losses — insurers transfer portions of their risk to
Reinsurers. Here, analogous to VaR for banks,
insurers use simulations to estimate potential losses at various thresholds, while stress tests assess how extreme events might impact capital and reserves under various scenarios. (
Dynamic financial analysis (DFA) and the
Wilkie model are used generally in scenario analytics, and may underpin the VaR engine.) In parallel with all these, as above, premiums collected
are invested to generate returns which will supplement
underwriting profits, and the fund is then risk-managed as follows:
discussed in the next section. As for banks, all models are
regularly reviewed, comparing, i.a., "Actual versus Expected". Specific treatments will, as outlined, differ by insurer-profile: • Life Insurers (or
standard deviation) — the extent to which the portfolio's
return is uncertain — and through
diversification the
portfolio is optimized so as to achieve the lowest risk for a given targeted return, or equivalently the highest return for a given level of risk: this approach is known as
mean-variance optimization. (The collection of these
risk-efficient portfolios form the "
efficient frontier"; see
Markowitz model.) The logic here is that returns from different assets are highly unlikely to be perfectly
correlated, and in fact the correlation may sometimes be negative. In this way, market risk particularly, and other financial risks such as
inflation risk (see below) can at least partially be moderated by forms of diversification. A key issue, however, is that the (assumed) relationships are (implicitly) forward looking. As observed in the
late-2000s recession, historic relationships can break down, resulting in losses to market participants believing that diversification would provide sufficient protection (in that market, including funds that had been explicitly set up to avoid being affected in this way). A related issue is that
diversification has costs: as correlations are not constant it may be necessary to
regularly rebalance the portfolio, incurring
transaction costs, negatively impacting
investment performance; and as the fund manager diversifies, so this problem compounds (and a large fund may also exert
market impact). See . The above mean-variance optimization is implemented (more or less) directly by
asset allocation funds. At the same time - in part given the issues outlined - alternative methods for portfolio construction have been developed,
including new approaches to
defining risk, and to the
optimization itself. — generically
APT — using
time series regression to design portfolios respectively: macro-,
factor-, and
style portfolios. The optimization, under both the mean-variance and factor model approaches, may be with respect to
(tail) risk parity, focusing on allocation of risk, rather than allocation of capital, and employ, e.g. the
Black–Litterman model which modifies the above "Markowitz optimization", to incorporate the "views" of the portfolio manager. Alongside these,
Discretionary investment management funds, instead, lean heavily on traditional "
stock picking", employing
fundamental analysis in preference to advanced mathematical approaches. (These Managers are then
the major consumers of
securities research.) The specific concerns will, in turn, differ as a function of the Manager's
investment philosophy and
active strategy, preferring, e.g.,
value-,
growth- or
defensive stocks within her fund. Portfolios here are managed, also, using qualitative and subjective considerations, which include evaluations
of company management,
industry dynamics, and
macro/political factors. As discussed below, Risk Management here will, correspondingly, be largely pragmatic and heuristic, as opposed to quantitative. An important requirement, regardless of approach, is that the Manager must ensure of
financial risk modeling techniques — including
value at risk,
historical simulation,
stress tests, and the respective sensitivities,
portfolio beta and
option delta, determine the number of hedge-contracts required. Fund managers may (instead) engage in "
portfolio insurance", a dynamic hedging process that involves selling index futures during periods of decline and using the proceeds to offset portfolio losses. • Fund managers, or traders, may also wish to
hedge a specific stock's price. Here, they may likewise
dedicated portfolio,
liability-driven investment strategy,
duration gap. • For individual
bonds and other
fixed income securities, specific
credit and interest rate risks can be hedged ). Sensitivities
re interest rates are measured using
duration and
convexity for bonds, and
DV01 and
key rate durations generally, and an offsetting derivative-position is purchased. For
credit risk, sensitivities are measured via
CS01, while analysts use models such as
Jarrow–Turnbull and
KMV to estimate the (
risk neutral)
probability of default, hedging where appropriate, usually
via credit default swaps. Probabilities (
actuarial) may also be obtained from
Bond credit ratings; then, often at a portfolio level — e.g. for credit-VaR — analysts will use a
transition matrix of these to estimate the probability
and impact of a "credit migration", aggregating the bond-by-bond result. Interest rate- and credit risk together, may be hedged via a
Total return swap. See
Fixed income analysis • For
derivative portfolios, and positions,
the Greeks are a vital risk management tool: as above, these measure sensitivity to a small change in a given underlying price, rate,
or parameter, and the portfolio
is then rebalanced accordingly will suggest - i.e. limit - the size of a position that an investor should hold in her portfolio.
Roy's safety-first criterion minimizes the probability of the portfolio's return falling below a minimum desired threshold.
Chance-constrained portfolio selection similarly seeks to ensure that the probability of final wealth falling below a given "safety level" is acceptable. Managers likewise employ the abovementioned
factor models on an ongoing basis to measure exposure to the relevant
risk factors.
allocation-strategy dependent (
tactical,
dynamic, or
strategic)
rebalance its
asset allocation from e.g. equities to bonds. In parallel with the above,
As relevant, they will similarly use
style analysis to address
style drift. See also
Fixed-income attribution and
Benchmark-driven investment strategy. Beyond market volatility, investment management requires rigorous control of liquidity, operational, and
leverage risks (the concerns mirroring those discussed above re banking).
Liquidity risk management ensures that a fund can meet
redemption requests or rebalance portfolios without incurring excessive
transaction costs, typically by maintaining
cash buffers or limiting holdings in illiquid assets; this is closely tied to leverage concerns, where borrowed capital magnifies losses (as outlined above) and introduces the risk of
margin calls or
forced liquidation. Operational and counterparty risks—the potential for failure in internal systems, trade execution, or default by a trading partner—are mitigated through robust
reconciliation processes,
segregation of duties, and
collateral agreements. These concerns differ significantly by fund structure:
hedge funds often employ high leverage and hold illiquid assets to boost returns, managing the associated risks through
"lock-up" periods that restrict withdrawals; in contrast,
mutual funds and
ETFs typically face
regulatory limits on leverage and must provide daily liquidity, necessitating stricter risk controls to prevent
asset-liability mismatches. Managers of
Discretionary Funds, will, as mentioned, rely largely
inflation risk will typically be managed at the portfolio level. Here the manager will programmatically (or heuristically) increase exposure the proportion of the portfolio in ILBs, for example, will correspond to its
inflation beta (sensitivity of portfolio return to increases in inflation, measured using regression). See . Newer and broader, and often qualitative
cybersecurity risks (a material drop in share prices caused, e.g., by a significant
ransomware incident) and
geopolitical risks. These risks are often less tangible and less immediately visible than traditional financial risks, and quantifying these can be challenging. While portfolio risks are managed day-to-day by the fund manager, the
Chief Risk Officer - often
Chief Investment Officer - is responsible for overall risk. The Risk Function ("Group" at an IB, as above) thus monitors aggregate firm-level risks (exposure across funds, as well as, e.g.,
reputational risk) ensuring alignment with the firm's
risk appetite and
regulatory obligations; it will, relatedly, be involved in scenario generation - economic and geopolitical - and stress testing. This team also provides
independent challenge and escalation if a fund breaches its Risk Budget (e.g. VaR, stress losses and sector concentration). The CRO typically signs off on stress testing, liquidity risk reviews, and
model validation. Given the complexity of these analyses and techniques, Fund Managers - and
Risk Analysts - typically rely on
sophisticated software (as do banks, above). Widely used platforms are provided by
BlackRock (
Aladdin),
Refinitiv (
Eikon),
Finastra,
Murex,
Numerix, MPI,
Morningstar,
MSCI (
Barra) and
SimCorp (
Axioma). == See also ==