Abstract: The widespread use of computer-based risk models in the financial industry during the last two decades enabled the marketing of more complex financial products to consumers, the growth of securitization and derivatives, and the development of sophisticated risk-management strategies by financial institutions. Over this same period, regulators increasingly delegated or outsourced vast responsibility for regulating risk in both consumer finance and financial markets to these privately owned industry models. Proprietary risk models of financial institutions thus came to serve as a "new financial code" that regulated transfers of risk among consumers, financial institutions, and investors.
The spectacular failure of financial-industry risk models in the current worldwide financial crisis underscores the dangers of regulatory outsourcing to the new financial code.
This Article explains how financial institutions used the "new financial code" to shift, spread, and price financial risk using the template of the stages of securitization of consumer-credit products, hedging through credit default swaps, and overall portfolio management. This Article then examines several explanations for the failures of risk models, which contributed to the current crisis, including flaws in the design of risk models and agency costs associated with those models. It also outlines several lessons for regulatory outsourcing from the current crisis, including the following:
* Bank regulators should scrap those provisions of Basel II that allow certain banks to set their own capital requirements according to their internal risk models;
* Regulators should promote "open source" in code (or the models) used to market financial products to consumers, price securitizations and derivatives, and manage financial-institution risk; and
* The failure of risk models used to price securitizations and derivatives reveals some of the comparative advantages of equity securities in spreading risk.
The revolution in quantitative finance that occurred over the last two decades produced models that enabled the rapid growth of securitization and derivatives.1 This Article demonstrates that financial regulators delegated or outsourced to these computer-based risk models the responsibility of regulating a wide range of risk transfers in the economy - from consumer finance to global financial markets. These risk models failed spectacularly in the global financial crisis that started in the subprime mortgage market, and this outsourcing of regulation exacerbated the crisis.
To understand the crisis, the failure of risk models, and the dangers of regulatory outsourcing, it is helpful to sketch out the system by which mortgages are connected to asset-backed securities, derivatives, and financial risk to global financial institutions.2 Securitization uses the future payment streams from mortgages and other credit products to create securities that are sold to investors. These investors not only acquire the right to these payment streams, but also assume a portion of the financial risk that borrowers will not make payment on the underlying mortgages when due; securitization thus carves up the risk associated with mortgages and other securitized assets into slices, which are then spread among investors.3 Those investors could then use credit derivatives and other derivatives to offload parts of this risk to counterparties in exchange for paying premiums to those counterparties.4
Securitization and derivatives created a system for transferring risk and spreading it among those investors who could theoretically bear risk most efficiently.5 Each part of this risk-transfer system was enabled by private, computer-based industry risk models that were built using innovations in quantitative finance. These models include the following:
* Data-mining and credit-scoring software used by financial institutions to market mortgages, loans and other financial products to individual consumers (this marketing includes not only setting the price of those products to match the risk of individual borrowers, but also creating complex features in those products that can be tailored for certain categories of consumers);6
* Pricing models used by financial institutions to structure and price the securitization of those consumer financial products;7
* Models used by credit-rating agencies to assign ratings to the asset-backed securities issued in securitizations;8
* Models used to price those derivatives that further hedge the risks of asset-backed securities;9 and
* Models used by financial institutions to manage their investment portfolios and set their overall risk-management policies. …