Risk management is not a new term. It has been used in an insurance context for some time to describe the process of analyzing, controlling, and treating insurable risks. And in the banking industry, it has been used to describe the practice of matching the duration of assets and liabilities to minimize exposures to liquidity and interest rate risks. However, in recent years, risk management has taken on a broader meaning within the financial services community. It now refers not only to practices designed to limit individual product line risks but also to systematic, quantitative methods to identify, monitor, and control aggregate risks across all a firm's activities and products.
This significant change in the scope of the risk management concept has been made possible by advances in technology. The process began when enhancements in information technology and financial theory permitted traders and other market participants to separate the various cash flows of traditional financial instruments and to recombine them into new derivative instruments tailored to the particular needs of investors. Of course, each new derivative instrument devised by financial engineers presented its own unique risks.
Effective management of these risks required the development of comprehensive risk management systems for derivative products. Organizations turned to the same financial innovators who developed derivatives to create systems for managing the full range of risks to which an institution is exposed. And in recognition of the promise that such internal risk management systems hold for the continued safe and sound operation of banking organizations in a dynamic market environment, supervisory agencies have increasingly been encouraging their further development. At the same time, the supervisory agencies have been making changes in oversight procedures to account for the changed risk management environment in banking.
Evolution of the Emphasis on Risk Management
Federal Reserve examiners have long evaluated the quality of risk management practices, including internal controls. They have also taken the quality of risk management into account in determining the overall adequacy of bank management. However, changes in the nature of banking markets have made the adequacy of the process used to identify and control current and emerging risks much more important.
Indeed, it may be argued that the risk management process is becoming as important as the quality of the assets that make up an institution's balance sheet at any point in time, particularly for those institutions that are very active in the capital markets and whose portfolios of assets change materially from day to day and, even, from moment to moment. As a result, the Federal Reserve has heightened its focus on the risk management process over the past few years.
This recent supervisory focus on risk management first surfaced in the 1993 guidance to examiners Examining the Risk Management and Internal Controls for Trading Activities of Banking Organizations. This guidance applied long-standing supervisory principles to a rapidly growing banking activity and was subsequently expanded and formalized in the Trading Activities Manual issued early in 1994. This manual provided examiners with the tools necessary to evaluate risk management systems for the full range of risks associated with trading activities.
During 1995, the Federal Reserve further focused its examiners on risk management through the issuance of a directive titled Evaluating the Risk Management and Internal Controls of Securities and Derivative Contracts Used in Nontrading Activities. In addition, under the supervisory rating system for U.S. operations of foreign banking organizations adopted earlier this year, the Federal Reserve intensified its consideration of management processes by requiring that individual ratings be assigned to the risk management and operational controls of foreign branches and agencies. …