COMMITTED TO
IMPROVING THE STATE
OF THE WORLD

Rethinking Risk
Management
in Financial Services
Practices from other domains

Prepared in collaboration with The Boston Consulting Group
World Economic Forum
April 2010


The views expressed in this publication do not necessarily
reflect those of the World Economic Forum USA.
World Economic Forum USA
3 East 54th Street, 17th Floor
New York, NY 10022
USA
Tel.: +1 212 703 2300
Fax: +1 212 703 2339
E-mail:
www.weforum.org
REF: 110310
@ 2010 World Economic Forum
All rights reserved.
No part of this publication may be reproducted or transmitted in
any form or by any means, including photocopying and recording,
or by any information storage and retrieval system.
All photographs are from www.shutterstock.com, except otherwise noted.

Rethinking Risk Management
in Financial Services
Practices from other domains

Prepared in collaboration with The Boston Consulting Group

World Economic Forum
April 2010



Contents
Preface
Letter from the Steering Committee
Executive Summary

3
6
8

Chapter 1 –
1.1
1.2
1.3
1.4

System-Wide Perspective
Introduction

Drive diversity
Simulate system disasters
Manage “fire”

11
11
11
15
18

Chapter 2 –
2.1
2.2
2.3
2.4

Transparency and Information Flow
Introduction
Aggregate system-wide data
Scrutinize complexity
Innovate transparently

23
23
24
28
33

Chapter 3 –
3.1

3.2
3.3
3.4

Governance and Culture
Introduction
Look for trouble
Value experience
Empower the front line

39
39
40
44
47

Chapter 4 – Conclusion

51

References

52

Appendices
Appendix
Appendix
Appendix
Appendix
Appendix

Appendix
Appendix
Appendix

1:
2:
3:
4:
5:
6:
7:
8:

Project Background and Approach
Summary of Risk Management Lessons
Summary of Risk Management Lessons
Summary of Risk Management Lessons
Summary of Risk Management Lessons
Summary of Risk Management Lessons
Summary of Risk Management Lessons
Summary of Risk Management Lessons

from
from
from
from
from
from
from


Aviation
Fisheries Management
IDC
Immunology
Pharmaceuticals
Telecommunications
Wildfire Fighting

Acknowledgements
Project Team

54
54
56
56
57
57
58
58
59
60
62

Rethinking Risk Management in Financial Services Report

|

1



2

|

Rethinking Risk Management in Financial Services Report


Preface
The World Economic Forum is proud to release this report on the topic of Rethinking Risk Management in
Financial Services, which was part of the organizing theme for the Forum’s 40th Annual Meeting in 2010:
“Improve the State of the World: Rethink, Redesign and Rebuild.” This report is part of an Industry Partnership
project endorsed by the Financial Services Governors’ community at the Forum’s Annual Meeting in 2009.
The recent financial crisis acquired unparalleled proportions and inflicted long-term damage on economies,
countries and people. As the true impact of the crisis becomes evident and the financial system stabilizes, it is
critical not to “let a good crisis go to waste.” Internalizing the lessons learnt and making the necessary improvements
now will make the global financial system more resilient and better able to handle the next meltdown, when it
happens.
The crisis has highlighted the need to improve risk management strategies at both the system-wide and institutional
levels in the financial services industry. It has demonstrated that efforts limited to specific institutions or jurisdictions
are insufficient to address a problem that is global in scope. New thinking is required to rebuild a damaged
financial system.
While other efforts have largely focused on improving risk management in financial services “from the inside
out,” this report looks at it “from the outside in” – trying to learn from practices and patterns in domains such
as aviation, fisheries, wildfire fighting, immunology/epidemiology, telecommunication and pharmaceuticals.
While not all of these practices are directly transferable to finance, many are and most of them provide much
needed fresh perspective and thinking. Over the past nine months the World Economic Forum, in collaboration
with The Boston Consulting Group, analyzed the outside domains and engaged multiple stakeholders. Input
from over 100 subject experts, risk managers, academics and business leaders was sought in trying to answer
the question: What can the financial services industry do to better monitor, manage and maintain the resilience
of the financial system?

We trust that the report will stimulate your thinking, introduce new ideas and add to the broader discussion
aimed at improving the long-term stability of the global financial system.
On behalf of the World Economic Forum, we wish to particularly thank the members of the Steering Committee,
the Working Group, the interview and workshop participants, Project Manager Isabella Reuttner and our partners
at The Boston Consulting Group (notably Duncan Martin, Kenny Pun and Rachel Hirsch) for their boundless
support.
Kevin Steinberg
Chief Operating Officer
World Economic Forum USA

Gian Carlo Bruno
Director and Head of Financial Services Industry
World Economic Forum USA

Rethinking Risk Management in Financial Services Report

|

3


DISCLAIMER
The members of the Steering Committee and the Working Group support the recommendations and views
expressed in the report. However, they do not all necessarily agree on every detailed point made herein.
The opinions expressed are of a personal nature and do not necessarily reflect the stance of the companies
represented by the Steering Committee and Working Group members

4

|


Rethinking Risk Management in Financial Services Report


Steering Committee
Co-Chairs
Lázaro Campos
Chief Executive Officer
SWIFT
Axel Lehmann
Chief Risk Officer
Zurich Financial Services

Cüneyt Sezgin
Member of the Board of Directors
Garanti Bank
Raj Singh
Chief Risk Officer
Swiss Re
Paul Smith
Treasurer
State Farm Insurance

Members
Iain Abrahams
Head of Liquidity, Risk and Capital Markets
Barclays Capital
Karl Guha
Chief Risk Officer
UniCredit Group

Simon Levin
Moffett Professor of Biology
Princeton University
Erwann Michel-Kerjan
Managing Director
Wharton Risk Management and Decision Processes Center
The Wharton School, University of Pennsylvania

Jim Webber
Chief Risk Officer
Aviva
Tom Wilson
Chief Risk Officer
Allianz SE
Vanessa Wittman
Chief Finance Officer
Marsh & McLennan Companies Inc
Mark Yallop
Chief Operating Officer
ICAP Plc

From the World Economic Forum:
David Rhodes
Senior Partner and Managing Director
The Boston Consulting Group
Luke Savage
Director
Finance, Risk Management and Operations
Lloyd’s of London


Gian Carlo Bruno
Director and Head of Financial Services Industry
World Economic Forum USA
Kevin Steinberg
Chief Operating Officer
World Economic Forum USA

Rethinking Risk Management in Financial Services Report

|

5


Letter from the Steering Committee
The financial crisis has, to put it mildly, seriously challenged our traditional approach to risk management.
Consequently, a number of individuals and institutions have advanced ideas for improving not only the analytical
framework, but also the status and relevance of risk management.
This report, not only reacts to the most recent episode (although we indeed reference many relevant examples),
it also attempts to address a deeper problem: the demonstrated inability of the global financial system to
constructively mitigate and deal with financial crises. Over the past 40 years, the IMF has counted 88 banking
crises. Hence, a fundamental question presents itself: Can the financial services industry benefit from experiences
in other domains that, over time, have developed sound practices and successful patterns to deal with risk?
We believe the answer to be an emphatic “yes”. This report explores both what these practices and patterns
are, and how they can be applied to the financial services industry.
Obviously, there are efforts already in progress to improve risk management in the financial services industry initiated
by such bodies as the Financial Stability Board and the G20. Many of these efforts are highly relevant, such as
the re-alignment of individual compensation with institutional and systemic goals. To avoid replication, our report
will not dwell further on initiatives already underway.
In contrast to other and perhaps more conventional studies, our report tries to shed new light by focussing on

the lessons that the financial services industry can learn from other environments. We take an “outside-in” perspective,
thereby differentiating this report from others that focus on improving risk management using traditional concepts,
tools, and ideas that always have been and will continue to be inherent and very relevant to the financial sector.
It is important to recognize that risk-taking is an integral part of many financial institutions’ business models.
This is a crucial difference to some domains that we have examined. Also, we are well aware that outside domains
may not provide ready guidance to all aspects of financial services (see Appendix). This report concentrates on
stylized patterns and lessons that are potentially transferable to the financial sector while acknowledging that
no domain is perfect at managing risk or indeed fully comparable to financial services.
We further acknowledge that some of our commentary on the industry is by default overly generalized for reasons
of brevity. We do realize that no two financial institutions are identical: relative performances during the crisis have
borne that out. We ask readers to keep these caveats in mind if, at times, what we depict or suggest does not
resonate with what they know from their own institution’s vantage point.

6

|

Rethinking Risk Management in Financial Services Report


Our goal is to provide food for thought rather than an off-the-shelf solution. Many of the outside practices we
explore are somewhat distant from conventional thinking. We are aware that some of our ideas will be controversial.
We therefore do not necessarily speak of them as “recommendations.” Instead, we hope that our report will
inspire a fruitful discussion between those stakeholders that have an interest in a more resilient financial system:
policy-makers and supra-national bodies at a global level, regulators and governments at a national level, and
senior managers at a firm level. It is our intention to stimulate, provoke, and challenge – and by doing so to
help transition the financial system to a more resilient and less failure-prone state.
The Steering Committee and the Working Group would like to thank those individuals who generously gave
their time to support this project. We hope that all will find our report as stimulating to read as we found it to
research, debate and write.

Steering Committee Co-chairs
Lázaro Campos
Chief Executive Officer
SWIFT

Axel Lehmann
Chief Risk Officer
Zurich Financial Services

Rethinking Risk Management in Financial Services Report

|

7


Executive Summary
The recent financial crisis exposed many weaknesses in risk management in financial services. Issues around
incentives, governance and culture at many market participants have been well documented and need no further
discussion. However, the trouble ran deeper than that: reading any account of the last years’ events that brought
the financial sector to the brink of collapse, it is obvious that many of the actors ‘flew blind,’ with neither adequate
information nor preparation. Moreover, what was good for an individual firm or country in the short term was
not necessarily good for the system as a whole in the long run. Regulators thought nationally, not globally, until
it was too late; firm, product and trading strategies became complex yet homogeneous, leading to a stampede
once positions did deteriorate. While some of the decisions made under intense pressure have so far held up
to the test of time, it is hard not to conclude that things could have easily been much worse.
Financial services is not the only domain with issues of system-wide stability or conflicts between the individual
(short-term) and systemic (long-term) good. In this spirit, seven domains outside financial services were analyzed
with the belief that their risk-management techniques might hold lessons for finance. The findings were grouped
into three non-mutually exclusive areas of focus: (1) system-wide perspective, (2) transparency and information

flow, and (3) governance and culture.

(1) System-wide perspective:
Drive diversity. Homogeneous systems are less resilient than diversified ones. For example, in 2007, a virus
killed millions of farmed Chilean salmon. The fish had been farmed at high density, treated with similar antibiotics
and subjected to similar preventive measures. They were, therefore, all vulnerable to a single threat. Applying
this lesson, financial institutions could encourage diverse and contrarian approaches towards modelling risk
and selecting business strategies. Competitive forces would make this difficult to achieve at an institutional level.
Regulators could, therefore, encourage variation in institutions’ risk management approaches and increase
capital charges for systemically crowded high-risk/high-return business strategies (this initiative would need to
be carried out with sound understanding of the strategies, rather than as a blanket measure). In promoting a
level playing field one should recognize that diversity in risk management is important and complete regulatory
convergence should be avoided. The overall approach towards achieving diversity in financial services should
be based on broadly agreed principles as opposed to strict one-size-fits-all rules.
Simulate system disasters. The World Health Organization (WHO) helps nations develop action plans activated
by the global pandemic alert level and encourages simulations and real-life rehearsals to prepare for crises and
to improve planning. Pilots train extensively on realistic flight simulators to prepare for emergency situations.
Similarly, the financial services industry should put more emphasis on creating and rehearsing contingency
plans for large systemic events across institutional and national boundaries. Such plans and simulations should
be realistic and concrete and should address not only short-term operational concerns, but also longer-term
strategic issues.
Manage “fire”. Since forest ecosystems need fire to rejuvenate, some wildfires that do not endanger human
lives and property are allowed to burn out. Controlled burning is also conducted selectively to reduce fuel build-up.
The parallel in financial services could be that failure of some individual institutions is acceptable, even desirable,
for the overall system, and therefore government guarantees should be limited. In addition, the financial services
industry could consider developing “fire breaks” to contain incidents locally and prevent system-wide spread.
One such measure, as suggested by the United Kingdom Financial Services Authority (FSA) is to require institutions
to create “living wills” so that, if necessary, they could be wound down with minimal impact to the system.

8


|

Rethinking Risk Management in Financial Services Report


(2) Transparency and Information Flow:
Aggregate system-wide data. The aviation regulator in the US conducts a collaborative government and
industry programme known as the Aviation Safety Information Analysis and Sharing programme (ASIAS), which
aggregates national aviation incident reports and safety data. The programme provides a comprehensive and
consistent data environment that enables systemic issue analysis and identification. This ultimately helps detect
systemic issues earlier and more effectively. In financial services, large amount of data is already collected from
financial institutions, but this data is not aggregated or exploited for systemic issue detection. On its own, the
aggregation of data will not increase the resilience of the system. Therefore, the industry should first focus on
“asking the right questions” in order to determine a set of critical systemic stability indicators that could contribute
to an efficient early-warning mechanism. Development of these indicators should be adaptive to keep pace
with technological and financial innovation, and could work alongside efforts to enhance data mining and
management techniques.
Scrutinize complexity. The pharmaceutical industry conducts in-depth studies to analyze the efficacy, side
effects of, and interactions between new drugs .The fishery industry models the effects of fishing on the ecosystem
as a whole, and restricts methods that also kill untargeted (or “by catch”) species. Similarly, the financial services
industry could mandate deeper and broader assessments of the impact of new products and business strategies
on financial markets. These assessments would look beyond the direct impact and explicitly target the second
and third order effects. Regulators could then consider performing “unintended consequences” studies on products
that breach system-wide threshold volumes, and could be empowered to restrict volumes if the products were
deemed potentially unsafe to the system. Obviously, such restrictions would have to be set with a deep technical
understanding of the products.
Innovate transparently. In immunology, pathogens that mutate before the adaptive immune response can
kick in are particularly dangerous, as the immune system perpetually lags the pathogen’s invasion. Moreover, if
the host immune system misinterprets the nuances of the new strain, it may be deceived by apparent familiarity

and gear up to fight an old strain. Similarly, financial institutions and regulators should be wary of rapidly “mutating”
products by carefully monitoring instruments with exceptional growth and variation. They must also make sure
that established risk management techniques continue to apply when “new strains” have developed. In the
telecommunications industry, the best practice is to write simple code in discrete modules so that system-wide
errors are hard to make and easy to find. The financial services domain could consider instituting a standardized
modular nomenclature covering all products so that their risks could be better decomposed and understood.
New products originally seen as complex and “leading edge” do generally become more standardized as volumes
increased, suggesting that it is not impossible to break down complex products into simpler components.

(3) Governance and Culture:
Look for trouble. The World Health Organization utilizes web crawlers and an extensive informal human network
to seek out emerging infectious disease outbreaks, especially unfamiliar ones. This enables early detection and
therefore swift mitigation. In immunology, white blood cells constantly circulate in the human body, seeking dangerous
pathogens. The financial services industry should encourage and adopt a culture of actively searching for emerging
threats at both the institutional and system-wide level – “looking for trouble” – and in addition respecting individuals
who raise warning signals. Institutions and the industry could create dedicated teams to proactively investigate
institutional and systemic risks and continuously experiment with new warning-indicators.

Rethinking Risk Management in Financial Services Report

|

9


Value experience. Wildfire fighters value the experiences of those who have fought very large fires, and document their
stories. Airline companies and regulators conduct in-depth analyses on all accidents and near-misses and convert
the lessons learnt into new regulations and procedures that improve safety. Similarly, the financial services industry
could emphasize the value of experienced employees (both at institutions and regulatory bodies), improve their retention,
and have a cadre “on call” to respond when a new crisis occurs. In order to ensure that lessons from past crises are

passed down, institutions should carefully analyze events and document and aggregate experiential testimony
for training new generations.
Empower the front line. Pilots, co-pilots, and mechanics can delay a take-off if they deem the aircraft to be unsafe.
In the cockpit, co-pilots are encouraged to raise safety issues. Front-line wildfire fighters are empowered to make
tactical decisions at the fire scene. Similarly, financial services institutions could consider further encouraging front-line
risk managers and business-unit employees to take charge of local risk management issues, and raise alarms without
fear of retribution. Since the financial services industry (in theory) already has much of this capability in place, upgrading
it is more a case of reinforcing the existing framework than radically redesigning the process. As an example, senior
management could explicitly reward proactive flagging and management of risk issues, improve channels for
anonymous reporting, and communicate that consistent smooth sailing would be considered ‘too good to be
true’. Clearly this will require an appropriate set of incentives.
The adoption of one or more of the suggestions could aid in strengthening the financial services industry as a
whole. In assessing appropriateness of the suggestions, it might be helpful to consider a framework that looks
at the nature of a risk event (exogenous shock vs. endogenous systemic malfunction) and its consequence
(large non-systemic event vs. systemic melt-down). Depending on what the reader is trying to combat, some
analogies are more powerful than others. For example, many risk management practices in aviation try to avoid
large non-systemic events such as plane crashes, and have limited consideration for the system as a whole
(other than where events pertain to a component or process affecting many aircraft).1
While the financial system appears to be stable for the immediate future, the financial industry should pause and
reflect on past risk-management practices and actively explore potential changes that could be made going
forward. The following questions are critical:
• How can the industry make the proper trade-off between information protection and disclosure as it seeks to
enable system-wide risk monitoring and management?
• How can the “rejuvenation” and safety of the financial system be balanced without either creating moral
hazard or system fragility?
• Is the industry on the right track with the current regulatory approach? How can the benefits and vulnerabilities
associated with regulatory convergence be balanced?
• How can the industry adapt (structurally and culturally) to new threats and innovations of the future, given
that it does not yet know the products, the markets, the players, and the consumers of the future?
• Given that the next crisis is very unlikely to be prevented by a central controller, how can the industry resist the temptation

to “solve” stability issues by over-centralisation and instead strengthen the resilience of individual systemic nodes?
The implementation of any needed changes will neither be easy nor can it happen overnight. Some require a
phased approach; others require voluntary initiatives from the private sector; yet others require regulatory mandates.
Above all else, international and cross-industry cooperation and trust are crucial to achieving system-wide resilience,
and it is in this spirit that this report has been researched and written. The project team thanks those who have
contributed to this effort, and looks forward to the ongoing debate.
1

The Project Background and Approach section in the Appendix of this report provides a detailed framework

10

|

Rethinking Risk Management in Financial Services Report


Chapter 1 – System-Wide
Perspective
1.1 Introduction
Managing risk in a complex environment requires a comprehensive view of the entire system. Leading up to the
recent crisis, many financial institutions had similar risk exposures, although this fact was not widely deemed
important. Institutions held near-identical classes of investments, most used a high degree of leverage, and many
financed themselves through short-term funding. Thus, when liquidity receded following the collapse of housing
prices and subsequently of financial assets linked to mortgages, many institutions suffered losses simultaneously
and sought to close similar positions. As these institutions had similar funding structures, risk-management
practices, and mitigation strategies, it was as if someone had yelled “Fire!” in a packed theatre, and all ran to
the same exit.
Global regulatory uniformity also encouraged homogeneity, particularly concerning the reliance on rating agencies.
Regulation in all major financial centres allowed the same solutions to reduce capital (such as through conduits

and structured investment vehicles). Moreover, many practitioners relied on historical correlations of individual
underlying risks to calculate diversification benefits, forgetting correlations could change in a stress scenario.
In addition, financial institutions and investors had become accustomed to the idea that governments would
arrest severe market downturns and, as the rescue of Long-Term Capital Management (LTCM) illustrated, intervene
to mitigate the impact of failing institutions. Markets may have even assumed, rightly so to some degree, that
an institution could be “too big or too interconnected to fail.” Some participants considered that tail risk was
idiosyncratic in nature, effectively denying the existence of systemic risks.
Ultimately, neither regulators nor the industry were prepared for a systemic crisis. Most regulators had failed to
develop a system-wide perspective and were still figuring out contingency plans as the crisis unfolded. At the
institutional level, most senior management teams had never experienced a significant crisis. They operated
under the belief that a system-wide crisis would never happen. Although sound decisions were eventually made
that helped bring the system back from the brink, the danger should have never been permitted to develop.
How does the indu stry construct an all-encompassing, system-wide view, and enhance the resilience
of the global financial system?
The financial services domain could (1) drive diversity (as homogeneous systems are less resilient), (2) simulate
system disasters, and (3) manage “fire” (to maximize system resilience).

1.2 Drive diversity
“Increases in complexity did not come with more diversity. On the face of it, market participants
looked more and more different in their legal status, investment strategies, and business objectives.
It has now become apparent that, behind these veils of diverse colours, there was a profound
uniformity in the approach to risk, its measurement, its management, as well as in the drivers of
risk appetite. This uniformity had very destabilizing consequences.”
Jean-Pierre Landau, Deputy Governor, The Bank of France, 8 June 2009

2

Rethinking Risk Management in Financial Services Report

|


11


Chilean farmed salmon suffered from a viral disease in a homogeneous environment
Chile is the second largest farmed salmon producer in the world. The industry is crucial to the economy and
employs tens of thousands of people. Thus, when a viral disease hit its salmon farms in 2007, killing millions of
fish, many plants had to be shut down. Thousands of jobs have been shed since the outbreak.
The viral disease, infectious salmon anemia (ISA), was first detected in Chile in 2007. ISA is a highly contagious
and lethal virus in the salmon population, but does not affect humans. It can cause severe anemia and haemorrhages
in salmon internal organs.
ISA is not a problem unique to Chile and has previously
caused trouble in other countries, including Norway,
Canada, and Scotland. However, the scale and speed
of infection in Chilean salmon farms were unprecedented.
Environmentalists have reported that Chilean salmon
farms yield (on average) 25 kilos of fish per cubic meter,
compared to 15 kilos per cubic meter in Norway. This
over-crowding further encouraged ISA, as its transmission
could be aided by sea lice that plague overcrowded
farms. In addition to saturated facilities, Chilean salmon
farms were characterized by close facility proximity,
making disease control even more difficult.3
To combat diseases, farmers began to use a high level
of antibiotic treatment.4 Yet this step made the farmed
salmon as a whole more vulnerable to contagion in
the long run. When the outbreak occurred, the combination of high density, close proximity and drug resistance resulted in rapid spread and catastrophic
damage.

2


4

Landau, J. “Introductory remarks by Mr. Jean-Pierre Landau at the Conference on “The macroeconomy and financial systems in normal times and in times
of stress”, jointly organized by the Bank of France and the Deutsche Bundesbank, Gouvieux-Chantilly”. Bank of International Settlements,
8 June 2009.
“Chile Government Recommends Salmon Crisis Measures”. The Patagonia Times, 9 June, 2008.
“Salmon Virus Indicts Chile’s Fishing Methods”. The New York Times, 27 March 2008.

12

|

3

Rethinking Risk Management in Financial Services Report


Robust Systems: Heterogeneity, Redundancy, and Modularity
By Simon Levin
In complex systems, strong non-linearities may lead to the magnification of disturbances, thereby to loss
of robustness and to regime shifts. Examples include desertification, eutrophication, and disease outbreaks.
Economic analogues include market collapses and recoveries, bank runs, and shifts in social preferences.
Sudden transitions are driven by feedbacks. Positive feedbacks, which directly enhance perturbations,
are clearly destabilizing. Each new case in an epidemic has the potential to cause others. Less intuitively,
strong negative feedbacks, which initially correct deviations, can destabilize, as in the collapse of the
dynamically unstable Tacoma Narrows Bridge.
Robustness hinges on the balance between heterogeneity, redundancy, and modularity. Heterogeneity
represents adaptive capacity, the ability to find new solutions in the face of change. Genetic heterogeneity
is the essential ingredient on which natural selection acts. However, redundancy, which trades off in obvious

ways against heterogeneity, also confers robustness, compensating for the loss of key elements. In 2004,
a lack of robustness was evident when one of the major suppliers of flu vaccine to the United States

Rethinking Risk Management in Financial Services Report

|

13


could not deliver. Fortunately, the flu season was mild. Finally, modularity creates both barriers to the
uncontrolled spread of disturbance and building blocks for recovery after disturbance. Diseases may
spread rapidly within particular risk groups, like drug users, but then slow down because of the modular
nature of social contacts. Forest fires are contained through fire breaks, which confer modularity. Similarly,
the recent economic meltdown can be attributed, in large part, to the excessive over-connectedness
of the banking system – that is, to an absence of sufficient modularity – as well as to the absence of
heterogeneity and redundancy.
Simon Levin, PhD
Moffett Professor of Biology
Princeton University

Application to financial services
Prior to the financial crisis, many financial institutions were running similar business and risk management strategies
at the product-line level. As evidenced by players’ relative performance through the crisis, only a few institutions
were pursuing a more diversified approach. Indeed, many institutions were simultaneously building large positions
in structured credit products derived from the same underlying asset classes, utilizing short-term money-market
funding, and making risk management decisions with similar assumptions and techniques. Capital requirements
were calculated under similar methodologies, with similar underlying models. Reliance on external credit ratings
was pervasive. When the U.S. sub-prime housing bubble burst, financial institutions with the same vulnerabilities
all went for the same exit door. The financial services industry needs to rethink how it can foster diversity in

order to make the system more resilient.
Indeed, while some measure of emotional comfort can come from herding, financial institutions should avoid
crowded business strategies and vary modelling assumptions for risk management. Boards, executives and
investors should think for themselves rather than implementing me-too strategies and obsessing with benchmarks.
It is understandable that when everyone is judged on relative performance financial institutions should seek to
compare themselves, but just copying strategies (or even trading positions) is not healthy for either the organisation
or the system. As it turned out, many institutions assumed that super-senior tranches of collateralized debt
obligations (CDOs) were safe based on their AAA credit rating. This view failed to account for the fact that the
ratings were based on precarious assumptions about default risk, house prices, and cross-correlations among
the risks of the underlying assets. Financial companies also kept large inventories on their balance sheets, and
ultimately suffered substantial losses – failing to recognize that there would be a penalty on homogeneity and a
prize for diversity. Thus, financial institutions should seek diverse and contrarian approaches and opinions in
terms of risk modelling, business strategies, and assumptions. The winners in the next crisis (as indeed in the
last) will be those organizations that get these difficult calls right.
Of course, when competitors are all apparently winning from a given strategy, and shareholders demand the same
high level of return on equity, it is difficult for financial institutions to stand on the sidelines. It is also challenging
for them to strike the right balance between building consensus in decision making and encouraging varied
opinions within their organisations internally.

14

|

Rethinking Risk Management in Financial Services Report


Regulators should refrain from promoting complete systemic uniformity, and perhaps endeavour to encourage
a larger degree of systemic heterogeneity. They could encourage institutions to manage risk with varied approaches
and increase capital charges for systemically crowded high risk/high return business strategies (this initiative
would need to be carried out with sound understanding of the strategies, rather than as a blanket measure).

Since homogeneity leads to shared vulnerabilities, counter-intuitive as it may seem, not all practitioners should
adopt the same “best-practice” risk management techniques, methodologies and assumptions – both domestically
and across borders. The trend of complete regulatory convergence is simply not desirable.
Although convergence leads to benefits such as the interoperability and comparability of institutional financial
health across jurisdictions, homogeneous supervisory practices create a future selection bias, exposing the
financial system to as yet unknown threats. Although differences in regulatory approaches could lead to “arbitrage,”
properly-managed diversity can help close loopholes and make the system more resilient in the long-term.
Needless to say, a balkanization of regulatory regimes could be equally (if not more) detrimental to the stability
of the global financial system. One of the problems leading up to the recent financial crisis was that the demarcation
between various players in the financial market had become blurred Commercial banks began behaving like
investment banks and hedge funds – creating a large shadow banking system – and certain insurers started
behaving like banks. Consequently, levelling the playing field according to outdated institutional demarcation
lines is inefficient and potentially a source of systemic risk. A more promising approach would be to regulate
and supervise according to functional and activity lines that better reflect the fluidity in the modern financial world.
In other words, regulation should emphasize a principles-based and behavioural approach over a rules-based
and institutional approach.

1.3 Simulate system disasters
“As the crisis developed, in too many instances supervisors (…) were not prepared to discuss
with appropriate frankness and at an early stage the vulnerabilities of financial institutions which
they supervised. Information flow among supervisors was far from being optimal, especially in the
build-up phase of the crisis. This has led to an erosion of mutual confidence among supervisors.”
De Larosière Report to the European Commission, February 25, 2009

5

The WHO sets the global alert level to activate national contingency plans
On April 27, 2009, considering cases of H1N1 in the United States, Mexico, and Canada, as well as potential
spread to other nations, the WHO raised its global pandemic alert level from 3 to 4. On April 29, nine countries
had officially reported 148 cases of H1N1, including one death in the United States and seven in Mexico. Level

5 alertness was declared. A month and a half later, on June 11, the highest alert level, level 6, was activated as
almost 30,000 confirmed cases were reported in 74 countries.6

5
6

The de Larosière Group. “The High-Level Group on Financial Supervision in the EU Report”. />20090225_en.pdf, February 2009.
World Health Organization, 2009.

Rethinking Risk Management in Financial Services Report

|

15


The WHO is responsible for setting global pandemic
alert levels, which correspond to actionable response
measures based on the current degree of epidemic
spread. These levels refer solely to spread of the
infection, not to its severity or potential deadliness.
Levels 1 through 3 indicate that the disease resides
predominantly in animals with limited human infection.
Level 4 indicates a sustained level of human-to-human
transmission. Levels 5 and 6 indicate widespread
global human infection.7
Member states are encouraged to develop specific
action plans to manage epidemics in their region.
These plans typically activate based on shifts in the
global pandemic alert level. The WHO builds tools

to support nations in developing detailed response
procedures. Action-plan categories are organized by
planning and coordination, situation monitoring and
assessment, communication, reduction in the spread
of disease, and continuity of health-care provisions.
The WHO also encourages nations to test their plans, outlining three types of simulations8: (1) table-top exercises,
in which major stakeholders discuss scenarios and how they should respond; (2) functional exercises, in which
several entities complete simulations for a given scenario without deploying resources; and (3) full-scale exercises,
in which participants enact scenarios as realistically as possible. These exercises involve all participants outlined
in the plan – ideally from multiple nations and regions – and include deployment of resources. The lessons from
these simulations can then be used to modify and improve overall crisis plans.

Pilots simulate disasters
Pilots train extensively on flight simulators to prepare for multiple emergency scenarios, including severe (yet
infrequent) events. These simulators vividly recreate real-life situations using visual cues, motion sensors, and
actual cockpit tools. Pilots feel like they are experiencing a critical event, such as facing an engine failure in
conjunction with an electrical system malfunction while attempting to land in a storm.
Most commercial pilots are required to log a minimum number of simulator hours every year to stay up-to-date
on procedures. In some countries, pilots must be re-evaluated and re-trained on simulators every six months in
order to keep their licenses.

7
8

“WHO pandemic phase descriptions and main actions by phase”. World Health Organization, 2009.
“Considerations on exercises to validate pandemic preparedness plans”. WHO, 2009.

16

|


Rethinking Risk Management in Financial Services Report


Source: Courtesy of Thomson Reuters

Practitioners in the Telecommunications industry develop contingency plans
Telecommunications providers also make detailed contingency plans for emergency situations. These plans are
tailored to specific regions since the probability of various threats – especially those related to weather – differ
by geography. There are also generic contingency plans that providers put in place. For example, if the central
control room shuts down, mobile trucks with operating equipment can be used to avoid network failure.

Application to financial services
During the course of the recent financial crisis, a series of financial institutions faced bankruptcy. In each case
the response of regulators and the government differed: some were bailed out while others were propelled into
shotgun marriages. In September 2008 it was Lehman Brothers’ turn. The Federal Reserve Bank of New York
called in prominent financial CEOs to figure out a plan. However, the government declined to rescue the firm,
and potential suitors backed away. Lehman Brothers had to declare bankruptcy, the largest in US history.
When the markets opened the following Monday, trust had disappeared and trading froze. This took market
participants and regulators by surprise and almost led to the collapse of the global financial system. Reflecting
on this ‘near miss’, the financial services industry could benefit from better preparation for severe events and
systemic crises, utilizing detailed contingency plans based on associated simulations.

Rethinking Risk Management in Financial Services Report

|

17



When creating sweeping contingency plans, it is important to understand what each party is responsible for
regulating, so that all angles are covered. Equally, it is also important that institutions and regulators across
jurisdictions coordinate efforts. All should agree on a priori protocols concerning how to collaborate in the face
of a large-scale crisis and test those through realistic simulations. At the extreme, the industry could explore the
possibility of publishing these plans – sanitized for corporate confidentiality where necessary – to help engender
trust in the stability of the system.
Contingency plans need to be simulated to ensure they are applicable and implementable. Simulations should
not only address operational concerns such as infrastructure failure or natural disasters but also strategic
issues such as capital, buy/sell activities, and shifts in management/ownership – possibly involving multiple
institutions and across jurisdictions. Simulated crisis scenarios should of course be highly realistic, like flight
simulations, and could be run with “fake feeds” when markets are closed (such as over a weekend), similar to
the disaster recovery exercises that financial institutions already conduct. Such “fire drills” could highlight potential
vulnerabilities, and increase preparedness for systemic events. The lessons learnt from such simulations would
of course be incorporated into contingency plans.

1.4 Manage “fire”
“The Government’s macroeconomic framework has delivered unprecedented stability, with 62
consecutive quarters of GDP growth in the UK – the longest sustained expansion on record.”
Gordon Brown, John Hutton, Alistair Darling, March 2008

9

Wildfire fighters manage fire risk by controlling the fire’s environment
For most of the twentieth century, full fire suppression was the official policy in the United States. After 79 wildfire
fighters were killed in a fire in the Southern Rockies in 1910, the U.S. Forest Service adopted a zero tolerance
policy. In 1933, after another large wildfire in Oregon wiped out three million acres of forest, the strict “10 (acres)
by 10 (a.m.) rule” was instituted, requiring all fires of over ten acres in extent to be extinguished by 10 a.m. the
day after they had broken out.
However, nature needs to burn. In fire-prone climates, fire is part of the ecosystem. Organisms have evolved
not just to cope with fire, but to depend on it. Fire reduces fuel loading, clears land for new shrubs and flowers

to grow, and attracts birds that do not inhabit trees to nest in burned areas. It removes forest litter that nurtures
insect infestation and kills diseased trees.

9

Brown, G, Hutton, J, Darling, A. “Enterprise – Unlocking the UK’s Talent”, HM Treasury Department for Business Enterprise & Regulatory Reform,
March 2008.

18

|

Rethinking Risk Management in Financial Services Report


Decades of full fire suppression in the United States resulted in significantly harmful landscape alteration.
Therefore, in 1978, the U.S. Forest Service revised its wildfire policy to be consistent with land and resource
management objectives. Today, wildfire fighting has evolved into wildfire management. Wildfires that do not
threaten human lives and property are left to burn out. Furthermore, prescribed burning – igniting small fires
intentionally to reduce fuel build, create fire breaks, and clear land – has been affirmed as an appropriate firemanagement practice.10
Prescribed burning is highly controversial, however, and requires balancing the interests of multiple stakeholders.
Wildfire is hard to control. Wind direction and weather patterns can change suddenly, spreading the wildfire and
potentially causing a much larger fire than intended. Fire management politics have become more complicated
as real estate development has encroached on forests that border urban areas. Prescribed burning efforts in
these regions can interfere with highway traffic and make residents ill at ease.

10 “Fire Ecology Eco-link”, Temperate Forest Foundation, 2002.

Rethinking Risk Management in Financial Services Report


|

19


Creative Destruction in Nature’s Economy
By Stephen J. Pyne
In recent decades, the realization has grown that fire is not something that happens to biotas from the
outside like a flood or an ice storm. Rather, it is an integral process that many biotas expect and need.
Simply put, fire recycles nutrients, rearranges ecosystem structures, and recharges landscapes that
have fallen into lethargy. It is the quintessential agent of creative destruction in nature’s economy.
People had long recognized this fact, and had used controlled fire in domains such as hunting, foraging,
herding, and farming. But industrialization, particularly when combined with colonization, shook up these
ancient arrangements. Fire came to be perceived as mostly destructive, and state-sponsored conservation
intervened. Officials misidentified fire, qua fire, as an agent of damage and sought to suppress it. At first,
this movement seemed to succeed. Over time, however, it became apparent that burning could not be
abolished and that even the attempt to do so was disruptive and led to even greater damage.
Successful programmes have thus shifted from fire suppression to fire management. Agencies appreciate
that they cannot just shut down fires, nor can they simply stand by and let a transcendent nature have
untrammelled sway. Accordingly, many agencies fight fires only when wildfire threatens life and property.
They allow fires some room to roam when flame and smoke do not pose hazards to people or hard assets.
They deliberately start fires to stimulate ecological benefits and to compensate for past suppression
programmes. Also, they seek to shape the general landscape so that whenever fires occur – whether by
accident, arson, or lightning – they will have properties that promote fire’s benefits and lessen its costs.
It’s a tricky business, to be sure. But the concept that techniques must be mixed and that fire cannot be
removed from land management overall provides a strong analogy to the economic crises of recent years.
Stephen J. Pyne, PhD
Regents’ Professor
School of Life Sciences
Arizona State University

Author of over 20 books including Year of the Fires: The Story of the Great Fires of 1910 and Tending Fire: Coping with America’s Wildland Fires.

Application to financial services
While many banks have failed in the past, this reality was far from the public mind in the years leading up to the
recent crisis. Recent government intervention, including explicit and implicit bailouts such as LTCM and Bear
Stearns, made many financial practitioners believe that the government would bear the consequences of poor
institutional risk management. In order to change this perception, it is essential that governments and regulators
allow institutional failure or creative destruction as part of a necessary, rejuvenating process.

20

|

Rethinking Risk Management in Financial Services Report


Simply put, national governments could actively manage financial fires that are burning. Of course, it is also
important to try to contain fires locally and prevent broader spread. A potential example of such a fire break is
a “living will,” as suggested by the FSA.11 If all else fails, a living will can be activated to minimize the impact of
an institutional failure on the financial system as a whole. In order to be effective, such a will would need to be
updated regularly to reflect the pace of business change among successful industry participants. Regulators
would need to set incentives (such as capital relief) to ensure that institutions take preparation efforts seriously.
In the spirit of a level playing field, they also need to watch out that transparency around such living wills does
not unfairly penalize some institutions, for example via reduced credit ratings. On the other hand, just as fire
breaks restrict the size of forest fire, taken to the extreme, this could mean some entities too big to fail need to
shrink – which should be evaluated on a firm-by-firm basis, taking into account its management structure and
capabilities. Extreme care needs to be taken around defining an appropriate time horizon for such changes.
If unchecked, such side effects could lead to the very type of destabilizing shock that the measures aim to prevent.
What is more, arbitrage within the legal framework could help identify vulnerabilities in the system. It could weed
out weak practices and players that could potentially contribute to another systemic crisis. Allowing arbitrage

(even of the regulatory kind) is analogous to a small fire, and can be systemically helpful as long as appropriate
monitoring is in place and quick counteraction available if needed.
In other words, small fires are essential to the overall health of the financial system. Indeed, the absence of
small institutional failures in a certain business niche could be seen as cause for concern rather than evidence
of stability. Of course, it will at times be difficult to differentiate what is truly a “small fire” from a situation that
could degenerate into a systemic event.

11 “FSA’s Turner backs living wills for banks”. The Financial Times, 2 September 2009.

Rethinking Risk Management in Financial Services Report

|

21