JPMorgan’s recent run-in with faulty risk models and the regulatory response could trickle down to corporates.
As everyone well knows JPMorgan Chase last week announced it lost a lot of money. It warned investors that its chief investment office lost more than $2bn (and now perhaps much more) in a trade gone bad. The bank also revealed that it had been using a faulty model to determine the unit’s value-at-risk (VaR); this after switching from another risk model that it had deemed inadequate.
Since this has all happened in the midst of a financial crisis and amid a war between banks and regulators over financial rules, the political and regulatory response has been, “Release the hounds!” The problem with the “release the hounds” approach to regulations, however, is that these dogs tend to stray. They end up roaming everywhere and, to stretch this metaphor even further, have a habit of marking their territory (in this case territory being well beyond the banking sector). In other words, JPMorgan’s VaR model failed, which means corporate risk models may get scrutiny, too. “Regulations, like water, flow downhill,” as one observer said recently.
Corporations, of course, have taken a shine to VaR. As was noted in The NeuGroup’s World Class FX Principles project, companies include VaR calculations (along with sensitivity analysis and stress-testing calculations) in their risk analysis and use these calculations frequently to quantify risks based on varying levels of spot rates, forward rates, volatilities, and correlations. This helps them align with company objectives and policies. But now with the latest risk-monitoring failure, their models could come under scrutiny, too.
Banks been there, done that.
At a recent NeuGroup Bank Treasurers’ Peer Group meeting, which took place just before the JPMorgan fiasco, members discussed model validation and regulation — their risk models already are under lots of scrutiny. Part of that discussion was a review of a December 2011 OCC bulletin (OCC 2011-12) that updated guidance on model risk management. OCC 2011-12 focused on three areas: (1) model development, implementation and use; (2) model validation and (3) governance policies and controls. The idea is that regulators will be focused on models to assess capital adequacy (buffers and the like) and those that asses risks. All of this will certainly be scrutinized even more in the wake of JPMorgan.
The main focus and what the OCC bulletin also makes clear is that regulators are looking for a governing body or a management level committee to review, approve, validate and inventory all such models, all of which is to provide independent oversight. They also call for the need of a centralized function to administer policies, standards and training. The big question is whether this independent oversight would have worked on such a sprawling enterprise as JPMorgan. The coming news stories, hearings and testimony will tell the tale.
For corporates, it might be a good idea to get out ahead of any scrutiny and form (or more likely rename) their own independent risk oversight committees to be in good stead when the dogs coming snooping around. It’s also a good idea to make sure the VaR model used isn’t faulty.