In-depth interviews with risk managers reveal just how far financial firms have come and how far they have to go.

By James De Perna and David Kaszovitz

Risk management is alive and well at Wall Street's major broker-dealer firms, judging from a recent study of the risk management systems and procedures of several large and well-respected dealers.

The study was done as a part of course work in a graduate class in risk management systems taught by professor Allan Grody at New York University's Stern School of Business. It shed new light on how the risk management discipline began at these firms, what industry factors were responsible for its genesis, who nurtured it along, and how various layers of management responded to the new phenomenon. The study also examined the popular techniques, technologies and vendors that dealers utilize, and what problems they encountered while bringing a risk management system to fruition.

The writers interviewed managers from a variety of different kinds of dealers: U.S. broker/dealers, European banks, Asian securities firms and U.S. investment banks. The hope was to select firms with diverse specializations and management cultures, which might in turn represent a small cross-section of the industry as a whole. Interviews were conducted during November and December 1996.

Each firm's efforts are closely connected to their history, culture and specializations. At one firm, a risk-enlightened upper management team has led to a top-down evolution of risk management philosophies. At another, risk management is growing from the bottom up, largely reflecting the traditional underpinnings of the firm. Securities firms are turning to third-party vendors as a way to establish a risk management system quickly. It is also evident, however, that given the necessary resources, many managers would prefer to develop their own systems internally.

The biggest obstacle to implementing global risk management systems appears to be the integration of disparate systems and data. It's also clear that designing and implementing a risk management system requires years of commitment from dozens or even hundreds of people, as well as financial and strategic support from top management.

What follows are not profiles of particular companies, but rather composite portraits made from profiles of several different firms with similar characteristics.

U.S. broker-dealer

The firm is one of the world's leading securities houses. We interviewed one of the key individuals charged with keeping it on the straight and narrow path in terms of risk. He writes his own ad-hoc pricing applications for the derivatives desk, using Small Talk or C++ running on UNIX servers. He also serves as the intermediary between upper-level management and a team of software programmers who develop the algorithms, front-end displays and automated tools that keep the department going. The firm is not heavily involved in speculative trading activities for its own account. Within the derivatives group, the function of risk management can be distilled down to the pricing of its proprietary derivative instruments, which it sells to institutional customers. The overriding goal is for the firm to realize an expected return on capital that is adequate for the risks it believes it is taking. Avoiding valuation mistakes is also a prime concern. The risk management unit strives to have the utmost confidence in the pricing of its instruments before a contract is issued to its customers.

The concept of risk management has undergone noticeable changes. "Risk management has gone from being totally nonexistent to being somewhat systematized," remarks the executive. "Today, top managers have a pretty good idea of what our exposures are by asset class and by long or short positions. They're also tuned in to the volatility picture, including the implications of gamma risk. A few years ago, these same managers probably could only tell you about the cash capital we were using, the regulatory capital we were using and our total aggregate position. Today, they're a lot more sophisticated."

The firm does not hedge its portfolio. This primarily is a function of the nature of its products: the group specializes in equities, equity swaps and knockout options-up-and-out and down-and-out calls and puts-which he says constitute a large portion of the unit's business. (A knockout option expires worthless if the underlying instrument reaches a certain level above the strike price. In contrast, a conventional option does not expire until its expiration date, regardless of what happens to the underlying instrument's price.) Because of this unique characteristic, knockout options are typically struck at-the-money. Buyers of these options include hedge funds as well as other private, highly-leveraged investors. However, these options are not designed for all investors. For instance, institutions that desire to protect their downside exposure would not purchase up-and-out puts because their protection could easily disappear if the underlying goes against them. Knockouts are generally popular with speculatively oriented investors.

The firm is mainly a seller of these knockout options. "It's only at the knockout price that we view an instrument as having any kind of gamma risk, but we essentially ignore that, except on a position-by-position basis, because we are very highly diversified across asset classes, markets and option types."

The firm will write options on virtually any debt, equity, currency or commodity instrument it can track in the marketplace, but not any structure. "For instance, we wouldn't sell 10 percent out-of-the-money conventional puts on the S&P 500," he explains. "There's a huge universe of things we won't do. If we were going to add any one of those things to our menu of offerings, we'd pretty much have to add the whole universe because it would make the risk exposure of our book way out of balance. Our whole risk management picture would change."

The unit is most concerned about volatility connected with event risk. If the firm writes a knockout option on a single stock, a worst-case scenario could involve a disastrous piece of news about the company that wreaks havoc on the stock price. "That's extreme gamma risk," he says. "The stock is no longer behaving in a log-normal way. Everything you ever modeled is completely wrong, and you lose a lot of money." He believes that event risk is less problematic in currency and interest-rate markets, because economic trends and their associated risks are usually apparent weeks in advance. Unlike swings in stock prices, major currency devaluations rarely occur overnight.

Only a relatively small number of individuals at the firm have the authority to trade on behalf of the firm. This situation drastically reduces the risks that the firm could be severely affected by fraudulent behavior. Even if trading were to be opened up to the masses, he doesn't think trader control would present a problem. "Nobody's paid 20 percent of P&L, so there's no incentive to take huge risks and jeopardize the ongoing franchise for a one-time payoff."

As the firm expanded its business into a variety of different asset classes, risk management began to blossom. When he first joined, the company's business was almost exclusively dedicated to U.S. equities. Throughout the decade, however, it broadened its portfolio to include derivatives based on international equities, a move attributed to changing customer demand. Today, global diversification is the operative term. "As our presence in overseas markets got bigger and bigger, the concerns of top management grew proportionately," he says. "For instance, management would find it difficult to accept that $2 billion worth of three-month Japanese deposits are no more risky than $75 million invested in the S&P 500." That kind of management naiveté pushed the derivatives group to delineate the risk characteristics of its book quite explicitly, so that top management could fully comprehend and support the new business opportunities it was pursuing. "Every time you try to do something you haven't done before, management wants to know why. Are you going to make money or lose money? Risk management theory gave us the ammunition to quantify our assertions and explain the risk-return tradeoffs."

Much of the knowledge needed to make risk management a reality at the firm has come from outside sources. The company's internal culture is deeply oriented toward fundamental equity research-its traditional strength. As its business evolved, management began hiring managers in various parts of the firm, which has had the effect of substantially elevating the level of financial risk management expertise. "The firm also hired a bunch of younger guys, like me, who came out of business schools in the last 10 years with risk management on the brain," he explains. "All the knowledge that gets 'hired' has a tendency over time to flow upward through the management ranks, as the firm tries things that it has never tried before."

Clearly, with the recent infusion of new blood, risk management is still in its early formative years. Currently, there is no centralized risk management function in place at the firm. In a macro sense, management practices a degree of risk management by deciding to commit capital to various businesses. "Right now, the only mechanism the firm has to control risk at the trading desk level is the capital allocation process," he says. "Unfortunately, this is not a forward-looking process; it's backward-looking. The areas that have generated high returns over the last year will get a capital boost. The areas that generated low returns will get cut a little. To my knowledge, these adjustments are not based on risk, other than in an ad-hoc heuristic kind of way."

Compared with other top dealers, the firm is still operating in a learning and testing mode when it comes to risk management. It does not maintain a book that can be analyzed real-time. There is no system in place that centralizes risk management in a way that somebody can look at the firm's total portfolio, assimilate it and play "what if" scenarios. At the present time, the only real risk reporting that goes on in this manager's area are weekly hand-prepared reports delivered to senior level managers. These reports shows exposures and Value-at-Risk-type numbers for the firm's derivative products group. He feels that most of those who receive the report do not understand its implications. "I think they look at it to figure out how much money we're making," he explains with a smile.

So what's in the future for risk management? He would like to see the firm establish capital usage criteria, on a trade basis as well as on a business-wide basis, according to the risks that are undertaken. He has had discussions with members of management on this subject, and they agree that risk-based capital allocation would represent a significant and welcome initiative for the firm. He realizes that such steps take time, however, given the firm's relatively recent foray into risk management. But the signs thus far look promising. "You have to crawl before you can walk," he adds optimistically.

European bank

This European bank is one of the world's leading banking institutions, as well as a leading dealer in virtually every worldwide financial market. In the United States, the risk management group was formed a number of years ago to establish a risk control function for the bank's U.S. operations, and then to devise and institute a uniform approach for examining risk across all the bank's businesses. That led to the development of an independent risk-control unit that is completely separate from all the trading divisions. The group's jurisdiction now spans all trading and credit products in North America.

The group began by developing a VAR system, which gave rise to a broader scope of risk surveillance, including all product control functions-P&L reporting and analysis, price variance and financial model review. The group monitors risk activities and establishes global trading limits based on VAR.

Aside from the risk monitoring function, the firm also boasts a risk management group that supports the fixed-income, treasury and derivatives areas of the bank. "Risk Management is a function that looks to opine on the risks that are being taken, for the express purpose of determining whether the risks are justified," says the risk manager. "Certain business units-like in derivatives-have their own people who are making suggestions along those lines. 'Is this a good risk that we should take, or not?' Or, 'What do we think of the relationship between two specific risk variables?'"

In contrast, the firm's risk monitoring group is completely detached from the bank's business lines. It is an autonomous and objective group whose job is to assess the risks that are being taken, to set policies and procedures, and to establish the basic guidelines by which risks are to be measured and monitored. The group's span of control includes equity instruments, fixed-income products, derivatives, money markets and currency products.

Over the last few years, risk control has gained significant importance, marked by an increase in human and financial resources directed toward the effort. The bank and its competitors must respond to ever-changing regulatory pressures. The bank is the recipient of an increased level of scrutiny externally, as well as internally, given the increased complexity of the products it trades. The risk control function has evolved quite steadily over the past several years. As the bank has globalized its business, management in turn has attempted to globalize the risk control and risk management efforts. "When you're a huge global institution, controlling risk becomes fairly complex because you have all kinds of different permutations of where traders are located, where the actual book is located, how risks are managed and so forth."

From the outset, the bank's management expressed two key goals that would dictate the approach taken by the risk management group and his colleagues overseas. For starters, senior management required a more comprehensive view of the risks being taken by the firm. This fundamental need eventually would be fulfilled by introducing VAR as a uniform unit of measure internationally. In fact, it is the senior management of the bank who is credited with spearheading the global VAR standard. The second major goal was to deepen and broaden the bank's overall risk management control capabilities, which led to the creation of the independent risk monitoring group. In New York, the risk manager has 40 people dedicated to risk control issues. The bank's London office possesses a comparable risk staff. Tokyo and the bank's smaller locations also have their own risk monitoring groups. Globally, the manager estimates that the bank has a couple of hundred individuals committed to the risk control function.

Such a formidable risk force would not have been possible without extensive support by senior management. However, he admits it has not always been smooth sailing. In the beginning, some managers voiced their resistance to setting up independent control groups. "If you're the head of a trading organization, all of a sudden you have this group that is beyond your control," he notes. "On a daily basis, you've got somebody looking over your shoulder and reporting on what you're doing." As time went on, however, the initial critics were won over. Today, he says one of the biggest challenges is striking a balance between the objectives of trying to enter new markets and new businesses, and the sometimes opposing objective of maintaining a tolerable level of control over the organization's risks.

At the bank, risks are aggregated across products and trading desks. "We're not necessarily interested in the last nth-detail of risk," he explains. "We're looking to see how the risks reconcile against our P&L numbers." The bank's VAR system produces a one-day, two-standard- deviation VAR number for the bank's various activities. The system cuts across all products and all types of risk. The firm has established limits based on VAR for all its major businesses, and these limits are being pushed down through each level of the management hierarchy.

The firm's VAR system runs on UNIX workstations using an Oracle database management system. The graphical user interface was created using the C programming language and a number of screen formatting tools. The system works as follows. Feeds from various front-office and back-office systems in North America flow into the local New York UNIX server at various times during the business day. Once received in New York, the information is immediately passed on to the risk server in Europe, which also collects risk data from other worldwide regions. This set-up enables Europe to produce an overall risk calculation for the bank once a day. From a reporting standpoint, the VAR system churns out reports and graphs that communicate risk exposure values, as well as deltas, gammas, vegas and so on. "We show VAR and P&L numbers, and graph the VAR number relative to P&L," he says.

While most of the hard work is behind him and his staff, he still harbors bad memories about the data and systems integration issues that needed to be ironed out. "We performed integration all by ourselves, so I can honestly tell you it was one painful episode after another," he recalls. "Integration was really about 75 percent of the effort...building all of the interfaces, understanding the risk types and codifying the risks so that you have a uniform approach in all your global locations."

The firm has relied in the past on third-party vendors to supply some of its front- and back-office systems. According to him, the bank's experience with third-party vendors is similar to what other organizations have encountered. Vendor systems can work if a company is eager to get from point A to point B relatively quickly. However, over time, vendors cannot deliver the customer service and responsiveness that their individual clients demand. He contends that the rate of progress on the Street for a major market-maker is considerably faster than any vendor can produce from a software perspective.

By and large, the bank's risk control effort has been embraced by everybody at the firm. He cannot recall many instances in which traders have violated risk limits. Those who do exceed an established limit may be penalized by way of their compensation or bonus. "We haven't had many problems along the lines of people disregarding our policies or guidelines," he says. "The traders understand what our role is. They understand that, at times, there is a difference in objectives. But, for the most part, they are very supportive."

The higher up in the management structure one goes, the more supportive people become with respect to the work he and his people do. "That's because senior management uses us as an important process for them to also get comfortable with what's going on in their areas," he says. "They rely on us as the eyes and ears for the institution, when it comes to risk."

He credits the risk management process for giving management a deeper understanding of all the complexities associated with a new trading idea, financial model or transaction type. Risk management has forced management to step back to make sure that everybody who is going to be affected by an innovation understands it, has had a chance to review it, and has the opportunity to express questions or concerns. Within this cautious environment, the bank still strives to foster creativity and experimentation.

Though most of the risk control pieces are already in place, he has outlined a few of his top goals for the future. One short-term objective is for the bank to complete its investment in developing the risk control process for all of its traded products as well as the treasury and bank-funding activities. "There are some areas where we still need to do a bit more in terms of building up the infrastructure around certain products," he says.

A second short-term goal involves rolling out the VAR system as the official trading limit and risk measurement system for all products. "We're close, but we're not quite there yet," he says. "It's going to take another few years of work before we get all our products done." He is also committed to stepping up stress-testing efforts on the bank's portfolios. The bank currently utilizes stress-testing to a certain degree, but he feels there is more that should be done in this area.

In the longer term, his next big challenge is to make sure that all of the finite financial resources (balance sheet assets and liabilities, local and foreign regulatory capital, risk capital and so on) that go into a trading business are thought about in a systematic and conceptually consistent way within all of the information systems.

Overall, he is quite satisfied with the progress that the bank has made on the risk management and risk control frontiers. "In terms of our risk management infrastructure, I think we're pretty state-of-the-art, in the sense that we have a global function that cuts across a majority of risk types. There still are relatively few institutions that have reached the stage we are at. You can never be airtight in this kind of endeavor, but you can always inch closer to perfection."

Asian Securities Firm

Our interview was with a risk manager who works in the technology group of a major Asian securities firm. The majority of the firm's business is composed of fairly straightforward instruments, such as bonds, equities, listed options and vanilla currency, and interest-rate swaps. It does not deal heavily in exotic options. Of late, the risk manager has played an integral role in attempting to introduce a formal risk management system to the firm.

The risk management process has been very slow to develop. To begin with, there is no enterprise-wide risk management division at the firm. Currently, risk management consists of individual desk managers supervising or hedging their own books, with little or no regard for what other business units are doing. For example, the firm's fixed-income manager, who oversees 20­25 traders and has a funding desk reporting to him, will regularly examine his traders' positions. Risks will be surveyed on a duration or duration-convexity basis. Should the manager feel that a particular trader is overly exposed, he will advise the trader to hedge his or her position with the appropriate instrument.

Similarly, the manager of the equity arbitrage department will look at his area's book in terms of delta equivalents. Right now, there is no automated, accurate way of combining the risk positions of the two desks and, by so doing, take the fixed-income and equity diversification effects into account. The prevailing situation makes it difficult to get a true picture of the firm's risk profile at any given moment in time.

Such a state of affairs had been the norm in general until recently. However, as he is quick to point out, the tides of change are beginning to wash in at most institutions. Change is being driven by several important factors. "Nobody likes to admit it, but regulatory changes are something that the firm is afraid of to some degree," he says. "If there is an SEC or Fed regulation put in place that makes firm-wide risk measurement mandatory, there's nothing in place at the firm currently that can handle all of the potential requirements."

To avoid excessive development costs and possible penalties, the firm is convinced it must prepare itself far in advance for such an event. The organization faces a more pressing problem, however. In the firm's home country securities marketplace, brokerage firms are still heavily reliant on fixed brokerage commissions. A high percentage of the firm's revenues come from lofty fixed-commission rates, which will be phased out in the coming years, just as Mayday rates were phased out in the United States in May 1975. When the fixed-commission structure is abolished, the profit margins on retail and institutional equity trades will plummet. To maintain their revenues, the brokerage firms will have to drum up business in other areas. He believes this new business will have to be risk business "These firms are not going to get paid for not taking on risk," he says. "Right now they are."

These risk businesses likely will involve derivatives. The firm will be forced to engage in more principal transactions, rather than the agent transactions it emphasizes today. New risks will go hand-in-hand with this shift in the business paradigm. As it takes on more exposure, its need to understand, measure and manage this exposure will grow exponentially. Hence, the risk management discipline will take on an indispensable role in the not-too-distant future.

Upper-level management has started to take a keen interest in the effort to bring formalized risk management to the firm. One of the members of senior management has been a vocal proponent of the initiative. The push for risk management has essentially started in New York. The Asian headquarters office is expected to take New York's recommendations about what kinds of systems to purchase and what types of functions to establish. But a lot of the internal risk management expertise is in the United States, and not in Asia. "If we build something in New York and Asia wants to go in a different direction, there's a little bit of risk involved there," he notes. "We want to make sure that Asia buys into our ideas before we make a sizable commitment of human or financial capital."

Although an influential member of management has taken the risk management project under his wing, not everybody at the firm is convinced of its merits. He believes one of the biggest obstacles to successfully implementing a comprehensive risk system is educational. "There are a limited number of people within the organization that really understand how they can use corporate-wide risk management systems, and what benefits they would derive from this type of system or function," he states. "They need to be taught to understand the pros and cons of risk management. What is VAR? What does it mean? How can I trust the numbers that come out, especially if I'm going to review traders based on these numbers, or allocate capital to the business?"

Another significant obstacle confronting him and his colleagues is the data and system integration aspects of developing a global risk system. Normalizing the data, building the data model and populating the data structures represent the greatest challenges from a logical standpoint. A bond traded on the firm's system in Asia does not carry the same data fields as a bond traded on the system in London or New York or elsewhere. Field lengths and record sizes can also be significantly different, depending on the office. All of these disparate data have to be normalized in order to run information through a single risk engine.

Technology incompatibility will also be a problem for his group. "As far as databases go, in New York and London, I know we have Oracle licenses," he says. "In Asia, they're using another type. In New York, we have a mixture of outsourced DEC machines as well as in-house IBM mainframes. Some of our New York systems are also spreadsheet-based. In Asia, our office is almost exclusively using IBM mainframes. It could be a nightmare to integrate all these systems."

On the subject of which risk types will get most of the attention early on, he believes the firm will tackle credit risk after they master market risk. However, there are some managers that are focusing on trying to combine the two in the first phase. He thinks this approach will create more headaches. Interest rate risk is obviously an issue. The firm maintains larger positions in fixed-income products, compared with equity instruments.

The firm's management decided early in the game to look to an outside vendor for a risk management engine, rather than to develop one in-house. It called in four vendors to conduct demonstrations of their systems. These vendors were narrowed from a list of approximately 20 firms. Why didn't the other vendors make the cut? According to our source, it was because they did not sell themselves as enterprise-wide risk management systems. "Essentially, what they were selling were front-end deal-capture and P&L reporting systems," he says. "These vendors were trying to build risk management functionality on the bottom of these systems, almost as an afterthought."

Managers from Asia and Europe flew in to be a part of the four vendors' dog-and-pony shows. After all was said and done, he and most other firm managers came away with a preference for one system. "The system appeared to be easier to use and set up," he says. "It comes across as very user-friendly. It delivers all of the information you want, even though it doesn't have the bells-and-whistles and enticing graphics that a competitor's system sports."

Despite its brilliant-looking front end, the system lost marks because of its modular design, which appeared difficult to set up, understand and use. A fourth system never successfully got its demo off the ground. Aside from that embarrassing problem, the firm was also weak from the perspective of technology support in Asia. "They have a lot of people in the United States who understand risk management, but, as far as being a vendor is concerned, they have a limited number of outside customers."

Once the risk engine is in place, the firm will obtain risk data from a mixture of front- and back-office systems. About half of the deals are done directly in the back office. The balance of the deals are transacted through up to 20 different front-office systems, depending on the product. He feels that the issue of reconciliation between the front-office systems, back-office systems and risk engine will be a problem if the firm captured trades from the front. "Once they hit the back, and are marked as good trades and get a trade reference number, there's much less of a reconciliation problem," he says. "The back-office systems can provide us with all the data we'll need."

In the United States, all the firm's back-office systems are real-time. When a trade is entered, it is booked and hits the firm's inventory in real-time. However, the firm does not get real-time prices. So, if real-time risk management were ever to be a goal at the firm, the firm would have to subscribe to a live market data feed.

For the time being, the firm's management is satisfied with end-of-day risk reporting. Our source thinks that eventually the firm would want to have each of its back-office systems send real-time messages to the risk engine. "If you wanted to run a risk report in the morning because something happened in Europe and you're interested in seeing what each trader's positions look like, such a system would be able to accommodate that," he comments.

In terms of reporting, his team will direct its attention toward designing thoughtful and concise reports that senior management would want to look at on a daily basis. He assumes that reporting will be done by desk, for instance, according to risk types. He would love to come up with a standard set of reports that everybody can agree on. If necessary, the group would custom-tailor reports to specific end-users on a case-by-case basis. "Obviously, there are countless ways of slicing and dicing the risk data. What we want to avoid is a situation in which we're printing 200-page reports that nobody needs."

It's been more than seven months since the firm conducted its vendor review, but thus far no contracts have been signed. The current holdup involves finding. The firm's previous year budget was set in stone. His department is waiting to see next year's budget figures. In addition to the budgetary constraints, the headquarters in Asia is still trying to get an overall picture of how it is going to solve the system and data integration piece of the puzzle, and how the firm's three main offices can work together to build the system. "I've heard that Asia has approved the first leg of a feasibility study," he claims. "Management in Asia feels it needs to survey the technological landscape to see what hardware and software the firm has today. It's easy to pick a new risk engine, but folks still have to put all the systems together to feed the information to a normalized database."

He says very little of the data normalization phase, if any, will be performed by the systems vendor. A vendor's main function is to help a client extract data out of the data model and feed it into the risk engine. In general, vendors do not take on the role of data or systems integrators.

The development of the firm's risk management system will likely be performed at one location first. Once this location is operational, he expects that the system will be gradually rolled out to the firm's other locations. Within a single location, individual desks will be integrated into the system one at a time. He assumes that New York will be the location chosen as the beta site. "We would start by choosing a desk, such as the Treasury desk. We would run the data through the risk engine, get the numbers, check them out against the formulas and probably get a third-party consultant to put his or her seal of approval on it," he relates. "We won't leave a single stone unturned. This project is far too important to us."

Global Investment Banking Firm

The interviewee is in the treasury department at this top-tier investment banking firm.

Although he is not involved with product-related risk management per se, his role as an expert in reducing liquidity risk is vital to the health and well-being of the firm as a whole.

As a premier investment bank, the firm requires capital to trade for its own account. In order to obtain this capital, the firm may access the public equity market, borrow money from other banks or issue short-term debt instruments. The latter naturally add to the liability side of the firm's balance sheet. His function is to monitor liquidity risk, which is defined as having access to cash to pay unsecured creditors at any time.

The firm has resisted the temptation to boost its capital base by selling more of the company to the public. As a result, capital is a precious company resource that must be managed with extreme care. As the firm's short-term obligations become due, it must be able to quickly roll over the principal amount into new sources of financing. It is his responsibility to measure the liquidity risks involved in obtaining financing, and how these funds will be used by the different trading desks. Each of the firm's trading desks has a system to measure the risk of each trade. These systems also perform calculations detailing how trades will affect the firm's liquidity risk. Such information is stored in different systems and integrated together.

The firm began to emphasize liquidity risk management when it started to access the commercial paper market for the first time. As the firm engaged in more borrowing activities, it became exposed to new kinds of risk.

Currently, upper-level management receive daily and weekly reports on how assets are funded and how financing mixes are used. Managers receive a special liquidation graph, which, in essence, is a worst-case scenario. The firm maintains U.S. securities that are financed both in the repo market and by commercial paper. "If there is a financial liquidity crisis, the firm could use U.S. government securities and sell them to raise cash," he notes. "The firm's managers know our risk management numbers by heart."

The products analyzed are primarily ones in which liquidity risk comes into play. The risk management function extends across all the major trading desks. Various types of risk are analyzed at the desk level, and are also aggregated for the firm as a whole. In its quest to reduce liquidity risks, the firm conducts an analysis on a monthly basis to form recommendations on how the firm could respond to a credit crisis.

"Our risk management systems are fairly global," the risk manager says. "To control liquidity risk, we use global systems to monitor international markets such as Europe and Asia." He indicates that data used by the system for analysis originate from both front- and back-office systems. Outputs of the system include reports listing the total amount of inventory globally financed by unsecured resources, as well as liability information detailing how much is owed to various creditors.

The reaction by the firm's employees toward these risk management initiatives has been quite positive. Resistance has been minimal, and top management is serious about the risk management effort. There are controls and incentives in place for traders to stay within established risk limits. In fact, one of the items in a trader's regular performance evaluation is how closely he or she adhered to risk management guidelines. If a trader exceeded the limits, he or she would be promptly dismissed.

Risk management has changed the global way of thinking. While international diversification is important, the firm does not believe it must have an investment presence in every market. Management is aware of sovereign risk, and performs strong due diligence in analyzing risk and reward potential.

He feels that the risk management function should involve more automation and provide more accessibility to key managers that make crucial decisions. "To improve the accuracy of risk management, there should be less of a manual touch," he adds. "More systems need to be put in place to capture and process risk data on a frequent basis. Yet, we don't want to totally disregard the important human element."