View original document

The full text on this page is automatically extracted from the file linked above and may contain errors and inconsistencies.

For release on delivery
2:15 p.m. EDT
April 11, 1996

Remarks by

Janet L. Yellen

Board of Governors of the Federal Reserve System

at the

Conference on Recent Developments in the Financial System

Jerome Levy Economics Institute of Bard College

April 11, 1996

The "New" Science of Credit Risk Management at Financial Institutions

Thank you for the opportunity to appear at this year's conference on recent
developments in the financial system with emphasis on the area of risk management. I am
sure that most of you have been keeping well informed about these developments and, in
particular, are aware of the great attention being paid to the subject of derivatives. Terms of
art such as "swaps," "options," and "swaptions" are becoming increasingly familiar to every
reader of the financial press. But, as interesting as they may be, derivatives are not the
subject of my talk this afternoon—at least, derivatives are not the direct subject of my talk.
Rather, I wish to discuss the important technological changes that have been taking place in
the "old-fashioned" business of lending, the business of taking money from investors and
lending it to corporate and household borrowers—the process we call "intermediation." In
particular, I will concentrate my remarks on the implications of these technological advances
for the management of risk and for the prudential supervision of banks.
In the lexicon of previous decades, "intermediation" occurred when banks and nonbank
financial institutions took in funds from depositors or other investors, and then lent the funds
to businesses and households, holding such loans on the books of the bank or nonbank until
the loans matured, rolled over, or went belly up. "Credit risk" was the major risk incurred by
the financial institution, since interest rate risk could be managed easily by making sure the
contractual interest rate on the loan varied with the cost of funds.
Over the past fifteen years, however, traditional intermediation has changed
dramatically at many of the nation's largest banks. Also, large nonbanks, including
investment banks, captive finance companies, and insurance companies, increasingly have

become major players in the intermediation process, employing the same technological
advances as banks. Chief among the innovations at the major banks has been the invention
and use of loan securitization. Bank-sponsored loan securitizations currently involve over
$200 billion in outstanding securities, sponsored primarily by the very largest banks, and
these securitizations already account for roughly 20 percent of the credit activities of these
large institutions. Furthermore, the importance of securitization will almost surely grow as
market participants' understanding of the process improves. Today, banks securitize a wide
variety of bank loans, including short-term commercial loans, trade and credit card
receivables, auto loans, first and second mortgages, commercial mortgages, and lease
receivables. In addition, there are emerging markets for the securitization by banks of small
business loans and middle-market commercial loans.
Securitization holds the potential for completely transforming the traditional paradigm
of intermediation. But securitization does not relieve banks of their major, traditional job—
which is to measure, assume, and manage credit risk. Indeed, we now know that
securitization can result in as much or more credit risk being undertaken by banks as when
they engage in traditional lending. To see this, let's briefly review the loan securitization
process. Typically, a sponsoring bank (or nonbank) forms a special purpose,
bankruptcy-remote vehicle, referred to as a securitization conduit. The conduit purchases
loans from the sponsor or from others, or may even originate the loans directly. To finance
these loan purchases or originations, the conduit issues various classes of asset-backed
securities collateralized by the underlying loan pool. Most of the conduit's debt is issued to
public investors who require that the senior securities be highly rated (generally double-A and

triple-A). In order to achieve these high ratings for the senior securities, the conduit must
obtain credit enhancements that insulate the senior securities from the risk of default on the
underlying loans. Guess who generally provides the bulk of these credit enhancements? The
sponsoring bank, of course. Such credit enhancements can be provided in many forms,
including the issuance of a standby letter of credit to the conduit, or by the sponsoring bank
buying back the most junior securities issued by the conduit. In return for providing the
credit enhancements, as well as the loan origination and servicing functions, the sponsoring
bank lays claim to all residual spread between the yields on the underlying loans and the
interest and non-interest costs of the conduit, net of any losses on pool assets covered by the
credit enhancements.
At the Federal Reserve, we call these credit enhancements, in all their various forms,
"direct credit substitutes" or DCSs. In fact, a direct credit substitute is a credit derivative in
the classic sense: the instrument's value derives from—is a derivative of—the value of the
underlying loan pool. At times, the risk of these derivative instruments is far greater, per
dollar of book value, than the risk of the underlying whole loans. For example, suppose that
a bank securitizes $100 million in loans by having the bank-sponsored conduit issue $80
million in senior securities to the investing public and $20 million in junior securities to the
sponsoring bank. In effect, the bank's $20 million position provides credit protection for the
$80 million of senior securities. Losses on the underlying loans would have to exceed 20
percent before the holders of the senior securities would suffer any loss whatsoever. Losses
of this magnitude are such a remote possibility-as evidenced by the triple-A rating of the
senior securities—that the bank can be said to incur essentially all of the credit risk of the

underlying loans. Now if the prudent bank would have held, say, $10 million in capital
against the $100 million of whole loans, then the same prudent bank should hold almost the
same $10 million of capital against the $20 million junior security that embodies almost all of
the risk of the underlying loans. In other words, prudential capital requirements should rise
from 10 percent to almost 50 percent of the book value of the bank's risk position. This is
what we mean when we say that securitization can result in credit risk that is highly
"concentrated" within relatively small positions on, or off, the books of the sponsoring
As the larger, sophisticated banks-and their large, sophisticated nonbank
competitors—have become involved in ever more complicated securitizations, a need has
arisen to develop commensurately sophisticated procedures for measuring and managing the
credit risks flowing from these transactions. Some of these procedures have been adapted for
use in ordinary on-balance-sheet lending, and vice versa. For example, statistical credit
scoring is in widespread use for many of the bank loans that are being securitized, including
credit card receivables, auto loans, and mortgage loans. Credit scoring-which is a statistical
procedure that provides an estimate of default probability for each potential loan-increasingly
is being used for small business lending and middle-market commercial lending.
Why is the use of statistical credit scoring becoming so popular and, in particular, why
is credit scoring becoming so intimately tied to loan securitization? One reason is that credit
scoring contributes to consistency in loan underwriting standards which, in turn, permits the
estimation of a loss probability distribution for the pool of loans being securitized.
Reasonably scientific estimates of these probability distributions are desirable if the rating


agencies are to determine how much credit enhancement is necessary to achieve, say, tripIe-A
ratings on the senior securities backed by the loan pools. Furthermore, in order for the credit
scoring models to be developed, the bank must work with historical loss data on a large
number of homogeneous loan contracts. Securitization relies on the development of good
data regarding loss probabilities, and these data, in turn, rely on the use of standardized loan
documents so that the statistician is comparing apples to apples.
It is easy to see why securitization has become popular with those institutions capable
of measuring and managing credit risk well. To the extent loan documents are standardized
and credit scoring models are used in the loan origination process, the non-interest expenses
associated with lending are reduced. According to one estimate, for example, the upfront
non-interest costs of the traditional underwriting process for small business lending can range
to a full percentage point, or much higher, depending on the size of the loan. By using credit
scoring and loan standardization, a bank can eliminate a substantial portion of this
underwriting cost. This can represent a significant cost advantage when competing for new
A byproduct of the standardization and credit scoring process is that there is less
uncertainty associated with estimates of the loss probability distributions associated with
various loan pools. More precision in estimating risk is tantamount to a reduction in risk.
Also, securitization, to the extent it provides the originator with greater funding sources, may
allow the institution to create larger loan pools than on-balance-sheet lending through
self-funding would permit. Larger, more diversified, loan pools may result in overall risk
reduction. Also, securitization permits the pool sponsor to "slice and dice" the securitization

tranches in order to match more closely the risk characteristics of each tranche with the
desires of each class of investor. For these reasons, and because of the potential for a
reduction in non-interest expenses, the net risk-adjusted return to the securitizer should be
above that of holding the whole loans on its books. Indeed such a condition must exist for
the large institutions to have found securitization so attractive.
The generally competitive nature of financial markets, furthermore, will result in these
improvements in risk-adjusted returns being passed through, at least partially, to the loan
customer. That is, securitization should result in lower loan rates for those borrowers that
qualify for, and wish to partake of, the standardized loan contracts.
As markets for securitized loan products evolve, so will markets for nonstandardized
loan products. As we have seen in the market for mortgage loans, borrowers who don't
qualify for, or don't want, the standardized product will always have access to
nonstandardized loans. But, even assuming the nonstandard loan is no more risky than the
standardized product, customers for the nonstandard loan will have to pay higher rates for the
customized loan product relative to the standardized loan. In some cases-for example,
middle-market commercial lending-securitization will be slowed because of the traditional
importance of the customer relation and the entrenchment of individualized service.
While securitization may be revolutionizing the "intermediation" process, we should
still continue to characterize the sponsoring banks themselves as "intermediaries." After all,
in the typical bank-sponsored securitization it is bank personnel who underwrite and originate
the loan pool, service the loans, and work out the loans in the pool that go bad. And it is the
bank-sponsor-through the use of credit enhancements-that assumes the bulk of the credit risk

on the loan pool. Therefore, as prudential supervisors of banks, the policy issues facing us
with regard to securitization are similar in scope to, although often more complicated than,
the questions we face regarding traditional lending. The important questions include:
1) how should we measure the credit risk associated with the lending and
securitization activities of a bank?
2) how much capital should be required of the bank for a portfolio of given riskiness?
Regarding the capital treatment of banks, I must say that we do not have a very good
handle on either how to measure credit risk in a scientific manner, or how to allocate capital
to credit risk in specific circumstances. The Basle Accord on international capital standards
for banks is, paradoxically, both very complex-as in the case of capital for market risk-and
quite simplistic when it comes to credit risk. For example, the vast majority of nonmortgage
loans are all assigned the same, rather arbitrary, capital requirement of 8 percent. Within the
formal "risk-based" capital requirements, there is no distinction between a secured loan to a
triple-A rated company versus an unsecured loan to a junk-rated company. Nor do our formal
regulatory capital requirements currently take into account the bank manager's success, or lack
thereof, in hedging or mitigating credit risk through the use of credit derivative transactions or
effective portfolio diversification.
This relatively simplistic approach to capital requirements for credit risk was a good
compromise when the Basle Accord was reached in the mid-1980s. Back then, the
technology of credit risk measurement was not sufficiently developed to permit more
finely-tuned capital requirements; and there was an overarching need to set minimum capital
requirements in the face of the long decline in bank capital levels. Also, securitization and


other complex credit activities were not prevalent as they are now. Today, however, the "one
size fits all" approach to capital requirements for credit risk is becoming increasingly
problematic as banks themselves, in their own, internal capital allocation procedures, take into
account the widely varying risk characteristics of their many different credit instruments.
At the most forward looking of the large institutions, bankers are trying to do the two
things one must do in order to truly determine capital adequacy for credit risk. First, bankers
are statistically measuring risk and, second, they are trying to follow consistent "decision
rules" in allocating enough capital to cover the measured risk. In middle-market and large
commercial loan activities, for example, the process of capital allocation at these large banks
often begins by assigning a credit rating or score to each of the bank's business loans. Often
a 1 to 10 rating system is used, with a 1-rated loan being the equivalent of a triple-A credit
and a 10-rated loan being written off as a loss. Some of the more sophisticated banks then
go further by using historical loss data to estimate the mean and variance of losses on each
grade of loan. In effect, the risk manager attempts to estimate the loss probability distribution
for each grade of commercial loan. From there it is a simple matter to "allocate" capital to
the loan by following a consistent decision rule. For example, the banker might wish to
allocate enough capital to a category, or subportfolio, of loans so that the probability of losses
on the subportfolio exceeding the allocated capital is only, say, one-half of one percent. This
"soundness" target is chosen because, say, the banker wishes to maintain a double-A rating on
his own corporate debt and, over the relevant time horizon, the default probability for
double-A corporate bonds has been observed to be one-half of one percent.
The process I have just described, in its many variations, is often referred to as

RAROC analysis, or analysis of Risk-Adjusted Return on Capital. Techniques have evolved
rapidly, so that the RAROC analysis of the mid-1990s is not the same as the RAROC
analysis at its beginnings in the early 1980s. Bankers make these complex calculations for
several internal business reasons. By knowing how much of the bank's capital should be
internally allocated to any particular business activity, the banker can calculate the rate of
return on that allocated capital. If that rate of return is too low, the bank should seek to cut
non-interest expenses, or fewer resources should be devoted to the activity, or its business-line
manager should be rewarded less than the managers of higher-yielding activities. To the
extent that the bank can alter prices of its credit products, RAROC calculations also help in
the pricing process: if capital is being allocated properly by management, and the resulting
return on capital is too low, then spreads being charged on the credit products are too low.
This is not to say the large banks uniformly follow their own internal RAROC models
when pricing their loan products. Often, when competitors' pricing in a particular risk
category is "too low," a bank is forced to choose between, on the one hand, making a loan
with a low risk-adjusted return on capital in order to preserve the bank's market share or, on
the other hand, refusing to meet the low price of its competitor and therefore risk losing
market share. Often, market share wins and the models-based pricing process loses.
It is important to note that, in contrast to the "one size fits all" standard of our
regulatory capital rules, the internal RAROC procedures of banks often result in a very wide
range of internal capital allocations, even within a particular category of credit instrument.
For example, according to a 1995 industry study, approximately 60% of the top 50 banks
internally allocate capital by risk grade of commercial loan. In a small sampling of these


large institutions, Federal Reserve staff found that internal capital allocations ranged from less
than 1 percent of asset value for the best rated, least risky loans, to 20 percent or more for the
most risky loans.
This great diversity in internal capital allocations leads to at least two types of
potential difficulty. In cases where the internal capital allocation is significantly below the 8
percent regulatory standard, a bank may have to engage in costly "regulatory arbitrage" to
evade the regulatory standard. Often, this may be easily accomplished, because the regulatory
minimum 8 percent capital requirement is applied against the whole portfolio of nonmortgage
loans. Therefore, the bank often can simply "average" the low-risk loan (for which the 8
percent standard is too high) with other, higher-risk assets (for which the 8 percent standard is
too low). However, in cases when regulatory arbitrage is not possible or too costly, the bank
may actually have to alter its overall investment and funding practices, perhaps in a way that
upsets the socially desirable allocation of resources. Another type of problem emerges when
a bank has a nominally high regulatory capital ratio which generates a false sense of security
by masking greater-than-normal risk exposures.
Internal capital allocation procedures have evolved as the credit products offered by
banks have evolved. Complex credit derivatives and tranches of loan securitizations raise
difficult issues of properly measuring the risk of certain instruments and therefore properly
allocating capital to those risks. We know that a very wide range of capital allocations is
possible, even for seemingly similar credit instruments, and that this range of possible capital
allocations is widened by the use of direct credit substitutes and other credit derivatives. The
problem we face increasingly as bank supervisors is that our evolving regulatory capital

requirements, no matter how complex they become, are not likely to capture the complexity
of risk positions that bankers are actually undertaking. I fear we may be reaching the point
that, for our largest, most complicated institutions, a bank's formal, regulatory "risk-based"
capital ratio, let alone its simple equity to asset ratio, is not as useful a signal of financial
soundness as we would like it to be.
In a recent issue of the American Banker various observers of the banking scene
complained that bank capital levels were now "too high" to sustain a reasonable rate of return.
These observers argued that, because of the "excessive" capital, banking activities were going
to have to decline or bankers were going to have to further accelerate dividend payouts and
stock buybacks. But when is bank capital "too high?" If banks have such outrageously high
capital ratios why does no major U.S. bank holding company have its parent corporate debt
rated triple-A? In fact, 70 percent of the top 50 U.S. banking companies have their parent
debt rated single-A or lower. Yet, the capital ratios of these institutions are near recent
historical highs, and most are well above the regulatory minimums.
I have tried to give you a taste for the complexity of modern credit activities. This
complexity, and the diverse manner in which our most sophisticated banks measure and deal
with credit risk, means that the rote application of rigid capital rules is becoming less and less
appropriate. Indeed, a long held view of the Federal Reserve is that the supervision of risktaking on a bank-by-bank basis~as opposed to the writing of regulations applying to all
banks-is the preferred way to assure that credit risk in our banking system is being managed
in a prudential manner. Our emphasis on bank-by-bank supervision has traditionally been
carried out by an examination process that focuses on the specifics of the credit portfolio.

Major credits are reviewed one by one, and other elements of the portfolio are sampled, to
determine which assets may fall into one of the "classified" buckets such as "substandard" or
"doubtful" loans. But, while examination of individual credits and groups of credits may
remain the mainstay of the examination process, supervisors are not stopping there. In late

1995, the Federal Reserve and the Comptroller of the Currency separately announced major
efforts to examine the risk management capabilities of each of the institutions under their
respective purviews. The other banking agencies are expected to announce similar efforts. In
the case of the Federal Reserve, we intend to conduct risk examinations that will result in a
specific "grade" attached to the institution's risk management performance. This "risk
management grade" will help determine the bank's CAMEL rating (which as you know is the
supervisory equivalent of a report card and the basis on which most supervisory actions are
Our risk management examinations will focus not only on the risk models used by an
institution, but also on its risk management process, including its internal controls. As recent
highly publicized events have shown, it does a bank no good to have a state-of-the-art risk
model if the bank doesn't conduct a simple background check on the person asking for the
loan, or if the bank doesn't monitor and control the activities of individual officials, especially
traders. This caveat notwithstanding, risk management has at its core the effective
measurement of risk. So, when we conduct our risk management examinations, we will look
closely at the specific techniques the banking institutions use to measure credit risk. And, as
has always been the case in the past~before securitization, before concerns over credit risk
associated with derivative counterparties, and certainly before the advent of credit

derivatives-supervisors will use examinations to keep up with practices at the frontiers of
credit risk measurement.
As supervisors, not practitioners, we can never hope to be truly on the frontiers of
credit risk practice. Indeed, the science and art of risk measurement is evolving so rapidly
that only a handful of institutions can properly be said to be engaging in "best practice" risk
measurement at any one time. And "best practice" for a large, money-center institution may
be totally inappropriate for a regional or community bank. Also, there will always be
disagreement over what truly constitutes "best practice." But one of the supervisors' tasks is
to try not to fall too far behind. In particular, it is important that we can discern between
"adequate practice" and "unacceptable practice" when it comes to risk measurement and risk
management. This we intend to continue doing.
There are other, even more complex issues that are being brought to the fore with the
advent of the new risk measurement and management technologies. As the years go by, the
technologies for quantifying bank-wide credit risk certainly will continue to evolve well
beyond what was possible when our risk-based capital regulations were first devised in the
mid-1980's. A decade ago, risk managers at the major institutions rarely talked about
"probability distributions" in the way that market risk managers-and, increasingly, credit risk
managers—now talk about such matters. It is easy to imagine that in another decade the
typical chief risk officer at a major institution will have at his or her disposal, at any moment
in time, one or more models for estimating the institution-wide credit-loss probability
distribution facing the bank. In fact, several of the major banking institutions are actively
developing such models, and it is likely to be only a matter of when, not whether, such


technologies become commonplace.
Risk, of course, can never be measured in absolutely precise terms: there are, after
all, specification and estimation errors, as well as the possibility that future behavior will
differ from past behavior. Nevertheless, at some point, the technology for measuring credit
risk will become sufficiently robust to warrant a major rethinking of our prudential capital
regulations for credit risk. As regulators develop increasing confidence in the ability of banks
to quantify and manage credit risk, the natural course will be to find ways to reflect these
competencies in our regulatory and supervisory capital standards. We are attempting to do
this now with respect to capital requirements for market risk. Under the "models-based"
procedures that will go into effect within two years for the largest, internationally active
banks, the bank trading account manager estimates a loss probability distribution for the entire
trading account over a two-week time horizon. Then, the manager estimates the amount of
losses that would occur with 1 percent or less probability, if the portfolio were left unchanged
over the two-week horizon. Regulatory capital is set at a multiple of this loss amount, which
is commonly called the Value-at-Risk, or VaR.

For example, depending on the specifics,

regulatory capital might be set at three times the two-week VaR. The adoption of this
internal models-based approach to capital requirements became possible only because of the
technological advances over the past decade or so that now permit managers to measure
market risk over short time horizons with acceptable accuracy.
The measurement of credit risk has a long way to go before it reaches the current
level of sophistication with which market risk is measured. Market risk measurement is
expedited by the ability of risk managers to view daily or intra-day changes in asset prices on


instruments traded in well developed secondary markets. However, except for the larger
loans, secondary markets are not well developed for, say, commercial loans, and therefore
loss distributions cannot easily be estimated by directly observing changes in asset prices.
Nevertheless, the measurement of credit risk eventually may evolve to the point where an
"internal models" approach to capital for credit risk will become a practical possibility.
Despite the complexities I have attempted to describe today-indeed, partly because of
these complexities-I remain highly optimistic that both our system of financial intermediation
and our system of financial regulation will remain strong and resilient. We know much more
about risk measurement and management than we did a decade ago—and a decade from now
we will know still more. Just as I cannot imagine that our present system of regulation will
remain unchanged forever, I cannot imagine that we will ever reach a "perfect" system of
regulation and supervision. However, we can, and I believe will, make the system better as
we strive to adapt to changing realities. Perhaps a future Federal Reserve Governor will
appear before you a decade hence to discuss the continuing evolution of our financial system.
Thank you, and I will now entertain questions.