Governor Yellen made these remarks at the conference on Recent
Developments in the Financial System, Jerome Levy Economics Institute
of Bard College, Annandale-on-Hudson, N.Y., last spring.
Thank you for the opportunity to appear at this year's conference on
recent developments in the financial system with emphasis on the area
of risk management. I am sure that most of you have been keeping well
informed about these developments and, in particular, are aware of the
great attention being paid to the subject of derivatives. Terms of art
such as "swaps," "options" and "swaptions"
are becoming increasingly familiar to every reader of the financial press.
But, as interesting as they may be, derivatives are not the subject
of my talk this afternoonat least, derivatives are not the direct
subject of my talk. Rather, I wish to discuss the important technological
changes that have been taking place in the "old-fashioned" business
of lending, the business of taking money from investors and lending it
to corporate and household borrowersthe process we call "intermediation."
In particular, I will concentrate my remarks on the implications of these
technological advances for the management of risk and for the prudential
supervision of banks.
In the lexicon of previous decades, "intermediation" occurred
when banks and nonbank financial institutions took in funds from depositors
or other investors, and then lent the funds to businesses and households,
holding such loans on the books of the bank or nonbank until the loans
matured, rolled over or went belly up. "Credit risk" was the
major risk incurred by the financial institution, since interest rate
risk could be managed easily by making sure the contractual interest rate
on the loan varied with the cost of funds.
Over the past 15 years, however, traditional intermediation has changed
dramatically at many of the nation's largest banks. Also, large nonbanks,
including investment banks, captive finance companies and insurance companies,
increasingly have become major players in the intermediation process,
employing the same technological advances as banks. Chief among the innovations
at the major banks has been the invention and use of loan securitization.
Bank-sponsored loan securitizations currently involve over $200 billion
in outstanding securities, sponsored primarily by the very largest banks,
and these securitizations already account for roughly 20 percent of the
credit activities of these large institutions. Furthermore, the importance
of securitization will almost surely grow as market participants' understanding
of the process improves. Today, banks securitize a wide variety of bank
loans, including short-term commercial loans, trade and credit card receivables,
auto loans, first and second mortgages, commercial mortgages and lease
receivables. In addition, there are emerging markets for the securitization
by banks of small business loans and middle-market commercial loans.
Securitization holds the potential for completely transforming the traditional
paradigm of intermediation. But securitization does not relieve banks
of their major, traditional jobwhich is to measure, assume and manage
credit risk. Indeed, we now know that securitization can result
in as much or more credit risk being undertaken by banks as when they
engage in traditional lending. To see this, let's briefly review the loan
securitization process. Typically, a sponsoring bank (or nonbank) forms
a special purpose, bankruptcy-remote vehicle, referred to as a securitization
conduit. The conduit purchases loans from the sponsor or from others,
or may even originate the loans directly. To finance these loan purchases
or originations, the conduit issues various classes of asset-backed securities
collateralized by the underlying loan pool. Most of the conduit's debt
is issued to public investors who require that the senior securities be
highly rated (generally double-A and triple-A). In order to achieve these
high ratings for the senior securities, the conduit must obtain credit
enhancements that insulate the senior securities from the risk of default
on the underlying loans. Guess who generally provides the bulk of these
credit enhancements? The sponsoring bank, of course. Such credit enhancements
can be provided in many forms, including the issuance of a standby letter
of credit to the conduit, or by the sponsoring bank buying back the most
junior securities issued by the conduit. In return for providing the credit
enhancements, as well as the loan origination and servicing functions,
the sponsoring bank lays claim to all residual spread between the yields
on the underlying loans and the interest and noninterest costs of the
conduit, net of any losses on pool assets covered by the credit enhancements.
At the Federal Reserve, we call these credit enhancements, in all their
various forms, "direct credit substitutes" or DCSs. In fact,
a direct credit substitute is a credit derivative in the classic sense:
The instrument's value derives from is a derivative ofthe
value of the underlying loan pool. At times, the risk of these derivative
instruments is far greater, per dollar of book value, than the risk of
the underlying whole loans. For example, suppose that a bank securitizes
$100 million in loans by having the bank-sponsored conduit issue $80 million
in senior securities to the investing public and $20 million in junior
securities to the sponsoring bank. In effect, the bank's $20 million position
provides credit protection for the $80 million of senior securities. Losses
on the underlying loans would have to exceed 20 percent before the holders
of the senior securities would suffer any loss whatsoever. Losses of this
magnitude are such a remote possibilityas evidenced by the triple-A
rating of the senior securities that the bank can be said to incur
essentially all of the credit risk of the underlying loans. Now if the
prudent bank would have held, say, $10 million in capital against the
$100 million of whole loans, then the same prudent bank should hold almost
the same $10 million of capital against the $20 million junior security
that embodies almost all of the risk of the underlying loans. In other
words, prudential capital requirements should rise from 10 percent to
almost 50 percent of the book value of the bank's risk position. This
is what we mean when we say that securitization can result in credit risk
that is highly "concentrated" within relatively small positions
on, or off, the books of the sponsoring institution.
As the larger, sophisticated banksand their large, sophisticated
nonbank competitorshave become involved in ever more complicated
securitizations, a need has arisen to develop commensurately sophisticated
procedures for measuring and managing the credit risks flowing from these
transactions. Some of these procedures have been adapted for use in ordinary
on-balance-sheet lending, and vice versa. For example, statistical credit
scoring is in widespread use for many of the bank loans that are being
securitized, including credit card receivables, auto loans and mortgage
loans. Credit scoringwhich is a statistical procedure that provides
an estimate of default probability for each potential loanincreasingly
is being used for small business lending and middle-market commercial
Why is the use of statistical credit scoring becoming so popular and,
in particular, why is credit scoring becoming so intimately tied to loan
securitization? One reason is that credit scoring contributes to consistency
in loan underwriting standards which, in turn, permits the estimation
of a loss probability distribution for the pool of loans being securitized.
Reasonably scientific estimates of these probability distributions are
desirable if the rating agencies are to determine how much credit enhancement
is necessary to achieve, say, triple-A ratings on the senior securities
backed by the loan pools. Furthermore, in order for the credit scoring
models to be developed, the bank must work with historical loss data on
a large number of homogeneous loan contracts. Securitization relies on
the development of good data regarding loss probabilities, and these data,
in turn, rely on the use of standardized loan documents so that the statistician
is comparing apples to apples.
It is easy to see why securitization has become popular with those institutions
capable of measuring and managing credit risk well. To the extent loan
documents are standardized and credit scoring models are used in the loan
origination process, the noninterest expenses associated with lending
are reduced. According to one estimate, for example, the upfront noninterest
costs of the traditional underwriting process for small business lending
can range to a full percentage point, or much higher, depending on the
size of the loan. By using credit scoring and loan standardization, a
bank can eliminate a substantial portion of this underwriting cost. This
can represent a significant cost advantage when competing for new business.
A byproduct of the standardization and credit scoring process is that
there is less uncertainty associated with estimates of the loss probability
distributions associated with various loan pools. More precision in estimating
risk is tantamount to a reduction in risk. Also, securitization, to the
extent it provides the originator with greater funding sources, may allow
the institution to create larger loan pools than on-balance-sheet lending
through self-funding would permit. Larger, more diversified, loan pools
may result in overall risk reduction. Also, securitization permits the
pool sponsor to "slice and dice" the securitization tranches
in order to match more closely the risk characteristics of each tranche
with the desires of each class of investor. For these reasons, and because
of the potential for a reduction in noninterest expenses, the net risk-adjusted
return to the securitizer should be above that of holding the whole loans
on its books. Indeed such a condition must exist for the large institutions
to have found securitization so attractive.
The generally competitive nature of financial markets, furthermore,
will result in these improvements in risk-adjusted returns being passed
through, at least partially, to the loan customer. That is, securitization
should result in lower loan rates for those borrowers that qualify for,
and wish to partake of, the standardized loan contracts.
As markets for securitized loan products evolve, so will markets for
nonstandardized loan products. As we have seen in the market for mortgage
loans, borrowers who don't qualify for, or don't want, the standardized
product will always have access to nonstandardized loans. But, even assuming
the nonstandard loan is no more risky than the standardized product, customers
for the nonstandard loan will have to pay higher rates for the customized
loan product relative to the standardized loan. In some casesfor
example, middle-market commercial lendingsecuritization will be
slowed because of the traditional importance of the customer relation
and the entrenchment of individualized service.
While securitization may be revolutionizing the "intermediation"
process, we should still continue to characterize the sponsoring banks
themselves as "intermediaries." After all, in the typical bank-sponsored
securitization it is bank personnel who underwrite and originate the loan
pool, service the loans and work out the loans in the pool that go bad.
And it is the bank-sponsorthrough the use of credit enhancementsthat
assumes the bulk of the credit risk on the loan pool. Therefore, as prudential
supervisors of banks, the policy issues facing us with regard to securitization
are similar in scope to, although often more complicated than, the questions
we face regarding traditional lending. The important questions include:
- How should we measure the credit risk associated with the lending
and securitization activities of a bank?
- How much capital should be required of the bank for a portfolio of
Regarding the capital treatment of banks, I must say that we do not
have a very good handle on either how to measure credit risk in a scientific
manner, or how to allocate capital to credit risk in specific circumstances.
The Basle Accord on international capital standards for banks is, paradoxically,
both very complexas in the case of capital for market riskand
quite simplistic when it comes to credit risk. For example, the vast majority
of nonmortgage loans are all assigned the same, rather arbitrary, capital
requirement of 8 percent. Within the formal "risk-based" capital
requirements, there is no distinction between a secured loan to a triple-A
rated company vs. an unsecured loan to a junk-rated company. Nor do our
formal regulatory capital requirements currently take into account the
bank manager's success, or lack thereof, in hedging or mitigating credit
risk through the use of credit derivative transactions or effective portfolio
This relatively simplistic approach to capital requirements for credit
risk was a good compromise when the Basle Accord was reached in the mid-1980s.
Back then, the technology of credit risk measurement was not sufficiently
developed to permit more finely tuned capital requirements; and there
was an overarching need to set minimum capital requirements in the face
of the long decline in bank capital levels. Also, securitization and other
complex credit activities were not prevalent as they are now. Today, however,
the "one size fits all" approach to capital requirements for
credit risk is becoming increasingly problematic as banks themselves,
in their own internal capital allocation procedures, take into account
the widely varying risk characteristics of their many different credit
At the most forward looking of the large institutions, bankers are trying
to do the two things one must do in order to truly determine capital adequacy
for credit risk. First, bankers are statistically measuring risk and,
second, they are trying to follow consistent "decision rules"
in allocating enough capital to cover the measured risk. In middle-market
and large commercial loan activities, for example, the process of capital
allocation at these large banks often begins by assigning a credit rating
or score to each of the bank's business loans. Often a 1 to 10 rating
system is used, with a 1-rated loan being the equivalent of a triple-A
credit and a 10-rated loan being written off as a loss. Some of the more
sophisticated banks then go further by using historical loss data to estimate
the mean and variance of losses on each grade of loan. In effect, the
risk manager attempts to estimate the loss probability distribution for
each grade of commercial loan. From there it is a simple matter to "allocate"
capital to the loan by following a consistent decision rule. For example,
the banker might wish to allocate enough capital to a category, or subportfolio,
of loans so that the probability of losses on the subportfolio exceeding
the allocated capital is only, say, one-half of one percent. This "soundness"
target is chosen because, say, the banker wishes to maintain a double-A
rating on his own corporate debt and, over the relevant time horizon,
the default probability for double-A corporate bonds has been observed
to be one-half of one percent.
The process I have just described, in its many variations, is often
referred to as RAROC analysis, or analysis of Risk-Adjusted Return on
Capital. Techniques have evolved rapidly, so that the RAROC analysis of
the mid-1990s is not the same as the RAROC analysis at its beginnings
in the early 1980s. Bankers make these complex calculations for several
internal business reasons. By knowing how much of the bank's capital should
be internally allocated to any particular business activity, the banker
can calculate the rate of return on that allocated capital. If that rate
of return is too low, the bank should seek to cut noninterest expenses,
or fewer resources should be devoted to the activity, or its business-line
manager should be rewarded less than the managers of higher-yielding activities.
To the extent that the bank can alter prices of its credit products, RAROC
calculations also help in the pricing process: If capital is being allocated
properly by management, and the resulting return on capital is too low,
then spreads being charged on the credit products are too low.
This is not to say the large banks uniformly follow their own internal
RAROC models when pricing their loan products. Often, when competitors'
pricing in a particular risk category is "too low," a bank is
forced to choose between, on the one hand, making a loan with a low risk-adjusted
return on capital in order to preserve the bank's market share or, on
the other hand, refusing to meet the low price of its competitor and therefore
risk losing market share. Often, market share wins and the models-based
pricing process loses.
It is important to note that, in contrast to the "one size fits
all" standard of our regulatory capital rules, the internal RAROC
procedures of banks often result in a very wide range of internal capital
allocations, even within a particular category of credit instrument. For
example, according to a 1995 industry study, approximately 60 percent
of the top 50 banks internally allocate capital by risk grade of
commercial loan. In a small sampling of these large institutions, Federal
Reserve staff found that internal capital allocations ranged from less
than 1 percent of asset value for the best rated, least risky loans, to
20 percent or more for the most risky loans.
This great diversity in internal capital allocations leads to at least
two types of potential difficulty. In cases where the internal capital
allocation is significantly below the 8 percent regulatory standard, a
bank may have to engage in costly "regulatory arbitrage" to
evade the regulatory standard. Often, this may be easily accomplished,
because the regulatory minimum 8 percent capital requirement is applied
against the whole portfolio of nonmortgage loans. Therefore, the bank
often can simply "average" the low-risk loan (for which the
8 percent standard is too high) with other, higher-risk assets (for which
the 8 percent standard is too low). However, in cases when regulatory
arbitrage is not possible or too costly, the bank may actually have to
alter its overall investment and funding practices, perhaps in a way that
upsets the socially desirable allocation of resources. Another type of
problem emerges when a bank has a nominally high regulatory capital ratio
which generates a false sense of security by masking greater-than-normal
Internal capital allocation procedures have evolved as the credit products
offered by banks have evolved. Complex credit derivatives and tranches
of loan securitizations raise difficult issues of properly measuring the
risk of certain instruments and therefore properly allocating capital
to those risks. We know that a very wide range of capital allocations
is possible, even for seemingly similar credit instruments, and that this
range of possible capital allocations is widened by the use of direct
credit substitutes and other credit derivatives. The problem we face increasingly
as bank supervisors is that our evolving regulatory capital requirements,
no matter how complex they become, are not likely to capture the complexity
of risk positions that bankers are actually undertaking. I fear we may
be reaching the point that, for our largest, most complicated institutions,
a bank's formal, regulatory "risk-based" capital ratio, let
alone its simple equity-to-asset ratio, is not as useful a signal of financial
soundness as we would like it to be.
In a recent issue of the American Banker various observers of the banking
scene complained that bank capital levels were now "too high"
to sustain a reasonable rate of return. These observers argued that, because
of the "excessive" capital, banking activities were going to
have to decline or bankers were going to have to further accelerate dividend
payouts and stock buybacks. But when is bank capital "too high?"
If banks have such outrageously high capital ratios why does no major
U.S. bank holding company have its parent corporate debt rated triple-A?
In fact, 70 percent of the top 50 U.S. banking companies have their parent
debt rated single-A or lower. Yet, the capital ratios of these institutions
are near recent historical highs, and most are well above the regulatory
I have tried to give you a taste for the complexity of modem credit
activities. This complexity, and the diverse manner in which our most
sophisticated banks measure and deal with credit risk, means that the
rote application of rigid capital rules is becoming less and less appropriate.
Indeed, a long held view of the Federal Reserve is that the supervision
of risk-taking on a bank-by-bank basisas opposed to the writing
of regulations applying to all banksis the preferred way to assure
that credit risk in our banking system is being managed in a prudential
manner. Our emphasis on bank-by-bank supervision has traditionally been
carried out by an examination process that focuses on the specifics of
the credit portfolio. Major credits are reviewed one by one, and other
elements of the portfolio are sampled, to determine which assets may fall
into one of the "classified" buckets such as "substandard"
or "doubtful" loans. But, while examination of individual credits
and groups of credits may remain the mainstay of the examination process,
supervisors are not stopping there. In late 1995, the Federal Reserve
and the Comptroller of the Currency separately announced major efforts
to examine the risk management capabilities of each of the institutions
under their respective purviews. The other banking agencies are expected
to announce similar efforts. In the case of the Federal Reserve, we intend
to conduct risk examinations that will result in a specific "grade"
attached to the institution's risk management performance. This "risk
management grade" will help determine the bank's CAMEL rating (which
as you know is the supervisory equivalent of a report card and the basis
on which most supervisory actions are taken).
Our risk management examinations will focus not only on the risk models
used by an institution, but also on its risk management process, including
its internal controls. As recent highly publicized events have shown,
it does a bank no good to have a state-of-the-art risk model if the bank
doesn't conduct a simple background check on the person asking for the
loan, or if the bank doesn't monitor and control the activities of individual
officials, especially traders. This caveat notwithstanding, risk management
has at its core the effective measurement of risk. So, when we conduct
our risk management examinations, we will look closely at the specific
techniques the banking institutions use to measure credit risk. And, as
has always been the case in the pastbefore securitization, before
concerns over credit risk associated with derivative counterparties and
certainly before the advent of credit derivativessupervisors will
use examinations to keep up with practices at the frontiers of credit
As supervisors, not practitioners, we can never hope to be truly on
the frontiers of credit risk practice. Indeed, the science and art of
risk measurement is evolving so rapidly that only a handful of institutions
can properly be said to be engaging in "best practice" risk
measurement at any one time. And "best practice" for a large,
money-center institution may be totally inappropriate for a regional or
community bank. Also, there will always be disagreement over what truly
constitutes "best practice." But one of the supervisors' tasks
is to try not to fall too far behind. In particular, it is important that
we can discern between "adequate practice" and "unacceptable
practice" when it comes to risk measurement and risk management.
This we intend to continue doing.
There are other, even more complex issues that are being brought to
the fore with the advent of the new risk measurement and management technologies.
As the years go by, the technologies for quantifying bankwide credit risk
certainly will continue to evolve well beyond what was possible when our
risk-based capital regulations were first devised in the mid-1980s. A
decade ago, risk managers at the major institutions rarely talked about
"probability distributions" in the way that market risk managersand,
increasingly, credit risk managersnow talk about such matters. It
is easy to imagine that in another decade the typical chief risk officer
at a major institution will have at his or her disposal, at any moment
in time, one or more models for estimating the institutionwide credit-loss
probability distribution facing the bank. In fact, several of the major
banking institutions are actively developing such models, and it is likely
to be only a matter of when, not whether, such technologies become commonplace.
Risk, of course, can never be measured in absolutely precise terms:
There are, after all, specification and estimation errors, as well as
the possibility that future behavior will differ from past behavior. Nevertheless,
at some point, the technology for measuring credit risk will become sufficiently
robust to warrant a major rethinking of our prudential capital regulations
for credit risk. As regulators develop increasing confidence in the ability
of banks to quantify and manage credit risk, the natural course will be
to find ways to reflect these competencies in our regulatory and supervisory
capital standards. We are attempting to do this now with respect to capital
requirements for market risk. Under the "models-based" procedures
that will go into effect within two years for the largest, internationally
active banks, the bank trading account manager estimates a loss probability
distribution for the entire trading account over a two-week time horizon.
Then, the manager estimates the amount of losses that would occur with
1 percent or less probability, if the portfolio were left unchanged over
the two-week horizon. Regulatory capital is set at a multiple of this
loss amount, which is commonly called the Value-at-Risk, or VaR. For example,
depending on the specifics, regulatory capital might be set at three times
the two-week VaR. The adoption of this internal models-based approach
to capital requirements became possible only because of the technological
advances over the past decade or so that now permit managers to measure
market risk over short time horizons with acceptable accuracy.
The measurement of credit risk has a long way to go before it reaches
the current level of sophistication with which market risk is measured.
Market risk measurement is expedited by the ability of risk managers to
view daily or intraday changes in asset prices on instruments traded in
well developed secondary markets. However, except for the larger loans,
secondary markets are not well developed for, say, commercial loans, and
therefore loss distributions cannot easily be estimated by directly observing
changes in asset prices. Nevertheless, the measurement of credit risk
eventually may evolve to the point where an "internal models"
approach to capital for credit risk will become a practical possibility.
Despite the complexities I have attempted to describe todayindeed,
partly because of these complexitiesI remain highly optimistic that
both our system of financial intermediation and our system of financial
regulation will remain strong and resilient. We know much more about risk
measurement and management than we did a decade agoand a decade
from now we will know still more. Just as I cannot imagine that our present
system of regulation will remain unchanged forever, I cannot imagine that
we will ever reach a "perfect" system of regulation and supervision.
However, we can, and I believe will, make the system better as we strive
to adapt to changing realities. Perhaps a future Federal Reserve governor
will appear before you a decade hence to discuss the continuing evolution
of our financial system.