With the eighth anniversary of the September 2008 collapse of Lehman Brothers behind us, many are reflecting on whether the financial sector is better prepared to withstand systemic shocks caused by problems among interconnected entities.
The financial marketplace is far more globalized than it was in 2008, and that has broad implications for risk management. In Asia, for example, a series of financial market initiatives such as trading links between stock markets and fund "passporting" schemes allowing wider cross-border sales is uniting fragmented markets and creating new opportunities.
However, these initiatives are also creating deeper interconnections among industry participants. At the same time, the discipline of risk management has become more complex and diverse across global companies, driven largely by new regulatory mandates, an explosion of technological and financial innovation and growing linkages between global and regional markets.
Interconnectedness risk, the risk facing an organization due to its reliance on entities with which it has contractual agreements, operational arrangements or other types of financial or functional dependencies, is a broad concept. For example, banks that lend to and borrow from other banks become interconnected to each other through interbank credit exposures.
Contractual obligations among financial institutions, such as ownership, loans and derivatives contracts, create interconnectedness risks as well. In addition, companies investing in the same asset classes become interconnected through their common exposures.
In a highly interconnected financial system, distress in one entity can be transmitted quickly to other entities. In some cases, these intra-financial and legal linkages help dampen shocks by distributing and dispersing their impact throughout the financial system. But in other cases, these interconnections can spread shocks beyond their original impact, amplifying them in the process. The crisis that unfolded after the Lehman insolvency was a dramatic example of this. It demonstrated that the failure of a large interconnected entity can ripple through the entire financial system and spill over into the global economy.
Studies following the financial crisis, aimed at better understanding the role of interconnectedness in the transmission of risks, found that financial networks tend to be robust yet fragile, absorbing shocks up to a certain tipping point, beyond which they spread risks rather than containing them.
Given this, there is little wonder that global regulators are highly attuned to this risk. Interconnectedness is now one of five categories that determine which banks are rated as "systemically important." It has also been enshrined in the principles for financial market infrastructures, a standard that global regulators consider vital to protecting financial stability.
Today's risk managers in Asia and abroad are analyzing, measuring and quantifying the impact of an expanding list of risk categories, including operational, systemic, technology, vendor, business continuity and physical risks. This evolution of risk management is essential because companies must have a deeper understanding of all aspects of the risks they face, as well as of the intricate spider's web of interconnections they create.
Risk managers can no longer view financial companies as standalone local or regional entities because the reality is that they are now a diverse set of interconnected components that distribute risk and are exposed to it, often in ways that are not transparent or expected. Furthermore, the openness and complexity of the financial ecosystem, especially in Asia where local markets are creating new connections, means there is a likelihood that breakdowns will occur.
Companies must do more than monitor these risks. They also need to focus on building enhanced resilience so they can detect potential systemic shocks before they strike and recover from them as quickly as possible.
Constructing an interconnectedness risk management program can be a daunting task for financial companies across Asia and globally, given the intrinsic complexities and lack of precedents. However, any program should be founded on four basic building blocks -- identifying interconnectedness risks, quantifying exposures, prioritizing them and mitigating them.
First, companies must identify their interconnection risks. Risk identification involves carefully mapping the ecosystem of interconnected entities with which companies interact. This process demands high quality business expertise and input from multiple functions within companies. Second, it is prudent, where applicable and operationally feasible, to quantify each critical connection to provide management with an objective assessment of the specific exposure relative to others.
Prioritizing the identified risks is the third step. The severity of the impact of an interconnected entity's failure depends primarily on the importance of the services it provides. For example, clearing and settlement banks support core functions at the heart of the financial system.
Therefore, the impact of their failure could be inherently more severe than the breakdown of other interconnected entities that play a secondary role. The fourth and final phase is to mitigate interconnectedness risks -- the most important but challenging stage due to the multi-dimensional nature and unpredictability of these risks.
Mitigation strategies should be based on three main pillars. First, companies should choose the most robust interconnected entities and diversify their exposure across these entities. Second, they should put in place measures to monitor and control the performance of interconnected entities as well as the associated risks. Third, companies should aim to build resilience by developing strategies aimed at minimizing the impact of an interconnected entity's failure on their core functions.
On balance, we are better equipped to handle the risk posed by highly interconnected entities than in 2008. However, this remains a work in progress. While it is challenging to identify, prioritize and implement plans to mitigate interconnectedness risk at a time when markets in Asia and around the world are continuing to become even more connected, it is a critical goal that companies should work towards to protect their own businesses, the markets and global economies.
Andrew Gray is a managing director and group chief risk officer at the Depository Trust & Clearing Corporation.