14 Risk Management Process for Central Banks

D. Folkerts-Landau, and Marcel Cassard
Published Date:
July 2000
  • ShareShare
Show Summary Details
Thomas E. Klaffky, Francis D. Glenister and Judith B. Otterman 

The topic of risk management has recently gained prominence in the world of fixed income investing. Software vendors are offering “complete” systems; bond dealers are offering data and publishing research; and investment advisers and consultants are offering their expertise at controlling risk. It appears that anyone who ignores risk management does so at his or her own peril. However, it is quite likely that today’s risks are no more difficult to manage than yesterday’s risks and that the introduction of new tools has led to a renewed focus on an age-old problem. In this paper, we will focus on the topic of risk management: the meaning and the uses. In particular, we will focus on how central banks might employ some new approaches to improve their understanding and their management of risk. We will offer a five-step process that may help form a foundation for effective risk management.

Risk Management—Why Bother?

The first question that arises in the discussion of risk management is: Why bother? What is it about risk that makes us wish to understand it better? The answer depends on the nature of the institution, but probably falls into one of the following categories:

  • to control the magnitude of potential losses;

  • to allocate capital among various business segments and charge appropriately;

  • to measure risk-adjusted performance; and

  • to report to regulatory authorities and rating agencies.

Since it is difficult to manage things that cannot be defined and measured, an objective, consistent definition of risk can help an organization form a common frame of reference and create a risk management process that fits its objectives.

What Is Risk?

Traditionally, risk management has been a backward-looking process that, as much as anything else, was focused on identifying the culprit for activities gone wrong. In other words, if something went wrong then, by definition, you took too much risk. The primary advance in the current thinking about risk is that risk management should be forward-looking rather than backward-looking. Risk should be something that is anticipated rather than something that is feared. Indeed, since it is necessary to accept some possibility of loss in the pursuit of almost any investment return, one could define risk as the exposure to the possibility of loss. Regardless of the objectives of the assets under management, it is critical for fund sponsors to define the boundaries for acceptable risk and create a process that ensures that these boundaries are not violated.

In May 1994, the United States General Accounting Office (GAO) identified a number of general types of risk that apply to many financial activities.1 These risks can be summarized as follows:

Market risk:adverse movements in the price of a financial asset.
Credit risk:failure of a counterparty to meet all financial obligations.
Liquidity risk:availability of a reasonable market for the securities held in a portfolio.
Legal risk:action by a court or regulatory body to invalidate a financial contract.
Operations risk:deficient procedures, human error, system failure, or fraud.

This list of risks may not be comprehensive, but it immediately demonstrates that to create a comprehensive risk management process, a central bank must create more than a quantitative approach to measuring and managing market risk.

Creating a Risk Management Process

To adequately control risk, it is necessary to create a multistage process that focuses on the specific risks that the portfolio faces. There is no “one size fits all” risk management process. Indeed, it may be argued that, for central banks that frequently hold short-duration assets, liquidity risk and operations risk may each pose a greater exposure to loss than market risk. On the other hand, for other financial institutions, especially those that depend on borrowed funds, invest in long-duration assets, or hold securities in a wide variety of asset classes, market, credit, and legal risk may take on far more prominence.

A possible multistage risk management process would involve:

  • risk measurement:—price distributions,

    • —measuring portfolio risk,

    • —value-at-risk (VAR), and

    • —using VAR with an investment benchmark;

  • risk management systems;

  • rules of behavior;

  • mechanism to check compliance; and

  • performance attribution.

Price Distributions

When many portfolio managers begin a discussion of risk, they think first about possible adverse changes in the price of their assets owing to changes in the market. From a quantitative point of view, the most commonly used tool to manage the market risk of fixed income securities is duration. Duration is a measure of the percentage price sensitivity of a security (or portfolio) to a small change in interest rates, and, hence, knowing duration and market value allows the calculation of the change in value for a given change in interest rates. Unfortunately, in a risk management context, while duration tells how much asset values will change as interest rates change, it does not provide information about the likelihood or magnitude of an interest rate change. Therefore, duration does not directly equal price risk. To get a useful measure of price risk, it is necessary to have both duration and expected yield change.2

Figure 14.1 shows the monthly yields of five-year U.S. Treasury bonds over the past 20 years. It is clear that over this time, the market experienced a wide range of interest rate levels. But can we learn anything from the magnitude of past interest rate changes? If we examine all of the monthly changes independently (Figure 14.2), we can see that the majority of these monthly changes fell within plus or minus 50 basis points, which seems to indicate more market stability than is evident from Figure 14.1. Will the future changes in five-year Treasury yields follow this same distribution? The answer to this question is part of the art (rather than science) of risk management, and should be answered in the context of an overall risk management process. However, for the sake of our example, let us assume that we expect the future to approximate the past.

Figure 14.1.Monthly Yields of Five-Year U.S. Treasury Bonds Over the Past Twenty Years

(In percent)

Source: IMF, International Financial Statistics.

Figure 14.2.Distribution of Five-Year Treasury Monthly Yield Changes Over the Past Twenty Years

(In basis points)

Source: Author’s calculations.

Figure 14.3 shows the continuous distribution of percentage price changes for a five-year and a two-year Treasury bond based on the historical yield distribution for each.3 From Figure 14.3, it is evident that the distribution for the two-year bond is more tightly bounded than that of the five-year bond. This relationship should not be surprising since the duration of the two-year bond is smaller than that of the five-year, and therefore, its expected percentage price change distribution will always be tighter unless its expected yield volatility is much greater.

Figure 14.3.Distribution of Two-Year and Five-Year Treasury Monthly Price Changes Over the Past Twenty Years

Source: Author’s calculations.

Figure 14.4 shows the same bonds as those shown in Figure 14.3, but now a probability of loss of 2 percent (over a one-month holding period) has been introduced for each bond (indicated by the shaded region). It is interesting to note the different probabilities of loss for each of these two bonds. For a 2 percent price loss over any given month, the five-year bond has a probability of 15 percent, while the two-year bond has a probability of 3 percent. Once again, the smaller duration leads to less-expected price risk. In many cases, when portfolio managers control duration, they are really controlling these percentage price distributions intuitively. Portfolio managers who work in the markets every day reduce duration to reduce the possibility of loss, even though duration equates to price risk only when yield volatility is present.

Figure 14.4.Probability of a 2 Percent Price Loss—Two-Year and Five-Year Treasury Bonds

Source: Author’s calculations.

Measuring Portfolio Risk

Let us now turn away from the examination of these securities to look at portfolio market risk. If a portfolio contains both of these securities, will the portfolio’s expected price change distribution be the statistical average of the two securities independently? The answer is maybe. If the prices of these securities can be expected to move in lockstep (correlation = 1.00), the portfolio distribution will be the weighted average of the individual security distributions. However, if the securities are not perfectly correlated, the portfolio will experience diversification benefits and the portfolio risk will be less than the weighted sum of the risks of the independent pieces.

To understand the effect of diversification, consider the expected price distributions of two assets (Figure 14.5). In Figure 14.5, the assets are perfectly correlated, so that when the price of one moves, the price of the other can be expected to move in the same direction by the same proportion. Therefore, Portfolio AB can be calculated accurately as the weighted average of the distributions. Now let us say that if the price changes of these securities are not perfectly correlated (correlation = 0.50), we should no longer expect one to shadow the other, even though their past distributions are a good indication of the distribution of future price changes for each one independently. In this case (Figure 14.6), the distribution for the portfolio will be more tightly bounded than that of the weighted average introduced above. Intuitively, with perfect correlation, we should expect each security to experience gains and losses at the same time. On the other hand, with less than perfectly correlated price changes, gains in one security will occasionally offset losses in the other and, as a result, the price volatility of the portfolio will be lower than that of the weighted average of the assets. Therefore, the portfolio duration will provide a good measure of portfolio price sensitivity only when the assets in the portfolio are highly correlated. In most single-currency portfolios, interest rate changes along the yield curve are highly correlated and, hence, duration works well as a measure of portfolio risk, especially when it is combined with some measure of yield volatility.4 In a multicurrency portfolio, the average portfolio duration will not have much meaning.

Figure 14.5.Price Risk of a Portfolio With Perfectly Correlated Price Changes

Source: Author’s calculations.

Figure 14.6.Price Risk of a Portfolio With Not Perfectly Correlated Price Changes

Source: Author’s calculations.


It has become popular to measure the market risk of a portfolio using the parameter known as “value-at-risk” (VAR), which attempts to answer the question: “What is my maximum expected loss for a given probability?” VAR has five key characteristics:

  • It provides the maximum expected loss (that is, it focuses on the potential for loss, which is a good intuitive measure of risk).

  • It is stated in absolute (rather than percentage) terms.

  • It employs a confidence interval (indicating a point on the distribution of returns).

  • It is measured over a defined holding period.

  • The parameters are chosen by the decision maker.

To help clarify the meaning of VAR, consider a portfolio manager who asks: “What is my maximum expected loss with a one-day holding period and a 95 percent confidence level?” Assuming that the answer to this question is $1 million, for 19 days out of 20 (19/20 = 95 percent confidence), the portfolio loss can be expected to be $1 million or less. That is, the daily change in value should be more favorable than a $1 million loss, and this will also include daily gains. Equivalently, for one day out of 20, the portfolio loss can be expected to be $1 million or greater (a loss that matches or exceeds the VAR). Many financial institutions that currently use VAR measure daily returns and use a 95 percent confidence level because 20 days approximates the number of business days in a month, and hence, the VAR is expected to be exceeded one day during the month.5

Alternatively, value-at-risk might be calculated with a 99 percent confidence level, where the VAR might be $1.4 million. In this case, the portfolio loss can be expected to match or exceed the VAR for one day out of 100. Calculating the VAR with different confidence levels does not change the distribution of possible outcomes nor does it change the portfolio risk. It only changes the way that the risk is stated by focusing on a different point of the distribution. In a certain sense, measuring more extreme events tends to produce more fear and, thus, tends to lead to risk-avoidance behavior.

It is important to note that VAR provides the maximum expected loss at a chosen confidence level, but it says nothing about the magnitude of losses beyond that confidence level. In other words, for the small number of observations that the loss is our VAR or worse, we do not really know how much worse the actual outcome might be. To get more information about the points of the distribution beyond the VAR, it is necessary to perform a portfolio stress test that focuses only on the tails of the distribution. It is important to focus on the tails of the return distribution because, in real-world financial markets, these distributions tend to have so-called “fat tails.”

In the final analysis, for institutions that use VAR, each must choose the parameters that produce the greatest insight to help them measure and manage the specific market risks that face the portfolio.

Using Value-at-Risk with an Investment Benchmark

In many cases, investment benchmarks are chosen as duration targets, where the benchmark’s sensitivity to changes in interest rates is judged to properly balance return and market risk. As discussed earlier, a shortcoming of duration is that it does not incorporate yield volatility and, thus, does not directly equal price risk. Since VAR incorporates yield volatility, VAR may offer some insights into the selection of a benchmark. By defining an investment period, selecting a confidence level, and calculating the VAR of the benchmark portfolio with the target duration, the board will have a better expectation of the losses that can occur in the normal pursuit of returns. Naturally, if the VAR is judged to be too high, the benchmark should be revised by shortening its duration and the exercise should be repeated.

This process of benchmark review can also help solve a dilemma of portfolio management. Portfolio management relative to a benchmark works well when actual portfolio returns exceed those produced by a benchmark, which itself produces favorable returns (see Figure 14.7). However, the dilemma arises when the benchmark produces unfavorable returns. In this case, a portfolio manager’s performance may be viewed badly even if the portfolio returns exceed those of the benchmark. Calculating VAR can help this situation because it directly highlights the possibility of losses in the pursuit of return. Using this approach, as long as the benchmark’s returns remain within the acceptable range (more favorable than the VAR), a portfolio manager’s excess returns should be viewed favorably and, conversely, returns less than those of the benchmark should be viewed unfavorably. When the returns of the benchmark are worse than the maximum expected loss (as will happen occasionally) but the portfolio returns exceed those of the benchmark, it should be more natural to review the assumptions that led to the adoption of the benchmark than to blame the portfolio manager for poor performance.

Figure 14.7.Performance of the Portfolio Versus the Benchmark

Source: Author’s calculations.

Before leaving this topic, it is important not to leave the impression that duration should be replaced by VAR. Duration is a useful tool because it is intuitive and is a key part of the standard jargon of the investment business. Understanding the portfolio’s VAR will add additional insight, but even with their limitations, intuitive and market-tested tools such as duration should not be abandoned in favor of “modern” technology. In particular, duration remains a useful tool in the day-to-day management of portfolios, while VAR is most useful as an institutional-level management tool.

Measuring Other Risks

VAR is a useful quantitative approach for measuring market risk, but offers no information about other risks. For credit risk, legal risk, and operations risk, it is far more difficult to quantify the distribution of expected losses, but this difficulty should not result in avoidance. Even though judgment is required, it is useful to ask whether the portfolio is subject to losses due to the failure of a counterparty, losses due to an adverse ruling by a legal entity, or losses due to fraud. If these risks exist, some effort should be spent in trying to quantify their magnitude and control them. Another risk that is worthy of further consideration is liquidity risk, which is certainly a central bank concern. Since liquidity risk is the lack of a reasonable market for the securities that, by definition, may need to be liquidated quickly, it would be useful to quantify the loss due to accepting a distress bid or the loss associated with being forced to hold a security until maturity. Furthermore, some of these risks (counterparty failure and liquidity risk) may be correlated with market risk. With all of the risks other than market risk, the available tools are less developed but, as mentioned earlier, they may represent some of the biggest risks faced by central banks and, therefore, must not be overlooked.

Risk Management Systems

In the current environment, most central banks have sophisticated technology at the fingertips of their portfolio managers. This technology allows for monitoring the portfolio, calculating yield and duration, updating managers about market conditions, and gathering indicative and historical data about potential purchases. While this technology may work well in the dealing room, an effective risk management process may necessitate additional technology. For risk management, it is useful to have systems that offer:

  • electronic price validation (by multiple market makers);

  • portfolio aggregation (across currencies and security types);

  • coverage of all holdings and consistent calculations of risk;

  • VAR calculations;

  • portfolio stress testing to explore the tails of the return distribution; and

  • flexibility and expendability.

First, since manual price validation can be cumbersome and time-consuming, risk management systems should allow for electronic (and frequent) market updates. With the availability of many market data vendors, this requirement should not be difficult to achieve. Second, systems should allow for easy aggregation of portfolio holdings. The faster that portfolio holdings can be gathered and updated, the faster that the risk management process can identify unanticipated risks. Third, coverage of all holdings is important. If holdings are missing or are difficult to analyze, the measurement of portfolio risk may be incomplete or inconsistent. Fourth, as discussed earlier, VAR calculations can add to an understanding of portfolio market risk. Fifth, since VAR does not cover the entire distribution of returns, it is useful to have technology that helps examine the impact of extreme events on the portfolio. Sixth, systems should be designed for flexibility and expendability. It is impossible to define the scope of future investments with precision, and thus, technology will need to be updated periodically. For example, the advent of EMU will change the way that many central banks invest. Flexible technology will allow for necessary changes as EMU takes shape or as new security types become attractive investments.

Rules of Behavior

Once the risk management process has defined the risks that are relevant to the portfolio, and technology has been put in place to assist in measuring and monitoring the risks, the actual management process should take place, where rules are defined and compliance is checked. In a risk management context, rules may be necessary to control the following:

  • deviations from the benchmark;

  • limitations on portfolio duration;

  • VAR limits;

  • individual position limits; and

  • requirements for portfolios or counterparty diversification.

For risk management, there should be some method for controlling market loss. This control can take the form of duration limits, which is an intuitive way to control price volatility, or a VAR limit, which directly incorporates yield volatility. Furthermore, there should be some rules about diversification, within individual positions, throughout the portfolio, or with counterparties. It may be difficult to directly address credit risk, legal risk, liquidity risk, and operations risk, but a well-diversified portfolio should help mitigate some of these risks.

Mechanism to Check Compliance

Even with careful planning and a rigorous risk management process, some of the costliest risks may be the ones that are not anticipated and stem from noncompliance with the rules. Therefore, it is necessary to have checks and balances to ensure that the process works as planned. In this vein, there should be a mechanism to check compliance, which should include:

  • independent risk audits;

  • reports to management about risk levels; and

  • penalties for violating risk management rules.

First, the risk management process should be audited periodically in the same way that financial records are audited, with an eye toward fair and accurate representation. Second, the managers of the investment department (and the board) should receive regular reports that define risk levels and identify deviations from the benchmark, excessive market risk, lack of diversification, and unfavorable trends. Third, there must be some mechanism for stopping “risky” behavior, which should include penalties for violation of the rules of behavior.

Performance Attribution

The final stage in the risk management process is “return attribution,” the only backward-looking part of the process. Performance attribution should:

  • examine the sources of portfolio return (adjusted for level of risk);

  • audit the entire risk management process; and

  • lead to more appropriate rules over time.

After each investment period, it is important to ask: How and why did the portfolio perform as it did? In this review process, it is also necessary to measure the performance of the benchmark and to examine its sources of return. For example, how much return came from yield, how much from changes in the overall level of interest rates, how much from changes in yield curve shape, and how much from deviations from the benchmark? If possible, these returns should be calculated including some measure of the risk taken. This is important because, for example, if the portfolio underperformed the benchmark because the portfolio manager decided to reduce exposure to market risk, perhaps this is a better outcome than it might appear at first glance. Also, it is critical to examine how the portfolio performed relative to its VAR target. Was our actual risk consistent with our expected risk? For example, if the portfolio had a 95 percent confidence level, was the VAR exceeded more than one day in 20? Return attribution helps audit the entire risk management process by focusing on the process after the event. Was our risk level appropriate? Did we take too many correlated risks? Did we stop risky behavior? By setting a process in place and monitoring its performance, the risk management process should evolve and improve with time.


The current focus on risk management is simply a clarification of an existing process with some new tools and a new focus on anticipating risks. It is not a revolutionary approach to investment management. Indeed, the process of managing assets has often been characterized as the management of risk. The appropriate risk management process for each central bank must follow the individual objectives of that bank, and should follow basic, intuitive, common sense rules that individuals can easily endorse and follow because, in a real sense, risk management is everyone’s business.

Risk management is a process of defining what is expected (in terms of both portfolio and individual performance) and allowing actual events to either confirm or challenge your faith in your expectations. When expectations are challenged, a “call to action” should follow that forces a questioning of assumptions, an alteration of the investment benchmark, or a possible change in policies or risk tolerances.

The pursuit of return almost always requires the acceptance of some level of risk. It is far better to anticipate risk and make appropriate preparations rather than to fear risk or, worse yet, ignore it and suffer unexpected losses in the future.

U.S. General Accounting Office, “Financial Derivatives: Actions Needed to Protect the Financial System,” May 1994.

Actually, in a risk management context, the most important objective is understanding the distribution of returns rather than prices.

A normal distribution has been constructed with the same standard deviation and mean as the distribution of discrete percentage price changes.

The calculation of portfolio duration implicitly assumes that all interest rates move in unison. In situations where interest rates along the yield curve are highly correlated, this condition is more easily satisfied.

For central banks, it may be more appropriate to focus on longer periods. For example, it may be more useful to measure monthly returns and use a 92 percent confidence level (11 months out of 12 equals 91.67 percent).

    Other Resources Citing This Publication