How to Regulate Systemic Risk

As policymakers push for systemic-risk regulators, information is the key to success.


The more we understand about our wrecked financial system, the greater the clamor for a systemic-risk regulator. We want someone to save us from ourselves — or from the financial engineers who could blow the whole thing up again a few years down the road. Demand for a risk regulator, an idea that arose from the Treasury Department early last year, has now been embraced by the Group of 20 nations. Everyone wants a cop on the beat. But what would such a regulator do that the hodgepodge of current regulators cannot?

To answer that question, let’s first understand what we mean by systemic risk, and why it needs to be monitored. Systemic risk is driven largely by leverage. Leverage — borrowed money — is the force that amplified risk in the meltdown. Investment banks that once borrowed $10 for every dollar of equity were allowed to boost that to more than $30. As for hedge fund leverage, well, we can only guess. When a market downturn forces such highly leveraged investors to sell to meet their margin requirements, a crisis can cascade quickly. Selling pushes prices down, leading in turn to more forced selling.

The downward momentum is just the start of the problem. Many of those under pressure discover they no longer can sell in the market that is under stress. If they can’t sell what they want to sell, they have to sell whatever else they can, which leads to a downward spiral. This phenomenon explains why a crisis that started in the hinterland of subprime mortgages spread through the credit markets generally.

This contagion can expand beyond natural economic links. When the silver bubble burst in 1980, for example, the price of cattle suddenly came under pressure. Why? Because when the Hunt family had to meet margin calls on their silver positions, they sold whatever else they could. And they happened also to be invested in cattle.

To regulate systemic risk, then, we must understand systemic leverage, crowding (that is, when many speculators move into the same trade, pushing up prices in the process) and aggregated position holdings. Whatever their own risk-management capabilities, individual institutions cannot protect against systemic risk because they do not have this broader information. It is as if each player is sitting in a theater unaware of the others who might run for the exit.

Under current arrangements, regulators also lack the data to monitor systemic risk. They cannot track the concentration of investors by assets or by strategies, nor can they assess the risks inherent in the huge swaps and derivatives markets. Thus, they cannot map out how a failure in one market might multiply into others.

To solve this problem, financial products should be monitored the same way that food and drugs are. When salmonella was found in a peanut factory in Georgia in January, the Food & Drug Administration identified the contaminated products and tracked them all the way to the store shelf. This was possible because consumer products are tagged with a bar code. Why don’t we do the same for financial products? Require tags — bar codes, if you will — to be attached to financial products so that regulators know what products are being held by each bank and hedge fund. This step would allow us to understand the potential for crisis events to have systemic consequences and help us anticipate — and hopefully prevent — the course of a systemic shock. It would allow us to identify situations where investors, even though they might be acting prudently on an individual level, are posing systemic risk through their aggregate positions.

Regulators also need to hold bank risk officers accountable. Why financial institutions ended up in such a mess is not much of a mystery. It was not the malfunction of sophisticated risk models or some 100-year flood that swamped the risk controls, it was a huge and unrelenting inventory buildup of illiquid and often complex securities — a buildup that was there to be seen and corrected. How did so many people miss this elephant in the room?

One likely factor is that the problem was passed up the chain of command until it got high enough to be ignored. In other words, the risk management failure within the banks was largely organizational; it had to do with incentives, lack of communication and plain old-fashioned bureaucracy.

To deal with this potential source of failure, the systemic-risk regulator must have direct lines of communication to the chief risk officers of major financial institutions. The regulator can act as the CRO’s ombudsman, an outside voice with the power to get things done if the risk officer’s own voice is not being heard within the firm. Having a link with the CROs of major banks and hedge funds would also allow the systemic-risk regulator to discern “flavor of the month” strategies and instruments that might portend crowding.

In addition, the regulator needs the capacity to learn from market crises. Imagine if the National Transportation Safety Board did not bother to investigate crash sites or review flight recorders. Yet that is where we are in the financial sphere. In the aftermath of a market crisis, regulators must analyze the firm-level details of what has occurred. They also must eyeball new financial products for their systemic-risk potential. Does a new product increase the complexity or leverage in the marketplace? Does it make the market more opaque? This gets back to data: You can’t manage what you can’t measure, and you can’t measure what you can’t see.

Finally, for a systemic-risk regulator to be successful, we must change the mind-set behind regulation. Marching into a bank with a subpoena in one hand and a 60-page questionnaire in the other is not the way forward. Systemic-risk regulation is rocket science — and is probably beyond the experience of even the best lawyers at the Securities and Exchange Commission and bank supervisors at the Federal Reserve Board. We need to entice market professionals into government service. It might cost some Wall Street–type money to get them on board, but the bill will be way south of the $1 trillion or so we’ll spend on the bailout.

Adopting this strategy will not be pleasant; it will mean stepping on a lot of toes. But it doesn’t have to be tackled all at once. The first step — getting the data — is the critical one. Data can be collected efficiently and maintained securely by the regulator, starting first with the largest banks, then gradually moving to other banks and the larger hedge funds. The process of collecting the data can provide the inroads for connecting with the CROs and amassing industry expertise. And if we let the data speak, we will learn more about how to pursue the other tasks.

Richard Bookstaber, a former Wall Street risk manager and quantitative fund manager, is the author of A Demon of Our Own Design: Markets, Hedge Funds, and the Perils of Financial Innovation.