Financial risk management

Financial risk management is the practice of identifying, measuring, and controlling threats to a company's capital and earnings (Crouhy M., Galai D., Mark R. 2014, p.3)^[1]. These threats come from many sources: currency swings, interest rate moves, credit defaults, market crashes. The goal? Protect cash flow without strangling the business. Get it wrong, and a single bad quarter can wipe out years of profits. Get it right, and the firm survives shocks that sink competitors.

Why it matters

Consider Barings Bank. In 1995, one trader's unauthorized positions brought down a 233-year-old institution. Losses hit £827 million. The bank—gone^[2]. Or take Long-Term Capital Management in 1998. Nobel laureates on staff. Sophisticated models. Still needed a $3.6 billion bailout when markets moved against them.

These weren't small firms run by amateurs. They had risk systems in place. The systems failed anyway.

The 2008 crisis drove the point home even harder. Banks holding mortgage-backed securities thought their positions were safe. Rating agencies agreed. Then housing prices dropped 30% nationwide, and supposedly rare "tail events" happened simultaneously across markets. Lehman Brothers filed the largest bankruptcy in American history—$639 billion in assets, evaporated (Hull J.C. 2018, p.241)^[3].

Historical background

Modern risk management didn't exist before the 1970s. Why would it? Exchange rates were fixed under Bretton Woods. Interest rates stayed stable. Commodity prices moved within narrow bands.

Then everything changed. Nixon closed the gold window in August 1971. Currencies started floating. Oil prices quadrupled in 1973-74, then tripled again in 1979-80. By 1981, U.S. Treasury rates topped 20%^[4].

Companies that had never worried about financial volatility suddenly faced existential threats from price swings they couldn't control. New tools emerged to address the problem:

• 1972 — Currency futures launched at Chicago Mercantile Exchange
• 1973 — Black-Scholes option pricing model published; Chicago Board Options Exchange opened
• 1981 — First interest rate swap executed between IBM and World Bank
• 1990s — Value at Risk (VaR) adopted as industry standard measure

By 2000, derivatives markets had grown to notional values exceeding $100 trillion. A new profession—financial risk management—had been born (Jorion P. 2011, p.15)^[5].

Types of financial risk

Market risk

Prices move. Stock portfolios lose value during selloffs. Commodity buyers face cost spikes. Exporters watch exchange rates erode their margins.

Market risk captures all of this. Three main categories:

• Equity risk — exposure to stock price movements
• Interest rate risk — sensitivity to rate changes affecting bond values, borrowing costs
• Currency risk — gains or losses from foreign exchange fluctuations

How do firms measure it? Most use Value at Risk. A bank might report "daily VaR of $50 million at 99% confidence." Translation: on 99 days out of 100, losses shouldn't exceed $50 million. On that hundredth day? Could be much worse^[6].

VaR has critics. It tells you nothing about how bad that hundredth day might get. During 2008, many firms experienced "25-standard-deviation events"—moves that VaR models said should happen once every few billion years (McNeil A.J., Frey R., Embrechts P. 2015, p.52).

Credit risk

Will borrowers pay back what they owe? Banks live and die by this question.

Credit risk shows up everywhere. Trade receivables. Bond portfolios. Derivative contracts. Any promise to pay creates credit exposure. When Enron collapsed in 2001, counterparties holding Enron receivables or derivatives found themselves with worthless claims^[7].

Measuring credit risk means estimating two things:

• Probability of default (PD) — How likely is failure?
• Loss given default (LGD) — If they fail, how much do we lose?

A secured loan to a shaky borrower might be safer than an unsecured loan to a solid one. Collateral matters. Recovery rates vary wildly—from 80% for senior secured bank debt to under 20% for subordinated bonds.

Liquidity risk

Here's a nightmare scenario: your assets are worth plenty on paper, but you can't sell them fast enough to meet tomorrow's obligations. That's liquidity risk.

It killed Bear Stearns in March 2008. The firm had positive equity. But when counterparties lost confidence and stopped rolling over short-term funding, Bear couldn't raise cash fast enough. Within a week, JPMorgan bought the wreckage for $2 per share—down from $172 a year earlier^[8].

Two flavors of liquidity risk exist:

• Funding liquidity — Can you raise cash when needed?
• Market liquidity — Can you sell assets without massive price concessions?

Both hit hardest during crises. Markets that seem liquid in good times can freeze solid when everyone rushes for the exits at once.

Operational risk

Not all financial losses come from markets or credit. Sometimes systems fail. Employees commit fraud. Disasters strike.

Société Générale discovered this in 2008 when a single trader, Jérôme Kerviel, racked up €4.9 billion in losses through unauthorized trades. The bank's controls failed to catch positions worth €50 billion—more than its entire market capitalization^[9].

Operational risk is hard to quantify. How do you model the probability of fraud by a specific employee? Or calculate expected losses from a cyberattack that hasn't happened yet? Basel II regulations forced banks to hold capital against operational risk anyway. Most use either historical loss data (backward-looking) or scenario analysis (forward-looking but subjective).

Managing the risks

Four basic responses exist:

Avoid. Don't enter risky activities. A manufacturer could refuse international sales to dodge currency exposure. Simple, but sacrifices opportunity.

Reduce. Cut exposure through operational changes. Diversify suppliers. Improve credit screening. Install backup systems. Doesn't eliminate risk but shrinks it.

Transfer. Pay someone else to bear the risk. Insurance does this. So do derivatives. Buy a put option and your downside is capped. Of course, someone has to take the other side—usually for a price.

Retain. Accept the risk and its consequences. Makes sense when transfer costs exceed expected losses, or when bearing risk is core to the business (Horcher K.A. 2011, p.47)^[10]. Banks can't avoid credit risk entirely. Trading firms can't eliminate market risk. The goal is conscious retention, not ignorant exposure.

Hedging instruments

Forwards and futures

A forward contract locks in a future price today. An importer buying goods priced in euros can purchase euros forward at a fixed rate. If the euro strengthens, they're protected. If it weakens, they miss out on savings—but certainty has value.

Forwards are customized between parties. Futures do the same thing on exchanges with standardized contracts. Daily settlement eliminates counterparty risk but requires margin deposits^[11].

Options

Unlike forwards, options give the right but not the obligation to transact. An airline worried about jet fuel prices buys call options. If fuel prices spike, the airline exercises and buys at the strike price. If prices fall, they let the options expire worthless and buy cheaper fuel in the spot market.

The catch? Options cost money upfront. Forwards don't. You're paying for asymmetric protection.

Swaps

Swaps exchange payment streams. The most common is an interest rate swap: one party pays a fixed rate, the other pays floating (usually LIBOR or its replacement). A company with floating-rate debt that wants certainty can swap into fixed payments.

The swap market dwarfs all other derivatives. Notional amounts outstanding exceeded $400 trillion by 2020 (Stulz R.M. 2003, updated data)^[12]. Most large corporations use swaps routinely.

Implementing risk management

A textbook process runs five steps:

1. Identify — What can go wrong? Map exposures systematically.
2. Measure — How big is each risk? Quantify where possible.
3. Evaluate — Which risks exceed acceptable levels? Compare against risk appetite.
4. Respond — What actions address unacceptable risks? Design hedging strategies.
5. Monitor — Are strategies working? Conditions change; strategies must adapt.

The tricky part is step three. Who decides what's "acceptable"? Boards set risk appetite in policy terms. Management translates that into specific limits. Traders and business units work within those limits—usually^[13].

Communication matters. Enron had a risk management function. So did Lehman. What they lacked was clear escalation when limits were breached and genuine authority to force action.

Organization and governance

Most large firms have a Chief Risk Officer (CRO) reporting to the CEO or board. Below the CRO sits a risk management department that:

• Sets risk policies and limits
• Monitors exposures against those limits
• Reports to senior management and board
• Develops risk measurement methodologies

But here's a tension. Risk managers who report to the business units they're monitoring face pressure to approve deals. Independent reporting lines help—the CRO should be able to walk into any board meeting and deliver bad news without career risk^[14].

Culture matters even more than structure. If the organization rewards short-term profits while punishing those who raise concerns, no amount of governance will prevent problems. Good risk management requires people willing to say "no" and executives willing to listen.

Financial risk management — recommended articles

Risk management — Investment — Financial planning — Strategic planning — Decision making — Due diligence

References

• Crouhy M., Galai D., Mark R. (2014), The Essentials of Risk Management, 2nd Edition, McGraw-Hill, New York.
• Horcher K.A. (2011), Essentials of Financial Risk Management, Wiley, Hoboken.
• Hull J.C. (2018), Risk Management and Financial Institutions, 5th Edition, Wiley, Hoboken.
• Jorion P. (2011), Financial Risk Manager Handbook, 6th Edition, Wiley, Hoboken.
• Lam J. (2014), Enterprise Risk Management: From Incentives to Controls, 2nd Edition, Wiley, Hoboken.
• McNeil A.J., Frey R., Embrechts P. (2015), Quantitative Risk Management: Concepts, Techniques and Tools, Princeton University Press.
• Stulz R.M. (2003), Risk Management and Derivatives, South-Western, Mason.

Footnotes

1. ↑ Crouhy M., Galai D., Mark R. (2014), The Essentials of Risk Management, p.3
2. ↑ Hull J.C. (2018), Risk Management and Financial Institutions, pp.45-58
3. ↑ Hull J.C. (2018), Risk Management and Financial Institutions, p.241
4. ↑ Jorion P. (2011), Financial Risk Manager Handbook, pp.89-102
5. ↑ Jorion P. (2011), Financial Risk Manager Handbook, p.15
6. ↑ McNeil A.J., Frey R., Embrechts P. (2015), Quantitative Risk Management, pp.34-67
7. ↑ Crouhy M., Galai D., Mark R. (2014), The Essentials of Risk Management, pp.178-195
8. ↑ Hull J.C. (2018), Risk Management and Financial Institutions, pp.234-267
9. ↑ Lam J. (2014), Enterprise Risk Management, pp.156-178
10. ↑ Horcher K.A. (2011), Essentials of Financial Risk Management, p.47
11. ↑ Stulz R.M. (2003), Risk Management and Derivatives, pp.156-178
12. ↑ Stulz R.M. (2003), Risk Management and Derivatives, updated data
13. ↑ Lam J. (2014), Enterprise Risk Management, pp.78-95
14. ↑ Crouhy M., Galai D., Mark R. (2014), The Essentials of Risk Management, pp.234-256

Author: Sławomir Wawak