Chapter 2
A New Era of Liquidity Risk Management

Shyam Venkat1

Introduction

Liquidity risk management is a core competency for all types of financial institutions, from "sell-side" firms, like banks, to "buy-side" institutions such as insurance companies. Banks typically engage in maturity transformation by funding themselves with deposits and other short-term liabilities and investing in assets with longer-dated maturities, while continuing to meet liability obligations as they come due. Capital markets trading businesses provide market liquidity in various asset classes by facilitating order flow between buyers and sellers of financial assets and maintaining inventory through positions using their firms' own capital.

The period from the mid-1990s to the mid-2000s saw relatively few advancements in the discipline of liquidity risk management, even as approaches for measuring and managing credit, market, and operational risks were gaining in sophistication and infrastructure. The Asian currency contagion of the late 1990s, dotcom bust in early 2000, terrorist attacks of 9/11, and subsequent commencement of two major wars in Iraq and Afghanistan did little to heighten concerns outside of regulatory circles around liquidity risk management or spur significant advances in the risk management discipline. Robust global economic growth, fueled by easy credit, looked poised to remain the new normal as industry insiders, pundits, and regulators touted the benefits of the "great moderation," pushing concerns for liquidity risk into the background.

The global financial crisis began in mid-2007, spurred on by the onset of several liquidity events, and brought on dramatic and rapid change. The dramatic increase in systemic risk made almost all financial institutions-even those few leading firms that had upgraded their liquidity risk management practices and infrastructure over the preceding decade and made some astute market calls-unprepared for the crisis. Company treasurers and their treasury functions, tasked with managing enterprise funding and liquidity, were now immediately center stage under the spotlight, and worked feverishly to help keep their institutions afloat even as financial markets and peer institutions faltered around them. Suddenly, client cash and secured financing, long considered safe sources of funding, were evaporating; deposits, even those guaranteed by the Federal Deposit Insurance Corporation (FDIC), were being withdrawn, giving rise to concerns of runs on banks. Previously liquid asset markets with readily transactable quotes experienced significant disruptions as market makers and buy-side customers were unsure how far the contagion would spread and became risk adverse. Consequently, the ensuing erosion of balance sheet strength and earnings power among financial services firms brought forth a renewed focus on the importance of liquidity risk management. The raft of new rules and regulations that shortly followed the financial crisis also prompted financial firms, particularly banks and capital markets institutions, to significantly enhance their capital and liquidity positions and related risk management capabilities. Much of the market scrutiny in the United States, United Kingdom, and Europe directed banks and other financial services firms to concentrate on de-risking balance sheets and enhancing capital management capabilities with respect to risk governance, stress testing, capital planning, and capital actions.

In the aftermath of the crisis, liquidity risk management practices have continued to evolve and the pace of that change has quickened as regulatory guidance continues to raise the standards on what are considered "strong" capabilities. Given the relatively early stage and continuing evolution of capabilities in this area, some of these practices may even be viewed as "leading" in nature. The discussion in this chapter on leading practices for liquidity risk management is, by no means, exhaustive; we acknowledge preemptively the contrary to be true. Moreover, there are several additional sources of excellent guidance on this topic that have been issued by various experts, industry practitioners, supervisory agencies, and other regulatory regimes around the world.

The focus of the compendium of fundamental and leading practices summarized in this chapter is more methodological and practical, rather than the principles-based guidance that is often offered by supervisors and regulators. Accordingly, we offer these views on such leading practices in the hope of giving liquidity risk managers and architects additional insights and considerations that may be helpful in their continued efforts to build best-in-class liquidity risk management capabilities. Such considerations of these leading practices should be made within the context of an institution's business model, size, scale, and complexity, as well as tailored appropriately to fit within the organization's structure, cultural and social norms, operating processes, and supporting infrastructure.

We have organized our views on leading practices along the following areas: (i) Governance and organization, (ii) measuring and managing liquidity risk, and (iii) optimizing business practices. Each of these areas is further discussed in greater detail in the individual chapters of this book. We conclude this chapter by summarizing additional considerations for institutions to ponder as they chart their paths forward and advance their capabilities in this critical risk management discipline.

Governance and Organization

Liquidity Risk Management Oversight and Accountability

Strengthen Board Knowledge, Capabilities, and Reporting

The events leading up to and stemming from the financial crisis highlighted the need for improved awareness and reporting of liquidity risk at the board of directors and executive management levels within financial institutions. Strong governance is critical in effectively managing all aspects of an enterprise, and liquidity risk management is no exception.

The board of directors of a financial services institution has the ultimate authority and responsibility for approving, overseeing, and monitoring its overall risk appetite and various individual components of its risk profile including liquidity risk. This overall risk appetite and profile, including the liquidity risk component, should be approved by the board to ensure alignment with the broader business strategy of the enterprise, and supported by relevant policies, procedures, roles, and responsibilities. As a practical matter, the board often delegates its authority for establishing liquidity risk appetite to company management in the form of committees, officers, and departments including the asset-liability committee (ALCO), enterprise risk management committee, corporate treasurer, and Chief Risk Officer (CRO).

Leading institutions are expanding board oversight of liquidity risk management to ensure the board has both a broad understanding of liquidity risk management concepts as well as sufficient knowledge of underlying technical details. Further, board reporting has improved to show greater depth and frequency of liquidity risk information and integration between business performance, financial, and other risk metrics to give boards greater clarity and integrated view into the changing business and risk profiles of their institutions.

Leverage the Three Lines of Defense to Align and Integrate Management of Liquidity Risk

The three lines of defense depict the institution's internal risk management posture. Each line-the business, the independent risk management function, and the internal audit function-has specific responsibilities with respect to the end-to-end liquidity risk management process, from overall governance, strategic planning, risk appetite setting, risk identification, assessment, and management, through reporting, as well as internal controls.

In the context of liquidity risk management, corporate treasury, and/or ALCO typically serve as the first line and establish the firm's liquidity risk appetite with input and approval from the CRO and the independent risk oversight function. The CRO's independent risk oversight team provides the second-line defense, informing the setting of liquidity risk appetite and monitoring the institution's risk profile with a holistic view across different types of risk (e.g., credit, market, operational, liquidity) under changing market conditions. The third-line function, carried out by internal audit, is responsible for providing an independent, periodic assessment of the firm's internal control systems, including risk management, to the board.

While the corporate treasury function and ALCO bring both a business orientation and a risk management mind-set to their respective roles, it is important for an institution that follows an organization model comprising three lines of defense to empower its second-line risk managers to perform their own independent liquidity risk monitoring, review the assumptions and processes for decision making used by the first line, and challenge those views held by the first line that may prove vulnerable under evolving market conditions and thereby subject the firm to unintended risks. It is critical that institutions overcome legacy organizational silos to ensure that each line of defense effectively carries out its respective role with appropriate oversight and also achieves effective coordination and communication across the organization. A key ingredient to ensuring the...