Code, Crash, and Open Source: the Outsourcing of Financial Regulation to Risk Models and the Global Financial Crisis

• Publication year: 2021

CODE, CRASH, AND OPEN SOURCE: THE OUTSOURCING OF FINANCIAL REGULATION TO RISK MODELS AND THE GLOBAL FINANCIAL CRISIS

Erik F. Gerding(fn*)

Abstract: The widespread use of computer-based risk models in the financial industry during the last two decades enabled the marketing of more complex financial products to consumers, the growth of securitization and derivatives, and the development of sophisticated risk-management strategies by financial institutions. Over this same period, regulators increasingly delegated or outsourced vast responsibility for regulating risk in both consumer finance and financial markets to these privately owned industry models. Proprietary risk models of financial institutions thus came to serve as a "new financial code" that regulated transfers of risk among consumers, financial institutions, and investors.

The spectacular failure of financial-industry risk models in the current worldwide financial crisis underscores the dangers of regulatory outsourcing to the new financial code.

This Article explains how financial institutions used the "new financial code" to shift, spread, and price financial risk using the template of the stages of securitization of consumer-credit products, hedging through credit default swaps, and overall portfolio management. This Article then examines several explanations for the failures of risk models, which contributed to the current crisis, including flaws in the design of risk models and agency costs associated with those models. It also outlines several lessons for regulatory outsourcing from the current crisis, including the following: * Bank regulators should scrap those provisions of Basel II that allow certain banks to set their own capital requirements according to their internal risk models; * Regulators should promote "open source" in code (or the models) used to market financial products to consumers, price securitizations and derivatives, and manage financial-institution risk; and * The failure of risk models used to price securitizations and derivatives reveals some of the comparative advantages of equity securities in spreading risk.

Introduction. .........................................................................................129

I. The Rise of the New Financial Code and Its Crash.......................136

A. A Primer on Financial Risk...............................................136

i. Typology of Risk..........................................................136

ii. The Revolution in Quantitative Finance.......................139

B. Code Along the Nodes of the Financial Web: The Stages of Securitization....................................................................143

i. Marketing Financial Products to Consumers................144

ii. The Pooling and Pricing of Securitizations..................147

iii. Purchasers of Asset-Backed Securities: Rating Agencies, Regulated Financial Institutions, Risk Management, and Basel II.........................................................................151

1. Rating Agencies...........................................................151

2. Risk Management.......................................................153

3. Basel II .........................................................................154

4. The SEC, Basel II, and Consolidated Supervised Entities 158

iv. Hedging Risks: Derivatives and Hedge Funds.............160

v. Iterations: CDOs and Derivatives to the nth Power......162

C. The Crash of the New Financial Code: A Thumbnail Sketch ..................................................................................164

D. Historical Parallels: The 1987 Crash and the Failure of Long-Term Capital Management......................................167

i. The 1987 Crash.............................................................167

ii. The Collapse of Long-Term Capital Management .......168

II. Model Risk: Diagnostics on the Crash of Code .............................169

A. Design Flaws.....................................................................170

i. Non-Robust Model Assumptions .................................170

ii. The Radical Critique: The Failure of Models in the Face of Uncertainty ..............................................................172

iii. Risk Correlation............................................................172

iv. Spillover Effects and Feedback Loops .........................173

v. Interface Between Codes: Information Gaps................175

vi. Flaws in Modeling Human Behavior............................176

1. Bounded Rationality: The "Killer App" for Behavioral Law and Economics.................................................................176

2. Modeling and Complex Adaptive Systems..................178

B. User Interface: Human Agency and Agency Costs..........180

i. Selecting Code: Model Fit or Fitting the Model?.........180

ii. Implementation Errors..................................................181

iii. Inputs to Code: Low-Documentation Loans.................181

iv. Gaming the Models ......................................................182

v. Interface between Codes Revisited: Information Destruction and Information Externalities......................182

vi. The Risk of Homogeneity Among Risk Models: An Anti-Coordination Problem..................................................184

vii. A Coordination Problem Among National Regulators .185 III. Select Policy and Research Implications.......................................186

A. Scrapping Basel II's Internal Models Approach...............186

B. Promoting Open Source Risk Models...............................189

i. The Outlines of an Open-Source Approach..................189

ii. The Benefits of Open Source........................................190

iii. Potential Drawbacks: Would Open Source Promote Homogeneity?..............................................................191

iv. Extending the Open-Source Approach.........................192

v. Open Source and Rating Agencies...............................193

vi. Open Source and Consumer Protection........................194

C. In Praise of Equity............................................................195

Conclusion. ...........................................................................................197

INTRODUCTION

The revolution in quantitative finance that occurred over the last two decades produced models that enabled the rapid growth of securitization and derivatives. (fn1) This Article demonstrates that financial regulators delegated or outsourced to these computer-based risk models the responsibility of regulating a wide range of risk transfers in the economy-from consumer finance to global financial markets. These risk models failed spectacularly in the global financial crisis that started in the subprime mortgage market, and this outsourcing of regulation exacerbated the crisis.

To understand the crisis, the failure of risk models, and the dangers of regulatory outsourcing, it is helpful to sketch out the system by which mortgages are connected to asset-backed securities, derivatives, and financial risk to global financial institutions. (fn2) Securitization uses the future payment streams from mortgages and other credit products to create securities that are sold to investors. These investors not only acquire the right to these payment streams, but also assume a portion of the financial risk that borrowers will not make payment on the underlying mortgages when due; securitization thus carves up the risk associated with mortgages and other securitized assets into slices, which are then spread among investors.(fn3) Those investors could then use credit derivatives and other derivatives to offload parts of this risk to counterparties in exchange for paying premiums to those counterparties.(fn4)

Securitization and derivatives created a system for transferring risk and spreading it among those investors who could theoretically bear risk most efficiently. (fn5) Each part of this risk-transfer system was enabled by private, computer-based industry risk models that were built using innovations in quantitative finance. These models include the following:* Data-mining and credit-scoring software used by financial institutions to market mortgages, loans and other financial products to individual consumers (this marketing includes not only setting the price of those products to match the risk of individual borrowers, but also creating complex features in those products that can be tailored for certain categories of consumers);(fn6) * Pricing models used by financial institutions to structure and price the securitization of those consumer financial products;(fn7) * Models used by credit-rating agencies to assign ratings to the asset-backed securities issued in securitizations;(fn8) * Models used to price those derivatives that further hedge the risks of asset-backed securities;(fn9) and * Models used by financial institutions to manage their investment portfolios and set their overall risk-management policies. (fn10)

This Article refers to the above-mentioned data-mining software and computer-based risk...