Washington Law Review


Erik F. Gerding


The widespread use of computer-based risk models in the financial industry during the last two decades enabled the marketing of more complex financial products to consumers, the growth of securitization and derivatives, and the development of sophisticated risk-management strategies by financial institutions. Over this same period, regulators increasingly delegated or outsourced vast responsibility for regulating risk in both consumer finance and financial markets to these privately owned industry models. Proprietary risk models of financial institutions thus came to serve as a “new financial code” that regulated transfers of risk among consumers, financial institutions, and investors. The spectacular failure of financial-industry risk models in the current worldwide financial crisis underscores the dangers of regulatory outsourcing to the new financial code. This Article explains how financial institutions used the “new financial code” to shift, spread, and price financial risk using the template of the stages of securitization of consumer-credit products, hedging through credit default swaps, and overall portfolio management. This Article then examines several explanations for the failures of risk models, which contributed to the current crisis, including flaws in the design of risk models and agency costs associated with those models. It also outlines several lessons for regulatory outsourcing from the current crisis, including the following: • Bank regulators should scrap those provisions of Basel II that allow certain banks to set their own capital requirements according to their internal risk models; • Regulators should promote “open source” in code (or the models) used to market financial products to consumers, price securitizations and derivatives, and manage financial-institution risk; and • The failure of risk models used to price securitizations and derivatives reveals some of the comparative advantages of equity securities in spreading risk.

First Page