Moving from crisis to reform: Examining the state of counterparty credit risk

| Article

Strengthening management of counterparty credit risk (CCR) remains a top priority for bank chief risk officers and heads of global markets. This broad consensus reflects the potential for significant losses from CCR exposures, as well as the prevalence and complexity of highly leveraged strategies and the need for thoughtful risk oversight in light of heavy capital requirements. CCR is also challenged by significant regulatory focus across multiple jurisdictions.

The potential damage that can be caused by weak CCR management was highlighted by a number of large failures over the years, including the 2021 collapse of Archegos Capital Management, a family office founded by billionaire investor Bill Hwang. The failure of Archegos to meet margin calls on equity positions led to substantial losses among banks. The episode served as a wake-up call for institutions serving institutional investors and prompted a speedy intensification of regulatory scrutiny.

One of the underlying reasons for the damage caused by Archegos was the changing role of financial institutions—as that of market intermediary—since the 2008 financial crisis. Thus, the rising prevalence of market shocks and high levels of intraday volatility led some risk functions at banks to insufficiently quantify exposures. A recent example was seen in the 2022 gilt liquidity crisis, which led to significant collateral calls on pension fund derivative positions. This again highlighted the need for banks to closely monitor exposures across counterparty types and showed how CCR can quickly accumulate and transmit through the banking system.

This changing role of financial institutions has been accompanied by a lack of standardization of operational practices, including relating to onboarding, pricing, margining, disclosure requirements embedded in representations and warranties, quantification methodologies, and escalation processes.

In response to CCR shocks, many banks have made efforts to shore up oversight of activities including governance, credit risk due diligence, limit and exposure management, and closeout protocols. However, while the industry has made progress, there is still plenty of risk in the system, driven by both “sticky” challenges (for example, analytics infrastructure, including prevalent overreliance on future exposure modeling) and the need for longer-term action where new ground is being broken (for example, more continuous financial-health monitoring).

In the coming period, getting these variables right will separate the best from the rest, with leaders increasing share of wallet, capturing more profitable counterparties, and appropriately pricing risks commensurate with risk appetite in prime financing, secured financing transactions, and over-the-counter (OTC) derivatives. Organizations also need to account for shifting business models, as large institutions have consistently simplified risks in their balance sheets, perhaps at the cost of security against increased concentration risks. Banks today make larger resource allocations to products like delta one, securities financing, and OTC clearing, and reduce allocations to products with inherently more complex and exotic risks, such as collateralized debt obligations and volatility strategies.

In this context, we believe that banks and dealers can consider further action in a number of areas. These include streamlining credit assessment and onboarding, adopting continuous monitoring, and ensuring limits are carefully calibrated. In modeling, there is room for further consideration of the role of potential future exposure (PFE) going forward, as well as for improving stress testing practices, modeling of nondirectional factors, and sharpening capital calculations, with enhanced data facilitating the next generation of analytics. Through these building blocks, and with a programmatic approach to implementation, institutions can develop more robust risk management oversight, serve customers better, and embed more confidence in front-office activities.

Counterparty risk: Still catching participants off guard

From OTC derivatives trading to prime brokerage, securities lending, and repos, CCR is inherently bound to the daily operations of markets businesses and markets environments. It is most often manifested in default risk, replacement risk (the risk of not being able to replace a defaulted position), and settlement risk—albeit at the tail end of probabilities. CCR has been on banks’ agendas for a long time (since the 1998 collapse of Long-Term Capital Management), and despite improvements in levels of collateral in the system and establishment of OTC clearing markets, it still catches market participants off guard, suggesting continuing challenges in risk management culture and capabilities. The most common deficits are in governance structures, oversight of relationships with institutional counterparties, adequacy of disclosure requirements, and historical lack of investment in risk-monitoring infrastructures.

Despite sustained efforts to estimate exposures, define limit structures, and price and charge for CCR, its absolute level in the financial system has continued to grow, resulting in higher than understood levels of unsecured credit exposures, perhaps masked by a growing comfort in existing limit and exposure management systems driven by a risk-on orthodoxy that has reflected low rates, yield-seeking inflows, and growing interconnectedness. Indeed, the value of assets managed by hedge funds has grown significantly over the past five years while bank derivative credit exposures have also increased. This has been particularly true for credit exposures between hedge funds and primes, amid highly leveraged trading strategies, margin-related “wrong-way risk,” and the rise of algorithmic and high-frequency trading.

The potential for liquidity challenges and losses against CCR exposures has been heightened by recent high levels of cross-asset volatility. Indeed, about 80 percent of the largest intraday price swings in the Dow Jones index have occurred in the past three years, seen, for example, in the significant commodity price volatility at the onset of Russia’s invasion of Ukraine.

In addition to market-related risk, banks face rising regulatory expectations. Across jurisdictions, there have been thematic regulatory reviews on CCR. The implementation of SA-CCR (standardized approach for counterparty credit risk) regulations under the Basel IV framework and updates to the credit-value-adjustment capital charge under the Fundamental Review of the Trading Book may heighten capital requirements for some players—for example, prime brokers with large securities financing activities, given increased supervisory equity haircuts, large books of short-dated foreign exchange forwards, and commodities derivatives. The uplifts are driven by charges for uncollateralized or noncash collateralized trades and directional risk.

The industry has beefed up its protocols

Following the Archegos failure, the US Federal Reserve and UK regulators published additional supervisory guidance for CCR management among banks with significant trading book activity and derivatives exposures. This is in addition to institution-specific feedback following thematic reviews. Areas of focus included relationships with institutional investors and alternative-asset managers, including adequacy and frequency of disclosures, risk-sensitive margining, exposure management methodologies, and closeout procedures. The European Central Bank identified CCR as a key regulatory priority for 2022 to 2024 and published a groundbreaking report1 on CCR governance and management.

Spurred on by these initiatives, many banks put in place CCR remediation programs and strengthened their capabilities. These efforts have largely focused on three areas: first, governance and organization for CCR oversight; second, credit risk assessment and monitoring of counterparty financial health; and third, limit and exposure management (including exposure measurement).

Governance and organization for CCR oversight. Several banks have strengthened business risk functions (first line of defense) and oversight teams (second line):

  • In the first line, banks have enhanced their specialist CCR teams. In addition to carrying out credit risk assessments and due diligence, enhancements have focused on monitoring practices and streamlining and standardizing credit memos. In business-like risk, such as prime brokerage, practices have also been enhanced. While it is common for teams to use rule- and risk-based approaches to actively manage margin risk and to prioritize haircut recalibrations, stress testing is increasingly becoming a critical tool for evaluation of exposures.
  • In the second line, many banks with institutional franchises have integrated CCR oversight of credit and market risk. Enhancements have focused on quantitative CCR market risk capabilities to more accurately measure the impact that market price scenarios/events can have on CCR exposure and default risk (for example, wrong-way risk). An expanded remit often creates obligations including daily monitoring and reporting of limit exposures, evaluation of stress scenarios, and exposure monitoring in closeout processes.

Credit risk assessment and counterparty health monitoring. Several banks have enhanced their quantitative risk rating methodologies (often based on financial scorecards) with a range of qualitative dimensions. Hedge funds and family offices have been in focus, with criteria including management, risk, compliance, operations, and disclosures more consistently added to the assessment mix. The failure of Archegos has emphasized that while family offices have often been regarded as one segment, generally with lower risk profiles than hedge funds, their risk appetites can diverge significantly, some being closer to pension funds or foundations/endowments while others are highly speculative.

Hedge funds are generally a low-default portfolio, with very few closeout experiences. Given significant survivorship bias in industry data, and difficulties to develop reliable probability of default models, qualitative assessments, including expert ranking, are invaluable tools.

Where advanced internal ratings-based approach models are used, additional scorecard elements are often used as qualitative inputs to either justify rating overrides or to provide additional context to limit setting.

Limits and exposure management. Many banks have focused on exposure metric enhancements for PFEs and stress measures, as well as improvements to limit setting and escalation and breach management processes.

PFE modeling is established market practice for managing limits for CCR risk and is used across cash prime and OTC products. Capability enhancements in this area have focused on data and infrastructure improvements. Banks have also added a range of metrics, including size-based measures (for example, notional) and scenario-based stress testing to identify portfolio vulnerabilities and drive reviews. Stress scenarios may be based on hypothetical scenarios (of a single or range of risk factors) or historical scenarios (fully replicating shock severity across risk factors from a prior crisis). The shocks are configured as “instantaneous” (that is, compressed to a one-day move), and stress P&L is typically reported at the level at which limits are monitored across the range of scenarios deployed.

From a limit-setting perspective, banks are setting PFE limits at increasingly granular levels (for example, counterparty, activity, or tenor), and additional limits, based on notional and stress testing, are becoming more common. Limits are usually adjudicated by the second line, often underwritten by a private-side first-line function, and used as a mechanism to establish clear operating guidelines for trading units.

Most banks have strengthened their escalation and breach management procedures, which set out more formalized approval and escalation hierarchies, delegation authorities, and responsibilities in the event of a threshold excess or breach.

Where next for institutions?

While many industry participants have made progress on elevating CCR management, there are several areas in which players can continue to resolve challenges and plot the next horizon of growth. The following may be considered priorities:

  • Streamline credit assessment and onboarding. Onboarding is a common and costly pain point, both for employees and clients. In particular, when assessing and onboarding institutional clients (including large asset managers with fund manager/fund structures), credit assessment can be carried out at both manager and fund levels. Many industry participants are making efforts to optimize data capture and standardize rating processes across geographies. Rerating approaches and frequencies are also being revisited.
  • Move to continuous counterparty financial-health monitoring. Active oversight of financial health includes enhanced, timely, and digitized disclosure monitoring, external news monitoring, and changes in internal exposure profiles, including protocols to trigger deep-dive reviews and prioritizing credit risk officer workloads. Technology such as AI is increasing the efficiency and effectiveness of this monitoring.
  • Calibrate limits to risk appetite and capital targets. Some banks have established additional limits to manage exposures at an aggregate level (for example, sector). Aligning and translating enterprise-wide stress testing with counterparty limit stress testing has been a focus for banks but has proven to be difficult. More explicit linkage of counterparty-level limits to top-of-the-house risk appetite, as well as clear guidance to credit officers on limit sizing, continues to be a focus area.
  • Use nondirectional factors. Several players are investigating the future and relevance of PFE as a risk measure. Right now, some banks run low PFEs, which may disguise the amount of inherent risk in a position. Critically, the use of nondirectional factors (for example, market depth, liquidity, concentration, basis) remains an important focus area—in particular, the progression from use of nondirectional factors as “add-ons” to more structural modeling of the convolution of market risk and nondirectional factors.
  • Improve stress testing. Many industry participants are tightening credit limits and boosting oversight of markets businesses, with a particular focus on hedge funds. Still, commensurate improvements in analytics have often lagged behind amid continuing high levels of false positives. Enhancements in stress testing infrastructure across first and second lines of defense, and further calibration of stress scenario plausibility and severity, are required to allow more flexible and timely “what if” analysis. As the industry also moves toward using stress limits, it calls for clear governance guidelines on use of stress testing results. In particular, this would include wrong-way risk assessments.
  • Ensure accuracy of CCR capital calculations. To carefully deploy risk-based capital, some banks are starting to review the accuracy of CCR risk-weighted assets (RWA) across calculation engines, underlying data, and collateral. A more holistic approach to improve RWA accuracy would complement reviews of capital parameters for complex transactions and in-business initiatives (for example, pricing, hedging).
  • Enhance underlying CCR data and infrastructure. Several banks are investing significant resources in managing data quality—notably, the reliability of contractual, margin, and collateral data sourced from front-office systems. Key areas for improvement going forward include streamlining connectivity and consistency of CCR infrastructure with first line of defense and market risk and/or X-value adjustment infrastructures, as well as the development of next-generation tools for real-time analytics based on evolving market scenarios.

Given the market and regulatory pressure on banks to enhance CCR management alongside business and prudential upsides, decision makers are likely to benefit from a zero-based assessment of where they are on the journey, embracing a refreshed approach where necessary. To continue to deliver CCR programs effectively, we recommend four programmatic steps.

Actively monitor portfolios and counterparties. Assess the need for risk appetite or limit revisions, considering changes in business strategy or market dynamics. This will include reviewing positions/exposures by counterparty in businesses most sensitive to the current macro environment, and unwinding or reducing exposure where necessary.

Rapidly assess gaps in remediation effectiveness. While delivering the existing book-of-work for CCR improvements, conduct proactive “premortems” on remediation commitments to identify potential impediments to regulatory closure. The exercise should also focus on identifying key vulnerabilities and areas that could benefit from a deeper review of capabilities (for example, counterparty due diligence).

Make plans for next-generation capability building. Banks could review their strategic road maps to strengthen CCR capabilities indexed against target business goals, market dynamics, and supervisory expectations. This would help them identify opportunities to build the next generation of tools and processes, for example in continuous financial-health monitoring or credit workflow enhancements. In addition, it may make sense to establish compensating controls where target enhancements may take longer to implement. One such action may be to address limitations in underlying analytics and infrastructure such as PFE or stress testing.

Communicate with stakeholders. Banks could proactively draft communications delivered to the board, internal audit, and regulators, including those relating to assessment of remediation effectiveness and a road map for improving, enhancing, and strengthening CCR capabilities.


CCR management is becoming more challenging and complex, reflecting a disrupted global economic, political, and regulatory environment, together with historically high levels of volatility. And despite recent investments in tools, people, and processes, most institutions remain on a journey, with some insufficiently budgeted to achieve their strategic goals. Moreover, the focus is often on regulatory capital at the expense of the front office.

Looking ahead, the task for decision makers will be to transition to the next level of CCR management. The experience of leading banks shows that when completed effectively, this can significantly reduce risk and create a new source of incremental revenue and competitive advantage.

Explore a career with us