Erkki Liikanen: Central banking and the risk management of central banks - what are the links?

Keynote speech by Mr Erkki Liikanen, Governor of the Bank of Finland, at the Joint Bank of Portugal and European Central Bank Conference on "Risk Management for Central Banks", Lisbon, 26 September 2017.

The views expressed in this speech are those of the speaker and not the view of the BIS.

Central bank speech  | 
29 September 2017


About a decade ago we saw the first signs of turbulence in global financial markets. A year later Lehman Brothers went under. We were faced with a full-blown financial crisis.

Later, it was named the Great Financial Crisis. It led to a both qualitative and quantitative change in the operations of central banks and was reflected in their balance sheets. The events forced the central banks to focus on the question what kind of credit they extended, and should extend, in providing liquidity to private banks. Later, the central banks launched large securities purchase programs.

The growth of the central bank balance sheets since the financial crisis has made central bankers pay more attention to the management of financial risks. The evaluation, control and management of financial risks has become more central than before.

Central Banks are financial institutions, and so their risk management is not totally dissimilar with other financial institutions such as commercial banks. But there are very important differences. For central banks, these differences must be understood to perform properly in their policy tasks.

The position and objectives of central banks are different from those institutions that operate on a for-profit basis. Their responsibilities are different, their powers and capabilities are wider, and their accountability requirements are broader.

These differences matter for risk management. Today, I would like to talk on these differences and focus on four aspects of risk management in central banks.

  1. How should the central bank's mandate and responsibilities influence its risk management?
  2. How should the risk management function be organized in relation to the policy and investment functions within the bank?
  3. How should the accountability and transparency requirements be taken into account in managing central bank risks?
  4. How can financial regulation help the risk management of central banks?

I will conclude by collecting some lessons we have learned during the turbulent, but certainly instructive years since 2008.

I will concentrate on financial risks in the balance sheets and mostly pass over other important risks, such as operational and cyber risks. The area of financial risks is where the special character and responsibilities of central banks probably matter most, making the risk control problems even more complex and nuanced than is the case in "ordinary" banks.


As policy institutions, central banks have objectives and responsibilities that differ from the financial institutions operating on a commercial basis. To enable the central banks to fulfil their responsibilities, they also have special powers - especially the monopoly of issuing currency and reserve money.

We should resist the temptation to use the special characteristics of central banks as excuses for not having to implement the best risk management techniques developed elsewhere. The risk management standard and techniques of "ordinary" banks should serve as an obvious starting point when discussing risks. There are differences, but they have to be justified in each case.

How do the risks come about? Central banks take on balance sheet risks as a result of their investment activities (as in holding foreign reserves), their monetary policy operations, and from time to time as providers of lender of last resort credit to their counterparts.

As investors, central banks have traditionally been conservative. This means that when faced with trade-offs between risk and return, central banks have traditionally tended to favour assets with very low credit risk even if the expected returns from such investments have been modest. Traditionally, central banks have also preferred very liquid, short-term investments. These choices have been clearly visible in the way foreign exchange reserves are usually invested.

As policy makers, central banks influence market conditions and market prices in a unique way. This is the task why central banks exist today, and why they are able to conduct monetary policy. The ability, and indeed the obligation, to steer the money markets in order to deliver macroeconomic stability adds an important extra twist to the risk management problem: the central bank is not just price taker in the financial markets, it is a price maker too. This is one of the features that make them special as investors and lenders.

One may see it as a sort of paradox that central banks, in making policy, themselves seem to create and control much of the risk they themselves bear as investors and creditors. However, the central banks do not actually have arbitrary powers to steer the interest rates or other market prices. They are mandated to exercise their monetary policy powers to pursue specific pre-set goals: the policy objectives for which they are accountable.

In the Eurosystem for instance, price stability is the overriding objective. Therefore, although the actions of the central banks may have an impact on their financial risks, these actions are taken with the requirements of monetary (and financial) policy in view.

So, while the ability to influence market conditions may be important for the risk management problem of central banks, we should not read too much into this. There is a wide agreement that central banks should not use their monetary policy powers as instruments of their own risk management.

There is also a broad agreement that any information central banks have on their future policies should not be used for their own financial gain. In their investment activities and their securities purchases for monetary policy purposes, the preference of the very best creditworthiness has been the traditional risk management technique.

In credit operations, the situation is more complicated. When credit is granted to banks, in monetary policy operations or in last resort lending, the most traditional and still the most important method of risk management is collateral policy. To minimize the probability of loss, the collateral should be safe.

However, since the collateral need not be actually realized except in the case of default of the borrower, collateral requirements need not be the same as the eligibility standards in outright purchases of securities. This can be compensated in other ways. Haircuts are routinely used to compensate for suspected risks in the value of collateral.

This brings us to an important difference between central banks and other institutions: the role of central banks as policy institutions matters for their collateral policy and can make the policy different from usual, private lenders.

The special nature of central banks' collateral policy was first noted by Walter Bagehot, already more than 140 years ago. Bagehot was concerned with how the central bank could best support financial stability. According to the famous Bagehot's rule, in times of crisis central banks should lend freely against good collateral, at a penalty rate of interest. But what should be taken as "good collateral"? It is worthwhile to cite Bagehot (1873) word for word:

"If it is known that the Bank of England is freely advancing on what in ordinary times is reckoned a good security-on what is then commonly pledged and easily convertible-the alarm of the solvent merchants and bankers will be stayed. But if securities, really good and usually convertible, are refused by the Bank, the alarm will not abate, the other loans made will fail in obtaining their end, and the panic will become worse and worse."

The key phrase in this quote is "in ordinary times". Bagehot means that the collateral requirements of central banks should be set as in a situation where the panic (caused by a run for liquidity) would not prevail.

The revolutionary point Bagehot made is that the central bank's collateral policy should not view quality of collateral offered as given. The bank should take into account that its own decisions about what is eligible will affect the quality of the collateral. The central bank should not only take the long view, on the quality of the collateral, but also a confident view, taking into account its power to stem the liquidity crisis.

This rule makes plain the great difficulty of the central bank's risk management problem, which also is a policy problem, whenever there is market stress. The quality of the collateral "in normal times" which Bagehot refers to is not what the market deems it to be; and it is not necessarily the quality that prevailed before a crisis. It is something that will be sustainable in the future.

How is this Bagehot's recommended policy different from the behaviour of the private participants? When deciding on its lending policy the central bank should take into account the effects of its own credit decisions on the quality of the collateral. This is Bagehot's point. That is not easy to do in practice.

The task of the central bank is to assess the quality of the collateral in a future situation after the crisis will have abated. There cannot be any fixed rules for that. In particular, the market does not give a firm guidance: if the central bank always followed the market in deciding what collateral is good, it could not add much to the liquidity of the markets and could not do its job to calm the situation in the case of market stress or panic. On the other hand, the central bank should not believe it can make bad collateral good just by pretending that to be the case and lending money against it.

Bagehot's advice was about collateral policy, reflecting the central banking practices of his time. It has, however, some relevance also for securities purchases in open market policies as well. It is that the market under stress is not always right, not without some guidance at least. One lesson from the Outright Monetary Transactions, OMT, was that the government bond markets in the euro area were at that time operating under unjustified doubts about the future of euro. The OMT programme confidently declared by the ECB succeeded in correcting the mispricing of the stressed government bond markets, in a way broadly similar to the way in which Bagehot explained the bill market of his time could be pacified.


Turning to the organizational aspects of risk management, we find both similarities and differences between central banks and other financial institutions.

Starting with the similarities, a generally accepted principle that applies to both is that risk control functions and risk-taking functions should be separated. As a rule, this separation should reach the top decision-making level of the organization. The different business and reporting lines, both those that take risk on behalf of the bank and those that assess and control it, present their views directly to the decision-making level.

After the financial crisis, and the unpleasant surprises which were uncovered in a number of investment and retail banks, the value of following this principle has been understood even more clearly than before.

The top management must be responsible for ensuring and overseeing a strong risk governance framework, and must be able to carry this responsibility. This requires a systematic approach. It includes a strong risk culture, a well-developed and explicit policy regarding to risk taking and risk management, up-to-date methodologies for measuring financial risks, and well-defined responsibilities for risk management and control functions.

An effective risk control function is a key component in the organization. This function is responsible for overseeing risk-taking activities across the institution. The important thing is that it should have the authority it needs. The risk control function should be independent, with sufficient stature, resources and direct access to the board.

Risk reporting to the board requires careful design in order to convey bank-wide, individual portfolio and other risks in a concise and meaningful manner. Reporting should accurately communicate risk exposures and results of stress tests or scenario analyses and should provoke a robust discussion of, for example, the bank's current and prospective exposures (particularly under stressed scenarios).

A balance should be found between the independence of the risk control function, on the one hand, and smooth horizontal information flows on the other. As emphasized in BIS principles for risk management, for example, banks should avoid organizational "silos" that can impede effective sharing of information across the organization. Necessary cooperation between the functions should of course never compromise the special independent role of the risk control function.

In "ordinary", for-profit institutions, the main organizational challenge is to reconcile the business orientation of the revenue-generating functions with the caution guarded by the risk controlling function. This balance has to be managed at a high, responsible decision-making level.

A broadly similar, but wider balancing challenge exists also in central banks. Their problem of organizing risk control and management is more complex than in for-profit institutions.

While the central banks have important investment functions, much like other banks, they also have separate monetary policy responsibilities and functions. The organizational architecture must therefore accommodate more distinct functional lines than in an ordinary financial institution - at least the investment function, the monetary policy preparation and execution, and finally the risk control function.

The presence of the monetary policy preparation and execution function is an added complication to risk management that is characteristic to central banks, when we compare them to other banks. Monetary policy planning and execution should not be hampered by hidden considerations of risk or gain.

Likewise, it is necessary that monetary policy decision are taken with full awareness of their expected financial consequences and the associated risks. Only then, with adequate risk information, can the responsible decision makers really discharge their responsibilities.

The idea of a completely independent risk control function had been around at least from 1990's, but it took the latest crisis to galvanize the central banks to take bigger steps. Before the crisis a typical solution was to have separate responsibilities at the board level, but not a fully independent business line or unit for risk management and control. This has been changing.

In the Bank, which I know best, the risk control function was reorganized from the beginning of 2009. A separate unit was established with its own reporting line to the board. This reorganization had been in preparation for a couple of years already before the crisis, but the perception of increased riskiness of the environment certainly accelerated the implementation of the change.

Within the ECB, the audit committee has been active in promoting enhancements in the risk management of the ECB and the Eurosystem as a whole. Especially at the Eurosystem level, the cooperation between member central banks was previously too limited and slow to cope with the new situation which emerged during the crisis. A much more unified and timely view of the aggregate risks was needed.

In September 2010, a separate system-wide Risk Management Committee was established. Previously, the system-wide cooperation on risk management matters had taken place in a working group reporting to the Market Operations Committee. The creation of an independent committee signalled increasing weight on risk management and was in line with the principle of independence of risk management. Within the internal organization of ECB itself, the status of the risk management function was enhanced, too, and it was promoted to the level of a directorate in 2012.

These changes have been significant, but it would not be proper to claim that the development of the risk management organization and its activities in the Eurosystem are now complete. The assessment and especially the quantification of risks is a task which is always incomplete and always in need of further development. Nevertheless, I think that significant improvements have been achieved and the governors, the governing council and the board members have now a much better overview of the financial risks of their banks and the whole Eurosystem than before.


The organizational principles that I discussed above relate mainly to sufficient internal information flows within the institution. However, external information can be strategically just as important as internal management information. Therefore, financial institutions, both ordinary banks and central banks need to reconsider from time to time their transparency and communication about their risks. There are central banks, which have started to report publicly about their risks.

Ordinary, for-profit banks need transparency at least vis-à-vis their customers, creditors and shareholders, as well as their supervisors. All these stakeholders are very interested in the risks of the bank they are dealing with.

Central banks are in a somewhat different position. For one thing, the set of stakeholders of central banks is broader. In particular, it includes political decision makers (in governments, parliaments etc.) and the general public as citizens, money-holders, voters and taxpayers. In addition to being larger, the interests of these political constituencies in the central bank are more complex and many-sided than the interest of the stakeholders in a commercial bank.

Communication and transparency about financial risks is of course only one facet of the central bank's general communication tasks. Another facet is policy transparency. Actually, these two are closely intertwined: experience shows that it is clearly necessary, in order to maintain public trust in the central bank's monetary policy and liquidity-supplying operations, to be clear about the reasons and consequences of the policies. Otherwise, the central bank may even endanger the necessary public acceptance of its operations.

This has an important implication: The transparency and public reporting of central banking risks should be embedded in a broader economic perspective. This does not only apply to the content of the risk information per se, but we should probably develop new ways to present the financial risk of central banks in their economic context, not only as isolated Value-at-Risk or Expected Shortfall numbers (for example). The increased transparency along the lines that have been developed has made a positive contribution, but still, it seems that finding new ways of presenting risks better in context could be very useful.

In the final analysis, the concern about risks has to do with capital adequacy of the central banks. This must be maintained, with a margin of caution, at levels where the independence of monetary policy is not endangered. The central banks must be able to accumulate sufficient reserves and provisions to safeguard their position. As they are public bodies, this is also a matter of public trust and political acceptance, on which central banks depend.

We might note that the Eurosystem and the ECB are in somewhat different position in that regard than the Federal Reserve, for example. Because of its institutional position, the Federal Reserve is able to operate with quite small own capital. In Europe, by contrast, the Central Banks are by construction financially more separated from the governments. This means that they must be quite self-reliant in terms risk-bearing capacity and of capital buffers.


The changes in central bank's risk management have occurred in parallel with major reform in banking regulation, globally and especially in the EU. These reforms have been necessary on general terms, but as a by-product, they also facilitate the central banks' risk management tasks.

First, better regulation will improve the creditworthiness of the central banks' monetary policy counterparts and thus make risk management easier for central banks. Direct credit risk will be smaller. Second, better regulation and more solid banks will also reduce the likelihood of market disturbances caused by shortages of liquidity, or runs for safe assets. This will reduce the central bank's burden in stabilizing the financial markets, and enable the central bank to concentrate its attention better on its monetary policy tasks.

The aspects of banking regulation that ease the burden on central banks include better capital adequacy requirements, stricter liquidity norms, and the general improvement in supervision and supervisory information, including the periodic stress tests. These stability-enhancing developments will help to reduce the dependence of the financial system on central banks.

In the euro area, in particular, central bank risk management benefits from the current European projects to complete the EMU, especially the Banking Union initiatives:

Single supervisory mechanism has already improved supervisory information and the general trust on euro area banks, thereby facilitating the ECB's operative tasks. The European Deposit Insurance Scheme, which I hope will move forward soon, will help stabilize bank liquidity even under future adverse shocks.

The regulatory framework is not complete even when the projects I mentioned will be finalized. It is not complete even from the central banks' risk management point of view.

The constantly evolving financial industry brings up new challenges which must be taken into account.

Currently, the unregulated segment of financial intermediation ("shadow banks") are a source of concern. They make the central banks' job of protecting financial stability harder, because they are not subject to the same monitoring and accounting scrutiny as banks, and as they cannot be monetary policy counterparts of central banks, their liquidity can be more fragile. The consequences of the activities of the shadow banking sector to the volatility of the supply of liquidity is a challenge which awaits proper regulatory response.


The central banks have faced new challenges in their risk management over the last decade. These challenges are in some respect similar to what other banks have met, but the policy role of the central banks have made them even more complex.

The central banks must consider not only their own risks but also broader risks in the financial sector and the macro-economy when they make decisions about what risk to take.

The challenges in organizing the risk management function in central banks are more challenging than in other financial institutions, because of the interaction of their policy responsibilities,

To cope with these challenges, it is essential that:

While prioritizing their policy responsibilities, the central banks should take care of their financial health (adequate capitalization) so that they are not vulnerable to the financial consequences from their policy tasks.

Central banks need to ensure that the political decision-makers and the general public understands what the central banks are doing and why. Lack of communication and lack of transparency can breed suspicion that the central banks are taking risks that are excessive relative to the benefits achieved with their policies. Deep and coherent participation by the central banks in the public debate at the national and euro area level are needed.

In terms of financial regulation, the challenges that the central banks' policy responsibilities cause to their risk-taking capacity are met more easily if the financial health of the banking system is sound; if the supervisory information is sufficient; and if crisis management procedures and institutions are up to their tasks. When those conditions are met, the central banks' main financial stability task, the provision of liquidity to fundamentally sound institutions, is easier to fulfil. The central bank should not be expected to constitute "the only game in town".

In the euro area in particular, I would call for determined completion of the banking union, including the resolution fund and common deposit insurance, as well as taking the capital market union forward in order to improve the resiliency of the European financial markets in general. These provide the best prerequisite for central banks to succeed in their work.