If the bankruptcies of Lehmann Brothers and General Motors are evidence of the severity of the current economic climate, they are also signs of a new vulnerability against which few companies are immune.

The number of business bankruptcies increased by more than about 25% between 2006 and 2008 (source: INSEE – French National Institute of Statistics and Economic Studies). Vigilance over the customer-supplier-partner must be extreme. Although the banking world is widely familiar with the current risks, the concept of counterparty risk (CR) is not necessarily identified as a priority even though it should be, especially for non-financial corporate management.

Oversight of inter-transaction relationships must be considered of the utmost importance in the current business environment.

Counterparty risk is defined as the risk of non-repayment by a participating party in a transaction. To initially offset this risk, the exposed party must undertake standard risk management mechanisms: covering identification, quantification, approval, and internal reporting of counterparty risk.

Internal ratings

Risk management is based on identifying the sources of CR and evaluating credit worthiness. The production of a credit score allows to determine the solvency of the counterparty: to each score is assigned a probability of default indicating the counterparty’s degree of risk.
Financial models can analyze this counterparty risk and adjust the level of precision of risk assessment. The credit score must be derived such that any two analysts obtain the same result and give the same interpretation according to the same scales and methodology.

Most simple methods of scoring are beneficial because they are easier to use, faster, and less demanding in terms of inputs. More elaborated models allow for sophisticated analysis and the refinement of risk measurement. Companies that do not fit in internal rating will generally use external rating agencies.

The statistical approach must be supplemented by a risk expert. This is a necessary in order to validate the outcome of the rating measurement, and, if needs be, to integrate the elements that are not taken into account by the model. The analysis of the creditworthiness of the counterparty along with the analysis of the transaction and the study of profitability (taking into account the conditions to the transaction) guarantees other risk mitigants.

Integration into business processes

The rating needs to be inserted into the business process. Integrated in the decision-making process prior to entering the transaction, the rating is a major component for risk / return trade-off and operations calibration.

Exposure and score are subject to frequent measurements and review. Credit analysis must be renewed regularly as it affects credit-worthiness and the results of the stress tests undertaken to analyze the credit risk of the counterparty based on the daily results generated by the risk assessment model.

Regular monitoring, overhauling important information to management, and conducting frequent reviews of the portfolio are prerequisites to effective risk management, allowing for the implementation of relevant corrective measures when necessary.

Identifying the business processes affected by Counterparty Risk management is a key element of the process.
It is clear that a "mapping" of the related risks requires a substantial amount of resources among the main business units.
The identification phase is usually quite fast; it precedes the launch of working groups responsible for defining the risk policy. A coordinating group (such as a "Risk Steering Committee") will help ensure consistency among all cross-developments of this type.

Among the processes most often involved, are:

> Sales Processes:
    - Key accounts tarification and management of the “return / risk” couple
    - Management of commercial limits by type of account

> Financial Process:
    - Counterparty risk exposures calculation
    - Provisions management
    - Factoring

Note: Banking regulatory rules on capital requirements are implemented at this level; and, as such, this process is of major strategic interest. The calculation is based on the exposure and probability of default associated with each counterparty.

> Purchasing Process:
    - Purchase policy and risk management alternatives
    - RFP validation
    - Tariffs negotiation

> IT Processes and management of the counterparty database:
Managing a counterparty database becomes an important issue as it is the cornerstone of this entire process. Between IT and business units, the database and surrounding systems all require attention since they need upgrades, updates, controls, and corrections.

> Internal Control:
As part of the COSO2 topics, internal rating processes need to be monitored and tested adequately on several sides, including modeling (i.e. back testing, calibration) and the establishing links between the processes described above, as well as the rating process itself.

Internal or external ratings?
__________________

The rating exercise shows a double complexity: the accessibility of data and modeling.

The implementation of measurement models derives its legitimacy from its ability to access a large segment of information based on facts. The processing of this information (i.e. score, modeling) may require a significant level of statistical skills.
Most companies, with the exception of the banking industry, rely on the services purchased from various agencies to interpret these findings.
Basel regulations and incentives present in the definition of approvals FIRB (Foundation Internal Ratings Based) led the banking industry heavily to develop its own models.

What lessons can be drawn?

> First, the realism of this approach has led to the implementation of satisfactory risk organisation (although in some cases, the implementation projects have been long).
> Increased accuracy of information made possible thanks to greater proximity between a company and its major counterparties.
> Increased effectiveness of watch systems (independent from the production cycles of the analysis by external agencies).
> Harmonization of the rating process (single tool).
> The acquirement of a financial analysis expert, which, beyond the statistical principles, provides a much broader insight into risk assessment, and is ultimately responsible for assigning ratings and limits.

These last points are very limited in non-financial corporations for at least three reasons:

> Apparent complexity
> Few or zero external incentives (i.e. regulatory, fiscal, etc.)
> Difficulty in estimating the expected returns of these approaches

On this last point it is useful to recall the value provided by efficient risk management:
- Significant decrease in the cost of risk
- Increase in the productivity of certain commercial and financial processes
- Enterprise Risk Management where the whole management of the firm is based on risk and return arbitrages

Towards the creation of an internal model
__________________________________

Developing expertise in counterparty risk around an internal model specific to the activity is a definitive choice in a risk policy.

The creation, development, and operational uses of an internal rating model can present many challenges in the conduct of such a project.

The process of creating an internal model is generally based on three main factors:

> Organization and management in line with the credit analyst expert

The performance of a rating system is linked to its ability to integrate all kinds of information (i.e. financial, media, market), detect problems, and anticipate outcomes. The rating models are powerful tools as well as guides to match and compare. They do not, however, replace the expertise associated with a credit analyst - the only way to synthesize all available information and reduce the impact of possible over-privileged parameters in systematic approaches. The management of those credit analyst functions is an essential element of the risk management.

> The statistical and IT aspects around the establishment of a rating process based on the definition of an appropriate model

"Theoretical Methods”, albeit rather complex are relatively conventional (i.e. Logit Probit) in the relatively closed field of statistical theory; however, their applications and calibrations to specific informational contexts require certain skills.

The simultaneous management of different types of variables, quantitative (as in financial statements) and qualitative (as in market information and competitors) forces firms to be very cautious.

A statistical model’s performance is obviously critical. It can be easily tested by setting up back testing procedures. Stress testing the model is also important as it analyzes behaviour in extreme situations; however, it must be regularly challenged. The reliability of the information used as inputs can also be a concern, although this does not present difficulties in most cases (i.e. "reasonable” counterparty portfolio size). This point may also be the source of a statistical problem (due to samples smallness). Techniques exist to address this issue.

> Governance and organizational structure to ensure consistency of the overall risk management and its link with business processes

In order to effectively orchestrate risk, governance and organization in place will help to integrate the internal rating processes, to manage the activity, and use it for its purpose as a risk measurement and monitoring tool, as well as a decision tool.

Governance outlines the responsibilities of each actor along the chain of responsibility, indicating the involvement of management and any existing delegations as well as allowing for decisions to be made within the risk function. Top management defines a risk management strategy, which is further implemented by risk decision-makers.

The organization in place links the risk strategy, as defined by top management, and the business lines.

If interest for a corporation to develop its own risk expertise is certain, it should be part of a consistent project around ambitious and voluntary governance •