...Some firms reported managing risk based not on regulatory guidelines (99% confidence level VaR) but a lower threshold. This had two effects: one was that it made the numbers more relevant to management; second was that it meant the threshold was breached more often, meaning there could be more discussions about whether the model was performing well. If we question our risk forecasts, we can make them better. This is a lesson we should remember in the benign times as well, as a lack of VaR excessions can be just as important an indicator of bad model performance as an abundance of them.

Moving to the details, the SSG highlights two issues—the CDS-bond basis and the use of proxies for illiquid assets—both of which involve the choice of data to model different instruments. If a risk model were a rock-and-roll band, the volatility model and statistical distribution would be the lead singer and lead guitar player. The choice of data would be the bass player—unnoticed when all goes well, appreciated only by the most discerning fans but utterly essential to the end product. The SSG is to be commended for noticing the bass player’s importance.

Read the whole thing here (pdf, 7 pp) for more on liquidity and stress testing as well as statistical measures.
OTC covered the crossover between risk analysis and classic rock earlier. Perhaps structured product credit ratings should be given the role of drummer, given their tendency towards spontaneous combustion.