Global financial crisis


Risk Management: Lessons from the Recent Global Financial Crisis

Executive Summary

The 2007/2008 global financial crisis is regarded as the most serious economic crisis the world has experienced since the 1930s Great Depression. The crisis began with the credit crush in 2007 and spread very first to Europe and reaching its peak in 2008. The GFC had devastating effects on financial institutions as it caused the collapse of some of the most reputed firms in terms of risk management, including Lehman Brothers, Bear Stearns, Meryl Lynch, and AIG. The analysis in this report has indicated that the crisis was caused by many factors including risk management failures, corporate governance lapses and ineffective use of financial engineering tools, such as collateralized debt products, derivatives and contract differences. The report has indicated that the financial crisis could have been prevented or its effects mitigated if the financial institutions had instituted effective risk management systems. Because of the failures of corporations in mitigating the effects of the crisis, Australia and New Zealand developed ISO 31000: 2009 to guide financial institutions in instituting effective risk management system. The implementation of the ISO risk management provisions will be critical in enhancing resilience of firms to risk should another financial crisis hit. However, firms need to learn from the 2007/2008 crisis by ensuring that such a crisis does not affect them as it did to Lehman Brothers, Bear Stearns, Meryl Lynch, and AIG.


The recent global financial crisis (GFC) might have ended but its devastating effects are still felt eight years on. The GFC otherwise called the global economic crisis that began in 2007 and spread all through to 2008 is the worst economic crisis since the 1930s Great Depression (Acharya and Richardson, 2009). The crunch began in July 2007 with the credit crunch after the U.S. investors lost confidence in the sub-prime mortgage values that triggered an unexpected liquidity problem. The U.S. Federal Bank tried to solve the crisis that was fats spreading to the rest of the world by injecting huge amounts of capital into the financial markets. However, such effects failed to bear fruit and by 2008, the crisis had gone from bad to worse as the crisis had caused the stock markets around the world to crash and extremely volatile (Lang and Jagtiani, 2010). Many financial institutions across the globe found themselves into liquidity problems which caused the collapse of some banks. The September 2008 collapse of Lehman Brothers, for instance, brought the entire global financial system down considering that it was a global bank. Many industries tried to respond to the crisis through financial bailouts (Walker, 2009). However, all these failed to work, as the financial crisis continued to turn what was already bad to worse. Gross domestic product (GDP) of most rich nations, such as the U.S. and the UK that were hard hit by the credit crunch remained below the pre-crisis level (Golub and Crum, 2010). However, the analysis of the crisis indicates that most of the financial institutions, such as Lehman Brothers, Bear Stearns, Meryl Lynch, and AIG were badly affected by the crisis because of risk management failures. This report explores the extent to which risk management failures and the corporate governance lapses that contributed to the collapse of the financial institutions during the recent GFC.

Risk Management Principles

The 2007/2008 financial crisis is regarded as the most devastating crises that the world has experienced since the end of the Great Depression of the 1930’s. The GFC that started in the U.S. hastily spread to other parts of the world, particularly Europe where it had serious impacts. As a result, many financial institutions such as Lehman Brothers collapsed as many other banks found themselves in serious liquidity problems. In Australia, the GFC seriously affected the country’s GDP that declined significantly as shown in fig. 1. It is, however, surprising that most of the financial and insurance firms that has some of the best risk management in the world were worst affected as could be seen with Lehman Brothers, Bear Stearns, Meryl Lynch, and AIG. Before the credit crunch, these institutions were considered some of the best in terms of risk management (Dowd, 2009). However, the fact that they were among the worst affected indicates that risk management failures was largely to blame for the financial crisis whose effects is still felt in many parts of the world, European countries in particular.

Fig. 1 Effects of GFC on Australian GDP Growth Rate

Global  financial  crisis

Source: McDonald and Morling (2011).

Although there is no universal definition for the concept of risk management, it can be defined simply as the detection and management of risks that a firm is exposed to (Crotty, 2009). In other words, risk management is the processes involved in identifying potential risks and taking appropriate measures to mitigate and manage the risks. Risk management has gained increased prominence in the financial institutions in the recent past because of the because of the increased need for corporations to develop effective services and products. According to Voinea and Anton (2009), risk management is a critical undertaking because of their has been increased volatilities of global financial market, new derivatives have emerged and the fact that financial intermediary products and services currently play a major role in the financial markets, and the growing collapse of corporations without sound risk management systems. Voinea and Anton note that, the big American corporations of the 1990s, such as WorldCom, Enron, Orange Country and Barings ban could not have suffered the huge losses they suffered in the 1990s and early 2000 if they had effective risk management practices.

It is noted that, prior to the financial crisis, financial derivatives, such as futures, forwards, swaps, options and asset backed securities were thought to permit companies to transfer risk easily to economic agents able to withstand them. Nevertheless, a study by Crotty (2009) found that, in selected cases, these derivative instruments have been used to transfer risk to agents that are not in a position to understand and deal with them effectively, thus increasing the systemic risk in global financial markets.

The events that have occurred in the past have made risk management become a critical undertaking in all financial institutions since effective risk management help ensure profitability and survival. The wide recognition of risk management in financial companies has resulted in the creation of new corporate governance rules and regulations so as to avert financial institutions from incurring huge losses, filing bankruptcies and engaging in scandals. In Europe, the “Cadbury Report” is an example an effect that created the “Principles of Corporate Governance” to help promote risk management in European corporations (Walker, 2009). The 2002 Sarbanes-Oxley Act” was created in the U.S. to promote accountability in auditing, accounting and reporting in corporations.

Financial institutions are exposed to four different kinds of risks that managers and executives of a company should focus on and mitigate. The four categories of risk include market, liquidity, credit and operational risks. Market risk refers to the risk resulting from the unforeseen market changes on product or services. Liquidity risk is that type of risk that results from the possibility that a company is unable to meet its current obligations when they fall due. Credit risk is that risk that results from the failure of counterparty to repay its obligations when they fall due (Golub and Crum, 2010). Operational risk refers to the risks that financial institutions are exposed to because of the losses incurred due to operational inadequacies within an institution that emanates from process failures, people and technicalities or fraudulent acts.

Because of the exposures of financial institutions to these risk, Stulz (2008) argue that exposure to these risks can only be minimized through effective risk management. The author defines risk management as the identification, evaluation and management of risk. Turner (2009) argues that risk management task is to understand risk probability and its possible outcomes before committing capital to mitigate the risks. In other words, the author is suggesting that the best risk management principle is to start by identifying the risk, and evaluate its impact before proceeding to invest money and human resource to the mitigation of the risks.

Lang and Jagtiani (2010) adds that risk management model of the modern world should guarantee three important features. The first being the fact that the there is a need to factor in the unexpected losses and accurately determine the unexpected losses. Second, the authors’ advice that risk managers should see all risks that the corporation is exposed to fro a portfolio point of view by considering the interrelationships among the assets and exposure to common risks. Lastly, the authors argue that risk management requires the development of ‘tail risks’ measures for evaluating the needs of capital assets (Stulz, 2015).

Risk Management Failures

Economists and financial analysts are in agreement that the 2007/2008 financial crisis was caused by many factors. However, risk management failures were the reason most firms were badly affected and causing the collapse of some. As earlier stated, large banks and insurance firms, such as AIG had some of the best risk management systems in the world (Haubrich, 2001), however, they still collapsed as some had to be nationalized and rescued through bailouts because of failing to adopt effective risk management systems that could help them be resilient enough to overcome the spontaneous credit crunch.

Best (2010) argues that, even if implemented properly, risk management does not guarantee businesses that they would not incur huge losses. The author attributes this to the fact that businesses sometimes make wrong decisions couple by bad lack. Best’s view is supported by Stulz (2008) who maintains that having an effective risk management as was the case with Lehman Brothers, Bear Stearns, Meryl Lynch, and AIG does not guarantee firms against failure. According to Stulz, big losses can result even in firms that have excellent risk management system. Haubrich (2001) takes the argument further by noting that risk management breakdown may occur in a company because of the existence of optional risk levels that are not optimal socially.

The first risk management failure that contributed to the GFC is the failure of the financial institutions, such as Lehman Brothers, Bear Stearns, Meryl Lynch, and AIG to use an effective risk management technique. Moss (2009) indicates that most banks, international regulator and credit rating agencies adopted sophisticated risk management methods. In this respect, it is reported that most financial institutions used VaR risk management tool. The use of VaR model has a shortcoming in the sense that, whereas it provides the largest loss that firms expect to incur at any given time, the model fails to give the loss distribution in the excess of the VaR limit (Haubrich, 2001). Financial experts argue that the VaR model was not meant to be used for measuring the worst loss that a firm could incur, though in some cases, the model is used for such purposes. As such, the use of VaR was inappropriate during the financial crisis as it could not provide an accurate estimation of the losses especially the losses with low likelihood of occurring.

Stulz (2008) suggests that it is not proper to use VaR as a risk management tool to focus on as it only focuses it does not focus on the long-term risk. It is noted that, in the short-term, VaR model can provide a misleading indictor by suggesting that the risk exposure is low only for the risk to turn out to produce huge losses in the long-run. Additionally, overreliance on the VaR by firms during the GFC was not appropriate as the model is based on the assumption that assets can be swiftly disposed off or hedged, thereby cushioning a company to losses (Stulz, 2015). In reality, however, this assumption does not hold in light of low liquidity as was the case during the recent credit crunch.

According to Nelson and Katzenstein (2011), the VaR failure increased financial strain on most firms during the credit crunch period. The authors argue that most firms calculated their VaR figure based on short time period, with the majority based on less than one year. This resulted in serious crisis not being included in the estimation of risk probability. Because of the failure of the VaR model, financial experts advise that companies ought to have used two different models to prevent the risk exposure during the financial crisis (Foo, 2008). Firstly, it is suggested that firms ought to have developed models that covers long periods of time though with few elements. Secondly, they propose that financial and insurance firms should have adopted the use of models that cover shot time periods though with more elements of data. As such, they blame adverse effects of the GFC on firms to the fact that corporations adopted sophisticated and complex models with high amount of data but with shorter time frame as they believed that older data had no relevance because of the changes that were happening in the mortgage market in the previous years.

An interview conducted with Ashby (2010) with risk management experts found that many corporations failed to implement appropriate stress and scenario testing with the majority opting to rely heavily on qualitative models in assessing risk; instead of using good management judgment. The author notes that banks that stress tested based their testing on vague assumptions and failed to take into account the crunching of the money. Additionally, the banks overestimated the benefits of diversification during the GFC.

Other than the failure to adopt an effective risk management model, most financial institutions suffered the consequences of the GFC because of underestimation of the model risk, liquidity risks, and the known unknown risks (Jawadi, 2010). Regarding model risk, financial experts argue that most managers ignored the value of known risk factors, including the risk between CDS and cash bonds (Sabato, 2009). Besides, they note that there was an inaccurate calculation of the total profits and losses distributed because of the norm of calculating correlations based on short periods that do not incorporate sharp fall in the prices. Moreover, the subsequent mapping development that replaced the positions by exposures to risks was in most cases inaccurate.

The GFC also affected most companies negatively because of their failure to anticipate the liquidity risks. Liquidity risk is that risk that emanates from the inability of a financial firm to meet its obligations when they fall due (Moss, 2009). Liquidity risk entails both funding liquidity risk and asset liquidity. Other than anticipation failures for liquidity risks, financial institutions suffered from the financial crisis because they underestimated reputational risk (Foo, 2008). A study conducted after the 2007/2008 GFC found that, during the crisis, most banks, such as Lehman Brothers provided financial instruments and SIVs in a bid to build a positive corporate reputation. As a result, this exposes them more to the credit crush that resulted in the collapse of many banks because of they ended up in liquidity problem as was the case with Lehman Brothers that had to be wound up in September 2008 because of liquidity problems.

Additionally, failure to address credit risk by most firms also catalyzed the effects of the GFC on firms. According to Sabato (2009), risk management requires that companies know who their counterparties are, as well as who their counterparty’s counterparties are. However, this proved a problem to most financial institutions during the GFC period. The author argues that regulatory and counterparty risks fall under the category of the unknown unknown risks that are outside the scenarios. The sudden short sale operations prohibition that seriously smashed hedging strategies that corporations had adopted in 2008 at the peak of the GFC is an example of regulatory risk (Rötheli, 2010). The author suggests that, as much as these risks are not easy to predict, corporations should acknowledge their reality and set aside funds to cushion against them.

Financial and risk management experts have also noted that failure to take into consideration systematic risk into account. According to Stulz (2015), the majority of risk managers ignore the systematic risks that originated from the operations of the SIVs and conduits because of the lack of transparency. In fact, the author observed that most banks that owned such vehicles failed to make them part of the quantitative models. Besides, most financial institutions lacked the needed information (Jawadi, 2010). Fundamentally, the majority of the modern risk management models have not been effective in risk management because of they are based on unrealistic assumptions that do not in tandem with the reality in the world.

Role of Governance and Non-regulatory Compliance Risk Models

The 2007/2008 global economic crisis was also triggered largely by corporate failures. Studies conducted after the GFC have found that there were many corporate governance lapses that caused financial corporation’s collapse, thereby leading to GFC. According to Turner (2009) the failure of the global financial markets was the cause of the systematic crisis that affected worldwide financial institutions was a matter of regulation and corporate governance failure. The author notes that corporate governance did not get the attention it deserved prior and during the GFC. Moss (2009) has attributed the financial crisis largely to the corporate governance failures arguing that the adoption of poor governance practices is to blame for the GFC. In particular, Moss (2009) indicates that there was fragile and inferior risk management system in the banks that failed. This report is supported by Kirkpatrick (2009) study that found that corporate governance weaknesses and failures played a role in the GFC. In particular, Kirkpatrick noted that the corporate governance instituted by most financial institutions could not offer appropriate safeguards to excessive risk taking. Lang and Jagtiani (2010) are of the view that the GFC was caused by the decline in the corporate governance standards prior to the GFC.

The contribution of corporate governance to the 2007/2008 GFC has been demonstrated using Union Bank of Switzerland (UBS). A study conducted at UBS found that the bank and its board were not aware of the risk linked to complex financial products (Rötheli, 2010). The study also found that the investment Board of the bank failed to offer appropriate guidance and implementation of risk prevention and control measures. Besides, remuneration packages gave executives the opportunity to invest in pitiable mortgage products, which placed the firms into financial difficulties. Turner (2009) noted that faulty incentive systems most financial institutions adopted played a role in the GFC. The author argues that the exit packages and stock options offered to top executives were poorly designed. For instance, the stock options gave company executives and board the opportunity to take higher risk as exit packages were used to reward executives even in the event that they failed.

Deficiencies in systems were also responsible for the crisis. Studies have shown that corporate governance process deficiencies were to blame for the risk management systems failures witnessed in failed financial institutions. In this respect, in the failed banks and other financial institutions, the Boards failed to factor in the risk factors before giving an approval to strategy (Jawadi, 2010). In fact, there was total lack of disclosures on foreseeable risks and monitoring and management of risks in most of the failed banks. Besides, the regulatory and accounting environment in which the banks operated was just efficacious. Moreover, failed companies did not have their remuneration system aligned to the strategy, risk appetite and long-term susceptibility of the firms, which was a serious shortcoming. Failure to aligned remuneration system to risk appetite was a serious issue noted with most of the failed banks. Risk appetite refers to the risk that a firm is willing to take in order to meet its strategic objectives and plan. In most of the failed financial institutions, executives were interested in awarding themselves hefty remuneration packages instead of aligning such packages to their risk appetite, thereby leading to liquidity problems and the collapse of some of the firms.

According to Lakonishok et al. (1995), there was very little to no transparency with regards to off-balance sheet items of intricate financial products. The author also notes that the remuneration structure of the financial institution staffs allowed them to take high risks by focusing on short-term profits. As such, most researchers have linked the recent GFC to adoption of misguided incentives, risk management failures and lack of adequate controls. Additionally, lack of institution of effective internal control systems and timely and accurate reporting of financial and risk also triggered the crisis as it created an avenue for manipulation of financial report and fraud, thereby causing the crisis.

The Role of ISO 31000:2009 in Risk Management

The past global financial crisis has pointed the need for financial institutions to adopt effective risk management systems. Therefore, to improve risk management and resilience of banks and other financial institutions, the ISO 31000 was established in 2009 to help companies effectively improve their risk management system. ISO 31000 is an international standard that spells out the principles and guidelines for efficient risk management (Standards New Zealand, 2016). The ISO 31000 establishments was a god move since provides companies with guidelines that they can use in managing any form of risk in a transparent, systematic and credible manner. This is important as it would help financial institution understand the strategies to adopt to ensure that risks are spotted early enough and appropriate strategies adopted to mitigate or deal with the risk. In the end, the adoption of the ISO 31000 will see an improvement of resilience to risks by financial institutions.

Conclusion & Recommendations

The 2007/2008 global economic crisis is the most devastating financial crisis that the world has experienced since the 1930s Great Depression. The crisis that began in the U.S. in July 2007 following a credit crunch that sent panic in investors spread very first to other parts of the world, particularly Europe. The crisis resulted in the collapse of many financial institutions while some had to seek for a bailout. As illustrated in the report, the GFC crisis was triggered by a number of factors key among them being risks management failures and corporate governance lapses. However, it is important for financial institutions to learn from this GFC by instituting effective risk management and corporate governance structure to mitigate the effects of such a crisis and to ensure high resilience. To achieve this, financial institutions should adopt effective models of estimating risk, as well as ensure the establishment of an effective risk management system. This can be done by using the ISO 31000 as a guide in creating an effective risk management system. Additionally, firms should improve their corporate governance structure to ensure that risks are minimized and dealt with effectively.


Acharya, V. V. & Richardson, M. (2009). Causes of the financial crisis. Critical Review, 21(2-3), 195-210

Ashby, S. (2010). The 2007-09 Financial Crisis: Learning the Risk Management Lessons. Mimeo, Nottingham Business School.

Best, J. (2010). The limits of financial risk management: Or what we didn’t learn from the Asian crisis. New Political Economy, 15(1), pp. 29-79.

Crotty, J. (2009). Structural causes of the global financial crisis: a critical assessment of the ‘new financial architecture. Cambridge Journal of Economic, 33, 563-580.

Dowd, K. (2009). Moral hazard and the financial crisis. Cato Journal, 29(1), 1-12.

Foo, C. (2008). Conceptual lessons on financial strategy following the US sub-prime crisis. The Journal of Risk Finance, 9(1), 292-302

Golub, B. W., & Crum, C. C. (2010). Risk management lessons worth remembering from the credit crisis of 2007-2009. The Journal of Portfolio Management, 21-44

Haubrich, J. G. (2001). Risk management and financial crises. New York, NY: Federal Reserve Bank of Cleveland.

Jawadi, F. (2010). Financial crises, bank losses, risk management and audit: what happened? Applied Economics Letters, 17(1), 1019-1022

Kirkpatrick, G. (2009). The corporate governance lessons from the financial crisis. Financial market trends. Sidney: OECD.

Lakonishok, J, Shleifer, A., & Vishney, R. (1995). Contrarian investment, extrapolation, and risk. Journal of Finance, 50, 541-78.

Lang, W. W., & Jagtiani, J. A. (2010). The mortgage and financial crises: The role of credit risk management and corporate governance. Atlantic Economic Journal, 38, 295-316.

McDonald, T., & Morling, S. (2011). The Australian economy and the global downturn Part 1: Reasons for resilience. Retrieved from

Moss, D. (2009). An ounce prevention: Financial regulation, moral hazard, and the end of ‘too big to fail. Harvard Magazine, Sep-Oct.

Nelson, S. & Katzenstein, P. J. (2011). Risk, uncertainty, and the financial crisis of 2008. Paper Prepared for the International Political Economy Society Meeting, University of Wisconsin-Madison.

Rötheli, T. F. (2010). Causes of the financial crisis: Risk misperception, policy mistakes, and bank’s bounded rationality. The Journal of Socio-Economics, 119-126

Sabato, G. (2009). Financial crisis: Where did risk management fail? London: Mimeo

Standards New Zealand. (2016). Risk management. Retrieved from

Stulz, R.M. (2008). Risk management failures: What are they and when do they happen? Hoboken, NJ: Wiley.

Stulz, R. M. (2015). Risk-taking and risk management by banks. Journal of Applied Corporate Finance, 27(1), 8–18.

Turner. A. (2009). The Turner review: A regulatory response to the global banking crisis. Financial services authority. London, March.

Voinea, G., & Anton, G. (2009). Lessons from the current financial crisis. A risk management approach. Review of Economic and Business Studies, 3, 139-147

Walker, D. (2009). A review of corporate governance in UK banks and other financial industry entities: final recommendations. London: HM Treasury.