The Outsourcing of Financial Regulation to Risk Models and the Global Financial Crisis: Code, Crash, and Open Source

83 Pages Posted: 25 Sep 2008 Last revised: 6 Jul 2010

See all articles by Erik F. Gerding

Erik F. Gerding

University of Colorado Law School

Date Written: March 1, 2009


The widespread use computer-based risk models in the financial industry in the last two decades enabled the marketing of more complex financial products to consumers, the growth of securitization and derivatives, and the development of sophisticated risk management strategies by financial institutions. Over this same period, regulators increasingly delegated or outsourced vast responsibility for regulating risk in both consumer finance and financial markets to these private industry models. The proprietary risk models of financial institutions thus came to serve as a "new financial code" that regulated transfers of risk among consumers, financial institutions, and investors.

The spectacular failure of financial industry risk models in the current worldwide financial crisis underscores the dangers of regulatory outsourcing to the new financial code. This article outlines several implications of the current crisis for regulatory outsourcing including the following:

- Bank regulators should scrap those provisions of Basel II that allow certain banks to set their own capital requirements according to their internal risk models; - Regulators should promote "open source" in code used to market consumer financial products, price securitizations and derivatives, and manage financial institution risk; and - The failure of risk models used to price securitizations and derivatives reveals some of the comparative advantages of equity securities in spreading risk.

Keywords: risk model, financial institution, model risk, financial regulation, subprime, mortgage, securitization, subprime crisis, banking, banking law, open source, Basel, derivative, cyberlaw, systemic risk, consumer finance, consumer protection, consumer financial protection

JEL Classification: C5, C71, D18, D81, G12, G18, G20, G21, G31, G38, K22, K23

Suggested Citation

Gerding, Erik F., The Outsourcing of Financial Regulation to Risk Models and the Global Financial Crisis: Code, Crash, and Open Source (March 1, 2009). Washington Law Review, Forthcoming, Available at SSRN:

Erik F. Gerding (Contact Author)

University of Colorado Law School ( email )

401 UCB
Boulder, CO 80309
United States
303 492 4899 (Phone)

Do you have negative results from your research you’d like to share?

Paper statistics

Abstract Views
PlumX Metrics