ANNUAL REPORT 2000/2001 PART IV

CREDIT SUISSE GROUP RISK MANAGEMENT

PART I

2 Financial highlights 2000

4 To our shareholders

PART II

6 An overview of Credit Suisse Group6 Organisation8 Financial review

11 Strategic review

PART III

13 Review of business units 16 Credit Suisse Financial Services23 Credit Suisse Private Banking25 Credit Suisse Asset Management 27 Credit Suisse First Boston

PART IV

30 Credit Suisse Group Risk Management

PART V

50 Consolidated financial statements

PART VI

107 Parent company financial statements

118 Five-year summary of selected financial data

120 Management

126 Main offices

127 Information for investors

CREDIT SUISSE GROUP RISK MANAGEMENT

Hans-Ulrich DoerigVice-Chairman of the Executive Board andGroup Chief Risk Officer

Credit Suisse Group, including itsbusiness units, pursues a disciplined,comprehensive and integrated approach to risk management. Signifi-cant personnel and technological resources are focused on ensuringthat Credit Suisse Group remains aleader in risk management. By meansof a proactive risk management culture and the appropriate qualitativeand quantitative tools, the Group aimsto minimise the potential for unde-sired risk exposures and to optimisethe allocation of capital throughoutthe Group to the benefit of share-holders and other stakeholders.

30

IntroductionFinancial services – put in a simplifiedframework – consist of four basicelements: information, transactions,capital and risk.

Nowadays, information is instantlyavailable, ubiquitous and increasinglycheap. Simply owning information isnot enough – only by packaging andinterpreting it intelligently and provid-ing value-enhancing advice and deci-sion-making support can a companydifferentiate itself from the competi-tion.

The volume of transactions hasgrown dramatically in recent yearsaround the globe. New technologiesare expanding rapidly, making it evenmore important that in-house and out-sourced processes are costeffective.

On today’s open, deregulated cap-ital markets, basic access to capital isno longer an issue for well-run estab-lished companies. The challenge is toallocate capital optimally to the differ-ent activities within the organisation.

Risk is uncertainty about a futureoutcome. It is the essence of financialinstitutions’ activities. Risk is multifac-eted, complex, often interlinked and/orcontext-driven. While not avoidable,risk is to be managed, not feared.Intelligent, informed risk taking is thekey. Risk is not only about “downside”and threats, but also about chancesand opportunities. Taking no risks ispotentially the approach which pres-ents the highest risk.

Good risk management hasbecome a decisive competitive advan-tage. It helps to maintain stability andcontinuity and supports revenue andearnings growth. Disciplined and intel-ligent risk taking is an “attitude”towards stakeholders.

Our research and observations inthe financial services industry have ledto the “12 organisational principles inrisk management” which serve as ourgeneral framework in risk manage-ment (see chart on page 32). To applythese primarily organisational princi-ples, consistently and globally is ourcontinuous aim. The basis is not theintellectual level of the principles, but

rather their diligent implementation:implementation is what makes a com-pany stand out and determines itssuccess or failure. While risk manage-ment will never be “finished” in a com-plex and evolving financial environ-ment, we aim to institutionalise learn-ing and stay at the edge of “bestpractice”.

At Credit Suisse Group, we differ-entiate between eight tiers of risk tak-ing, approval and control:

Tier 1: Business unit front line withprime responsibility for taking andmanaging risks.

Tier 2: Independent business unitsupport and approval functions includ-ing product control, strategic risk man-agement, counterparty analysis andapproval, legal and compliance withfocus on specific risk areas – all inde-pendent from front line.

Tier 3: Group functions such as over-all risk management, control and chal-lenging the business units.

Tier 4: Senior management at busi-ness unit and group level as well assupervisory boards with focus on theoverall risk profile.

Tier 5: Independent internal and ex-ternal audit with focus on assessmentsand deficiencies.

Tier 6: Rating agencies – comparisonwith competitors.

Tier 7: Regulators – supervisors withthe role of an “external referee”.

Tier 8: Shareholders and other stake-holders as ultimate overall and dailyjudges.

Risk management frameworkThe Group has established a frame-work allowing comprehensive andeffective risk control. The chart belowentitled “Risk Management Frame-work” illustrates the three main ele-ments of Credit Suisse Group’s frame-work. The underlying external andinternal factors shaping the risk dispo-sition of the firm are shown on the leftof the graph. Then – based on the 12core principles of good management –shown in the middle of the graph – therisk management organisation and riskculture were established. Maintaining afirmwide risk management processproviding effective control over themajor risks must be the ultimate goal.

Given its strategy, Credit SuisseGroup differentiates among sevenpriority risk categories as shown on theright of the graph: market, credit,insurance underwriting, commissionand fee income and some operationalrisks are already quantifiable or areincreasingly becoming so.

Strategy risk deals with the exist-ing base of an institution and itsoptions, based on a what-if analysis.Strategy is doing the right thing at theright time, and must be properly imple-mented. This is an issue for all otherS's of an organisation, especially theirsynchronisation. Reputation risk is theaggregation of the outcome of all risksplus other internal and external factorsbased on facts, perceptions andexpectations. Reputation is the out-

come of the mix of doing the rightthing and doing things right over anextended period. Strategy andreputation/brand risks can be madetransparent with methods like relativestock performance, relative stock price over book value, relative price earningsratio, return on equity, net increase of number of clients or assets under management, attracting andkeeping good staff and rankings of all sorts.

Risk cultureRisk management is a multi-facetedprocess that extends well beyond anorganisation’s formal risk managementstructure, its standards, processes,methodologies and tools. Themathematical/statistical quantificationof risks and consequent setting ofappropriate, common sense limits represents only part of the integratedapproach to risk management. WhileCredit Suisse Group aims to stay inthe forefront of any relevant, credibleand cost-effective quantification ofrisk, successful risk management ismuch more than producing a “risk ormodel figure”. The development andmaintenance of an appropriate risk andcontrol culture is at least as importantas the most sophisticated quantitativerisk models.

A key factor in risk management is discipline, including discipline as tocompliance requirements. CreditSuisse Group encourages a disci-

plined culture by promoting integrityand high ethical standards, clear linesof responsibility and accountability,segregation of duties, appropriatesupervision by senior management,and strong control systems.

The Group’s monitoring systemsare based on a comprehensive set ofinternal controls, with activities suchas approvals, authorisations, compli-ance checks, and follow-ups on non-compliance clearly defined at everylevel of business. Internal and exter-nal auditors are recognised by theBoard as critically important agents,providing an independent check onthe information received from linemanagement. The chief auditor reports directly to the Chairman andregularly communicates to the Boardof Directors’ Audit Committee. Issuesraised by the internal and externalauditors are tracked systematicallyand addressed comprehensively.Group risk management representsan additional layer of risk manage-ment and control, challenging theapproach of the business units whereappropriate and relevant in the overallcontext. As an example, the Groupcontrol system requires the follow-upon serious deficiencies not only by thebusiness unit, but also by Group man-agement.

If a financial services group is to achieve sustained success, confi-dence and trust built over the yearsare vital. An excellent reputation is

Credit Suisse Group’s risk management framework

Major factors shaping the riskdisposition of an individual and

an organisation

Scope and challenge of anintegrated firmwiderisk management

Building on the organisation’s 12 S:· Strategy · Stakeholders· Structure · Shared values· System/s · Skills· Simplicity · Symbols· Safety · Sustainability· Speed · Synchronisation

Ensuring a risk culture with:· modern methods/limits· proactive risk management· constructive control attitude· continuous training· discipline as to corrective actions

Effective risk managementprovides focus on and control

over 7 major risks

Strategy risk

Market riskCredit risk

Insurance underwriting riskCommission & fee income risk

Operational risk

Reputation/brand risk

Action andreaction by

managementand staff

Per

cept

ionFacts Expectations

Behaviour

KnowledgeExp

erie

nce

& politics

Com

petit

ion

Values, society Innovation&

technology

Policies&

regulations

Markets & economy

Clie

nts

www.credit-suisse.com 31

CREDIT SUISSE GROUP RISK MANAGEMENT

The 12 organisational principles in risk management

hard to gain, but easy to lose. Knowl-edge, expertise, experience, integrity,intellectual honesty and the daily con-duct of each employee, are crucial elements that contribute to an institu-tion’s reputation. Thus, managementhas to lead by example.

Internal Code of ConductOne of the strengths of Credit SuisseGroup is the competence and diverseskills of its staff. Despite global diversi-ty, our corporate culture has to bebased on common denominators andshared values. This has led to theintroduction of our internal group-wideCode of Conduct, approved by boththe Board of Directors and the GroupExecutive Board at the beginning of2000. Especially in fast-changingtimes, common values help to give theindividual a sense of focus; they createidentity and a sense of belonging.Spelling out our six ethical and sixperformance core values and guidingprinciples on page 34, the Code ofConduct extends and supplementsexisting compliance manuals,directives, guidelines and policies. The complete Code of Conductapplies to over 80,000 employees,and is available in 19 differentlanguages.

32

While principles should hold firmover time, the dynamics of financialmarkets command a continuous ex-amination of the principles based onexperience, observation and re-search. The issue is not the intellec-tual level of the 12 principles butrather their diligent implementation.The identification, measurement,management and control of risks isnot a programme but a continuousprocess.

A. Executing the fundamentals

1. Risk is uncertainty about future results.

• Risks must be respected, notfeared: symmetry between as-pired gains and potential losses.

• Risk=Opportunity:intelligent, informed risk takingwith corresponding risk/return.

• Convergence of market directionsmuch higher in turbulent times:watch liquidity/flexibility aspects.

2. The guiding 6 S’s for the systematic mental discipline ofan organisation.

• Strategy →structure→system(s),simplicity→safety→speed.

3. Discipline, clear structure,allocation of responsibility and accountability are basic preconditions.

• Transparency as to policies,procedures and manuals.

• Discipline regarding strategy,tactics, control and compliance:“ownership” of issues and risks.

• Clear and communicated respon-sibility and accountability for legal,incentive and implicit contracts.

• No conflicts of interest:independent reporting as to lineversus back office/models/pricechecking/credit decisions/limits/etc.

• Integration of risk, insurance, riskmitigation and financial manage-ment.

4. Rigorous disciplinary measures incase of non-compliance/breaches.

• Know and play by the rules:everybody is aware of the conse-quences.

• Responsibility for adequatecontrol environment not only withimmediate heads:it is a management issue at large.

5. Completeness, integrity andrelevance of data/information/systems as a base.

• Management of risks is impossi-ble without information aboutthem: also know what you do notknow.

• What is measured, observed andrewarded gets attention.

• Serious data show the followingcharacteristics: complete, objective, consistent,transparent, comparable acrossthe institution, interpretable,auditable, replicable, teachableand, above all, relevant and credi-ble as to facts and perceptions.

• The data collection must be in areasonable cost/benefit orcost/risk mitigation relationship.

• Credibly quantified and relevantrisks represent an opportunity inan overall context: without credibility and relevanceof data/quantification, scepticismand cynicism abound.

• Sourcing, sharing and storing ofvertical and horizontal informationis especially important in times ofstaff turnover, restructurings andmergers.

B. Retaining perspective

6. Newness and/or complexity of a project – combined withuncertainty – can add risks.

• Simplicity for average humanbeings. Complex structures, com-plex restructurings and systemsrequire: – break-up of problems; – additional, continuous

assessment;– anticipation and ability to

react.

7. Risk management is part art, partscience.

• Facts, perceptions, expectationsare all important; quantitative andqualitative judgements are crucial.

• Common sense: not minutiae, but relevance and credibility arethe key.

8. Limitation of models.

• Not all risks are relevant and/orquantifiable, but risks which can-not be measured directly oftenhave indirect consequences forshare price, growth, clients etc.

• Models are always only part of anoverall risk managementapproach.

• Models are as good as underlyingassumptions and informationinput:“garbage in – garbage out effect”.

• Be able to “read” the model: never forget common sense.

• “Reductio ad absurdum” may leadto a “model figure” but mostprobably produces the wrongconclusions for the really relevantissue.

• Comparison of absolute modelfigures with those of third partiesis questionable; prime valueadded of a good model is the in-ternal trend over time, assumingmodel consistency.

9. Risk management is a continuousprocess, not a programme.

• Best practice and integrated ap-proach as targets.

• Proper risk awareness for every-one within holistic framework.

• Regular checks on strategy,structure, system(s), simplicity,safety, speed. Continuousadjustments to new paradigms:updated, major risks inventory.

• Focus on long-term initiatives ver-sus short-term ones: focus on integrated approach withemphasis on promotion ratherthan on monitoring.

C. Emphasising the human aspect

10. A financial institution is a knowledge company.

• Source, share, synthesise andsave knowledge: avoid braindrain.

• Knowledge alone is not enough:the added value is generated byits implementation.

• Learn from mistakes, both personally and institutionally.

• Culture of open communicationon “experience” and know-how,both horizontally and vertically.

• Continuous learning as part ofevaluation/incentive process.

11. Responsible control/risk cultureare as important as the mostsophisticated risk managementtools.

• Only the mastering of all majorrisk types contributes to asustained excellent reputation.

• Mistakes or misjudgements areunavoidable: the ways of correcting them arepart of culture.

• Risk-return culture for everybody.

• Ongoing motivation of staff andcommunication with all majorstakeholders.

• Risk culture at large is the finalresponsibility of top managementand board of directors.

12. Human element is THE criticalfactor for success.

• Good mix of professional, open-minded and honest people witheducational, professional and lifeexperience and integrity.

• Professionalism includes “feel,intuition and inspiration for riskand market direction”.

www.credit-suisse.com 33

CREDIT SUISSE GROUP RISK MANAGEMENT

34

12 core values for employees of Credit Suisse Group

Core ethical values

IntegrityWe realise that our global franchise is based on our coreethical values and our long standing reputation for in-tegrity, trust, confidentiality, fairness and professional-ism. We respect the interests of our stakeholders(clients, employees, shareholders, service providers,government authorities, financial regulators, competi-tors, media) and of society as a whole.

ResponsibilityWe honour our commitments and take personal respon-sibility for our actions. We promise only what we candeliver. We do not mislead our stakeholders.

FairnessWe believe in courteous and respectful treatment of ourstakeholders. We support equal opportunities and awork environment free of discrimination and harassmentof any sort.

ComplianceWe acknowledge the importance of all relevant laws,regulations, policies and standards, both internal and external, and comply with them. We are committed toexemplary management discipline and a first class control and compliance environment.

TransparencyWe seek constructive, transparent and open dialoguewith our stakeholders based on fairness, mutual respectand professionalism.

ConfidentialityWe treat confidential as such and do not disclose non-public information concerning the Credit Suisse Groupcompanies, their clients and employees, unless requiredby law.

Core performance values

ServiceWe are committed to providing superior service to ourclients. We believe that knowing our clients and offeringthem value by combining good judgment, in-depthknowledge and prompt and courteous service leads tosuccess.

ExcellenceWe are committed to excellence through continuousimprovement of our management practices and know-how. Problems or mistakes are viewed as a chance toimprove.

TeamworkWe believe in achieving more for our stakeholders byworking together to draw upon our individual and collec-tive strengths and abilities worldwide and across busi-ness lines.

CommitmentWe recognise individual contribution to the current andfuture success of our firm and reward it objectively, tak-ing into account the personal contribution to targets,governance and teamwork. Every employee contributesher/his best to reach our common goals, by maintainingfocus and intensity of effort.

Risk cultureWe base our business operations on conscious, disci-plined and intelligent risk taking. We believe in inde-pendent risk management, compliance and auditprocesses with proper management accountability forthe interests and concerns of our stakeholders.

ProfitabilityWe are committed to sustained profitability whichenables us to carry out our strategies, make long-terminvestments, fairly compensate our staff and achieve anattractive return for our shareholders. Legality, compli-ance and our core ethical values, however, come beforeprofit.

Risk management governanceThe structuring of Credit Suisse Groupas a series of distinct business units –introduced in 1996/97 – is designedto increase transparency, discipline andaccountability. Although the Group asa whole is large, the new structurehelps to make it less complex. Flexibili-ty, the ability to focus and to react, aswell as specialisation and closeness tothe market are heightened. Thus, thedifferent business units can be meas-ured against the best of their respec-tive class.

More importantly with a view torisk, the business unit set-up allowsthe Group to align risk types, focus onmajor risk categories and concentrate

and specialise on specific risks withthe help of tailor-made managementtools where appropriate and relevant.Group-wide risk management ap-proaches are unified and thus applied.It is our ambition to establish the globalbenchmark of a large, multifacetedfinancial organisation in regard to riskmanagement structures, processesand methods. This is not a programmebut an ongoing process.

Group risk management governanceThis aspect concerns four major legalentities within Credit Suisse Group: le-gal entity Winterthur for the insurancebusiness, legal entity Credit Suisse forretail banking and private banking,

legal entity Credit Suisse First Bostonincluding investment banking and insti-tutional asset management, and legalentity Credit Suisse Group as the hold-ing company of the aforementionedthree legal entities. The same mem-bers of the Boards of the latter threelegal entities also serve as Members ofthe Board of Directors of Credit SuisseGroup as of April 2001.

At Credit Suisse Group, the riskmanagement governance structurebegins with the Boards of Directors,including their Audit Committeeswhich are – among other duties – re-sponsible for determining the generalrisk policy, proper checks and bal-ances, the strategic risk management

Risk Committee

Chief Credit OfficerStrategic Risk OfficerRisk Managers

Legal &Compliance

Investment Committees

Risk Managers

Legal &Compliance

RiskCommittees

Chief Credit OfficerRisk Managers

Legal &Compliance

RiskCommittees

Chief Credit OfficerRisk Managers

Legal &Compliance

Executive Board

Chief Executive Officer

Executive Board

Chief Executive Officer

Executive Board

Chief Executive Officer

Executive Board

Chief Executive Officer

Executive Board

Chief Executive Officer& Vice-Chairman

Chief Investment OfficerInvestment Committee

Chief Risk OfficerRisk Managers

Legal &Compliance

Executive Board

Chief Executive Officer

Chief Investment OfficerInvestment Committee

Chief Risk OfficerRisk Managers

Legal &Compliance

Business unit level

Legal level

Group level

Credit Suisse Group risk management – general organisation

Provisions CommitteeGroup Risk Processes &Standards Committee

Risk ManagementCommittee

Group Chief Financial OfficerGroup Chief Risk Officer

Legal & Compliance IT Executive Board

Board of Directors/Audit CommitteeCredit Suisse

1) Credit Suisse Personal Finance and Credit Suisse e-Business have an analogous structure.

Board of Directors/Audit CommitteeWinterthur

Group Chief Executive OfficerGroup Executive Board

Credit Suisse GroupBoard of Directors

Internal/External Audit

Board of Directors/Audit CommitteeCredit Suisse First Boston

WinterthurInsurance

Credit Suisse Financial Services

WinterthurLife & Pensions

Credit SuisseBanking 1)

Credit SuissePrivate Banking

Credit SuisseFirst Boston

Credit SuisseAsset Management

www.credit-suisse.com 35

CREDIT SUISSE GROUP RISK MANAGEMENT

organisation and the Group’s overallappetite for risk. They are also respon-sible for reviewing major risk expo-sures on a regular basis. The simplifiedorganisational set-up is presented inthe chart “Risk management – generalorganisation” on page 35.

The daily risk management respon-sibilities on Group or Corporate Centerlevel are set up as an additional layerof risk management and control, har-monising relevant risk management is-sues which can and should be broughtto a common denominator. The primevalue added is the challenging of busi-ness units and the overall control andoverview, while duplication of efforts isavoided.

The Group’s Executive BoardRisk Management Committeeincludes all Executive Board Membersand is chaired by the Group ChiefRisk Officer (GCRO). It prepares riskissues for approval by the Boards ofDirectors. It also reviews the Group’sexposure to different categories ofrisk, assesses potential opportunitiesand risks, initiates corrective actions tomitigate undesired risk exposures andreviews the allocation of capital. TheGroup Risk Processes & StandardsCommittee (GRIPS), chaired by theGCRO, also meets four times a yearto define the overall Group risk andcapital policies and to approve generalinstructions, processes, standards,methods and tools concerning riskmanagement at business unit level, orto unify these where Group-wideappropriate and relevant. The GCROchairs the quarterly Provisions Meet-ing, where the status and develop-ment of credit allowances at businessunit level are discussed and chal-lenged. In addition, the GCRO isresponsible for the development,implementation, monitoring andmanaging of risk Iimits as well as forstrategy, standards, procedures andrisk reporting. Group Risk Manage-ment supports the GCRO in fosteringgeneral risk awareness throughout theGroup and in harmonising approachesto manage risk types across businessunits. It also monitors the implementa-tion of the Group’s risk management

36

strategy together with the riskmanagement units at the individualbusiness units.

The Group Chief Financial Offi-cer deals with Group-wide IT issues –including risk related IT access, andsecurity issues – and chairs the regularmeetings of the IT Executive Board.

Business unit risk managementgovernanceWhile the business units are exposedto all risk types in one way or another,their relative significance varies sub-stantially by design. Trading book mar-ket risks are concentrated at CreditSuisse First Boston, while credit risksare most important at Credit SuisseBanking and at Credit Suisse FirstBoston. Insurance underwriting risksare exclusively found at Winterthur,while commission income risks domi-nate at Credit Suisse Private Bankingand Credit Suisse Asset Management.All business units are exposed tooperational, reputation/brand andstrategy risks.

The strategies of each businessunit and of the Group are discussed onthe highest levels at least once a year.The business units of Credit SuisseGroup are – by design – substantiallyautonomous, and are thus responsiblefor the implementation of their ownrisk management. To exercise thisauthority responsibly, each of the busi-ness units has its own consistent riskmanagement framework subject toregular checks and challenges byGroup management.

Each business unit has its ownspecialised risk management structureand systems in place – including riskcommittees, appropriate tools, sys-tems, procedures and controls – spe-cially tailored to cope with the riskstaken in its particular line of business.At every level of the risk managementprocess – especially in regard to mar-ket and credit risk – measurement andmonitoring functions are independentof the respective front-line office beingmonitored.

At Credit Suisse Group, risk man-agement organisation and systems aswell as policies and techniques are

subject to constant reassessment andimprovement to ensure that implicitrisks in the evolving financial markets arecaptured and appropriately managed.

Market risk – overviewThe term market risk refers to the riskof potential loss arising from adverseeffects on interest rates, foreign-cur-rency exchange rates, equity prices,and other relevant market rates andprices, such as commodity prices andvolatilities. A typical transaction may beexposed to a number of different mar-ket risks. Credit Suisse Group definesits market risk as potential changes offair values of financial instruments inresponse to market movements.

At Credit Suisse Group, theconsolidated primary market risk expo-sures in the trading portfolios at end-2000 were interest rates, equityprices, and foreign exchange rates.Exposure to the Swiss franc exchangerate of the US dollar and the euro aswell as to equity price levels in West-ern Europe and North America consti-tuted major elements of Credit SuisseGroup’s market risks embedded in thenon-trading portfolios or bankingbooks.

The most important tools used tomeasure and manage market riskexposures include the following:

• The Value-at-Risk (VaR) methodto estimate the potential loss aris-ing from a given portfolio for a pre-determined probability and holdingperiod, using market movementsbased on historical data.

• The scenario analysis to estimatethe potential immediate loss afterstressing market parameters.These changes are modelled onpast extreme events and hypotheti-cal scenarios.

• Other models measure interestrate sensitivity risk, default riskand economic risk capital for cer-tain complex activities. Regular as-sessments of mark-to-marketrevaluations of all balance sheetpositions and interest rate rotationscenarios are the basis for theseanalyses.

The major modelling techniques aredescribed in more detail at the end ofthis disclosure section, on page 46.

Market risk exposures of CreditSuisse Group business units and thecorporate center – trading portfoliosThe distribution of trading portfoliorelated market risks reflects the distri-bution of activities among the differentbusiness units. Trading activities andthe associated market risks arefocused primarily within Credit SuisseFirst Boston. Credit Suisse PrivateBanking and Credit Suisse Bankingalso conduct trading activities – albeiton a much smaller scale – primarilydriven by the need to offer a completeproduct mix to their customers. CreditSuisse Asset Management and Winterthur – comprising Winterthur Insurance and Winterthur Life & Pensions – do not engage in tradingactivities.

At Credit Suisse First Boston, themarket risk exposures in trading andnon-trading portfolios are broadlydiversified as the company is active in most of the principal traded marketsof the world. It is using almost allcommon trading and hedging prod-

ucts, including derivatives such asswaps, futures, options and structuredproducts (customised transactionsusing combinations of derivatives areexecuted to meet specific client orproprietary needs). With such a broadspread of products and markets,Credit Suisse First Boston’s tradingstrategies are diverse and variable, andexposure at any given time will gener-ally be spread across a wide range ofrisk factors and locations.

The business units with tradingbook activity perform a daily VaRcalculation to assess the market risk.The calculations are based on a ten-day holding period with a 99 percentconfidence level and risk movementsthat are generally determined by twoyears of historical data. For manypurposes, such as backtesting, theresulting VaR figures are usually scaleddown and presented as one-day hold-ing period values, including those pro-vided in this disclosure. Credit SuisseFirst Boston’s Risk Measurement &Management (RMM) unit is responsi-ble for updating and distributing therisk parameters used in the calculationof risk exposures to the other businessunits on a quarterly basis.

Market risk exposures in trading portfolios: Credit Suisse Group

99%, one-day VaR; in CHF m

Market riskExposure type

Interest rateForeign exchangeEquityCommodity

Sub-total

Diversification benefit

Total

1) Credit Suisse Group does not manage its trading portfolios on a consolidated basis. The amounts provided inthis column represent arithmetic sums of the respective VaR estimates of the business units plus the expo-sure of the Corporate Center. Management believes that this is a conservative representation of the overallrisk since possible diversification benefits between business units are not considered. However – as tradingportfolio-related market risks of some 85% of total VaR are concentrated at Credit Suisse First Boston – theoverstatement implied by this aggregation method is limited.

CreditSuisse

1) Group31 Dec. 1999

284.570.9

102.64.8

462.8

257.5

205.3

1)

CreditSuisseGroup

31 Dec. 2000

235.722.798.56.8

363.7

204.7

159.0

The estimates provided below areshown in Swiss francs, the base cur-rency in the VaR calculations of two ofthe three business units using VaR;Credit Suisse First Boston managesmarket risk utilizing VaR calculated onthe US dollar as the base currency. Inthe table below the spot exchangerates of 31 December 2000 and 31 December 1999 were applied. Thetable provides an overview of the VaRestimates in the material trading port-folios as of 31 December 2000 and31 December 1999.

Credit Suisse First Boston’s VaRdeclined by 48% in Swiss franc termsover the course of the year. Much ofthat decline was due to the introduc-tion of a new historical simulation mod-el which was approved for use in cal-culating the regulatory capital formarket risks by the Swiss FederalBanking Commission in the secondquarter of the year. The estimates for1999 are restated to provide a basisfor comparison. The methodology –adjusted VaR figures show that the“real” market risk would be approxi-mately down 25% in US dollar terms(Credit Suisse First Boston’s functionalcurrency) or down 23% in Swiss francterms.

Credit Suisse Group uses back-testing to assess the accuracy of theVaR model. Backtesting – the compar-ison of daily revenue fluctuations withthe daily VaR estimate – is the primarymethod used to test the accuracy of aVaR model. Backtesting is performedat various levels, from business unitlevel down to more specific tradingareas. While VaR models tend to gen-erate two to three outliers a year (dayswhen the trading loss exceeds therespective VaR), Credit Suisse FirstBoston had no outliers in four years ofusing the model for the calculation ofregulatory capital for market risks. VaRfigures should therefore be read withan understanding of the conservativenature of the model.

Two points are particularly note-worthy in the development of CreditSuisse First Boston’s market risk overthe course of the year 2000. First,Credit Suisse First Boston maintained

www.credit-suisse.com 37

CREDIT SUISSE GROUP RISK MANAGEMENT

change reduced the degree of ex-treme model conservatism, althoughthe model still remains conservative innature – i.e. Credit Suisse FirstBoston’s actual trading results are wellwithin the VaR band even after theadoption of the revised model.

The VaR methodology is mostuseful for day-to-day risk monitoring of trading books in the context of“normal” markets. Scenario analysis is

important to help understand risks dur-ing periods of severe disruption. CreditSuisse Group performs scenario test-ing to ensure that – even in good envi-ronments – its exposure to particularevents remains well controlled.

Non-trading portfoliosAll Credit Suisse Group entities man-age the market risks in their non-trad-ing portfolios (also known as “bankingbooks” or “other than trading port-folios”) through procedures and toolssuch as risk limits, independent moni-toring of risk from risk taking func-tions, and limit excess resolution steps.Sensitivity analysis is used to producethe risk quantification shown on theleft. In non-trading portfolios, compris-ing all non-trading books of the bank-ing business units – including privateequity investments – and the financialinvestments of the insurance businessunits, the major elements of marketrisk during 2000 were exposures tochanges in the Swiss franc to US dollarand euro exchange rates as well asequity instrument price levels inWestern Europe and North America.The table summarises the market risk exposures in non-trading portfolios as of 31 December 2000 and 31 December 1999.

Credit Suisse Group’s businessincludes a substantial volume of non-trading-related banking activity both inproviding products and services to itsclients and as proprietary investments.These activities include equity instru-ment participations, investments inbonds and other money market instru-ments, lending money and securitiesand deposit-taking. The instrumentsused for balance sheet managementinclude derivative instruments such asswaps, interest rate swaps, forwardrate agreements and options.

The financial investments of the in-surance business are held to ensurecoverage for future obligations arisingfrom policies. The quality of theseassets is generally high – holdings areprimarily bonds with AA and higherratings, with an A rating being the mini-mum requirement for new additions tothe portfolio. The Notes 22 and 23

a disciplined approach and held thelevel of market risks stable over theyear, even while absorbing the impactof Donaldson, Lufkin & Jenrette activi-ties in the fourth quarter. Second,effective 31 May 2000, the SwissFederal Banking Commissionapproved the revised VaR model foruse in the calculation of market riskcapital. As illustrated by the Backtest-ing chart above, the methodology

Market risk exposures in non-trading portfolios: Credit Suisse Group

Potential change in fair value/market value; in CHF m

Market riskExposure type

Interest rates 2)

Foreign exchange 3)

Equity 4)

Commodity 5)

Total banking business units

Total insurance business units

1) For each exposure type, the given figures refer to the particular sensitivity generating the largest potentialloss for Credit Suisse Group as a whole. The Credit Suisse Group amount equals the sum of the respectivebusiness unit amounts plus Corporate Center.

2) Assuming an adverse parallel yield curve shift for Credit Suisse Group of between 1.00% and 2.00%,depending upon both the level and volatility of the particular country’s interest rates.

3) Assuming an adverse change for Credit Suisse Group of the CHF against all currencies of between 10% and20%, depending upon the volatility of the particular country’s exchange rate.

4) Assuming an adverse change for Credit Suisse Group in all equity instrument prices of between 10% and20%, depending upon the volatility of the particular stock market.

5) Assuming an adverse change in all commodity prices of 10%.

CreditSuisse

1) Group31 Dec. 1999

) 24.8) (55.4) (627.8

0.0

) (658.4

) (2,635.3

1)

))

)

)

CreditSuisseGroup

31 Dec. 2000

(15.2(62.5

(1,049.80.0

(1,127.5

(2,514.1

1st quarter 2000 2nd quarter 2000 3rd quarter 2000 4th quarter 2000

Daily revenueOne-day VaR (99%)

–250

–200

–150

–100

–50

0

50

Backtesting for Credit Suisse First Boston

in USD m

38

“Financial investments from the bankingand insurance business” of the consoli-dated financial statements on pages 80and 81 provide an overview of bookand market values of these assets.

Liquity and funding riskLiquidity and funding risk is the riskCredit Suisse Group or its businessunits being unable to fund assets ormeet obligations at a reasonable or, incase of extreme market disruptions,any, price. This risk is managed at thebusiness unit level, in line with ourgeneral governance principles, whichallows us to specifically tailor theapproach to the individual cash flowstructure within the business units. TheGroup Corporate Center monitors theidentification and measurement of thisrisk and works in partnership with allbusiness units to foster sound liquiditymanagement practices worldwide.

Credit risk – overview Credit risk is the risk that a borrower(or counterparty) is unable to meet itsfinancial obligations. In the event of adefault, a bank generally incurs a lossequal to the amount owed by thedebtor, less a recovery amount result-ing from foreclosure, liquidation of col-lateral or restructuring of the company.The majority of Credit Suisse Group’scredit risk is concentrated in the CreditSuisse Banking and Credit Suisse FirstBoston business units. The credit riskstaken on by Credit Suisse PrivateBanking are mostly collateralised andprimarily of an operational risk nature.Credit exposures exist in the bankingbusiness units within lending products,commitments and letters of credit, aswell as counterparty risk from deriva-tives, foreign exchange and othertransactions.

A system of individual credit limitsis the traditional means of managingcredit risk and preventing risk concen-trations. A comprehensive set ofcountry and regional limits is in placeto address concentration issues in theportfolio (see country risk). The thirdaspect of the credit risk managementframework is an appropriate credit riskprovisioning methodology, which is

also described at the end of this dis-closure section on page 49. CreditSuisse Group implemented such acredit risk management framework forthe banking business units in Decem-ber 1996. As this framework is usedfor management information purposesonly, it is not reflected in the consoli-dated financial statements. Annualcredit provisions (ACP) equal expectedcredit losses derived from actual his-torical average losses. The chart enti-tled “2000 ACP and credit provisions”shows the ACP of the banking units in2000 with the respective, actual creditprovisions. Actual losses which occurin any one year may be higher or lowerthan these provisions, depending onthe economic environment, interestrates and counterparties’ performance.In addition to the expected loss, an in-dicative worst-case default loss,shown in the chart on the right, iscalculated using CREDITRISK+, thecredit risk measurement and manage-ment tool developed by Credit SuisseFirst Boston. The 99th percentile worst-case default loss shown in the chart onthe right is based on the 99th percentileof the full credit default loss distribution.The difference between the worst-casedefault loss and the ACP reflects theunexpected loss level. The fourth as-pect of the credit risk managementframework is the pricing and optimisa-tion of the portfolio and the considera-tion of risk and reward.

Credit Suisse Group’s credit riskmanagement framework allows us toprice transactions involving credit riskmore correctly by performing a risk/return calculation. The current imple-mentation of the credit risk manage-ment framework covers virtually all ofCredit Suisse Banking, Credit SuissePrivate Banking and Credit SuisseAsset Management, as well as themajority of Credit Suisse First Boston’scredit-related exposures. The remain-ing portion of Credit Suisse FirstBoston’s credit-related exposures iscovered by either VaR methodology –such as mark-to-market valuated realestate portfolios, the majority of whichare earmarked for securitisation – orby applying credit risk adjustments.

0

100

200

300

400

500

600

700

800

900

CHF m

2000 ACP and credit provisions

CSB

2000 ACP2000 Actual credit provisions

* Both ACP and credit provisions are well belowCHF 1 m for 2000.

CSFBCSPB CSAM* CSG

0

500

1000

1500

2000

CHF m

99th percentile worst-casedefault lossas of end-2000

CSB

* Worst case loss for 2000 below CHF 2 m.** Based on combined portfolio.

CSPB CSFB CSAM* CSG**

1997 20001998 1999

www.credit-suisse.com 39

CREDIT SUISSE GROUP RISK MANAGEMENT

0

20

40

60

80

100

120

140

CHF bn

Credit Suisse Group banking units counterparty exposure by ratingGross total of CHF 405 bn, as of end-2000

R1AAA

R2AA

R3A

R4BBB

non-ra-ted

R5BB

R6B

R7CCC/CC

R8*<C

Pro-visi-ons

Internal ratings R1– R8 are approximately equivalent to the respective external ratings.

* Potential problem and non-performing loans,including accrued interest.

Investment Grade 80%Non Investment Grade 20%

0

20

40

60

80

100

120

140

CHF bn

Credit Suisse Group banking units counterparty exposure by industryGross total of CHF 405 bn, as of end-2000

Banks and brokers/financial servicesIndividual clientsReal estate/constructionTelecomElectricityPublic & defenceRetail tradeWholesale tradeOil & gasElectronic equipmentOthers

40

The business units of Credit SuisseGroup manage credit risks through acredit request and approval process,ongoing credit and counterparty moni-toring and a credit quality reviewingprocess. Credit requests are preparedby experienced credit officers, basedon analysis and evaluation of debtorcreditworthiness and the type of credittransaction. Credit decisions are takenon a transaction-by-transaction basisby credit committees and senior creditmanagers at levels appropriate to theamount and complexity of the transac-tions, as well as to overall exposures tocounterparties and their related enti-ties. These authority levels are set outwithin the governing principles of thelegal entities. Transactions of a signifi-cant and unusual nature are discussedwith and/or ratified by the GCRO.

Credit exposures to individualcounterparties or segments thereofand adherence to the related limits aremonitored continuously by credit offi-cers, industry analysts and further spe-cialists. In addition, credit risks are alsoregularly reviewed by credit and riskmanagement committees, by takingcurrent market conditions and trendanalysis into consideration.

The credit review process isdesigned to result in an early identifi-cation of possible changes of thecreditworthiness of our clients. Theseprocedures include regular asset andcollateral quality reviews, business andfinancial statement analysis of individ-ual clients and economic and industrystudies. Other key factors consideredinclude business and economic condi-tions, our historical experience, regula-tory requirements, and concentrationof credit volume by industry, country,product and counterparty rating. Theprocess results in a quarterly determi-nation of the appropriateness of ourallowances for credit losses and leadsto the decision whether allowancesshould be released or increased. Thecredit committees of the businessunits and the Group are responsible forsuch decisions.

Another tool in use – particularly atCredit Suisse First Boston – is regu-larly updated watch-lists for the identi-

fication of counterparties wherechanges in creditworthiness couldoccur due to events such as an-nounced mergers, earnings weakness,lawsuits, etc. Possible recovery meas-ures are evaluated even before potentialcredit losses might be incurred. In addi-tion, Credit Suisse Group and its busi-ness units regularly analyse their industrydiversification and concentration inselected segments. Credit protectionsuch as credit derivatives are used to alimited degree, in particular to mitigatesome exposures with multinationalcompanies.

Loans and loan equivalent portfolio –counterparty exposure

Credit Suisse Group defines counter-party exposure as all positions, expo-sures and facilities that potentially gen-erate a credit risk for the Group. Thisincludes loans and loan equivalentsrepresenting drawn exposures as wellas committed but undrawn facilities. Italso includes market-driven exposureslike off-balance sheet transactions,such as derivatives and foreign-exchange transactions, as well asletters of credit and guarantees. Allthese instruments are converted byusing internal loan equivalent factors,which are related to regulatory risk-weightings. This approach representsa more comprehensive definition ofcounterparty exposure, especially incomparison with other financial institu-tions which often emphasise lendingexposure only. The total gross counter-party exposure amounted to CHF 405billion as of 31 December 2000(31.12.1999: CHF 373 billion).

A counterparty credit risk classsystem has been implemented byCredit Suisse Group to define a frame-work that supports consistent creditrisk analysis (statistical and otherwise),credit risk monitoring, risk-adjustedperformance measurement, economiccapital/usage allocation, and certainfinancial accounting purposes. Theestablishment of a credit risk rating foreach counterparty is the first step inevaluating the possible risk of creditlosses. The counterparty credit ratingis used – in combination with credit (or

credit equivalent) exposures and re-covery rates – to quantify potentialcredit losses. Each counterparty thatgenerates potential or actual credit riskexposure for Credit Suisse Group israted and assigned a risk class. Forthose counterparties identified as hav-ing at least one impaired transaction,the counterparty is rated as either (I) apotential problem loan, (II) a non-performing loan or (III) a non-interestearning loan.

The tables on page 40 show thebreakdown of Credit Suisse Group’scounterparty exposure by internalrating classes and major industry segments.

The non-rated exposure amountingto some CHF 13 billion – 3.3% ofgross counterparty exposure – relatesprimarily to mark-to-market valued residential and commercial real estatewhole loans of the former Donaldson,Lufkin & Jenrette portfolios destinedeither for securitisation or sale. Thechart also reflects the revised andrefined Credit Suisse Group riskratings which entered into effect as of31 December 2000.

The scale of Credit Suisse FirstBoston’s securitisation activities –where loans are housed temporarilyprior to securitisation or sale – in-creased after the merger with Donald-son, Lufkin & Jenrette. During theyear, Credit Suisse First Boston alsocontinued to improve liquidity andreduce risk in its existing commercialreal estate lending portfolio bydecreasing the size of less-liquidelements in the portfolio by roughly50% during the year, and also bysubstantially strengthening provisionsfor this activity.

The maturity structure – on page95, Note 38 of the consolidated finan-cial statements – shows that 90% oftotal current assets are due within 12 months while only 4% are due afterfive years or show no maturity. In addi-tion, approximately 60% of the totalcounterparty exposure is collateralisedby a variety of collateral types, includingpledged deposits and securities portfo-lios, mortgages, standby letters ofcredit, and guarantees.

In summary, Credit Suisse Group’scredit risk management frameworkcomprises five core components: anindividual credit limit system; countryand regional concentration limits; acredit risk provisioning methodology; apricing methodology; and an individualcounterparty and country rating sys-tem. The credit risk managementframework is refined constantly and si-multaneously covers all business areasexposed to credit risk.

Country riskCountry risk is the risk of a substan-tial, systemic loss of value in the finan-cial assets of a country or group ofcountries which may be caused by theinability or unwillingness of a sovereignto meet contractual obligations and/orthe imposition of controls on capitalflows. Given the international characterof their activities, all business units ofCredit Suisse Group are exposed tocountry risk, although the largest por-tion by far is held at Credit Suisse FirstBoston.

Country ratings and country limitsare the two primary instruments usedby the Group to manage country risk.Country ratings provide an assessmentof the risk of sovereign default. The in-dependent credit risk management de-partment (CRM) of Credit Suisse FirstBoston – in cooperation with EconomicResearch – periodically updates theserating assessments. The ratings areapproved by the GCRO. Country limitscap Credit Suisse Group’s exposure toindividual countries. They are supple-mented by regional limits, which restrictthe maximum exposure to a specificregion in order to limit the impact ofcontagion. Regional limits are lowerthan the numerical addition of all thecountry limits of the respective regions.The Board of Directors approves coun-try, regional and global limits. WithinCredit Suisse First Boston, the CreditPolicy Committee and Capital Alloca-tion and Risk Management Committee– in cooperation with the GCRO – peri-odically reviews these limits. In addition,the independent Risk Measurement &Management department (RMM)assesses exposures versus country

0

1000

2000

3000

4000

5000

6000

7000

8000

9000

CHF m

Credit Suisse Group banking units exposure to selected emerging markets by region and largest individual country exposure of regionas of end-2000

Africa/SouthAfrica

Net exposure/region.Net exposure/largest country exposureof region.Exposure of insurance business belowCHF 300 m.

Asia/ChinaHongkong

LatinAmerica/Brazil

EasternEurope/Russia

www.credit-suisse.com 41

CREDIT SUISSE GROUP RISK MANAGEMENT

Asset quality &provision developmentNon-performing loans (NPLs) 1)

Capital provisions against NPLs 2)

Counterparty exposure 1)

Coverage ratio of NPLs31.12.200031.12.1999NPLs as percentage of counterparty exposure of business units31.12.200031.12.1999

1) Includes loans and loan equivalents.2) Excludes total interest of CHF 1,906 m (fully provided).

CreditSuisseGroup

31 Dec. 2000 in CHF m

9,8266,191

405,215

63%63%

2.40%3.40%

CreditSuisse

FirstBoston

31 Dec. 2000 in CHF m

1,479989

239,640

67%84%

0.60%0.90%

CreditSuissePrivate

Banking31 Dec. 2000

in CHF m

11160

38,265

54%75%

0.30%0.30%

CreditSuisse

FinancialServices

31 Dec. 2000 in CHF m

8,2365,142

127,310

62%60%

6.50%8.70%

limits. RMM and CRM provide inde-pendent supervision to ensure that thedivisions operate within their limits.CRM also assumes responsibility foractively managing these limits to reflectchanging credit fundamentals.

A gross counterparty exposureanalysis by country rating category –excluding exposures to supranationalsand diversified portfolios without de-fined country risk assignment – showsthat approximately 87% are with inter-nally N1-rated countries (equivalent toAAA) and 8% with N2-rated countries(equivalent to AA) respectively, leavinga balance of only 5% to lower-ratedcountries.

The table on page 41 shows theGroup’s cross-border exposure out-standing to selected emerging marketcountries. Credit Suisse First Boston’stargeted exposure reduction in Russiais largely completed; the remainingexposure has conservative provisions.

Loan loss experienceAn allowance for losses for bankingoperations is maintained at a levelconsidered adequate to absorb lossesarising from the existing portfolios ofloans and loan equivalents. Theallowance for such losses is made inaccordance with Swiss banking laws.Each business unit creates provisionsfor bad and doubtful debts based onCredit Suisse Group guidelines. Theallowances are reviewed on a quarterlybasis by senior management.

42

In determining the amounts of theallowances, loans and loan equivalentsare assessed on a case-by-case basis,taking the following factors into con-sideration:• The financial standing of the

customer, including a realistic assessment based on financial and business information of the like-lihood of repayment of the loanwithin an acceptable period of time;

• The extent of Credit SuisseGroup’s other commitments to thesame customer;

• The fair value of any security forthe loans;

• The costs associated with obtain-ing repayment and realization ofany such security.

Driven by the Group’s selectivityregarding counterparties, the overallasset quality of Credit Suisse Groupremains solid – with approximately80% of exposures rated investmentgrade or equivalent and with thelargest exposure to a single non-in-vestment grade rated counterparty(BB+) of some CHF 700 million.Concentration risks are strictly limited.For instance, exposures to the telecomsector amounted to 3.5% of totalcredit exposures at end-2000, including the integration of Donaldson,Lufkin & Jenrette. Furthermore, provisioning levels are kept stable aspresented in the asset quality tableabove.

Insurance riskProtecting Winterthur Insurance andWinterthur Life & Pensions from unduerisk accumulation is a core risk man-agement activity. In order to understandthe risk universe of an insurance com-pany, the flow of business and the ac-companying flow of risks are analysed.Premiums earned by selling insurancepolicies are invested to cover claimsoccurring at a future date – sometimesmany years later. Therefore, the com-pany has to manage and limit insur-ance risk – e.g. through reinsurancecontracts, financial market risks (seemarket risk section) associated with itsassets and liabilities (reserves), andrisks associated with its assets and re-insurance contracts.Asset accumulation by insurance com-panies results predominantly from pre-miums paid earlier than claims are set-tled. The resulting time differences ofup to or even exceeding 50 years haveimplications for risk management. First,funds have to be invested in assets insuch a way that they generate cashflows in line with the cash outflows em-bedded in the liability structure. Sec-ond, product-specific characteristics –such as maturity, profit-participationbonuses, or inflation-dependent insur-ance claims – have to be treated ap-propriately.

The two Winterthur business unitsfollow stringent guidelines, especiallywith a view to assuming insurance risk,the selection of risks and the sumsinsured. Winterthur operates two maininsurance businesses – non-life andlife – and faces several risk typesstemming from its underwriting activity.

Non-lifeIn non-life business, insurance risk re-lates to claims that might be more fre-quent or larger than forecast, and/ormight have to be paid earlier than ex-pected (expected pay-outs are pricedinto the premiums paid). Better-diversi-fied insurance portfolios tend to implysmaller differences between expectedand actual claims. Winterthur thereforeholds a well-diversified insurance port-folio, in terms of both geographicaldiversification and industry structure.

Underwriting

Premium Insurance risk (gross)

Assets Reinsurance Reserves Retention

Market risk

Credit risk

Insurance risk

The risk structure in the insurance business

Nevertheless, a well-diversified in-surance portfolio with many businesslines spread over many policyholdersmight be vulnerable to natural hazards.In such circumstances, the portfolioscan be exposed to a large accumula-tion of risk. If adequate reinsuranceprotection were not in place, substan-tial losses could be triggered by asingle natural disaster. Winterthurtherefore uses reinsurance to limit theloss triggered by a single event – forexample, a winter storm in Europe – to a worst-case amount of CHF 100million.

LifeIn life insurance the basic underwritingrisk characteristics are similar to thosein non-life business. The insurance riskuniverse of life business is representedby deviations from expected mortality,morbidity and longevity, and expectedsurrender rates. Savings elements arequite often embedded in life insuranceproducts. The associated financialrisks can be substantial and must bemanaged accordingly. The assetmanagement units are responsible formanaging these risk elements and forproducing the kind of cash flows thatpolicyholders are likely to claim.

ReinsuranceWinterthur runs a reinsurance structureto protect its local businesses, itsdivisions and its capital at large. The

architecture of this reinsurance protec-tion is such that on all levels of theorganisation, local businesses, marketunits and business unit levels a set of internal and external reinsur-ance contracts absorbs all risks thatexceed a prudent retention level.Reinsurance protection follows theorganisational structure, based on theuniform principle that each organisa-tional entity manages insurance risk in accordance with its portfolio andcapital base.

Commission and fee income riskCommission and fee income risk, as defined by Credit Suisse Group,relates to those businesses thatreceive commission or fee income forservices provided, rather than whereproprietary risk in financial or insurancemarkets is taken. Commission and feeincome risk can best be defined as aquantification of earnings at risk due to significant contraction in marketactivity.

While there are other scenariosthat could lead to significant loss of feeincome either for a geographic locationor for a specific product or asset class,it is a widespread drop in market levelsthat would constitute the largest com-mission and fee income risk for CreditSuisse Group. Commission and feeincome risk calculations are primarilyused in the context of our internal Eco-nomic Risk Capital model.

Operational riskOperational risk is the risk of adverseimpact to the business as a conse-quence of conducting it in an improperor inadequate manner and may resultfrom external factors. Five major oper-ational risk categories have been dis-tinguished for systematic approachreasons: organisation, policy/process,technology, human, external.

Good operational managementequates to good management andoversight as presented on page 31. It often runs parallel to quality and/orknowledge management, all of whichcontribute to client satisfaction, astrong brand and shareholder value.

The primary aim lies in early identi-fication, prevention and mitigation ofoperational risks, as well as in timelyand meaningful management report-ing. Regular, Group-wide meetingstake place to achieve this common un-derstanding of priorities and to fosterthe dialogue between the CorporateCenter and the business units. Knowl-edge and experience is sharedthroughout the Group to ensure a co-ordinated approach. All business linestake responsibility for their own opera-tional risks.

Defining and striving to achievebest practice in operational risk man-agement methodology and techniqueswere a major focus during most of2000. For this purpose, Credit SuisseGroup has informally teamed up with anumber of major European banks in anattempt to learn from each other’s ex-perience and proven operational riskmanagement processes.

Development of specific opera-tional risk management tools beganwith the common definition of risk indi-cators at all business units. Statisticaland qualitative analyses show the rele-vance and usefulness of individual indi-cators as early warning signals. Theanalysis of internal and external auditreports indicates that an estimated90–95% of all audit points are ofoperational nature. The Group is there-fore working on improving thisindicator, allowing for judgment on therespective business units’ progress inthe operational area. In addition, audit

www.credit-suisse.com 43

44

CREDIT SUISSE GROUP RISK MANAGEMENT

deficiencies which are serious andrepetitive are escalated to thecompensation process.

While each business unit has itsown self-sufficient and specialisedLegal and Compliance set-up, CreditSuisse Group is emphasising an in-creased role of the Corporate Center’slegal and compliance staff. Commondenominators throughout the Groupand additional control functions will bethe added value.

Credit Suisse Group and its busi-ness units mitigate certain operationalrisks with insurance contracts withthird parties. These contracts aregenerally structured in such a way thatthe first loss portions are for theaccount of the business unit. Thus,potential “moral hazard” problemsshould be mitigated.

During 2000, no material opera-tional loss was observed. The absenceof a material operational loss does notimply that there have not been oppor-tunity costs incurred or that there is noroom for improvement in the opera-tional risk management area. Theweekly average of trades at CreditSuisse First Boston increased by over40% in 2000 compared to 1999 andamounted to over one million tradesper week. In spite of this very consid-erable increase in volume, the percent-age of non-perfect handlings – Nostro

Breaks, Failed Trades, Depot Breaks,Global Outstanding Outgoing Confir-mations and Outstanding IncomingAcceptances – versus volume stayedat least about the same in many areas;in some areas it improved substantially.This is one more indication that thecorrelation between operational risklosses and size is highly doubtful.

The new BIS regulatory initiativecalling for capital requirement for oper-ational risks will be a major challengefor all banks and regulators over thecoming years. To come up with a fair,credible, relevant and efficient regula-tory solution will be very difficult, partic-ularly taking the following into account:the protection through insurance;double counting of risks; the “hit-ab-sorption-capacity” based on earningspower as well as scale and scope; anda level playing field for all financialservices organisations. Operational riskmanagement is not so much an is-sue of regulatory capital requirementsbut good management, and it is closeto quality management. Close to100% of the benefit of operational riskmanagement is derived from the factof doing it responsibly, and not byassigning a regulatory capital numberto it.

Key quantitative methods in risk control

Credit risk

Insurance underwriting risk

Commission & fee income risk

Operational risk

Reputation/brand risk

Strategy risk

Market risk

What-if analysis, relative performance of stock price

Position andsensitivity limits

Scenarioanalysis

Underwritingguidelines

Scientific threatscenario analysis

Limits based on potential exposure

Portfolio VaR

Credit riskmodels

PortfolioVaR

Economic Risk Capital

Integrates quantifiable risks intoconsistent and comprehensive risk measure

Complements specific risk measures

Provides increased transparency on the firm’s overall risk level

Provides basis for risk-adjusted performance measures

Compliance, internal audit

1980s 1990s 2000+

Scenario analysis &earnings-at-risk models

Scenario analysis, key risk indicators,business continuity planning, impact scoring

Position and concentration limits

Economic Risk Capital – optimisationof capital allocationAlthough the conscious managementof risks is not new, the adoption ofmathematical-statistical methods hastransformed the way financial institu-tions have managed and controlledrisks over the last twenty years. Asillustrated by the graph entitled “Keyquantitative methods in risk control” onpage 44, quantitative methods havebecome especially important in thearea of market, credit and insuranceunderwriting risks. While those specifictools – together with the all importantqualitative controls – remain importantelements of the risk managementprocess, Credit Suisse Group hasestablished a tool to integrate all quan-tifiable risks into one consistent andcomprehensive risk measure. Thismeasure – Economic Risk Capital(ERC) – is defined as the equity cush-ion needed to ensure that the Groupremains solvent and in business evenunder extreme conditions. Unlike regu-latory capital – currently confined tomarket and credit risk – ERC is de-signed to reflect all significant quantifi-able risks associated with the Group’sbusiness activities. Apart from provid-ing increased transparency on theGroup’s risk profile, ERC provides thebasis for more comprehensive risklimits, a more risk-sensitive allocationof capital to the business units, risk-adjusted performance measures andthe assessment of the Group’s capitalneeds given its level of risk.

OutlookPart of Credit Suisse Group’s strategyand of all the business units is to be aleader in risk management. Significantpersonnel and technological resourcesare focused on ensuring that CreditSuisse Group continues to enhance itsrisk management capabilities, therebyremaining at the forefront of the indus-try. To achieve this goal, Credit SuisseGroup has developed an integratedframework of best-practice risk man-agement, risk policies, methodologiesand infrastructure. Credit SuisseGroup is also in the process of linkingrisk management and performance

measurement using an economic riskcapital framework, with economic riskcapital usage as the common denomi-nator for all major risks. Together witha proactive risk management cultureand the appropriate qualitative andquantitative tools, the economic riskcapital framework will support thedecision-making by senior manage-ment at Credit Suisse Group, thuslinking risk management to theGroup’s shareholder value strategy.Further initiatives focus on refining thecommon credit rating definitionsamong the business units, includingthe full introduction of transaction rat-ings, and on further development ofoperational risk matters at large, in-cluding compliance aspects.

www.credit-suisse.com 45

46

CREDIT SUISSE GROUP RISK MANAGEMENT

Market risk measurement methodologies

IntroductionEach business unit of Credit SuisseGroup uses market risk measurementand management methodologies that meet industry standards. Theseinclude both general tools capable of calculating exposures comparableacross the many activities of CreditSuisse Group, as well as focusedtools that can specifically modelunique characteristics of the functionsof certain units. The tools are usedfor internal market risk management, market risk aggregation, and for internal market risk reporting and disclosure purposes. The two prin-cipal measurement methodologies are Value at Risk (VaR) and Sensi-tivity Analysis, and are used tomanage risk relative to typical marketshifts. A third technique, calledScenario Analysis, is used addition-ally to model atypically large or other-wise abnormal market changes.These and related methodologies are described in the following para-graphs.

The US Securities and ExchangeCommission encourages registrants toprovide robust descriptions of theirmarket risk strategies and measure-ments. The details in this disclosure,including the numerical expressions of risk, are “forward-looking state-ments”. These disclosures are not intended to be precise indicators of expected near term reported losses.Rather, the values given are estimatesof reasonably possible losses in caseof adverse conditions occurred. Please note that changing marketconditions affecting one or more of the primary market risk types couldproduce results that may differ materi-ally from those described in this document. In addition, the risk mea-surements provided are based on portfolios at the reporting dates. Thesignificant turnover in portfolio holdingsover the normal course of business will also cause future measurement of risk and the actual outcomes to vary.

1. Value-at-RiskValue-at-Risk measures the potentialloss in terms of fair value changes overa given time interval under normalmarket conditions at a given confi-dence level. Value-at-Risk as a con-cept is applicable to all financial risktypes with valid, regular price histories.Positions are aggregated by risk typerather than by product: for example,interest rate risk includes risk arisingfrom money market and swap trans-actions, bonds, interest rate options,foreign exchange, equity instrumentand commodity options. The use ofVaR allows the comparison of risk indifferent businesses, such as the com-parison of fixed income and equities,and also provides a means of aggre-gating and netting a variety of posi-tions within a portfolio to reflect actualcorrelations and offsets betweendifferent assets.

The history of financial marketprices serves as a basis for thestatistical VaR model underlying thepotential loss estimation. All Groupbusiness units modelling their tradingportfolios with VaR use a 10-day hold-ing period and a confidence level of99% calculated on a two-year historyof market data. These assumptions arein agreement with the “Amendment tothe Capital Accord to Incorporate Mar-ket Risks” published by the BaselCommittee on Banking Supervision in1996, and other related internationalstandards for market risk management.

The Credit Suisse First BostonVaR model was originally approved bythe Swiss Federal Banking Commis-sion for use in the calculation of CreditSuisse Group market risk capital effec-tive 30 June 1998. This approval wasbased on extensive reviews in 1997undertaken by Credit Suisse FirstBoston and the Group’s external audi-tors of the previous variance-covari-ance model and the related processesand controls. With the introduction ofthe historical simulation model, theSwiss Federal Banking Commissionexamined and reapproved the VaR

model for this purpose effective 31 May 2000.

Assumptions The Group’s busi-ness units with trading portfolios useda combination of a variance-covarianceand historical simulation model for1999. By the second quarter of 2000,a pure historical simulation model wasintroduced, which is used for all risktypes and businesses and does notuse any distribution assumption. It isbased on the profit and loss distribu-tion resulting from historical changesof market rates applied to today’s port-folio, using a two-year history. Thedocumented fat-tail effect of financialtime series, which means that largemoves are more frequent than expect-ed under a normal distribution as-sumption, is thereby taken intoaccount. This methodology also avoidsthe assumption of linear correlationbetween risk factors.

Limitations VaR as a risk measurequantifies the potential loss on a port-folio under normal market conditionsonly. It is not intended to cover lossesassociated with unusually severe mar-ket moves; these are covered by sce-nario analysis. VaR also assumes thatpast data can be used to predict futureevents.

Backtesting Credit Suisse FirstBoston and other business units withtrading portfolios use “backtesting” toassess the accuracy of the VaR model.Daily profit and loss can be directlycompared to a VaR with a one-dayholding period. The one-day VaR esti-mate is compared to the actual dailytrading revenue. The VaR measure isintended to be larger than all but a cer-tain fraction – as determined by theconfidence level – of trading out-comes. Backtesting can be performedat both the overall business unit leveland at a disaggregated level.

2. Sensitivity analysisSensitivity analysis models are usedto quantify the market risk the individ-ual units incur by holding the financialinstruments in their other-than-tradingportfolios. Sensitivity analysis is gen-erally defined as a measure ofpotential changes in a portfolio’s fairvalue created by changes in one ormultiple financial markets’ rates orprices, including interest rates, foreignexchange rates, and equity andcommodity prices. The results can befocused to show the impact of a nega-tive or adverse shift in a single interestrate or may be calculated to show theeffects of many simultaneouschanges.

Assumptions The market rates areassumed to change at the end of therespective business day, instanta-neously and without rearrangingpositions, for all risk types. Across allbusiness units, positions are revaluedunder hypothetically changed marketconditions. Financial instruments,financial derivatives and commodityderivatives of the other-than-tradingbook are included in the sensitivityanalysis modelling. Non-maturingaccounts, such as savings depositaccounts, are represented by meansof replicating portfolios, which usesophisticated statistical methodologiescombined with historical experience.

The standardised Group-wideparameters use the shifts below.

The G21 currencies are those ofthe world’s leading industrialised na-tions. For these disclosures, all othercurrencies are considered as belong-ing to emerging market nations. TheSwiss franc is the Group’s base cur-rency; therefore, all changes are trans-lated to Swiss francs. When applied onan individual market rates basis, ameasure of the sensitivity of the port-

* For low interest rate environments (e.g. Japan), Credit Suisse Group uses a smaller interest rate move and extrapolates results.

Interest rates * Equity prices Currency rates

G21 nations 100 basis points adverse change 10% adverse change 10% adverse changeNon-G21 nations 200 basis points adverse change 20% adverse change 20% adverse change

www.credit-suisse.com 47

48

CREDIT SUISSE GROUP RISK MANAGEMENT

folio to this market rate results. Takentogether, these shifts represent a sce-nario of simultaneously large, al-though not unreasonable, shifts in allmarkets. An “adverse” change is de-fined as one that produces a negativeresult on a business unit level.

Limitations Changes in portfoliocomposition as they would occur inlarge moves over an extended periodof time are accounted for in the sensi-tivity analysis. Also, the direct effectlarge moves in market rates will haveon the credit quality of creditors (whichin turn will have an impact on portfolioprofit and loss) is not considered withinthis Group-wide model. The analysis isdesigned to show outright risk per risktype. Spread risk within risk types butacross markets or macro-hedged posi-tions will not appear in the results.

3. Scenario analysisVaR is designed to measure marketrisk in normal market environments. Itis important to complement this with ascenario-based risk measure, whichaims at estimating the losses – basedon current positions – that could beexperienced under extraordinarymarket conditions. Scenario analysisis, therefore, an essential componentof Credit Suisse Group business units’market risk measurement frameworkfor both trading and other-than-tradingportfolio instruments.

Scenario analysis examines the po-tential effects of changes in marketconditions – corresponding to excep-tional but plausible events – on the fi-nancial condition of the firm. The re-sults of the analysis are used to man-age exposures on a firm-wide basis,as well as at portfolio level. Scenarioanalysis involves the revaluation of thefirm’s major portfolios to arrive at ameasure of the profit or loss the firmmay suffer under a particular scenario.Scenarios are applied to all major mar-kets in which Credit Suisse Group par-ticipates.

Global scenarios aim to capture therisk of severe disruption of all majormarkets and are related to historicevents, such as the 1994 bond mar-ket crisis, the 1998 credit crisis, the1987 equity market crash and the1990 US real estate crash. Businesslevel scenarios aim to capture portfoliospecific risks by employing scenariosbased on non-parallel yield curveshifts, changes in correlations and oth-er pricing assumptions and those in-corporating hedging assumptionsthrough time. Reports are producedfor senior management and traders fora range of scenarios at least monthly.

Assumptions Market data ischanged according to a predefined setof scenarios which are designed to:• Consider extreme events to pro-

vide “worst case” information.• Have an immediate “surprising”

effect without rearrangingpositions.

• Reflect macro-economic reality.• Be relevant to the portfolio being

modelled.• Be responsive to changing market

conditions.• Meet regulatory requirements.

Limitations Scenario analysis pro-vides an approximation of the impacton profits and losses in case of specif-ic events in the financial markets.Seldom do past events repeat them-selves in exactly the same way. As aresult, it is necessary to use businessexperience to come up with a set ofmeaningful scenarios and to appropri-ately assess the scenario results.

Credit risk measurement methodologies

Annual Credit Provision (ACP)The annual credit provision is theaverage expected credit loss over oneyear. For an individual entity the ACPis calculated using the following formula:ACP = Exposure * (1– RecoveryRate) * Expected Default Frequency

Where the expected default frequencyis determined by the credit rating ofthe entity, the ACP for each bankingbusiness unit is calculated as the sumof the ACPs for exposures in thatcompany’s portfolio.

The ACP is an internal manage-ment tool and is calculated for man-agement information purposes only. Asa result, it is not reflected in the con-solidated financial statements. Themethodology is regularly analysed bycomparing the ACP estimates with therelated actual incurred losses.

CREDITRISK+ parameter assumptionsRecovery rate The recovery rate hasremained unchanged at 60% for allbusiness units between December1996 and the reporting date.

Credit loss percentile The creditloss percentile for each portfolio is cal-culated as the worst-case credit lossfrom the portfolio over one year for agiven percentile (99.0%). The creditloss percentile is calculated at a port-folio level by using the CREDITRISK+model. From September 1997 to re-porting date, the 99.0 percentile wasreported for all business units.

Parameter assumptions The table below provides an overview ofthe internal counterparty ratings usedby the banking business units of CreditSuisse Group.

Probability of default (EDF: Expected Default Frequency) from 31 Dec. 2000Credit Suisse Group internal counterparty rating classes

Rating Expected Default Frequency band

AAA 0.00% < EDF ≤ 0.02%

AA+ 0.02% < EDF ≤ 0.03%

AA 0.03% < EDF ≤ 0.04%

AA– 0.04% < EDF ≤ 0.05%

A+ 0.05% < EDF ≤ 0.06%

A 0.06% < EDF ≤ 0.07%

A– 0.07% < EDF ≤ 0.11%

BBB+ 0.11% < EDF ≤ 0.20%

BBB 0.20% < EDF ≤ 0.30%

BBB– 0.30% < EDF ≤ 0.60%

BB+ 0.60% < EDF ≤ 0.90%

BB 0.90% < EDF ≤ 1.25%

BB– 1.25% < EDF ≤ 2.50%

B+ 2.50% < EDF ≤ 4.00%

B 4.00% < EDF ≤ 6.50%

B– 6.50% < EDF ≤ 10.50%

CCC+ 10.50% < EDF ≤ 16.00%

CCC to CC– 16.00% < EDF ≤ 100.00%

C 16.00% < EDF ≤ 100.00%

D–I Risk of default has

D–II materialised

Non

-impa

ired

grad

esIm

paire

d gr

ades

www.credit-suisse.com 49