VoxEU Column Financial Regulation and Banking Global governance

Managing risk and complexity: Legal entity identifier

The Global Crisis dramatically revealed the severity of ignorance about risk exposure in the global financial system. A major issue is the complexity of legal structures with webs of subsidiaries and a lack of consolidated information systems. This column describes efforts to address these failings through the launching of a global legal entity identifier. The initiative offers great promise for addressing the complex information problems. However, network externalities imply that its success will depend on participation and adoption incentives.

After Lehman’s demise, participants in the global financial system could not assess their exposure to Lehman, its subsidiaries, and each other because there was no standard system for identifying counterparties in the maze of subsidiaries and affiliates from which banks, insurers, asset managers, and other market participants transact.” McKinsey & Company (2017)

Prior to the Global Crisis, even an informed observer might have naïvely believed that the CEOs of big financial firms could simply push a button to view the current exposure of their firms to any other firms in the world. Or, if less technologically advanced, they could call their chief risk officers or chief financial officers to obtain end-of-day positions.

Not even close. By the time that Lehman failed in September 2008, large financial holding companies had evolved into extremely complex structures with hundreds or thousands of subsidiaries for which the parent companies lacked consolidated information technology and risk-management systems. This ill-informed state reflected the use of legacy systems following long histories of mergers, combined with legal manoeuvres to reduce tax liability and isolate losses in one part of a business from other parts. The multiplicity of information systems meant that different parts of the same firm employed varying names and codes to identify the same counterparty. In some cases, even the same division of a firm failed to consolidate systems (McKinsey & Company 2017). Fixing this, merging all of the information structures and ensuring consistency, would have been an expensive proposition that managers (compensated out of current profits) had an incentive to delay.

Complexity as a systemic threat: The Lehman bankruptcy

When Lehman Brothers Holdings collapsed in September 2008, it had as many as eight thousand subsidiaries operating across an array of jurisdictions around the globe.1 Not only that, but other large financial intermediaries had hundreds, and in some cases thousands of subsidiaries, as well. Figure 1 shows the number of subsidiaries of those US financial holding companies with the largest volume of assets at the end of 2016.

Figure 1 Top financial holding companies: Number of subsidiaries, 2006 and 2016

Notes: The firms are ranked by their number of subsidiaries in 2006. The BNY Mellon 2016 number increased at least in part as a consequence of a mid-2007 merger.
Source: Courtesy of Nicola Cetorelli, Federal Reserve Bank of New York, from the National Information Center FR Y-10.

What do these large numbers imply? Consider just one example. The potential bilateral relationships before the crisis between any of Morgan Stanley’s roughly 3,500 subsidiaries and Lehman’s 8,000. Determining the consolidated exposure of Morgan Stanley to Lehman then required aggregating (summing and netting) positions resulting from what could in principle have been millions of bilateral relationships, each identified using a different protocol. Unsurprisingly, it took quite some time for Lehman’s counterparties to calculate their exposure to the consolidated entity.

Large firms were not the only organisations unable to compute (let alone manage) their consolidated risk exposures in a timely way. For the authorities, identifying vulnerabilities and estimating systemic risk – creating a global risk map – was beyond anyone’s capacity (even if someone had thought of trying).2 

Common identifiers reduce complexity

Correcting these deficiencies in the financial infrastructure is not a trivial matter. Simplifying the problem requires the creation of a unique, universal, and permanent identification system for both institutions (financial and nonfinancial) and instruments. For firms, this would be analogous to international banking account numbers (IBAN) or SWIFT codes for all legal entities, not just banks or their subsidiaries. For instruments, this would be akin to a global version of CUSIP numbers for all financial instruments, not just securities. If we had both of these, it would be possible in principle to map the exposures across the global financial network, and to identify nodes of risk concentration and vulnerability.

Before turning to legal entity identifiers, it is worth saying a few words about instrument identification. In 2009, Bloomberg created the Financial Instrument Global Identifier (FIGI).3 As far as we can tell, the FIGI is currently used for securities. While this is certainly progress, it does not go far enough. In our textbook, we define a financial instrument as a “written legal obligation of one party to transfer something of value, usually money, to another party at some future date, under specified conditions” (Cecchetti and Schoenholtz 2017). Examples include not just equities, bonds, and derivatives, but bank loans, securities financings, and insurance contracts. To compute bilateral financial exposures, the building blocks of a systemic risk map, we need to identify not only the counterparties to a transaction, but the nature of the obligation itself. This means having a FIGI that is comprehensive across instruments and jurisdictions. 

How can we simplify the problem of entity identification? Returning to the example of Morgan Stanley’s exposure to Lehman, imagine that each of their 3,500 and 8,000 subsidiaries has a bilateral relationship with each of the others. That is, there are 3,500 x 8,000 = 28,000,000 bilateral exposures of one sort or another. Now, assume that each of these 11,000 entities uses a completely different naming convention for storing the counterparty of its transactions. That is, each of the Morgan Stanley subsidiaries gives each of the Lehman subsidiaries a different name (and, similarly for Lehman). The result would be 28 million different combinations of the two names. If, instead, each of the 11,000-plus subsidiaries had a unique name, and that these names were associated with the parent, then things would become quite simple – consolidation would lead quickly to one set of two names.

Launching the Global LEI

Realising the nature of the opportunity and the challenge, in November 2011, the G20 called for the creation of a global legal entity identifier (LEI).4 Importantly, everyone realised that given the massive size of the financial system that supports both domestic and cross-border activity, the solution had to be global. That is, we need a system that allows everyone to identify both those entities within their own country and those entities outside. For pioneering analyses, see Bottega and Powell (2011) and work by the Office of Financial Research (2011).

Following several years of work by global authorities, in June 2014, the Financial Stability Board created the Global Legal Entity Identifier Foundation (GLEIF).5 Each LEI is a 20-digit number that is attached to a set of reference data. The information is designed to allow anyone to answer two essential questions:

  • Who is who?
  • Who owns whom?

Benefits of the LEI

Why do we need to know? Start with what happens when two banks merge. For example, over the past 30 years or so, more than 40 banks combined to become what we know today as the Bank of America.6 Many of these legacy institutions had business customers in common and independent knowledge of them. Consolidating that information would surely have been useful in evaluating how to manage the ongoing bank relationship. Should a customer’s new loan application be approved? Is it worthwhile to market additional products to a particular customer? Tax identifiers (such as Social Security numbers) make this a straightforward process for individuals. For complex firms with multiple subsidiaries, it requires a common identification system, like the LEI.

Knowing who is who – verifying that information in disparate databases applies to the same entity – also is critical for satisfying Know Your Customer (KYC) requirements, a legal prerequisite in most countries for establishing a new client relationship.7 If LEIs were widely used, the cost of complying with KYC regulations (as well the related anti-money laundering rules) would be far lower.

Knowing who owns whom directly addresses the problem that surfaced when Lehman failed. That is, with an LEI, firms can compute their exposure to a consolidated entity. As noted in McKinsey & Co (2017), banks also can use the LEI to aggregate and reconcile trade information, reducing operational risk. Having the subsidiary tree of a larger entity helps with a variety of other things, too. For example, if the parent offers to pledge a subsidiary’s assets as collateral for a loan, the lender can verify that the relationship is genuine.[8] Finally, together with appropriate financial information, LEI-based consolidation allows the authorities to construct a network map of risk concentrations.

The logic of collective action: Network effects

What will determine the success of the LEI initiative? The answer is the breadth of use. Like a currency, a language, or a communications device, the LEI is characterised by a network externality – the more firms that use it, the more valuable its use becomes. The challenge is that, initially, the benefits are very small. And, while the direct cost of registering an LEI is trivial – $75 initially and $50 for an annual renewal – the one-time fixed cost of updating IT systems is not small.[9] If every firm delays paying this fixed cost, we get stuck in the low-benefit state of the world with few users of LEIs. However, if every firm pays the individual cost, the combined net savings could be high.

Some financial firms are well aware of the cost savings associated with a universal identification system. The Office of Financial Research has pointed to estimates of the costs of operating without common data standards in the billions of dollars (Berner 2007). As a result, some in the financial industry asked regulators to require them to register. Not only would this reduce their cost of managing relationships with other financial sector firms, but it would make it easier for them to require their nonfinancial customers do the same (Kennickell 2016).

Ensuring universality

So where do we stand? The identification system has advanced substantially. There is now broad acceptance of the need for both legal entity identifiers and financial instrument identifiers. And the US Commodity Futures Trading Commission and the European Securities and Market Authority have required counterparties in derivatives transactions to report LEIs. As of this writing, nearly 800,000 LEIs have been issued, and the number is rising rapidly.10

The challenge is to ensure that the LEI system eventually includes virtually every firm that is eligible worldwide. In the absence of collective action, the risk is that the transition to a universal identifier system will stall. Because such identifiers are common goods with network effects – everyone benefits if everyone uses them – there is an incentive to postpone the one-time cost of IT upgrades until so many other firms have done so that making the investment pays off quickly. The solution is for authorities to require participation by some specified date either through regulation or legislation. And, since so many financial and nonfinancial institutions operate in multiple jurisdictions, this coordinated solution has to be a global one.

This leads to our bottom line – building on the successful creation of the LEI, the 25 member jurisdictions of the Financial Stability Board should do two things. First, they should agree to require the LEI as a prerequisite for a business greater than a minimum size to engage in any financial transaction in their jurisdiction. In the US, for example, other financial regulators should follow the CFTC’s lead in this regard. Second, the FSB members should implement a complementary system of financial instrument identification. Only then, once both systems are in place, will the private and public sector be able to track exposures in a low-cost, timely manner that allows them to manage risk efficiently.

Editors’ note: An earlier version of this column appeared on www.moneyandbanking.com.


Berner, R (2017), “Breaking through barriers impeding financial standards”, Office of Financial Research, From the Director, 2 February.

Bottega, J A and L F Powell (2011), “Creating a linchpin for financial data: Toward a Universal Legal Entity Identifier”, Federal Reserve Board, Finance and Economics Discussion Series 2011-07.

Cecchetti, S G, I Fender and P McGuire (2010), “Toward a global risk map”, in Central Bank Statistics: What did the Financial Crisis Change?, proceedings of the European Central Bank conference.

Cecchetti, S G and K L Schoenholtz (2017), Money, Banking and Financial Markets, 5th edition, New York, NY: McGraw-Hill Education.

Couillault, B, J Mizuguchi and M Reed (2017), “Collective action: Toward solving a vexing problem to build a global infrastructure for financial information”, Office of Financial Research, Brief Series 17-01, 2 February. 

Kapur, E (2015), “The next Lehman Bankruptcy,” in T H Jackson, K E Scott and J B Taylor (eds), Making Failure Feasible, Stanford, CA: Hoover Institution Press.

Kennickell, A B (2016), “Identity, identification and identifiers: The Global Legal Entity Identifier System”, Federal Reserve Board, Finance and Economic Discussion Series 2016-103, 8 November.

McKinsey & Company (2017), The Legal Entity Identifier: The Value of the Unique Counterparty ID, October.

US Treasury Office of Financial Research (2011), “Statement on progress to date and next steps forward in the global initiative to establish a Legal Entity Identifier (LEI)”, 12 August.


[1] See Kapur (2015: 188), citing Harvey Miller, lead attorney for the Lehman Bankruptcy filing.

[2] For a discussion of how one might construct a global risk map, see Cecchetti et al. (2010).

[3] For a description of the FIGI system, see here .

[4] See the Cannes Summit Final Declaration here.

[5] For a description of how this came about, see Couillault et al. (2017)

[6] See the diagram here.

[7] For a description of Know Your Customer rules, see here.

[8] For a detailed discussion of the commercial benefits of the LEI, see McKinsey & Co (2017).

[9] See the Bloomberg LEI website here.

[10] For the most recent number, see here.

630 Reads