Research Brief

Key Findings

  • Systemic risk in the financial sector was a key focus during the 2008 financial crisis.
  • Systemic risk across the broader economy has been underexamined in the decade since.
  • New analysis using an innovative approach shows that firms posing systemic risk are not just financial firms — systemic risk rises from firms in a diverse range of sectors whose influence has grown over the past decade, such as technology and telecommunications.
  • There is a need for a renewed policy discussion about the systemic risk of firms across the broader economy.

When the global financial crisis struck in 2008, the focus was squarely on interbank networks and on the impact of systemic risk — the ability of small, seemingly isolated risks to grow and spread across heavily interconnected systems — on those networks. In the years after the crisis, the academic discussion on interbank network structure, market stability, and contagion paralleled a policy debate about whether major banks had become both too big and too interconnected to fail. The 2010 passage of the Dodd–Frank Wall Street Reform and Consumer Protection Act was a broad response addressing the challenges of the financial crisis with new regulation.

But in the aftermath of the 2008 crisis, surprisingly little attention was paid to systemic risks in the broad economy, outside financial networks, despite the fact that the broader economy has already been a driver of systemic risk. A closer look at the 2008 crisis showed that the emergency loans received by Chrysler, Ford, and General Motors — the "Big Three" American automakers — were motivated by systemic risk and the need to stave off a larger crisis. A primary reason for this lack of attention may be a lack of data on firm-level networks.

With funding through RAND Ventures — a RAND Corporation vehicle for investing in policy solutions — researchers sought to improve the understanding of systemic risk at the level of individual firms across the broad economy. This brief summarizes the results of that report.

Measuring Networks

The study sought to overcome the problem of a lack of data by leveraging a key U.S. regulation — Statement of Financial Accounting Standards No. 13 — which requires that public firms report all key customers and suppliers that account for more than 10 percent of their total sales. Researchers used that reporting to construct a dataset of observed network connections between supplier and customer firms. Although other researchers have considered using data from the regulation for this purpose, they have been discouraged by data problems: Linkages falling below the 10 percent threshold are unobserved, and observed linkages omit the flows of goods and services across each connection. RAND researchers addressed this problem, analyzing the observed network while using inference techniques to address the challenges of missing data.

Using network analysis on the observed connections in the dataset, researchers "shocked" the largest 1,000 firms by revenue by decreasing their output (revenue) and then estimating the total losses to the network, one firm at a time. A 1-percent shock is large but not unreasonable — essentially, a natural disaster, extreme weather event, or major cyberattack.

Estimated Economic Impact of a 1-Percent Shock on Ten of the Top 20 Most Central Firms

Firms Firm Losses ($ billions) Economy-Wide Losses ($ billions) Aggregate Economic Multiplier Effect Sector
Amazon 1.42 77 54 Miscellaneous Retail
Walmart 5 34 7 General Merchandise Stores
Apple 1.6 27 17 Electronic and Other Electrical Equipment and Components
AT&T 0.85 26 31 Communications
Bank of America 0.95 23 24 Depository Institutions
Exxon Mobile 1.19 22 18 Petroleum Refining and Related Industries
Allstate 0.38 26 68 Insurance Carriers
IBM 0.79 21 27 Business Services
Anthem 0.9 19 21 Insurance Carriers
General Dynamics 0.31 17 55 Transportation Equipment

Findings

The impact of the 1-percent shock is shown in Table 1. The list of firms emphasizes ten of the 20 firms with the largest systemic impact following a shock. The results show that firms posing systemic risk are more heterogeneous than the focus on financial firms has led many to believe. It also highlights a potential shift in the landscape of systemic risk a decade after the 2008 financial crisis. The centrality of Amazon — and its increasingly widespread cloud computing service, Amazon Web Services — in traditional production networks was just emerging during the crisis. It has since gone through extraordinary periods of growth, with market power that reaches millions of customers with increasingly essential services. The simulated 1-percent shock leads to estimated firm losses of $1.4 billion, but to more than $77 billion in total losses throughout the economy. That $77 billion amounts to an aggregate economic multiplier of 54 (77/1.42).

And it is not just firms with billions in revenues. For example, a 1-percent shock to GoDaddy would result in $200,000 of losses to the firm, but over $4 million in losses across the economy — an aggregate multiplier of 1,800. The difference is not entirely surprising; despite its vastly smaller revenues, GoDaddy is a large internet domain registrar that provides an essential service keeping the digital storefronts of numerous companies active. If this shock came as a cyberattack that disrupted GoDaddy's services and those of its customers, the shock to GoDaddy would have a disproportionate effect.

Implications for Further Research

This study introduces a novel methodological approach that enables input-output analysis at the firm level and uses that approach to take a step forward in filling a gap in the discussion about the potential for contagion following firm-level shocks. Although financial-sector firms are still some of the most interconnected in the economy, many of the most connected firms actually exist in other sectors. Firms from diverse sectors, from petroleum to transportation to insurance, each represent meaningful sources of systemic risk. In particular, firms in both the technology and telecommunications sectors represent some of the most connected in observed production networks.

The centrality of technology and telecommunications firms is especially important given a changing landscape in global risks. In the decade since the financial crisis, the focus of many policymakers has shifted to the ever-present risks of cybersecurity. The 2016 cyberattack on Dyn, a relatively small firm providing a key domain name system, did more damage than just a shock to the single firm; it knocked out services to all its customers, representing numerous large online firms in diverse industries, including Netflix, Amazon, and the New York Times.

Given this, there is a need for a renewed policy discussion about the systemic risk of firms across the broader economy. In a manner parallel to the policy debate following the 2008 financial crisis, policymakers might need to begin answering whether other firms, particularly in tech and telecommunications, have become too big and too interconnected and, if so, must begin identifying potential mitigations through exercises analogous to stress tests used for systemically important banks.

Research conducted by

This report is part of the RAND Corporation research brief series. RAND research briefs present policy-oriented summaries of individual published, peer-reviewed documents or of a body of published work.

This research in the public interest was supported by RAND, using discretionary funds made possible by the generosity of RAND's donors, the fees earned on client-funded research, and independent research and development (IR&D) funds provided by the Department of Defense.

Permission is given to duplicate this electronic document for personal use only, as long as it is unaltered and complete. Copies may not be duplicated for commercial purposes. Unauthorized posting of RAND PDFs to a non-RAND Web site is prohibited. RAND PDFs are protected under copyright law. For information on reprint and linking permissions, please visit the RAND Permissions page.

The RAND Corporation is a nonprofit institution that helps improve policy and decisionmaking through research and analysis. RAND's publications do not necessarily reflect the opinions of its research clients and sponsors.