Systemic Risk

When the global financial crisis struck in 2008, the focus was squarely on interbank networks and on the impact of systemic risk — the ability of small, seemingly isolated risks to grow and spread across heavily interconnected systems — on those networks. In the years after the crisis, the academic discussion on interbank network structure, market stability, and contagion paralleled a policy debate about whether major banks had become both too big and too interconnected to fail. The 2010 passage of the Dodd–Frank Wall Street Reform and Consumer Protection Act was a broad response addressing the challenges of the financial crisis with new regulation.

But in the aftermath of the 2008 crisis, surprisingly little attention was paid to systemic risks in the broad economy, outside financial networks, despite the fact that the broader economy has already been a driver of systemic risk. A closer look at the 2008 crisis showed that the emergency loans received by Chrysler, Ford, and General Motors — the "Big Three" American automakers — were motivated by systemic risk and the need to stave off a larger crisis. A primary reason for this lack of attention may be a lack of data on firm-level networks.

With funding through RAND Ventures — a RAND Corporation vehicle for investing in policy solutions — researchers sought to improve the understanding of systemic risk at the level of individual firms across the broad economy. This brief summarizes the results of that report.

Measuring Networks

The study sought to overcome the problem of a lack of data by leveraging a key U.S. regulation — Statement of Financial Accounting Standards No. 131 — which requires that public firms report all key customers and suppliers that account for more than 10 percent of their total sales. Researchers used that reporting to construct a dataset of observed network connections between supplier and customer firms. Although other researchers have considered using data from the regulation for this purpose, they have been discouraged by data problems: Linkages falling below the 10 percent threshold are unobserved, and observed linkages omit the flows of goods and services across each connection. RAND researchers addressed this problem, analyzing the observed network while using inference techniques to address the challenges of missing data.

Using network analysis on the observed connections in the dataset, researchers "shocked" the largest 1,000 firms by revenue by decreasing their output (revenue) and then estimating the total losses to the network, one firm at a time. A 1-percent shock is large but not unreasonable — essentially, a natural disaster, extreme weather event, or major cyberattack.

Findings

The impact of the 1-percent shock is shown in Table 1. The list of firms emphasizes ten of the 20 firms with the largest systemic impact following a shock. The results show that firms posing systemic risk are more heterogeneous than the focus on financial firms has led many to believe. It also highlights a potential shift in the landscape of systemic risk a decade after the 2008 financial crisis. The centrality of Amazon — and its increasingly widespread cloud computing service, Amazon Web Services — in traditional production networks was just emerging during the crisis. It has since gone through extraordinary periods of growth, with market power that reaches millions of customers with increasingly essential services. The simulated 1-percent shock leads to estimated firm losses of $1.4 billion, but to more than $77 billion in total losses throughout the economy. That $77 billion amounts to an aggregate economic multiplier of 54 (77/1.42).

And it is not just firms with billions in revenues. For example, a 1-percent shock to GoDaddy would result in $200,000 of losses to the firm, but over $4 million in losses across the economy — an aggregate multiplier of 1,800. The difference is not entirely surprising; despite its vastly smaller revenues, GoDaddy is a large internet domain registrar that provides an essential service keeping the digital storefronts of numerous companies active. If this shock came as a cyberattack that disrupted GoDaddy's services and those of its customers, the shock to GoDaddy would have a disproportionate effect.

Implications for Further Research

This study introduces a novel methodological approach that enables input-output analysis at the firm level and uses that approach to take a step forward in filling a gap in the discussion about the potential for contagion following firm-level shocks. Although financial-sector firms are still some of the most interconnected in the economy, many of the most connected firms actually exist in other sectors. Firms from diverse sectors, from petroleum to transportation to insurance, each represent meaningful sources of systemic risk. In particular, firms in both the technology and telecommunications sectors represent some of the most connected in observed production networks.

The centrality of technology and telecommunications firms is especially important given a changing landscape in global risks. In the decade since the financial crisis, the focus of many policymakers has shifted to the ever-present risks of cybersecurity. The 2016 cyberattack on Dyn, a relatively small firm providing a key domain name system, did more damage than just a shock to the single firm; it knocked out services to all its customers, representing numerous large online firms in diverse industries, including Netflix, Amazon, and the New York Times.

Given this, there is a need for a renewed policy discussion about the systemic risk of firms across the broader economy. In a manner parallel to the policy debate following the 2008 financial crisis, policymakers might need to begin answering whether other firms, particularly in tech and telecommunications, have become too big and too interconnected and, if so, must begin identifying potential mitigations through exercises analogous to stress tests used for systemically important banks.