CREDIT SUISSE GROUP RISK MANAGEMENT

Risk management contributes to the Group’s success by fostering a disciplined risk cul-
ture, providing risk transparency and ensuring intelligent risk-taking that appropriately
balances risk and return and optimizes the allocation of capital throughout the Group to
the benefit of shareholders and other stakeholders. Significant personnel and techno-
logical resources are focused on ensuring that Credit Suisse Group remains a leader in
risk management. Through a proactive risk management culture and the appropriate
qualitative and quantitative tools, the Group aims to minimize the potential for undesired
risk exposures.

Introduction – key principles
Financial services – put in a simplified framework – can
be summarized with: transaction, risk, information, capital
and knowledge/knowhow. The following sections con-
centrate on capital and risk.
Risk is uncertainty about a future outcome. It is
the essence of financial institutions’ activities. Risk is
multifaceted, complex, often interlinked and/or context-
driven. While not avoidable, risk is to be managed, not
feared. Intelligent, informed risk-taking is the key. Risk
is not only about the “downside” and threats, but also
about chances and opportunities. The ultimate risk is not
taking a risk.
A responsible risk and compliance culture combined
with the necessary knowhow for modern risk manage-
ment processes and methods has become a decisive
competitive advantage. It helps to maintain stability and
continuity and supports revenue and earnings growth as
well as brand equity. Disciplined and intelligent risk-taking
is an “attitude” towards stakeholders.
A robust risk culture and integrated holistic risk
management are very closely related to general man-
agement and corporate governance – this is especially
true of financial institutions. Credit Suisse Group – a
living, growing and multifaceted organization – is a glob-
ally active institution which supports the diversity of its
employees. Other countries, other customs: priorities and
preferences can vary from country to country or even
from an institution’s department to department. In this
context, our internal Code of Conduct – the 12 core
values for employees of Credit Suisse Group – plays an
important role, as presented in our annual report last
year. The principles should be common for applicants and
members of Credit Suisse Group. This is especially im-
portant in view of over fifty acquisitions/mergers and two
major restructurings that have taken place since 1990.
The 12 core values for employees of Credit Suisse
Group are meant to add to our corporate cohesion in
fast-changing times; they are a guide for identity, identi-
fication, focus and commitment; they should make cul-
tural compatibility and daily cooperation easier. Loyalty to
a simple set of values is the basis for much needed
flexibility and speed. This does not imply at all that these
principles are met around the world all the time. Common
principles are aims which need daily efforts to implement.
Thereby, leaders and managers, as catalysts, bear the
prime responsibility. People shape the culture.
Our observations and research in the financial
services industry have led to the additional 12 key
principles in risk management, which serve as our
general framework in risk management (see chart on
page 44). We have reviewed the principles again during
2001. To apply these principles consistently and global-
ly is our continuous objective. To comply with them fully
will never be possible at all times, but they are our aims.
While risk management will never be “finished” in a
complex and evolving financial environment, we aim to
institutionalize learning and stay at the cutting edge
of “best practice.”
The 12 key principles in risk management
Our principles have not changed, but as a “learning or-
ganization” in a dynamic environment, we are continuous-
ly adjusting the contents with new priorities or refine-
ments based on experience.
The issue is not the intellectual level of the 12 princi-
ples but rather their diligent implementation – which is
challenging in a diverse, global and changing world.
Thereby, no organization ever achieves ideal or perfect
positioning in every respect.
Executing the fundamentals
1. Risk is uncertainty about future results. The proper
climate as a challenge.
■ Risk taking = risk management.
■ Do not fear but respect risks.
Ensure the balance of gains versus losses.
■ “Informed and intelligent” risk-taking, including atten-
tion to proportionality, concentration and diversification
➞ active portfolio management.
■ Watch liquidity/flexibility aspects in turbulent times.
Watch harm by association.

42
■ Never forget “extreme event” risks. Deal with conse-
quences of unexpected cases.
■ Capital allocation based on Economic Risk Capital.
2. The 6 S’s for the systematic mental discipline of an or-
ganization: the logical sequence.
■ Strategy ➞ structure ➞ system/s ➞
simplicity ➞ safety ➞ speed.
3. Clear structure, allocation of responsibility and
accountability, and discipline are basic preconditions.
■ Prioritize disciplined processes and structures.
■ Transparency as to policies, directives, etc.
■ Clear and communicated responsibility and account-
ability. “Ownership” of issues and risks.
■ No conflicts of interest: i.e. front office versus support
areas – but “constructive tension” where appropriate.
4. Rigorous measures in case of non-compliance/
breaches.
■ Know the rules of the game: courage for unpleasant
measures with a “culture of consequences.”
■ It takes a lot of discipline, training and time to get
everyone worldwide on an adequate control/compli-
ance level.
■ Adequate compliance environment:
Responsibility lies not only with immediate heads
➞ leadership function of each management level.
Retaining the perspective
5. Completeness, integrity and relevance of data/
systems/information as a basis.
■ No diagnosis without information.
■ Know what you do not know.
■ What is measured, observed and recognized gets
attention.
■ Data characteristics are ideally:
Complete, objective, consistent, transparent, standard-
ized, comparable across the institution, interpretable,
auditable, replicable, embedded in aggregated
processes, and above all they are relevant and credible
as to facts and perceptions.
■ Credibly quantified and relevant risks represent an op-
portunity. If not credible, cynicism abounds.
■ Thoughtful self-challenge – especially rigorous audit
reports – can provide a formidable basis to avoid/limit
operational risks.
6. Risk management is a tenacious process not a program.
■ Prevention ahead of correction.
■ “Best practice” as goal. However, “best practice” must
be applied intelligently – no “fads.”
■ Ongoing questioning of strategy, structure, systems,
simplicity, safety, speed.
■ Risk and compliance awareness ideally with everyone.
■ Care about substance, not only legalistic form.
■ Focus on long-term initiatives versus short-term ones.
■ Emphasize furthering the risk culture, rather than
controlling the numbers.
■ Management of risks for own organization comes
ahead of risk management for supervisors/regulators.
7. Risk management is part art, part science.
■ Facts, perceptions, expectations – all are important.
■ Markets might promise but never guarantee anything.
■ Risk management is often the art of drawing sufficient
conclusions from insufficient premises.
■ Watch internal and external exuberance and paralysis:
counterbalancing is a management task.
■ To be right too soon is also wrong: timing is the issue.
■ Common sense for reality checks, especially for
models.
8. Limitation of models.
■ A model is always a strong reduction/approximation of
a more complex reality.
■ Models are as good as the underlying assumptions:
“garbage in – garbage out effect.”
■ Not all risks are relevant and/or quantifiable:
also here, use 20/80 approach.
■ “Reductio ad absurdum” may lead to a “model figure”
but is irrelevant in the overall context.
■ New external parameters and continuous restructur-
ings can make models questionable as there is no
reliable base material.
■ Comparisons of absolute model figures with those of
third parties are questionable:
The prime internal value added of a good model –
including the stress test – is its trend over time.
■ Theoretical rigidity may not prevail over practical rele-
vance and credibility.
■ Models are always only part of an overall risk manage-
ment approach and must include common sense.
9. Complex organizations, restructurings and projects
can add risks.
■ Complexity is the enemy of speed and responsiveness:
apply simplicity.
■ The more complex a risk type is, the more specialized,
concentrated and controlled its management must be.
www.credit-suisse.com 43
CREDIT SUISSE GROUP RISK MANAGEMENT

Focus on human aspect
10. A financial institution is a “knowledge and learning
organization.”
■ Faster race – higher bar: antennae out to receive and
implement internal and external input.
■ Data is ubiquitous and abounds:
Timely sorting and packaging in the proper context
creates relevant information and value added.
■ Everybody is a “knowbody.”
People with authority especially must be educators:
source, share, synthesize and save knowledge.
■ Specialists can “walk out” easily in good times.
■ Learn from mistakes and determine causality.
■ Self-management and leadership with regard to a
culture of open communication on “experience” and
knowhow are increasingly challenging:
Ban knowledge-hoarders and turn knowledge-givers
into heroes as part of evaluation/incentive process.
■ Continuous learning and training is a part of the
evaluation/incentive process.
■ Knowledge alone is not enough: it is its rigorous im-
plementation which leads to results.
11. Responsible control/compliance/risk culture
is as important as the most sophisticated
quantification.
■ Those values count which are enforced.
■ Lead by example – practice what you preach.
■ Combine overall judgement by experienced people
with specialist knowledge.
■ Mistakes or misjudgements are unavoidable:
The ways of correcting mistakes are part of the culture.
■ Risk culture on the whole is the final responsibility of
top management.
12. Human element is THE critical factor of success.
■ Professionalism includes: inquisitiveness, feel, intu-
ition and inspiration for risk and market direction.
■ Good mix of professional, open-minded and honest
people with formal training, professional and life ex-
perience, integrity and character.
■ Honesty includes intellectual honesty.
Cover-ups are lethal.
■ Successful risk management is primarily the result of the
capacity, aptitude and attitude of the people involved:
people shape the culture, reputation and brand equity.
Risk management framework
The Group has established a framework for comprehensive
and effective risk control. The chart below entitled “Risk
management framework” illustrates the three main ele-
ments of Credit Suisse Group’s framework. The underlying
external and internal factors shaping the risk disposition of
the firm are shown on the left of the graph. The risk man-
agement organization and risk culture are established on
the basis of the 12 core principles of good management
shown in the middle of the graph. Maintaining a firm-wide
risk management process providing effective control over
the eight major risks must be the ultimate goal.
Given its strategy, Credit Suisse Group differentiates
between eight priority risk categories as shown on the
right of the graph: market, credit, insurance underwriting,
business and some operational risks are already quantifi-
able or are increasingly becoming so (see pages 51–59).

Credit Suisse Group’s risk management framework

Scope and challenge of Effective risk management
Major factors shaping the risk
integrated firm-wide provides focus on and control
disposition of an organization
risk management over eight major risks

Values, society Building on the organization’s 12 S:

& politics · Strategy · Scrutiny
Inn

· Structure · Shared values

ovat

· System/s · Skills Strategy risk

ion

Fa cts
ion

Ex · Simplicity · Sustainability Reputation/brand risk

etit

s pe
on
& te
mp

· Safety · Synchronization
pti

cta

chn
Co

· Speed · Stakeholders
Perce

Market risk
tions

Action and
ol

Credit risk
o gy

reaction by Ensuring a risk culture with:

Insurance underwriting risk
management · Modern methods/limits
Pol

Business risk
Beha

· Proactive risk management

ce

and staff
icie

Operational risk
rien

· Constructive control attitude

s&

v io

nts
pe

· Continuous training
Ex
r

Cli e
reg

Know ge · Discipline as to corrective actions

l ed Liquidity risk
ulat

Appropriate risk culture is as important as

io
ns

Markets & economy modern risk management tools

44
Strategy risk deals with the existing basis of an institu-
tion and its options, based on a “what if” analysis.
Strategy is doing the right thing at the right time and
must be properly implemented. The implementation is an
issue for all other S’s of an organization, especially their
synchronization. Reputation/brand risk is the aggrega-
tion of the outcome of all risks plus other internal and
external factors based on facts, perceptions and expec-
tations. Reputation is the outcome of our actions and
how they are perceived by our stakeholders over an
extended period. The combination of reputation, trust and
brand contributes – especially for financial institutions –
to brand equity. Strategy and reputation/brand risks can
be assessed with methods like relative stock perfor-
mance, relative stock price over book value, relative
price/earnings ratio, return on equity, net increase in
number of clients or assets under management, attract-
ing and keeping good staff, and other benchmarks.
Risk culture
Risk management is a multifaceted process that extends
well beyond an organization’s formal risk management
structure, its standards, processes, methodologies and
tools. The mathematical/statistical quantification of risks
and consequent setting of appropriate, common sense
limits represents only part of the integrated holistic ap-
proach to risk management. While Credit Suisse Group
aims to stay at the forefront of any relevant, credible and
cost-effective quantification of risk, successful risk man-
agement is much more than producing a risk or model
amount. The development and maintenance of an appro-
priate risk, compliance and control culture is at least as
important as the most sophisticated quantitative risk
models.
A key factor in risk management is discipline, includ-
ing discipline as to compliance requirements. Credit
Suisse Group encourages a disciplined culture by pro-
moting integrity and high ethical standards, clear lines of
responsibility and accountability, segregation of duties,
appropriate supervision by senior management, and
strong control systems. The Group’s monitoring systems
are based on a comprehensive set of internal controls,
with activities such as approvals, authorizations, compli-
ance checks, and follow-ups on non-compliance clearly
defined at every level of business. Internal and external
auditors are recognized by the Boards as critically impor-
tant agents, providing an independent and continuous
check on how business is conducted.
If a financial services group is to achieve sustained
success, confidence and trust built over the years are
vital. An excellent reputation is hard to gain but easy to
lose. Knowledge, expertise, experience, integrity, intellec-
tual honesty and the daily conduct of each employee are
crucial elements that contribute to an institution’s reputa-
tion. Thus, management has to lead by example.
One of the strengths of Credit Suisse Group is the
competence and diverse skills of its staff. Despite global
diversity, our corporate culture and values have to be
based on common denominators and shared identifica-
tion. This led to the introduction of our internal Group-
wide Code of Conduct at the end of 1999.
Risk management governance
The decentralization and further realignment of Credit
Suisse Group into two distinct business units strengthens
transparency, discipline and accountability. This structure
allows the business units to be a leader in their respective
activities. Although the Group as a whole is large, the
new structure helps to make it less complex. The new
structure increases flexibility and the ability to focus and
react. Specialization and closeness to the market are
heightened, and duplication should be avoided.
More importantly – with respect to risk – the set-up
allows the Group to align risk types, focus on major risk
categories and concentrate on specific risks with the help
of tailor-made management tools. Group-wide risk man-
agement approaches are applied uniformly where appro-
priate and relevant. It is our ambition to establish the
global benchmark of a large, multifaceted financial
organization with regard to risk management structures,
processes and methods. This is not a program but an
ongoing process.
Group risk management governance
This aspect relates to four major legal entities within
Credit Suisse Group: legal entity Winterthur for the
insurance business, legal entity Credit Suisse for retail
banking and private banking, legal entity Credit Suisse
First Boston comprising investment banking and institu-
tional asset management, and legal entity Credit Suisse
Group as the holding company of the three aforemen-
tioned legal entities. The same members of the boards
of the three legal entities also serve as members of
the Board of Directors of Credit Suisse Group and its-
committees.
At Credit Suisse Group, the risk management gover-
nance structure begins with the Boards of Directors, in-
cluding their Audit Committees. Among other duties, they
are responsible for determining the general risk policy,
proper checks and balances, the strategic risk manage-
www.credit-suisse.com 45
CREDIT SUISSE GROUP RISK MANAGEMENT

ment organization and the Group’s overall appetite for
risk. They are also responsible for reviewing major risk
exposures on a regular basis.
The Audit Committees’ primary function is to assist
the Boards of Directors in fulfilling their oversight responsi-
bilities by monitoring management’s approach to ensuring
the adequacy of the financial reporting process and sys-
tems of internal controls, accounting, risk management,
and legal and regulatory compliance, as well as monitoring
the independence and performance of the external audi-
tors and the Group’s Internal Audit department. Additional
tasks include the review of the annual report, the annual
financial statements and proposed resolutions for the
Annual General Meeting for further presentation to the
Board of Directors; analysis of the effectiveness of the
audit function; review of relevant reports submitted to the
regulators, as well as keeping the Board of Directors in-
formed about such reports; review of Group Audit’s and
external auditors’ findings and the annual audit plans;
review of material legal and regulatory matters, as well as
any material breaches of rules and regulations and any
actions taken as a result of such breaches, with notifica-
tion to the Board of Directors of such matters in serious
cases.
The simplified organizational set-up is presented in
the chart below.

Credit Suisse Group risk management – general organization*

Credit Suisse Group

Internal/External Audit Audit Committee
Board of Directors

Group level Group Chief Executive Officer

Group Executive Board

Group Chief Risk Officer Group Chief Financial Officer

Group Risk Management Legal & Compliance

Group Executive Board Group Risk Processes &

Provisions Committee IT Executive Board
Risk Management Standards Committee
Committee

Main legal entities

Credit Suisse First

Winterthur Credit Suisse
Boston
Board of Directors Board of Directors
Audit Committee Audit Committee Board of Directors Audit Committee

Business unit Credit Suisse Financial Services Credit Suisse First Boston
level Executive Board Operating Committee

Chief Executive Chief Executive

Officer Officer

Risk Commmittees Investment Committees Risk Committees Investment Committees

Strategic Risk Officer Strategic Risk Officer

Chief Credit Officer Chief Credit Officer
Chief Credit Officer Chief Credit Officer
Risk Managers Risk Managers
Risk Managers Risk Managers

Legal & Compliance Legal & Compliance

* Valid from January 1, 2002

* The Boards of Directors and their committees of Credit Suisse Group, Credit Suisse, Credit Suisse First Boston and Winterthur are identical in terms of members.

46
The Group’s Executive Board Risk Management
Committee includes all Executive Board Members and is
chaired by the Group Chief Risk Officer (GCRO). It pre-
pares risk issues for approval by the Boards of Directors.
It reviews the Group’s exposure to different categories of
risk, assesses potential opportunities and risks, initiates
corrective actions to mitigate undesired risk exposures
and reviews the allocation of capital. The Group Risk
Processes & Standards Committee (GRIPS), chaired
by the GCRO, also meets four times a year to define the
overall Group risk and capital policies and to approve ma-
terial general instructions, processes, standards, methods
and tools concerning risk management at business unit
level, or to unify these where appropriate and relevant on
a Group-wide basis. The GCRO also chairs the quarterly
Provisions Meeting, where the status and development
of credit allowances at business unit level are discussed
and challenged. In addition, the GCRO is responsible for
the development, implementation, monitoring and manag-
ing of high-level risk limits and exposures, as well as for
risk strategy, standards, procedures and risk reporting.
Group Risk Management supports the GCRO in fostering
general risk awareness throughout the Group and in
harmonizing approaches to managing risk types across
business units. It also monitors the implementation of the
Group’s risk management strategy together with the risk
management units at the individual business units.
The daily risk management responsibilities at Group
or Corporate Center level are set up as a “risk arbiter
layer” of risk management and control between business
units, harmonizing relevant risk management issues. The
prime value added is the challenging of the business units
and the overall control and overview, while avoiding the
duplication of efforts. A similar function is assigned to
Legal & Compliance at Group level by coordinating com-
pliance issues with the business units and supporting the
application of Credit Suisse Group’s ambitious compliance
standards within the entire Group.
Credit Suisse Group’s Internal Audit department as-
sists the Boards of Directors, the Audit Committees and
senior management in fulfilling their responsibilities by
providing an objective and independent evaluation of the
effectiveness of risk management, controls and gover-
nance processes. An ongoing, systematic risk assess-
ment lies at the heart of its planning process. The use of
both static and dynamic planning tools – which are regu-
larly evaluated for suitability – helps to ensure that re-
sources are allocated efficiently, effectively and in line
with current risks. The aggregation of all risk assess-
ments across Credit Suisse Group serves as a basis for
operational planning and the allocation of audit resources
to the business units. The audit plan reflects such current
risk assessments and may be modified during the year
based on a continuous monitoring of both internal and ex-
ternal factors, to ensure the proper prioritization of audit
efforts in a dynamic environment. The audit work plan is
prepared in consultation with the external auditors in order
to avoid duplication of efforts and to ensure compliance
with regulatory requirements. The Internal Audit depart-
ment reports directly to the Chairman of Credit Suisse
Group. Its staff consists of 320 professionals worldwide.
Moreover, unsatisfactory audit reports are followed up by
the GCRO and have increasingly become a subject of
compensation discussions.
Business unit risk management governance
While the business units are exposed to all risk types in
one way or another, their relative significance varies
substantially by design. Trading book market risks are
concentrated at Credit Suisse First Boston, while credit
and liquidity risks are most important at Credit Suisse
Banking and at Credit Suisse First Boston. Insurance
underwriting risks are found exclusively at Winterthur,
while commission income risks dominate at Credit Suisse
Private Banking and Credit Suisse Asset Management.
All business units are exposed to operational, reputa-
tion/brand and strategy risks.
The strategies of each business unit and of the Group
are discussed at the highest levels at least once a year.
The business units of Credit Suisse Group are – by de-
sign – substantially autonomous, and are thus responsi-
ble for the implementation of their own risk management.
To exercise this authority responsibly, each of the busi-
ness units has its own consistent risk management
framework that is subject to regular checks and chal-
lenges by Group management.
Each business unit has its own specialized risk man-
agement structure and systems in place – including risk
committees, appropriate tools, systems, procedures and
controls – specially tailored to cope with the risks taken in
its particular line of business. At every level of the risk
management process – especially with regard to market
and credit risk – measurement and monitoring functions
are independent of the respective front office being
monitored.
At Credit Suisse Group, risk management structures
and systems, as well as policies and techniques, are sub-
ject to constant reassessment and improvement to en-
sure that implicit risks in the evolving financial markets
are captured and appropriately managed.
www.credit-suisse.com 47
CREDIT SUISSE GROUP RISK MANAGEMENT
Economic Risk Capital (ERC)
Motivated by the greater scope and complexity of
business activities at many banking organizations,
management, shareholders and regulators have placed
increasing emphasis on financial firms’ risk evaluation
capabilities and their ability to ensure that capital, liquidity
and other financial resources are adequate given the or-
ganizations’ overall risk profile. While specific risk meas-
ures such as Value-at-Risk or potential credit exposure
provide valuable information on aspects of a firm’s risk
profile, they do not lend themselves easily to a compre-
hensive and integrated view of an organization’s overall
risk profile. In order to accommodate the increased need
for a comprehensive and consistent risk measure across
different businesses, financial institutions have therefore
begun to complement their specific risk measurement
tools with a measure that allows for an integrated, con-
sistent and comprehensive view of a firm’s risk profile:
Economic Capital, which is usually defined as an esti-
mate of the unexpected level of loss in economic value
over a certain period (one year), that is exceeded with
only a small probability (e.g. 1%).
Credit Suisse Group and its business units have es-
tablished an economic capital model for the above-men-
tioned reasons. Specifically, the Group and its business
units have established Economic Risk Capital as:
■ A consistent and comprehensive risk management
tool;
■ An important element in the capital management and
planning process;
■ An important element in the performance measure-
ment process.
Following endorsement by the Boards of Directors, ERC
is being integrated into the standard management
processes at Credit Suisse Group and its business units.
Representing the common standard for assessing risk,
ERC considerably strengthens the Group’s ability to man-
age its risk profile on a consolidated basis and to assess
the Group’s risk-bearing capacity in relation to its finan-
cial resources. By providing a common language and ter-
minology for risk across the Group, the ERC effort has
also created considerable side benefits in terms of in-
creased risk transparency and knowhow sharing across
the Group. As with other risk measures, the primary
merit of ERC lies in its ability to provide meaningful sig-
nals regarding risk trends over time. In contrast, com-
parisons with other firms’ Economic Risk Capital esti-
mates are not meaningful, as there is substantial
48
variation across institutions in terms of the definition of
economic capital, model coverage, assumptions, data se-
ries and implementation specifics.
Concept
Credit Suisse Group’s economic capital model is de-
signed to measure all quantifiable risks associated with
the Group’s activities on a consistent and comprehensive
basis. It is based on the following general definition:
Economic Risk Capital (ERC) is the capital needed
to remain solvent and in business even under extreme
conditions, given a certain solvency standard.
Depending on the underlying source of risk, Credit
Suisse Group distinguishes between three fundamental
risk categories:
■ Position risk ERC – defined as the level of unexpected
loss in economic value on the Group’s portfolio of po-
sitions over a one-year horizon, that is exceeded with a
given, small probability (1% for daily risk management
purposes; 0.03% for capital management purposes);
■ Business risk ERC – defined as the difference
between expenses and revenues in a severe market
event, exclusive of the elements captured by position
risk ERC and operational risk ERC;
■ Operational risk ERC – defined as the estimated
worst-case loss due to operational risk events.
Position risk ERC: This includes all risks associated
with the Group’s positions, regardless of whether or not
those translate into balance sheet exposures. The term
position risk is not confined to the positions typically held
by banks, but also includes the risks associated with the
Group’s private equity and strategic investments, as well
as the risks incurred by the insurance underwriting and
asset management activities undertaken by the
Winterthur entities. In order to represent a comprehen-
sive risk measure, ERC aims to reflect the underlying
sources of risk in an integrated way. ERC therefore not
only treats all financial positions on a consistent econo-
mic basis, ignoring potential differences along other
dimensions (e.g. in terms of their accounting treatment),
it also does not distinguish between market and credit
risks in the conventional way. Instead, the associated
risks are treated on an integrated basis according to the
underlying source of risk (e.g. while the foreign ex-
change risk associated with a rouble FX position is typi-
cally treated as a market risk, it is considered an
emerging market risk in the ERC model because the
underlying source of risk is an emerging market country
risk). Hence, ERC reflects the Group’s risk universe in a
way that allows for an integrated measure based on the
underlying source of risk, while maintaining sufficient
granularity to take account of the different modeling
approaches needed to capture the subtleties of the
different businesses or risks.
While position risks constitute the most direct and
important source of risks for the Group, ERC also takes
account of more indirect risks to the Group’s financial
resources. Although those risks may not easily lend
themselves to quantification (operational risk) or give rise
to challenging conceptual issues (business risk), they can
have a substantial impact on the Group and therefore
need to be identified, addressed and reflected in the as-
sessment of the Group’s solvency.
Business risk ERC: It is now widely accepted that
any sensible economic capital model must take account
of the fact that financial organizations do not simply rep-
resent warehouses of financial assets but also act as
originators and distributors of financial services. Origina-
tion, asset management and advisory services have be-
come important sources of firm-wide income. They have
also become important sources of firm-wide risks.
Although there is widespread recognition that the risk
and return characteristics of non-warehouse businesses
have profound implications for the need for economic
capital and the capacity to bear risks, no industry con-
sensus has emerged as to how exactly to alter the asset-
based economic capital calculations (e.g. based on
Value-at-Risk type calculations) to reflect the non-ware-
house businesses. Given the lack of consensus regarding
the economic capital needs related to business risk,
Credit Suisse Group has adopted a pragmatic and pru-
dent approach. Specifically, the Group’s business risk
ERC numbers are designed to measure the potential
shortfall in revenues relative to the expenses base in a
crisis situation, using conservative assumptions regarding
the earnings capacity and the ability to reduce the cost
base in a crisis situation.
Operational risk ERC: While Credit Suisse Group is
strongly convinced that capital charges – be they external
or internal – do not represent an effective substitute for
adequate management processes, the ability to absorb
operational risk-related losses must be reflected in the
ERC framework. Due to the limitations of current model-
ing techniques for operational risks in the market (espe-

Current state Set of stress events Results Model representation

Balance sheet 1)

Liabilities

Erosion of market
Assets

Position risk ERC

values of assets
Significant financial crisis (at appropriate
and liabilities in an
confidence level)
ERC event
Equity
+
Estimated difference
Expenses and

Costs

Revenues
revenues

between expenses
Impact on non position-related Business risk ERC
and revenues in an ERC
expenses and on revenues 2) (can be positive
event (difference
(over one-year horizon) or negative)
can be positive or
P/L negative)
+
Estimate worst-case loss
Operations

Operations

due to operational risk

Operational
Operational risk event event (based on
risk ERC
industry-wide historical
experience)

=
1)
Including off-balance sheet item positions. Total ERC
2)
Includes impact of a significant financial crisis on revenue sources net of crisis level expenses.

www.credit-suisse.com 49
CREDIT SUISSE GROUP RISK MANAGEMENT
cially with respect to the so-called “low frequency – high
impact” operational risks that are relevant from a capital
perspective), the ERC estimates for operational risks are
primarily intended to integrate operational risks into the
overall risk capital process and to provide an adequate
capital reserve for those risks. Given the rudimentary
stage of operational risk modeling, the operational risk
ERC numbers were derived using quantitative approach-
es (estimations using industry loss data and scenario
analysis) complemented by reviews by senior manage-
ment to reflect the context-specific nature of operational
risk and to ensure the integration of qualitative aspects
deriving from business experience.
The exhibit on page 49 summarizes the main building
blocks of the Group’s ERC framework.
Applications
The ERC model has a variety of applications, the most
important being risk management, capital management
and performance measurement. The objective is to use
ERC as a tool that allows for more efficient usage of the
Group’s risk-taking capacity, to the benefit of sharehold-
ers and other stakeholders.
Key risk trends 2001 versus 2000
Risk category Change 2001 1)
2)
Position risk ERC
Foreign exchange ERC 2)
Fixed income, ALM and traded credit ERC
Equity markets ERC
Lending and counterparty exposures ERC
Emerging markets ERC
Real estate ERC
Insurance underwriting ERC
Business risk ERC
Operational risk ERC
2) 3)
Total ERC
1)
Changes are partly driven by the change in USD/CHF exchange rate. / 2) Including foreign exchange translation risk (defined as the potential reduction in income or
equity associated with the consolidation of foreign entities with different functional currencies in case of an adverse move in foreign exchange rates). / 3) Diversified sum
of position risk ERC, business risk ERC and operational risk ERC.
50
ERC is already being used extensively in the risk man-
agement area:
■ To assess, monitor and limit risk exposures;
■ To guide and prioritize risk management actions.
ERC is also being used as a reference point for the
structured assessment of the Group’s risk-bearing
capacity in relation to its financial resources, rec-
ognizing that a comprehensive analysis must also take
into account factors that are outside the scope of
the ERC framework (e.g. the strategy and economic
and competitive environment, as well as external con-
straints such as those imposed by regulators or rating
agencies).
Credit Suisse Group is in the process of further capi-
talizing on the benefits offered by ERC by extending the
usage of ERC as the common risk denominator (e.g. by
using it as a comprehensive limit-setting tool) and by us-
ing ERC as an important input into the capital manage-
ment and performance measurement processes, thus
linking risk management to the Group’s shareholder
value strategy.
Brief comment
(11.6% ) Driven by a substantial reduction in equity exposures
(28.0% ) Due to lower foreign exchange risk profiles at the Winterthur entities and lower
foreign exchange translation risks.
(34.1% ) Lower Asset and Liability Management (ALM) risk profiles at Credit Suisse Banking
and the Winterthur entities, partly offset by impact of a larger securitization platform.
(18.9% ) Substantially reduced equity exposures at the Winterthur entities.
4.1% Impact of a more difficult international credit environment (e.g. downgrades) partly
offset by risk reductions at Credit Suisse Banking as a consequence of continued
write-offs of legacy exposures.
(3.7% ) Reductions performed in 1999 and 2000 locked in.
(5.2% ) Ongoing reductions in Credit Suisse First Boston’s commercial real estate portfolio,
partly offset by impact of a larger securitization platform.
4.3% Increase in business volume, partly offset by sale of Winterthur International.
(81.3% ) Substantial reduction due to cost-cutting efforts across Credit Suisse
Group, partly offset by impact of more difficult market environment.
1.5% No material change since Donaldson, Lufkin & Jenrette integration.
(16.5% ) Substantial reduction in overall risk profile as a consequence of reduced
position risks and lower business risk.
Key risk trends 2001
The table on page 50 summarizes the evolution of the
Group’s risk profile over the course of the year 2001,
using ERC as the common risk denominator.
Market risk – overview
The term market risk refers to the risk of potential loss
arising from adverse effects on interest rates, foreign
currency exchange rates, equity prices, and other rele-
vant market rates and prices, such as commodity prices
and volatilities. A typical transaction may be exposed to a
number of different market risks. Credit Suisse Group
defines its market risk as potential changes of fair values
of financial instruments in response to market move-
ments.
At Credit Suisse Group, the consolidated primary
market risk exposures in the trading portfolios at year-
end 2001 were interest rates, equity prices and foreign
exchange rates. Exposure to the Swiss franc exchange
rate of the US dollar and the euro as well as to equity
price levels in Western Europe and North America consti-
tuted major elements of Credit Suisse Group’s market
risks embedded in the non-trading portfolios or banking
books.
The most important tools used to measure and man-
age market risk exposures include the following:
■ The Value-at-Risk (VaR) method to estimate the po-
tential loss arising from a given portfolio for a predeter-
mined probability and holding period, using market
movements based on historical data.
■ Scenario analysis to estimate the potential immediate
loss after extreme changes in market parameters.
These changes are modeled on past extreme events
and hypothetical scenarios.
■ Other models measure interest rate sensitivity risk,
default risk and Economic Risk Capital for certain comp-
lex activities. Regular assessments of mark-to-market
revaluations of all balance sheet positions and interest
rate rotation scenarios are the basis for these analyses.
The major modeling techniques are described in more
detail on page 62.
Market risk exposures of Credit Suisse Group business
units and the corporate center – trading portfolios
The distribution of trading portfolio-related market risks
reflects the distribution of activities between the different
business units. Trading activities and the associated mar-
ket risks are focused primarily within Credit Suisse First
Boston. Credit Suisse Private Banking and Credit Suisse
Banking also conduct trading activities – albeit on a much
smaller scale – primarily driven by the need to offer a
complete product mix to their clients. Credit Suisse Asset
Management and Winterthur – comprising Winterthur
Insurance and Winterthur Life & Pensions – do not en-
gage in trading activities.
At Credit Suisse First Boston, market risk exposures in
trading and non-trading portfolios are broadly diversified
as it is active in most of the principal traded markets of the
world. It uses almost all common trading and hedging
products, including derivatives such as swaps, futures,
options, cash instruments and structured products (cus-
tomized transactions using combinations of derivatives and
executed to meet specific client or proprietary needs). With
such a broad spread of products and markets, Credit
Suisse First Boston’s trading strategies are diverse and
variable, and exposures at any given time will generally be
spread across a wide range of risk factors and locations.
The businesses with trading book activity perform a
daily VaR calculation to assess market risk. The calcula-
tions are based on a ten-day holding period with a
99 percent confidence level and risk movements that
are generally determined by two years of historical data.
For many purposes, such as backtesting, the resulting
VaR figures are usually scaled down and presented as
one-day holding period values, including those provided
in this disclosure.
The estimates provided below are shown in Swiss
francs, the base currency in the VaR calculations of
two of the three business units using VaR; Credit Suisse
First Boston manages market risk utilizing VaR calculated
on the US dollar as the base currency. In the table, the
Market risk exposures in trading portfolios:
Credit Suisse Group
99%, one-day VaR; in CHF m
Market risk
Exposure type 31.12.01 31.12.00
Interest rate 58.4 60.1
Foreign exchange 18.0 11.2
Equity 46.7 50.9
Commodity 4.1 2.6
Subtotal 127.2 124.8
Diversification benefit 55.4 56.1
Total 71.8 68.7
www.credit-suisse.com 51
CREDIT SUISSE GROUP RISK MANAGEMENT
spot exchange rates of December 31, 2001, and
December 31, 2000, were applied. The table provides
an overview of the VaR estimates in the material trading
portfolios as of December 31, 2001, and December 31,
2000. The VaR calculation for the Group as a whole was
further improved during 2001. The amounts provided
represent an overall VaR estimation of the Group, taking
all the trading portfolios of the business units and – as a
result – the overall diversification benefits between busi-
ness units into consideration. Last year’s simple arith-
metic sum approach, which implied overstatements by
the prior aggregation method, was adjusted accordingly.
Credit Suisse Group uses backtesting to assess the
accuracy of the VaR model. Backtesting – the compari-
son of daily revenue fluctuations with the daily VaR
estimate – is the primary method used to test the accu-
racy of a VaR model. Backtesting is performed at various
levels, from business unit level down to more specific
trading areas.
The one-day 99% VaR at Credit Suisse First Boston
at year-end 2001 was USD 42.7 million, compared
with USD 84.1 million at year-end 2000. The VaR
decrease was in large part due to the implementation
of an enhanced methodology within the Fixed Income
division.
The backtesting chart of Credit Suisse First Boston
shows the component of trading revenue due purely to
overnight price movements and excluding fee and com-
mission income. This calculation is better suited for the
evaluation of a VaR model and the most appropriate to
Adjusted trading revenue and VaR estimate for Credit Suisse First Boston
in USD m
100
50
–50
–100
–150
1Q2001 2Q2001 3Q2001
Daily revenue
One-day VaR (99%)
52
compare with VaR for backtesting purposes. As illustrat-
ed in the backtesting chart, Credit Suisse First Boston
had two regulatory backtesting exceptions in the fourth
quarter of 2001. On average, a backtesting model re-
turns two or three exceptions per annum.
The VaR methodology is most useful for day-to-day
risk monitoring of trading books in the context of “normal”
markets. Scenario analysis is important to help under-
stand risks during periods of severe disruption. Credit
Suisse Group performs scenario testing to ensure that –
even in good environments – its exposure to particular
events remains well controlled.
Non-trading portfolios
All Credit Suisse Group entities manage the market risks
in their non-trading portfolios – also known as “banking
books” or “other than trading portfolios” – through proce-
dures and tools such as risk limits, independent monitor-
ing of risk from risk-taking functions, and limiting excess
resolution steps.
In 2001, Credit Suisse Group expanded its use of
VaR modeling also for the non-trading portfolios. As part
of the extension of the use of Credit Suisse Group’s VaR
model, the VaR figures for all exposure types have been
recalculated for December 31, 2000. The prior monitor-
ing of market risks associated with banking books
through sensitivity analyses was replaced by VaR to har-
monize the risk management instruments among the
different portfolio types and among the Group as a whole
in order to have one common denominator.
4Q2001
The non-trading portfolios comprise all non-trading books Credit risk – overview
of the banking units – including private equity invest- Credit risk is the risk that a borrower (or counterparty)
ments – and the financial investments of the insurance is unable to meet its financial obligations. In the event
business. In the non-trading portfolios, the major ele- of a default, a bank generally incurs a loss equal to
ments of market risk during 2001 were exposures to the amount owed by the debtor, less a recovery amount
changes in the Swiss franc to US dollar and euro ex- resulting from foreclosure, liquidation of collateral or
change rates, as well as equity instrument price levels in the restructuring of the company. The majority of Credit
Western Europe and North America. The following table Suisse Group’s credit risk is concentrated in Credit
summarizes the market risk exposures in non-trading Suisse Banking and Credit Suisse First Boston. The
portfolios as of December 31, 2001, and December 31, credit risks taken on by Credit Suisse Private Banking
2000. are mostly collateralized and primarily have an opera-
Credit Suisse Group’s business includes a substantial tional risk nature. Credit exposures exist within lending
volume of non-trading related banking activity both in products, commitments and letters of credit, as well
providing products and services to its clients and in pro- as counterparty risk from derivatives, foreign exchange
prietary investments. These activities include equity in- and other transactions. Winterthur’s insurance assets
strument participations, investments in bonds and other are not a subject of discussion in this credit risk con-
money market instruments, lending money and securi- text.
ties, and deposit-taking. The instruments used for bal- Credit Suisse Group’s credit risk management
framework comprises seven core components: (i) an
individual counterparty limit system, (ii) country and
Market risk exposures in non-trading portfolios: regional concentration limits, (iii) a credit risk provisioning
Credit Suisse Group methodology, (iv) a pricing methodology, (v) an individual
counterparty and country rating system, (vi) a transaction
99%, 10 days VaR; in CHF m rating system and (vii) active credit portfolio management
by trading assets and primarily buying credit protection.
Market risk The credit risk management framework is refined con-
Exposure type 31.12.01 31.12.00 stantly and simultaneously and covers all business areas
Interest rates 530.4 789.3 exposed to credit risk.
Foreign exchange 561.2 916.2 Credit Suisse Group’s credit risk management frame-
Equity 2,675.7 1,983.1 work allows a more accurate pricing of transactions
Commodity 8.1 0.0 involving credit risk by performing a risk/return calcula-
Subtotal 3,775.4 3,688.6 tion. The current implementation of the credit risk
management framework covers virtually all of Credit
Diversification benefit 1,444.2 926.4
Suisse Banking, Credit Suisse Private Banking and
Total 2,331.2 2,762.2
Credit Suisse Asset Management, as well as the vast
majority of Credit Suisse First Boston’s credit-related
exposures. The remaining portion of Credit Suisse First
ance sheet management include derivative instruments Boston’s credit-related exposures is better covered
such as swaps, interest rate swaps, forward rate agree- by either VaR methodology – such as mark-to-market
ments and options. valued mortgage portfolios, the majority of which is
The financial investments from the insurance busi- earmarked for securitization – or by applying credit risk
ness are held to ensure coverage for future obligations adjustments.
arising from policies. The quality of these assets is gen- The business units of Credit Suisse Group manage
erally high – holdings are primarily bonds with AA ratings credit risks through a credit request and approval
and higher, with an A rating being the minimum require- process, ongoing credit and counterparty monitoring and
ment for new additions to the portfolio. Notes 22 and 23 a credit quality review process. Thereby, Credit Suisse
“Financial investments from the banking and insurance First Boston employs a state-of-the-art global counter-
business” of the consolidated financial statements on party risk management system – Insight – monitoring dai-
pages 98 and 99 provide an overview of the book and ly the potential exposure for over 45,000 counterparties
market values of these assets. worldwide.

www.credit-suisse.com 53
CREDIT SUISSE GROUP RISK MANAGEMENT

Credit requests are prepared by experienced credit
officers, based on the analysis and evaluation of debtor
creditworthiness and type of credit transaction. Credit
committees and senior credit managers take credit deci-
sions on a transaction-by-transaction basis appropriate to
the amount and complexity of the transactions as well as
to overall exposures to counterparties and their related
entities. These authority levels are set out within the gov-
erning principles of the legal entities. Transactions and
exposures of a high level or of a significant and unusual
nature are discussed with and/or ratified/approved by
the GCRO.
The credit review process is designed to result in ear-
ly identification of possible changes in the creditworthi-
ness of our clients. These procedures include regular as-
set and collateral quality reviews, business and financial
statement analysis of individual clients and economic and
industry studies. Other key factors considered include
business and economic conditions, our historical experi-
ence, regulatory requirements, and concentration of
credit volume by industry, country, product and counter-
party rating. The process results in a quarterly determina-
tion of the appropriateness of our allowances for credit
losses and leads to the decision as to whether allow-
ances should be released or increased. The credit com-
mittees of the business units and the Group are respon-
sible for such decisions.
Another tool especially in use at Credit Suisse First
Boston comprises regularly updated watch-lists for the
identification of counterparties where changes in credit-
worthiness could occur due to events such as announced
mergers, earnings weakness, lawsuits, etc. Possible
recovery measures are evaluated even before potential
credit losses might be incurred. In addition, Credit Suisse
Group and its business units regularly analyze their indus-
try diversification and concentration in selected seg-
ments. Credit protection such as credit derivatives is in-
creasingly used.
Loans and loan equivalent portfolio – counterparty
exposure
Credit Suisse Group defines counterparty exposure as all
positions, exposures and facilities that potentially gener-
ate a credit risk for the Group. This includes loans and
loan equivalents representing drawn exposures as well as
committed but undrawn facilities. It also includes market-
driven exposures: off-balance sheet transactions such as
derivatives and foreign exchange transactions, and also
letters of credit and guarantees. All these instruments are
converted using internal loan equivalent factors, which
are related to regulatory risk-weightings. This approach
represents a more comprehensive definition of counter-
party exposure, especially in comparison with other finan-
cial institutions that often emphasize lending exposure
only. The total gross counterparty exposure amounts to
CHF 400 billion as of December 31, 2001 (December 31,
2000: CHF 405 billion).
A counterparty credit risk class system has been im-
plemented by Credit Suisse Group to define a framework
that supports consistent credit risk analysis (statistical
and otherwise), credit risk monitoring, risk-adjusted per-
formance measurement, economic capital/usage alloca-
tion, and certain financial accounting purposes. The es-
tablishment of a credit risk rating for each counterparty
is the first step in evaluating the possible risk from credit
losses. The counterparty credit rating is used – in combi-
nation with credit (or credit equivalent) exposures and re-
covery rates – to quantify potential credit losses. Each
counterparty that generates potential or actual credit risk
exposure for Credit Suisse Group is rated and assigned a
risk class. For those counterparties identified as having at
least one impaired transaction, the counterparty is rated
as either (i) a potential problem counterparty, (ii) a non-
performing counterparty, or (iii) a non-interest earning
counterparty.
In order to provide more detailed information on the
counterparty credit risk exposure to stakeholders and

Credit Credit Credit

Suisse Suisse Suisse Credit
Financial Private First Suisse
Counterparty credit risk Services Banking Boston Group
Exposure by type in CHF m 31.12.01 31.12.01 31.12.01 31.12.01

of which:
Lending 103,188 38,968 46,108 188,264
Committed, but unused 12,081 0 101,719 113,800
Contingent exposure 12,734 2,904 9,883 25,521
Counterparty trading exposure 156 822 71,808 72,786
Total counterparty credit risk exposure 128,159 42,694 229,518 400,371

54
shareholders, Credit Suisse Group has begun tracking its
credit risk exposure according to four basic exposure
types, which are also comparable to some extent to
those reported by other institutions.
The breakdown on page 54 includes the following
components: the lending exposure summarizes the funded
on-balance sheet exposures such as loans and term-loans;
committed, but unused facilities relate to limits unused by
the counterparties; the contingent exposure includes let-
ters of credit, guarantees, performance and bid bonds
which are committed to the clients and are off-balance
sheet exposures; the counterparty trading exposure relates
to lending facilities, mark-to-market valued derivatives, for-
wards, secured lending and borrowing, and repos expo-
sures of all sorts of financial institutions as counterparties.
The following tables show the breakdown of Credit
Suisse Group’s counterparty exposure by internal coun-
terparty rating classes and major industry segments.
The graph on the right provides an overview on the expo-
sure breakdown by counterparty rating on the one hand
and transaction ratings on the other hand. Unlike coun-
terparty ratings, which reflect the default probability of a
counterparty, transaction ratings reflect credit risk in
a more comprehensive way by also taking into account
the likely loss in the case of a default considering the
arrangement and structure of the credit transaction. As
indicated by the substantially strengthened risk profile
under the transaction rating view compared to the coun-
terparty rating view, Credit Suisse Group extensively
uses credit mitigants such as collateral, guarantees and
other structural enhancements to actively reduce credit
risks.
Credit Suisse First Boston has become much more
active in the portfolio management of its credit-related
assets. This includes credit protection, which is bought
when positions seem to be disproportional considering the
risk appetite of the institution. The approach functioned
and served well during 2001 to reduce potential losses.

Credit Suisse Group banking Credit Suisse Group banking Credit Suisse Group banking
units counterparty exposure units counterparty exposure by units counterparty rating versus
by rating industry transaction rating
Gross total of CHF 400 bn, as of end-2001 Gross total of CHF 400 bn, as of end-2001 Gross total of CHF 400 bn, as of end-2001

160 160 160

Investment Investment
grade 80% Non investment grade 20% grade 80% Non investment grade 20%
140 140 140

120 120 120

100 100 100

80 80 80

60 60 60

40 40 40

20 20 20

0 0 0
R1 R2 R3 R4 not R5 R6 R7 R8* Pro- AAA AA A BBB BB B CCC/ C/ not
AAA AA A BBB rat- BB B CCC/ <C vi- Banks and brokers/financial services CC D rated
ed CC sions
Individual clients Counterparty rating, weighted average: BBB
Internal ratings R1– R8 are approximately Real estate/construction Transaction rating, weighted average: A
equivalent to the respective external ratings. Electricity
Telecom
* Potential problem and non-performing loans, Public & defence
including accrued interest. Retail trade
Wholesale trade
Oil & gas
Electronic equipment
Others

www.credit-suisse.com 55
CREDIT SUISSE GROUP RISK MANAGEMENT

Credit Suisse Group banking units top 20 counterparty exposures: average ratings

CHF m, as of end-2001,
covering some 15% of banking units’ counterparty exposure Average amount Range amount Weighted rating*

Financial service institutions 1,800 1,000–4,800 AA

Corporates/industrials 850 500–2,000 A
Non-investment grade,
performing – not provisioned 270 170–530 BB-

* Weighting: AAA = 1, AA+ = 2, AA = 3, etc., D= 20

The maturity structure follows on page 106, note 38 of
the consolidated financial statements, which shows that
89% of total current assets are due within 12 months
while only 3% are due after five years or show no maturi-
ty. In addition, approximately 60% of the total counter-
party exposure is collateralized by a variety of collateral
types, including pledged deposits and securities port-
folios, mortgages, standby letters of credit and guaran-
tees.
against country limits. RMM and CRM provide indepen-
dent supervision to ensure that the divisions operate
within their limits. CRM, in conjunction with the GCRO,
also assumes responsibility for actively managing these
limits to reflect changing credit fundamentals.
The table below shows the Group’s outstanding
cross-border exposure to emerging market regions.

Country risk
Country risk is the risk of a substantial, systemic loss of Credit Suisse Group banking
value in the financial assets in a country which may be units’ exposure to selected
caused by the inability or unwillingness of a sovereign to emerging markets by region
meet contractual obligations and/or the imposition of and largest individual country
controls on capital flows. Given the international charac- exposure of region
CHF bn as of end-2001, net exposure
ter of their activities, all business units of Credit Suisse
8
Group are exposed to country risk, although the largest
portion by far is held at Credit Suisse First Boston.
7
Country ratings and country limits are the two pri-
mary instruments used by the Group to manage country 6
risk. Country ratings provide an assessment of the risk of
sovereign default. The independent credit risk manage- 5
ment department (CRM) of Credit Suisse First Boston –
in cooperation with Economic Research and the GCRO – 4

periodically updates these rating assessments. Country

3
limits cap Credit Suisse Group’s exposure to individual
countries. They are supplemented by regional limits, 2
which restrict the maximum exposure to a specific region
in order to limit the impact of contagion. Regional limits 1
are lower than the numerical addition of all the country
limits of the respective regions. The Board of Directors 0
Africa/ Asia/ Latin Eastern
approves country, regional and global limits. Within Credit South
Africa
South
Korea
America/
Brazil
Europe/
Russia
Suisse First Boston, the Credit Policy and Capital
Allocation and Risk Management Committee – in cooper- Region.
ation with the GCRO – periodically reviews these limits. Largest country exposure of region.
Exposure of insurance business below
In addition, its independent Risk Measurement and CHF 300 m.
Management department (RMM) assesses exposures

56
A gross counterparty exposure by country rating category
(excluding exposures to supranationals and diversified
portfolios without defined country risk assignment) shows
that approximately 83% are with internally N1-rated
countries (equivalent to AAA) and 11% with N2-rated
countries (equivalent to AA and A) respectively, leaving a
balance of only 6% to lower-rated countries.
Loan loss experience
An allowance for losses for banking operations is
maintained at a level considered adequate to absorb
losses arising from the existing portfolios of loans and
loan equivalents. The allowance for such losses is
made in accordance with Swiss banking laws. Each
business unit creates provisions for bad and doubtful
counterparty exposures, based on Credit Suisse Group
guidelines. The allowances are reviewed on a quarterly
basis by senior management.
In determining the amounts of the allowances, loans
and loan equivalents are assessed on a case-by-case ba-
sis, taking the following factors into consideration:
■ The financial standing of the customer, including a
realistic assessment – based on financial and business
information – of the likelihood of repayment of the loan
within an acceptable period of time;
■ The extent of Credit Suisse Group’s other commit-
ments to the same customer;
■ The fair value of any security for the loans;
■ The recovery rate;
■ The costs associated with obtaining repayment and re-
alization of any such security.
The overall credit quality of the Group has softened mod-
estly as a result of the volatile and fragile economic envi-
ronment. The mix of impaired assets has shifted, with
retail banking accounting for fewer impaired assets and
investment banking contributing more. Vulnerable sectors
continue to be tracked closely, with active management
leading to the addition of collateral, purchase of credit
protection and tightening of maturities where justified.
Driven by the Group’s selectivity regarding counter-
parties, the overall asset quality of Credit Suisse Group
remains solid – with approximately 80% of exposures
rated “investment grade” or equivalent and with a largest
exposure of some CHF 530 million to a single non-in-
vestment grade rated counterparty (BB+). Concentration
risks are strictly limited. For instance, exposures to the
telecom sector amounted to 2.6% of total credit expo-
sures at year-end 2001.
Insurance risk
Protecting Winterthur Insurance and Winterthur Life &
Pensions from undue risk accumulation is a core risk
management activity. In order to understand the risk uni-
verse of an insurance company, the flow of business and
the accompanying flow of risks are analyzed.
Premiums earned by selling insurance policies are in-
vested to cover claims occurring at a future date – some-
times many years later. Therefore, the company has to
manage and limit insurance risk – through reinsurance
contracts, financial market risks (see market risk section)
associated with its assets and liabilities (reserves), and
risks associated with its assets and reinsurance con-
tracts. Winterthur does not reinsure third parties.

Credit Credit Credit

Asset quality and provision development Suisse Suisse Suisse Credit
Financial Private First Suisse
Services Banking Boston Group
in CHF m 31.12.01 31.12.01 31.12.01 31.12.01

Non-performing counterparty exposures (NPCE) 1) 5,802 116 3,748 9,666

Capital provisions against NPCE 2) 3,449 74 2,205 5,728
Counterparty exposure 1) 128,159 42,694 229,518 400,371
Coverage ratio of NPCE
31.12.2001 59% 64% 59% 59%
31.12.2000 62% 54% 67% 63%
NPCE as percentage of counterparty
exposure of business units
31.12.2001 4.5% 0.2% 1.6% 2.4%
31.12.2000 6.5% 0.3% 0.6% 2.4%

1)
Includes loans and loan equivalents. / 2) Excludes total interest of CHF 1,385 m (fully provided).

www.credit-suisse.com 57
CREDIT SUISSE GROUP RISK MANAGEMENT
The two Winterthur business units follow stringent guide-
lines, especially with a view to assuming insurance risk, the
selection of risks and the sums insured. Winterthur oper-
ates two main insurance businesses, non-life and life, and
faces several risk types stemming from its underwriting
activity. Indemnifications from insurance coverage relating
to the terrorist attack in New York on September 11,
2001, amounted to below CHF 100 million.
Non-life
In non-life business, insurance risk relates to claims that
might be more frequent or larger than forecast, and/or
might have to be paid earlier than expected (expected
pay-outs are priced into the premiums paid). Better-diver-
sified insurance portfolios tend to imply smaller differ-
ences between expected and actual claims. Winterthur
therefore holds a well-diversified insurance portfolio, in
terms of both geographical diversification and industry
structure.
A well-diversified insurance portfolio with many busi-
ness lines spread over many policyholders might,
nevertheless, be vulnerable to natural hazards. In such
circumstances, the portfolios can be exposed to a large
accumulation of risk. If adequate reinsurance protection
were not in place, substantial losses could be triggered
by a single natural disaster. Winterthur therefore uses
reinsurance to limit the loss triggered by a single event –
e.g. a winter storm in Europe – to a worst-case amount
of CHF 100 million.
Life
In life insurance, the basic underwriting risk characteris-
tics are similar to those in non-life business. The insur-
ance risk universe of life business is represented by devi-
ations from expected mortality, morbidity and longevity,
and expected surrender rates. Savings elements are
quite often embedded in life insurance products. The as-
sociated financial risks can be substantial and must be
managed accordingly. The asset management units are
responsible for managing these risk elements and for
producing the kind of cash flows that policyholders are
likely to claim.
Reinsurance
Winterthur runs a reinsurance structure to protect its local
businesses, its divisions and its capital as a whole. The
architecture of this reinsurance protection is such that –
at all levels of the organization – a set of internal and ex-
ternal reinsurance contracts absorbs all risks that exceed
a prudent retention level. Reinsurance protection follows
58
the organizational structure based on the uniform princi-
ple that each organizational entity manages insurance
risk in accordance with its portfolio and capital base.
Business risk
Business risk is the risk that the businesses are not able
to cover their ongoing expenses with ongoing income.
Business risk is the potential inability to cover the ex-
pense base subsequent to a loss event like major market
contractions. Business risk is defined as the difference
between the estimated revenues and the estimated ex-
penses in a crisis – excluding all the revenue and ex-
pense elements already captured by the other risk cate-
gories.
The ability to cover the expense base after an adverse
event is critically important in order to allow for an orderly
continuation of the Group’s activities – possibly on a re-
duced level – and needs to be considered when assess-
ing the Group’s capital needs.
While there are other scenarios that could lead to sig-
nificant loss of fee income either for a geographic loca-
tion or for a specific product or asset class, it is a wide-
spread major drop in market levels that would constitute
the largest business risk for Credit Suisse Group. The
business risk calculations are primarily used in the con-
text of our internal Economic Risk Capital calculation.
Operational risk
Operational risk is the risk of a direct or indirect loss re-
sulting from inadequate or failed internal processes, peo-
ple and systems or from external events. At Credit Suisse
Group, five major operational risk categories have been
distinguished for systematic approach reasons: organiza-
tion, policy/process, technology, human and external.
Good operational management equates to good man-
agement and oversight as presented on page 44, and
often runs parallel to quality and/or knowledge manage-
ment, all of which contribute to client satisfaction, brand
name and shareholder value. Credit Suisse Group supports
operational risk quantification efforts as long as they are
cost-efficient, effective, relevant and, above all, credible.
The primary aim lies in early identification, preven-
tion and mitigation of operational risks, as well as in
timely and meaningful management reporting. Regular,
Group-wide meetings take place to achieve this common
understanding of priorities and to foster dialogue be-
tween the Corporate Center and business units. Knowl-
edge and experience are shared throughout the Group to
ensure a coordinated approach. All business lines take
responsibility for their own operational risks.
During 2001, Credit Suisse First Boston reached a set-
tlement of USD 100 million for its Initial Public Offering
(IPO) activities. Otherwise, no material operational loss
was incurred despite increasing the number of trades
by 49%.
The Group Chief Risk Officer and other members of
senior management regularly review the state of opera-
tions and their inherent risks based on extensive audits
and follow-up reviews. Audit data have become an
important risk indicator and their analysis serves as an
early-warning signal for potential trouble spots.
In addition, the use of risk self-assessments has
been expanded in 2001 and a more comprehensive ap-
plication of this management tool is envisaged. Self-as-
sessments are an integral part of Credit Suisse Group’s
risk awareness drive.
Disaster recovery and business continuity planning
have been a major Group focus since autumn 2000. The
detailed preparation for an emergency enabled Credit
Suisse First Boston to evacuate its 850 staff from the
5 World Trade Center building in New York on September
11, 2001, in a disciplined and orderly fashion and to re-
sume business in alternate locations efficiently and effec-
tively. While detailed preparation was critical, the effective
handling of this event also demonstrates the importance
of human aspects. A timely recovery would not have
been possible without strong leaders and a strong sense
of professional discipline from all our employees.
Group compliance
While each business unit has its own self-sufficient and
specialized legal and compliance set-up, Credit Suisse
Group is emphasizing the increased role of the Corporate
Center’s legal and compliance staff. Common denomina-
tors throughout the Group and additional control func-
tions are the added value, and duplications are to be
avoided.
Compliance in the financial services industry is com-
monly understood as performing all business operations
in adherence with legal and regulatory requirements, in
an ethically sound manner and in avoidance of conflicts
of interest. The legal and compliance function aims at the
prevention of damage and at the management of legal,
regulatory and reputational risks by supporting the man-
agement in their daily activities, including new services
and products. In accordance with the integrated risk
management approach of Credit Suisse Group, the
Group Compliance function is part of Group Risk Man-
agement. In addition to its role within the legal and
compliance function, Group Compliance was assigned a
functional reporting line to the Group Chief Risk Officer in
2001.
In the fourth quarter of 2001, the search for possi-
ble terrorist financing and trading dominated the agen-
da of the compliance functions in the global financial
services industry. Immediately after the terrorist attack,
Group Compliance initiated a Group-wide search for the
business relationships and financing activities of terror-
ists, their supporters and persons and entities or organi-
zations who are deemed to be associated with them. A
steering committee coordinates the Group’s efforts fol-
lowing the many inquiries and investigations by foreign or
Swiss authorities and law enforcement agencies, as well
as all other steps required in this matter. Group Compli-
ance leads the search together with the existing network
of business unit compliance organizations. Furthermore,
an investigation of possible terrorist trading based on
insider knowledge of the September 11 attack was un-
dertaken.
In order to ensure common and standardized mea-
sures, stringent due diligence and anti-money launder-
ing standards are applied in the entire Group.
As an additional support to the business units in their
efforts to identify and detect critical clients and Politically
Exposed Persons (PEPs), Group Compliance introduced
a state-of-the-art database used by the Group, thus
stressing the commitment of Credit Suisse Group to pre-
venting and combating money laundering and corruption.
Group Compliance represents the Group in the com-
pliance efforts of the financial services industry. Among
other engagements, Group Compliance participates in
the Wolfsberg Group of 12 worldwide leading financial
institutions, which has issued the Global Anti-Money
Laundering Guidelines for Private Banking and the
Wolfsberg Statement on Suppression of the Financing of
Terrorists.
Liquidity and funding risk
Liquidity and funding risk is the risk of Credit Suisse
Group or its subsidiaries being unable to fund assets or
meet obligations at a reasonable or – in case of extreme
market disruptions – at any price.
Structures and processes are in place at legal entity and
operating levels to cope with the relevant liquidity risks
and to ensure appropriate liquidity profiles under various
stress scenarios.
The Group Corporate Center monitors the identifica-
tion and measurement of this risk and works in partner-
ship with the operating units to foster sound liquidity
management practices worldwide.
www.credit-suisse.com 59
CREDIT SUISSE GROUP RISK MANAGEMENT
In addition, Group Treasury sets the framework for
contingency planning, including procedures to ensure
that information flows remain timely and uninterrupted
and that the division of responsibility remains clear.
Supervisory initiatives
The Basel II capital accord
In January 2001, the Basel Committee on Banking
Supervision issued a draft paper – for further discussions
with the industry – on a new, sophisticated approach to
the capital adequacy calculation for banks. The main
suggested changes and additions to the current require-
ments include:
■ The risk-weighting of assets based on counterparties’
ratings or probabilities of default;
■ The allowance of risk determination through internal
risk-rating processes;
■ Differentiation between exposure categories (e.g.
retail, corporate, banks);
■ A capital charge for operational risks;
■ The option for capital charge add-on based on regula-
tory review;
■ Increased disclosure requirements.
Group Risk Management – together with the business
units’ specialists – is closely following further develop-
ments related to this proposed accord by the Basel
Committee and national regulators. While there are
many valuable advances that Credit Suisse Group wel-
comes, many issues still need clarification by the
Committee and complex and costly solutions must be
kept to a minimum.
In 2001, the initiatives were focused on the capital
impact analysis of the accord and close discussions
with the regulators; Credit Suisse Group provided them
with necessary data for the additional refinement of
the approach, such as the risk-weighting of products
and the calibration of capital requirements. Credit
Suisse Group has worked hard to provide constructive
advice and proposals on many aspects of the consul-
tative paper. These efforts resulted in Credit Suisse
Group’s intensive comment on the second consultative
paper of the capital accord addressed to the Basel
Committee, other regulators and bankers’ associa-
tions.
Credit Suisse Group expects to intensify its tasks
related to the capital accord implementation over the
coming years, focusing on the preparation of necessary
processes, systems and control instruments.
60
Supervision of financial conglomerates
In early 1996, under the aegis of the Basel Committee
on Banking Supervision – in cooperation with the
International Organization of Securities Commissions
(IOSCO) and the International Association of Insurance
Supervisors (IAIS) – a Joint Forum on Financial
Conglomerates was established. This tripartite group re-
leased several principal papers giving guidance on the
supervision of global financial conglomerates.
Credit Suisse Group recognizes and strives to follow
these principles as the basic elements defining the
required and necessary control environment of conglom-
erates in the financial sector. The core principles and
Credit Suisse Group’s implemented processes and
tools assuring appropriate risk controls are shown on
page 61.
Outlook
Part of the strategy of Credit Suisse Group and its
business units is to be a leader in risk management.
Significant personnel and technological resources are
focused on ensuring that Credit Suisse Group continues
to enhance its risk management capabilities, thereby
remaining at the forefront of the industry. To achieve this
goal, Credit Suisse Group has developed an integrated
framework of best-practice risk management, risk poli-
cies, methodologies, structure and infrastructure. Credit
Suisse Group is linking risk management and perform-
ance measurement using an Economic Risk Capital
framework, with Economic Risk Capital usage as the
common denominator for all major risks. Together with a
proactive risk management culture and the appropriate
qualitative and quantitative tools, this economic capital
management framework supports decision-making by
senior management at Credit Suisse Group, thus linking
risk management to the Group’s shareholder value strat-
egy. Additional initiatives focus on the further develop-
ment of operational risk matters overall – including sever-
al compliance aspects – by refining the common
approach and supervision.
In addition, Credit Suisse Group is closely following the
development of the new BIS capital adequacy frame-
work, in close coordination with the relevant functions in
the business units. Credit Suisse Group intends to
continue to comment on the proposals and to take ap-
propriate steps to be prepared under a new BIS frame-
work, which we hope will be as simple as possible, fair,
cost-effective and, above all, relevant and credible.
Theoretical rigidity should not prevail over practical rele-
vance.
 Principles governing the supervision
Principle of financial conglomerates
1 Group-based risk assessment
Supervision by group-based risk assessment.
2 Investments in other group companies
Investments in other group companies or regulatory capital
provided to other group companies should be controlled by
appropriate regulations.
3 Risk diversification
Diversification of individual positions in order to avoid a concen-
tration of risks.
4 Liquidity requirements
Maintenance of group-wide adequate liquidity.
5 Intra-group exposures
Monitoring of intra-group exposures.
6 Structure of financial conglomerates
Structure fully understood by the regulator and should not create
difficulties for effective regulation.
7 Relationships with shareholders
Identification of shareholders which exert material influence and
securing that these meet applicable fitness standards.
8 Management
Subject to appropriate regulatory standards, ability to impose
sanctions by inconsistency with standards.
9 Supervisory cooperation
Cooperation to improve the effectiveness of the supervision of
financial conglomerates.
10 External auditors
Recognition of the importance of the role of external auditors.
Credit Suisse Group risk management
and control processes
Appropriate risk management organization on a consolidated
basis and for all individual business units, decision and approval
bodies and procedures for all risk types. Consolidated assess-
ment of key risk exposures ERC.
Compliance with the minimum regulatory capital requirements on
a consolidated basis and by the various subsidiaries.
Maintenance of solvency buffers and avoidance of multiple
capital gearing. Supervision through Economic Risk Capital
limits, capital adequacy rules and actuarial checks.
Compliance with the regulatory risk diversification provisions and
permitted maximum levels by the applicable laws. Aggregated
and regular monitoring and analysis of a variety of exposure
types through comprehensive limit structures.
Compliance of the individual institutions with legally-required
minimum liquidity levels. Ongoing assessment of the liquidity
management policies and procedures of the institutions.
Coordination and policy-setting regarding contingency plans and
liquidity management in a crisis situation.
Regular aggregation of intra-Group transactions and exposures
by management information and reporting systems for consoli-
dation purposes.
Regular update and description of Group strategies and struc-
ture. Compliance with information requirements to regulators
relating to any changes of structure or business operations.
Comprehensive disclosure on material stakeholders. Open and
meaningful exchanges of information with investors and
analysts.
Clear assignment of responsibilities over control environment and
segregation of duties. Assurance of the proper conduct of busi-
ness operations.
Ongoing close collaboration with any supervisors and external
rating agencies.
Execution of the mandate by one global independent accoun-
tancy firm. Internal and external focus on assessments and
deficiencies. Coordination and cooperation between internal and
external audit.
www.credit-suisse.com 61
CREDIT SUISSE GROUP RISK MANAGEMENT
Market risk measurement methodologies
Introduction
Each business unit of Credit Suisse Group uses market
risk measurement and management methodologies that
meet industry standards. These include both general
tools capable of calculating exposures comparable across
the many activities of Credit Suisse Group, as well as fo-
cused tools that can specifically model unique character-
istics of the functions of certain units. The tools are used
for internal market risk management, market risk aggre-
gation, and internal market risk reporting and disclosure
purposes. The principal measurement methodology is
Value at Risk (VaR), which is used to manage risk rela-
tive to typical market shifts. A second technique, called
scenario analysis, is used additionally to model atypically
large or otherwise abnormal market changes. These and
related methodologies are described in the following
paragraphs.
The US Securities and Exchange Commission (SEC)
encourages registrants to provide robust descriptions of
their market risk strategies and measurements. The de-
tails in this disclosure, including the numerical expres-
sions of risk, are “forward-looking statements.” These
disclosures are not intended to be precise indicators of
expected near-term reported losses. Rather, the values
given here are estimates of reasonably possible losses if
adverse conditions should occur. Please note that chang-
ing market conditions affecting one or more of the pri-
mary market risk types could produce results that may
differ materially from those described in this document. In
addition, the risk measurements provided are based on
portfolios on the reporting dates. The significant turnover
in portfolio holdings over the normal course of business
will also cause future measurement of risk and the actual
outcomes to vary.
1. Value-at-Risk
Value-at-Risk measures the potential loss in terms of fair
value changes over a given time interval under normal
market conditions at a given confidence level. Value-at-
Risk as a concept is applicable to all financial risk types
with valid, regular price histories. Positions are aggregat-
ed by risk type rather than by product: for example, inter-
est rate risk includes risk arising from money market and
swap transactions, bonds, interest rate options, foreign
exchange, equity instrument and commodity options.
The use of VaR allows the comparison of risk in different
businesses, such as the comparison of fixed income
and equities, and also provides a means of aggregating
and netting a variety of positions within a portfolio to
62
reflect actual correlations and offsets between different
assets.
The history of financial market prices serves as a
basis for the statistical VaR model underlying the poten-
tial loss estimation. All Group business units modeling
their trading portfolios with VaR use a 10-day holding
period and a confidence level of 99% calculated on a
two-year history of market data. These assumptions are
in agreement with the Amendment to the Capital Accord
to Incorporate Market Risks, published by the Basel
Committee on Banking Supervision in 1996, and other
related international standards for market risk manage-
ment.
The Credit Suisse First Boston VaR model was origi-
nally approved by the Swiss Federal Banking
Commission for use in the calculation of Credit Suisse
First Boston trading book market risk capital in 1998.
This approval was based on extensive reviews in 1997
undertaken by Credit Suisse First Boston and the
Group’s external auditors of the previous variance-covari-
ance model and the related processes and controls. With
the introduction of the historical simulation model, the
Swiss Federal Banking Commission and the Group’s ex-
ternal auditors reexamined and reapproved the VaR mod-
el and related processes and controls for this purpose in
the first half of 2000. During 2001, Credit Suisse First
Boston received regulatory approval for an enhancement
to the methodology applied to its fixed income business.
Assumptions: The Group’s business units with trad-
ing portfolios use a pure historical simulation model for all
risk types and businesses. It is based on the profit and
loss distribution resulting from historical changes of mar-
ket rates applied to today’s portfolio, using a two-year
history. The documented fat-tail effect of financial time
series, which means that large moves are more frequent
than expected under a normal distribution assumption, is
thereby taken into account. This methodology also avoids
the assumption of linear correlation between risk factors.
Limitations: VaR as a risk measure quantifies the po-
tential loss on a portfolio under recent normal market
conditions only. It is not intended to cover losses associ-
ated with unusually severe market moves; these are cov-
ered by scenario analysis. VaR also assumes that past
data can be used to predict future events.
Backtesting: Credit Suisse First Boston and other
business units with trading portfolios use “backtesting” to
assess the accuracy of the VaR model. Daily profit and
loss can be directly compared to a VaR with a one-day
holding period. The one-day VaR estimate is compared to
the actual daily trading revenue. The VaR measure is in-
tended to be larger than all but a certain fraction – as de- is necessary to use business experience to come up with
termined by the confidence level – of trading outcomes. a set of meaningful scenarios and to appropriately assess
Backtesting can be performed at both the overall busi- the scenario results.
ness unit level and at a disaggregated level.

2. Scenario analysis
VaR is designed to measure market risk in normal market
environments. It is important to complement this with a
scenario-based risk measure, which is aimed at estimat-
ing the losses that could be experienced under extraordi-
nary market conditions. Scenario analysis is, therefore,
an essential component of the market risk measurement
framework of Credit Suisse Group’s business units for
both trading and other-than-trading portfolio instruments.
Scenario analysis is an essential component of the
market risk measurement framework. Scenario analysis
examines the potential effects of changes in market
conditions – corresponding to exceptional but plausible
events – on the financial condition of the firm. The re-
sults of the analysis are used to manage exposures on a
firm-wide basis, as well as at portfolio level. Scenario
analysis involves the revaluation of the firm’s major port-
folios to arrive at a measure of the profit or loss the firm
may suffer under a particular scenario. Scenarios are ap-
plied to all major markets in which Credit Suisse Group
participates. Global scenarios aim to capture the risk of
severe disruption to all major markets and are related to
historic events, such as the 1994 bond market crisis, the
1998 credit crisis, the 1987 equity market crash and the
1990 US real estate crash. Business level scenarios aim
to capture portfolio-specific risks by employing scenarios
based on non-parallel yield curve shifts, changes in cor-
relations and other pricing assumptions, and those incor-
porating hedging assumptions, through time.
Assumptions: Market data is changed according to a
predefined set of scenarios designed to:

■ Consider extreme events to provide “worst case”

information;
■ Reflect the impact of an event without rearranging
positions;
■ Reflect economic reality;
■ Be relevant to the portfolio being modeled;
■ Be responsive to changing market conditions;
■ Meet regulatory requirements.

Limitations: Scenario analysis provides an approximation

of the impact on profits and losses in the case of specific
events in the financial markets. Seldom do past events
repeat themselves in exactly the same way. As a result, it

www.credit-suisse.com 63