Risk Management
Risk Management Philosophy
Risk-taking is an integral part of Merrill Lynch's core business activities. In the course of conducting its business operations, Merrill Lynch is exposed to a variety of risks. These risks include market, credit, liquidity, process, and other risks that are material and require comprehensive controls and management. The responsibility and accountability for these risks remain primarily with the businesses.

The Corporate Risk Management ("CRM") group ensures that these risks are properly identified, monitored, and managed throughout the firm. To accomplish this, CRM has established a risk management process, which includes:

• A formal risk governance organization that defines the oversight process and its components.
  
• A regular review of the entire risk management process by the Audit Committee of the Board of Directors.
  
• Clearly defined risk management policies and procedures supported by the most appropriate and advanced analytic tools available.
  
• Communication and coordination between the business, executive, and risk functions while maintaining strict segregation of responsibilities, controls, and oversight.
  
• Clearly articulated risk tolerance levels as defined by the Executive Management Committee ("EMC") that are regularly reviewed to ensure that Merrill Lynch's risk-taking is consistent with its business strategy, capital structure, and current and anticipated market conditions.

The risk management process, combined with CRM's personnel and analytic infrastructure, works to ensure that Merrill Lynch's risk tolerance is well-defined and understood by the firm's risk-takers as well as by its executive management. Other groups, including Audit, Finance, and Treasury, work with CRM to establish this overall risk management control process. While no risk management system can ever be absolutely complete, the goal of CRM is to make certain that risk-related losses occur within acceptable, predefined levels.

Risk Governance Structure
Merrill Lynch's risk governance structure is comprised of the Audit Committee, the EMC, the Risk Oversight Committee ("ROC"), the Risk Policy Group ("RPG"), the business units, CRM, and various corporate governance committees. The roles of these respective groups are as follows:

The Audit Committee is comprised entirely of external directors and has authorized the ROC to establish Merrill Lynch's risk management policies.

The EMC establishes risk tolerance levels for the firm and authorizes material changes in Merrill Lynch's risk profile. It also ensures that the risks assumed by Merrill Lynch are managed within these tolerance levels and verifies that Merrill Lynch has implemented appropriate policies for the effective management of risks. The EMC must approve all substantive changes to risk policies, including those proposed by the ROC. The EMC pays particular attention to risk concentrations and liquidity concerns.

The ROC, comprised of senior business and control managers and chaired by the Head of CRM, oversees Merrill Lynch's risks and ensures that the business units create and implement processes to identify, measure, and monitor their risks. The ROC also assists the EMC in determining risk tolerance levels for the firm's business units and monitors the activities of Merrill Lynch's corporate governance committees, reporting significant issues and transactions to the EMC and the Audit Committee.

The RPG is a working group of the ROC comprised of control managers and is chaired by the Head of CRM. The RPG reviews various risk-related issues and reports to the ROC.

Various other governance committees exist to create policy, review activity, and ensure that new and existing business initiatives remain within established risk tolerance levels. These committees include the New Product Review Committee, Debt and Equity Capital Commitment Committees, Real Estate Capital Commitment Committee, Credit Policy Committee, Reserve Committee, Special Transactions Review Committee, and the Structured Products Committee. Representatives of the principal independent control functions participate as voting members of these committees.

Risk Framework
CRM's chief monitoring and risk measurement tool is Merrill Lynch's Risk Framework ("Framework"). The Framework defines and communicates Merrill Lynch's risk tolerance and raises exceptions for certain areas of risk concentration. Exceptions and violations are reported and investigated at predefined and appropriate levels of management. The Framework and its limits have been approved by the EMC and the risk parameters that define the Framework have been reviewed by the Audit Committee. The EMC reviews the Framework annually and approves any material changes. The ROC reports all substantive Framework changes to the Audit Committee.

The Framework establishes aggregate and broad risk limits for Merrill Lynch. Market risk limits are intended to constrain exposure to specific classes and factors of market risk and Value-at-Risk ("VaR"). VaR is a statistical measure of the potential loss in the fair value of a portfolio due to adverse movements in underlying risk factors. Credit risk limits are intended to constrain the magnitude and tenor of exposure to individual counterparties, types of counterparties, countries, and financing collateral. The Framework has been established for CICG, PCG, MLIM, and Treasury. Each business is responsible for ensuring that its risk activities adhere to the limits established under the Framework. Individual Frameworks are continually refined to increase the granularity and scope of risk coverage.

Corporate Risk Management
CRM is an independent control function responsible for Merrill Lynch's risk management process. The head of CRM reports directly to the Chief Financial Officer, chairs the ROC and RPG, and is a member of the EMC. CRM manages Merrill Lynch's market and credit risks. Market risk is defined to be the potential change in value of trading instruments caused by fluctuations in interest rates, exchange rates, equity and commodity prices, credit spreads, and/or other risks. Credit risks are defined to be the potential for loss that can occur as a result of impairment in the creditworthiness of an issuer or counterparty or a default by an issuer or counterparty on its contractual obligations. CRM also provides Merrill Lynch with an overview of its risk for various aggregate portfolios and develops the systems and analytics to conduct all risk management functions. CRM is organized into the following four groups:

The CICG Market Risk Group is responsible for defining the products and markets in which CICG will transact and take risk. Moreover, it is responsible for identifying the risks to which CICG businesses will be exposed in these approved products and markets. The CICG Market Risk group also establishes the Framework market risk limits against which risk concentrations are monitored and controlled. Within the Group is a dedicated, separate quantitative unit that evaluates the efficacy of trading and risk models through stressing and testing the mathematical models used by various control and business units.

The Credit Risk Group assesses the creditworthiness of existing and potential individual clients, institutional counterparties and issuers, and determines firmwide credit risk appetite within Framework limits. The Group reviews and monitors specific transactions as well as portfolio and other credit risk concentrations. It is also responsible for ongoing credit quality and limit compliance, and the Group works with the business units of Merrill Lynch to manage and mitigate credit risk. A specialist unit that focuses on early problem asset identification and management is also part of the Credit Risk Group.

The Portfolio Risk Group has a variety of firmwide responsibilities including integrating market, credit and business risks through firmwide stress and event analysis, enhancing the internal attribution of economic capital to business units, and conducting country risk and rating assessments. The Group also has a Process Risk team that specifically focuses on the implementation of the firmwide process risk management program. In addition, the Portfolio Risk Group oversees the proprietary market risk taken within the Merrill Lynch Treasury function, PCG and MLIM.

The Risk Infrastructure Group provides CRM with the analytic, technological, and policy support necessary to quantify and monitor firmwide market, credit and portfolio risk.

Efficacy
CRM continuously reviews and refines its risk processes and methodologies. The overall effectiveness and responsiveness of CRM can be seen on a broader level when analyzing weekly net trading revenues over time. CRM policies and procedures for monitoring and controlling risk combined with the businesses' focus on customer order-flow driven revenues have helped Merrill Lynch to reduce earnings volatility within its portfolios. While no guarantee can be given regarding future earnings volatility, CRM continues to work on policies and procedures that assist the firm in measuring and monitoring its risks. A graph of Merrill Lynch's weekly trading revenues for 2000 follows:

Market Risk
Merrill Lynch uses a variety of quantitative metrics to assess the risk of its positions and portfolios. In particular, CRM quantifies the sensitivities of Merrill Lynch's present portfolios to changes in market variables. These sensitivities are then utilized in the context of historical data to estimate earnings and loss distributions that Merrill Lynch's present portfolios would have incurred throughout the historical period. From these distributions, CRM derives a number of useful risk statistics including VaR. VaR is an estimate of the amount that Merrill Lynch's present portfolios could lose with a specified degree of confidence, over a given time interval. The VaR statistic for a particular risk category represents the amount that Merrill Lynch's present portfolios could lose due to past market movements in that specific risk category.

The VaR for Merrill Lynch's overall portfolios is less than the sum of the VaRs for individual risk categories because movements in different risk categories occur at different times and, historically, extreme movements have not occurred in all risk categories simultaneously. The difference between the sum of the VaRs for individual risk categories and the VaR calculated for all risk categories is shown in the following tables and may be viewed as a measure of the diversification within Merrill Lynch's portfolios. CRM believes that the tabulated risk measures provide some guidance as to the amount Merrill Lynch could lose in future periods and it works continuously to improve its measurement and the methodology of its VaR. However, like all statistical measures, especially those that rely heavily on historical data, VaR needs to be interpreted with a clear understanding of its assumptions and limitations.

In the Merrill Lynch VaR system, CRM uses a historical simulation approach to estimate value-at-risk using a 99% confidence level and a two-week holding period for trading and non-trading instruments. Sensitivities to market risk factors are aggregated and combined with a database of historical biweekly changes in market factors to simulate a series of profits and losses. The level of loss that is exceeded in that series 1% of the time is used as the estimate for the 99% confidence level VaR. The overall total VaR amounts are presented across major risk categories, including exposure to volatility risk found in certain products, e.g., options. The table that follows presents Merrill Lynch's VaR for trading instruments at year-end 2000 and 1999 and the 2000 average VaR. Additionally, high and low VaR is presented based on an overall aggregate basis.

1. Based on a 99% confidence level and a two-week holding period.
   
2. Overall VaR using a 95% confidence level and a one-day holding period was $20 million and $19 million at year-end 2000 and 1999, respectively.

During 2000, overall VaR declined due to a reduction in interest and credit spread VaR and increased diversification benefits that offset an increase in equity-related VaR.

Merrill Lynch's energy trading business, for which VaR has severe limitations as a risk measure, has been excluded from the table above. Shortly after year-end 2000, Merrill Lynch entered into an agreement to sell certain energy-trading assets. This asset sale is subject to satisfaction of certain conditions and is expected to close at the end of the first quarter of 2001.

The following table presents Merrill Lynch's VaR for non-trading instruments (excluding U.S. banks):

1. Based on a 99% confidence level and a two-week holding period.

Non-trading VaR increased during 2000 due to increases in interest rate and credit spread risk and equity risk, primarily due to an increase in marketable investment securities held for liquidity purposes. These increases were partially offset by a decrease in currency risk.

In addition to the amounts reported in the accompanying table, non-trading interest rate VaR associated with Merrill Lynch's TOPrS at year-end 2000 and 1999 was $138 million and $102 million, respectively. TOPrS, which are fixed-rate perpetual preferred securities, are considered a component of Merrill Lynch's equity capital and, therefore, the associated interest rate sensitivity is not hedged.

During 2000, client funds in certain CMA and other types of accounts were redirected from taxable money market funds to bank deposits at Merrill Lynch's U.S. banks. This increase in deposits was invested in high quality marketable investment securities. The overall VaR for the U.S. banks, driven largely by these securities and based on a 99% confidence level and a two-week holding period, was $191 million at year-end 2000.

Credit Risk
Merrill Lynch's Credit Risk Group uses a variety of methodologies to set limits on exposure resulting from a counterparty or issuer failing to perform on its contractual obligations. The Group performs analysis in the context of industrial, regional and global economic trends and incorporates portfolio and concentration effects when determining risk appetite. Credit risk limits take into account measures of both current and potential exposure and are set and monitored by broad risk type, sub-product type and tenor to maturity. Credit risk mitigation techniques include, where appropriate, the right to require initial collateral or margin, the right to terminate transactions or obtain collateral should unfavorable events occur, the right to call for collateral when certain exposure thresholds are exceeded, and the purchase of credit default insurance. With senior management involvement, Merrill Lynch conducts regular portfolio reviews, monitors counterparty creditworthiness, and evaluates transaction risk with a view toward early problem identification and protection against unacceptable credit-related losses.

In 2000, the Credit Risk Group introduced enhanced methods to assist in the management of Merrill Lynch's credit risk. The Credit Framework now includes increased product and tenor granularity, and the Group has made enhancements to Merrill Lynch's internal credit rating and counterparty review process.

Credit risk and exposure that originates from Merrill Lynch's retail customer business is monitored constantly by CRM. Exposures include credit risks for mortgages, home equity lines of credit, margin accounts and working capital lines that Merrill Lynch maintains with certain small business clients. These exposures are collateralized in accordance with regulatory requirements governing such activities.

Merrill Lynch enters into International Swaps and Derivatives Association, Inc. master agreements or their equivalent ("master netting agreements") with each of its derivative counterparties as soon as possible. Master netting agreements provide protection in bankruptcy in certain circumstances and, in some cases, enable receivables and payables with the same counterparty to be offset on the Consolidated Balance Sheets, providing for a more meaningful balance sheet presentation of credit exposure.

In addition, to reduce default risk, Merrill Lynch requires collateral, principally U.S. Government and agencies securities, on certain derivative transactions. From an economic standpoint, Merrill Lynch evaluates default risk exposures net of related collateral. The following is a summary of counterparty credit ratings for the replacement cost (net of $4.1 billion of collateral) of trading derivatives in a gain position by maturity at December 29, 2000. (The following table is inclusive of credit exposure from derivative transactions only and does not include other credit exposures, which may be material.)

1. Represents credit rating agency equivalent of internal credit ratings.
   
2. Represents netting of payable balances with receivable balances for the same counterparty across maturity band categories. Receivable and payable balances with the same counterparty in the same maturity category, however, are net within the maturity category.

In addition to obtaining collateral, Merrill Lynch attempts to mitigate its default risk on derivatives whenever possible by entering into transactions with provisions that enable Merrill Lynch to terminate or reset the terms of its derivative contracts.

Process Risk
Process Risk Management is an evolving risk management discipline. Merrill Lynch defines process risk as the risk of loss resulting from inadequate controls or business disruption relating to people, internal processes, systems, or external events. Examples of process risks faced by the firm include systems failure, human error, fraud, major fire, or other disasters.

Merrill Lynch manages process risks in many ways including maintaining strong corporate principles of value, appropriately training employees, maintaining a comprehensive system of internal controls, using technology to automate processes and reduce manual errors, monitoring risk events, employing experienced personnel, maintaining certain backup facilities, conducting internal audits, and emphasizing the importance of management oversight. In addition, Merrill Lynch has established a process risk management group within CRM to focus on further enhancing the management of these risks.

This Group manages a firmwide process risk management framework and has developed policies and procedures aimed at establishing a consistent approach to identify, monitor, and manage process risks across all business lines. Within this framework, the Group has created business line steering committees to coordinate process risk management efforts. The Group uses a variety of risk management tools and techniques to reinforce the firm's strong risk management culture. These include summarizing and monitoring process-risk-related losses on a regular basis, developing risk indicators to facilitate proactive risk management capabilities, and self-assessments to identify risks, corresponding controls, and measure improvement.

Other Risks
Liquidity risks arise in the course of Merrill Lynch's general funding activities and in the management of its balance sheet. This risk includes both being unable to raise funding with appropriate maturity and interest rate characteristics and the risk of being unable to liquidate an asset in a timely manner at a reasonable price. For further information on how Merrill Lynch manages liquidity risk, see the Capital Adequacy and Liquidity section.

Merrill Lynch encounters a variety of other risks, which have the ability to impact the viability, profitability, and cost effectiveness of present or future transactions. Such risks include political, tax, and regulatory risks that may arise due to changes in local laws, tax statutes, or regulations. To assist in the mitigation of such risks, Merrill Lynch rigorously reviews new and pending legislation and regulations. Additionally, Merrill Lynch employs professionals in jurisdictions in which the company operates to actively follow issues of potential concern or impact to the firm and to participate in related interest groups.

---