Author: Max Rudolph
Author: Mike Cohen
Author: Johann Meeke
Author: Jawwad Farid
Author: Max Rudolph
Author: Mike Cohen
Author: Johann Meeke
Author: Jawwad Farid
The characters of the new James Cameron movie AVATAR demonstrate the five risk rationalities of Cultural Theory.
Jake Sully is the Fatalist. He takes over for his brother with no training and no idea of what might happen next. Fatalists believe that the future is unpredictable. So in the mind of a Fatalist, this day is no different from any other. They never believe that they know what is coming next. Jake also has some Individualist characteristics with his No Fear ethos. The Individualists believe that everything will work out – so No Fear is an extreme form of their rationality. Jake Scully evidences a change of rationality over the course of the movie. The threats to the Na’vi and the Great Tree cause him to shift to the Egalitarian point of view of the Na’vi.
The Na’vi are pure Egalitarians. Egalitarians believe that the world is in a delicate balance and that resources are finite. Pure Egalitarian societies would not grow or change very much over time. They would enforce a very strong degree of uniformity of belief, which the Na’vi evidence with their very intense initiation ceremony.
Parker Selfridge represents the Individualists. Individualists believe that raw materials are infinite, because new science will always develop ways to exploit the raw materials that are available. Individualists believe that the best ideas and people will prevail. Might makes right is a very Individualist point of view. Parker believes that because the Humans have superior force, then they have a right to the unobtainium by any means. Individualists believe that risky situations will all work out because the universe will always revert back to the situation where Individualists were in total control.
Colonel Miles Quaritch and the military forces represent the Authoritarian rationality, but not well. A true Authoritarian would believe that there was a limit to what could be accomplished – a view that the world has boundries within which one must operate to be safe. Quaritch changes into a more Individualist point of view over the course of the movie. Instead of trying to learn and work within the boundaries of the world he finds himself in, he works to change those boundaries to ones that he prefers, which is a more Individualist point of view.
Dr. Grace Augustine represents the Hermit, seeking to understand the world, but not necessarily to change it. She sometimes acts more as the Authoritarian expert, trying to define and set down the boundaries within which it is safe for humans to operate and sometimes more like an Individualist when she tries to change the world theough her schools. But you sense that the schools were more of a stalling action to allow more time for study.
Important note: Individualists and Authoritarians are not always villains. Individualists do not all believe that might makes right. They do believe that individual achievement and individual rewards should go hand in hand. Individualists are largely responsible for “progress”. So if you like your electric light better than a candle, thank an Individualist.
Authoritarians do not all run armies. They are usually the key people in any hierarchical system. They are the backbone of governments and the legal profession. Authoritarians are responsible for the idea of the rule of law. So if you like to walk down the street in safety thank the Authoritarians.
Fatalists are not all action heroes either. Most drug addicts and alcoholics are Fatalists. Fatalists buy most of the lottery tickets. Generally Fatalists do not control much of the world. Fatalists are the perennial outsiders. They also make up many of the ranks of the very talented computer specialists – the prototypical computer nerd is a Fatalist all the way. Hackers are Fatalists.
Pure Egalitarians groups tend not to last for very long among humans. Some have fantasied that Native Americans were like the Na’vi – in a stable long term relationship with nature. Others have suggested that there was constant war among the different groups that kept them from having the luxury of peace to develop more advance technology. Most attempts at Egalitarian groups fail due to the tendency of Egalitarians to believe strongly in purity of common motivation and thought. Egalitarian groups would totally lack adaptability.
Hermits are the scientists and monks who study the world, trying to understand it but not to have any influence over it. They generally only leave their world when they take on another rationality and decide to try to act on their knowledge.
Perhaps we will look back at 2009 and recall that it is the turning point year for Risk Management. The year that boards ans management and regulators all at once embraced ERM and really took it to heart. The year that many, many firms appointed their first ever Chief Risk Officer. They year when they finally committed the resources to build the risk capital model of the entire firm.
On the other hand, it might be recalled as the false spring of ERM before its eventual relegation to the scrapyard of those incessant series of new business management fads like Management by Objective, Managerial Grid, TQM, Process Re-engineering and Six Sigma.
The Financial Crisis was in part due to risk management. Put a helmet on a kid on a bicycle and they go faster down that hill. And if the kid really doesn’t believe in helmets and they fail to buckle to chin strap and the helmet blows off in the wind, so much the better. The wind in the hair feels exhilarating.
The true test of whether the top management is ready to actually DO risk management is whether they are expecting to have to vhange some of their decisions based upon what their risk assessment process tells them.
The dashboard metaphor is really a good way of thinking about risk management. A reasonable person driving a car will look at their dashboard periodically to check on their speed and on the amount of gas that they have in the car. That information will occasionally cause them to do something different than what they might have otherwise done.
Regulatory concentration on Risk Management is. on the whole, likely to be bad for firms. While most banks were doing enough risk management to satisfy regulators, that risk management was not relevant to stopping or even slowing down the financial crisis.
Firms will tend to load up on risks that are not featured by their risk assessment system. A regulatory driven risk management system tends to be fixed, while a real risk management system needs to be nimble.
Compliance based risk management makes as much sense for firms as driving at the speed limit regardless of the weather, road conditions or the conditions of the car’s breaks and steering.
Many have urged that risk management is as much about opportunities as it is about losses. However, that is then usually followed by focusing on the opportunities and downplaying the importance of loss controlling.
Preventing a dollar of loss is just as valuable to the firm as adding a dollar of revenue. A risk management loss controlling system provides management with a methodology to make that loss prevention a reliable and repeatable event. Excess revenue has much more value if it is reliable and repeatable. Loss control that is reliable and repeatable can have the same value.
Getting the price right for risks is key. I like to think of the right price as having three components. Expected losses. Risk Margin. Margin for expenses and profits. The first thing that you have to decide about participating in a market for a particular type of risk is whether the market in sane. That means that the market is realistically including some positive margin for expenses and profits above a realistic value for the expected losses and risk margin.
Most aspects of the home real estate and mortgage markets were not sane in 2006 and 2007. Various insurance markets go through periods of low sanity as well.
Risk management needs to be sure to have the tools to identify the insane markets and the access to tell the story to the real decision makers.
Finally, individual risks or trades need to be assessed and priced properly. That means that the insurance premium needs to provide a positive margin for expenses and profits above the realistic provision for expected losses and a reasonable margin for risk.
There were two big hits to insurers in 2009. One was the continuing problems to AIG from its financial products unit. The main lesson from their troubles ought to be TANSTAAFL. There ain’t no such thing as a free lunch. Selling far out of the money puts and recording the entire premium as a profit is a business model that will ALWAYS end up in disaster.
The other hit was to the variable annuity writers. In their case, they were guilty of only pretending to do risk management. Their risk limits were strange historical artifacts that had very little to do with the actual risk exposures of the firm. The typical risk limits for a VA writer were very low risk retained from equities if the potential loss was due to an embedded guarantee and no limit whatsoever for equity risk that resulted in drops in basic M&E revenue. A typical VA hedging program was like a homeowner who insured every item of his possessions from fire risk, but who failed to insure the house!
So insurers should end the year of 2009 thinking about whether they have either of those two problems lurking somewhere in their book of business.
Are there any “far out of the money” risks where no one is appropriately aware of the large loss potential ?
Are there parts of the business where risk limits are based on tradition rather than on risk?
Have a Happy New Year!
From Mike Cohen
“Where do we go from here, and what have we learned to help us arrive there safely and prosperously?” What risk management lessons have been learned?
Dislocations have occurred many times in history, and have occurred in many societal areas, changing many aspects of life profoundly:
- Economy: Agrarian, manufacturing, technology, service
- Military history: Strategies/tactics, weaponry
- Social/family mores: Many, many variations with intensely personal and emotional elements
- Political systems: Capitalism vs. socialism, big vs. small government, government leadership vs. self-determination
Dislocations will, without question, continue to occur in the future, and just as surely manifest themselves in unpredictable ways. Survivors, and ideally ‘thrivers’, will understand when dislocations occur and make the changes necessary to operate well in their new environments.
There are a number of business and societal behaviors that have been culpable in contributing to the interim demise of our socio-economic system:
- Poor analysis
They are not effective, and have eerie parallels to the seven deadly sins.
While many aspects of our personal and business lives have changed, certain themes remain the same. Righting the ship will be driven by adherence to a number of fundamentals that have driven our success over history and will drive our success in the future.
1) Responsibility and trust: Our actions … what we say and what we do … are our legacy. Do we stand behind them in terms of honesty and wisdom?
Kahlil Gibran, in his epic work ‘The Prophet’, said that “You are the bows from which your children as living arrows are sent forth.” Quite so, but we need to make sure our aim is straight and sure. Our children are our most sacred trust, the most important manifestations of our legacy. Our actions are right along side in terms of importance.
2) Be ‘students’ of what we do:
- What is the purpose of our actions? What are we trying to accomplish?
- Are people or institutions going to be hurt by what we are doing?
- What risks are we taking?
- Functions of all kinds … how do they need to be performed?
3) How do our products work? What needs and wants do they satisfy? In life insurance, for example, those needs and wants to be satisfied are:
- Asset accumulation
* Our financial world has never been more complicated and uncertain, and customers (both individuals and corporations) have never had a greater need for guidance
* ‘Caveat emptor’ (let the buyer beware) – Is this too difficult a burden for the consumer of the 21st century?
4) What do corporations need to do to succeed?
- Satisfy their customers’ needs and wants, more effectively and efficiently than their competitors can
- Manage the profit characteristics, for themselves and their customers, well
- Understand the risks in their enterprise, and ensure that they don’t interfere with the interests of their stakeholders
- Operate with integrity and transparency
We have recovered from dislocations in the past; we’re here, aren’t we? Understanding change, that it will always be occurring and how changes have manifested themselves, is critical to our evolution. Not recovery, but evolution. If we forget history, then we are doomed to repeat it. The same is true for understanding history, although the understanding of history is affected by the authors who report it. “How was your vacation?” “I don’t know. I have to wait to see the pictures”
We will solve the major issues confronting our financial system, but we will in all likelihood come out the other end in a very different place.
Growth does not always mean excessive risk, but excessive risk is almost always associated with high growth.
Growth has a way of masking problems. Things are changing and it is often very difficult to understand whether the changes are just a lag in reporting the good things that come from healthy growth or if they are leading indicators of major problems.
The firm needs to grow risk management analysis and attention along with highest growth activities. That needs to be demanded from the top. No middle or even high level risk officer will ever have the authority to slow down the part of the company that is growing the best. Firms need to have CEO commitment to extra risk analysis of the fastest growing business.
The firm needs to establish its operational capacity for handling growth. The most common reaction to unexpected growth is to delay hiring additional staff (along with delaying adding additional risk staff as mentioned above). After more delay and more growth, the business might seem much more profitable than expected. Some of that excess profitability is coming from the understaffing. Some of the profitability might be coming from mistakes in recordkeeping due to the understaffing. A sudden delayed effort to fix the under staffing will most often hurt more than it helps in the short run.
And what is most likely to be shortchanged in an understaffed growing situation Why it is quality control and recordkeeping. So if there is a growing problem it is very hard to notice it.
So what to do?
Every great mistake has a halfway
moment, a split second when it can be
recalled and perhaps remedied.
Part of the process of planning for each new thing that might grow, if it is as successful as is hoped, needs to be to determine where that halfway moment might be.
Nick sent out a link to a test that you can take that measures Risk Intelligence
Try it… I believe that it does give some insight to a different aspect of intelligence that is needed for good risk management.
I would not say that it suggests anything new. In fact, it seems to link Risk Intelligence back to the ancient inscription at the Oracle of Delphi,
To be able to understand RISK, that is a good first step, to be able to distinguish between things that you know and things that you do not know are true. I would suggest that is pretty basic for success in any endeavor, including risk management.
However, I would suggest a slightly different standard as the most important kind of intelligence needed for risk management. That would be the ability to
Distinguish between Future Events that are Certainties and Future Events that are Uncertain.
Distinguish between RISK and UNCERTAINTY in a Knightian sense for the Uncertain events.
Remember after the fact that at some past time, when a decision had to be made, the future events that we now all know to be certain because they have happened, were uncertain.
But those conditions seem like boundary conditions – there is no Risk Intelligence if those conditions are not met.
Real Risk Intelligence would then be the ability to make reliable estimates of the likelihood of Uncertain Events.
Real Risk Intelligence would need to be scored as the Projection Point test is scored, that is against a scale that incorporates the idea that answers are not right or wrong, but that acknowledges that probabilistic answers should be scored on a curve (actually they use a diagonal) that reflects the likelihood as well as the outcome.
I would suggest that taking the Projection Point Risk Intelligence Test is worth the 10 minutes that it takes. But it is the beginning rather than the end of investigation into the idea of Risk Intelligence.
Guest Post from Larry Rubin
I question whether sufficient attention is being paid to the definition of risk in most risk measures and in solvency II. In this case the use of 1-year VAR. Insurance companies makes long term promises as compared to other financial institutions. Yet we have seen the inadequacies of this risk measure for these other institutions. 1-year VAR is based on the assumption that if a company can survive a year it can re-capitalize. The credit crisis has shown that in a period of economic distress when it is most likely that many companies will be “in the tail” the ability to re-capitalize is suspect if non-existent. Companies such as, Lehman Brothers, Northern Rock, AIG and INDYMac could not re-capitalize. Bear Stearns, Merrill Lynch and WaMU required government support to facilitate the sale of their liabilities.
I believe one of the lessons of the credit crisis is that is that either the 1-year VAR analysis needs to reflect the potential drying up of capital during a tail event or insurance companies need to re-think the 1-year VAR measure. US Risk Based Capital, while an imperfect measure, has had ruin theory as its fundamental premise. This measure has held up well as most US life insurance operating companies maintained sufficient capital to survive to the point where it was possible to re-capitalize
Larry H. Rubin
Are you working with live ammunition with your risk management program?
What I mean is, when the risk models and the risk reports show a problem, is the reaction to promptly fix the problem, or is the reaction to start a study of the problem?
The question really is whether the risk management information streams are considered primary information for managing the firm or are they secondary systems?
If the reaction to an indication of a problem from the risk management systems is to initiate a study, then the implied presumption is that the real information systems say that everything is ok, and this secondary system says not. So we need to check this out.
Many commentators about risk management have been calling for “RISK” to be given authority. What I think that means is that RISK would be empowered to act when the risk management system tells of a problem. RISK would order that something be bought or sold or whatever to fix the problem.
I think that the presumption there is that there is no possibility that anyone other than RISK would actually ever act upon a warning from the risk management systems. So if risk management is to be taken seriously, then it must be for RISK to do that.
Well, wouldn’t it be much better if the risk management information was considered to be a primary information source for the folks who actually run the businesses? Think about it. If you run a bus company and want the drivers to stay within the speed limit, do you put someone in the back of the bus with a speedometer and a break pedal who will step on the brake whenever the bus starts to go too fast? Or do you train the bus driver to use the brake pedal herself?
Risk Management needs to be everyone’s job. If the CEO of the firm is not willing to hold business managers responsible for risk, then he really does not want risk management.
The job of RISK is not to over ride the bus drivers, it is to make sure that the speedometers and brakes work right, that the acceleration pedal does not stick down and that the driver is well trained in how to interpret the speedometer and use the brakes in the right way. RISK keeps the CEO and the Board informed about the effectiveness of the risk management system and helps top management to understand the risk reward choices that they are faced with when the major decisions about the firm’s future are being made.
This may not be your corporate policy. But you should be clear to all whether your risk limits are hard, soft or gigantic.
A Hard risk limit is one where there just may be a rock and a snake for the violator. Violations of limits are not expected to happen in a system with hard risk limits. So maybe no one knows what the consequences are. In systems with very hard limits, a system of “checkpoints” may develop that are actually soft limits that help managers to avoid coming too close to the hard limits. These firms may have rules like “violations of limits must be reported to the board at the very next meeting”. In addition, there may be a hard requirement to reverse or offset the actions that led to the violation within some short period of time, sometimes something like 72 hours.
A Soft risk limit is very much the opposite. Violation of a soft risk limit might most often result in raising the limit. Or violations may simply be allowed to stand without any special notice or attempt to reverse. A more diciplined soft limit system may track the number of violations and use the count of violations as an indication of potential issues.
A Gigantic risk limit is very common. There is no need to decide whether a Gigantic risk limit is hard or soft, because there is little chace that the firm will ever approach the limit. Gigantic limits are often 200% or more than expected positions. Commonly, Gigantic limits are are found in formal investment policies of firms or funds. These are deliberately set so high that they will not get in the way of day to day operations of the investment managers, even if they want to make significant changes to the make-up of the fund. Unfortunately, many firms have not yet realized that these policy limits are not useful risk limits. But they do save money on snakes.
The use of derivatives and risk management processes to control risk was very successful in changing the risk management Landscape.
But that change has been in the same vein as the changes to forest management practices that saw us eliminating the small forest fires only to find that the only fires that we then had were the fires that were too big to control. Those giant forest fires were out of control from the start and did more damage than 10 years of small fires.
The geography of the world from a risk management view is represented by this picture:
The ball represents the state of the world. Taking a risk is represented by moving the ball one direction or the other. If the ball goes over the top and falls down the sides, then that is a disaster.
So risk managers spend lots of time trying to measure the size of the valley and setting up processes and procedures so that the firm does not get up to the top of the valley onto one of the peaks, where a good stiff wind might blow the firm into the abyss.
The tools for risk management, things like derivatives with careful hedging programs now allowed firms to take almost any risk imaginable and to “fully” offset that risk. The landscape was changed to look like this:
Managers believed that the added risk management bars could be built as high as needed so that any imagined risk could be taken. In fact, they started to believe that the possibility of failure was not even real. They started to think of the topology of risk looking like this:
But then we all learned that the hedges were never really perfect. (There is no profit possible with a perfect hedge.) And in addition, some of the hedge counterparties were firms who jumped right to the last map without bothering to build up the hedging walls.
And we also learned that there was actually a limit to how high the walls could be built. Our skill in building walls had limits. So it was important to have kept track of the gross amount of risk before the hedging. Not just the small net amount of risk after the hedging.
Now we need to build a new view of risk and risk management. A new map. Some people have drawn their new map like this:
Others have given up. They saw the old map fail and do not know if they are ever again going to trust those maps.
So we risk managers need to go back to the top map again and revalidate our map of risk and start to convince others that we do know where the peaks are and how to avoid them. We need to understand the limitations to the wall building version of risk management and help to direct our firms to stay away from the disasters.
Link to Detailed Timeline
The events of the past three years are unprecedented in almost all of our lifetimes. One needs to go back and look at how much was happening in such a short time to get an appreciation of how difficult it must have been to be in the hot seats of government, central banks and regulators, especially during the fall of 2008.
On the other hand, it is pretty easy, with 20-20 hindsight, to point to events that should have made it clear that something bad was on its way.
The timeline that is posted here on Riskviews is an amalgam from 5 or 6 different sources, including the BBC, Federal Reserve and Wikipedia. None of them seemed to be very complete. Not that this one is. My personal biases left out some items from all of the sources.
Let us know what was left out that is important. This timeline was created over a one year period and there was little effort to go back and pick up items that did not seem important at the time, but that later were found to be early signals of later big problems.
The reaction that I have had when I used this timeline to make a presentation about the Financial Crisis is that it is pretty unfair to go pointing fingers about actions taken during the fall of 2008. When you look at the daily earth shaking events that were happening, it is really totally overwhelming, even a year later. If the events that occured daily were spread out one per month, then perhaps a case could be made that “they” should ahve done better.
Going back much further, I am not willing to be quite so kind. This crisis was manufactured by collision of two deliberate government policies – home-ownership for all and deregulation of financial markets. That collision was preventable. Neither policy had to be taken to the extreme that it was taken – to what looks now like an absurd extreme in both cases.
And in addition, the financial firms themselves are far from blameless. Greenspan’s belief that the bankers were capable of looking out for their shareholder’s best interest was correct. They were capable.
Read the history. See what happened. Decide for yourself. Let me know what I missed.
Link to Detailed Timeline
Guest Post from Chitro Majumdar
Economic capital models can be complex, embodying many component parts and it may not be immediately obvious that a complex model works satisfactorily. Moreover, a model may embody assumptions about relationships between variables or about their behaviour that may not hold in all circumstances (e.g under periods of stress). We have developed an algorithm for Dynamic Financial Analysis (DFA) that enables the creation of a comprehensive framework to manage Enterprise Risk’s Economic Risk Capital. DFA is used in the capital budgeting decision process of a company to launch a new invention and predict the impact of the strategic decision on the balance sheet in the horizon. DFA gives strategy for Enterprise Risk Management in order to avoid undesirable outcomes, which could be disastrous.
“The Quants know better than anyone how their models can fail. The surest way to replicate this adversity is to trust the models blindly while taking large-scale advantage of situations where they seem to provide ERM strategies that would yield results too superior to be true”
Dynamic Financial Analysis (DFA) is the most advance modelling process in today’s property and casualty industry-allowing us to develop financial forecasts that integrate the variability and interrelationships of critical factors affecting our results. Through the modeling of DFA, we see the company’s relevant random variables is based on the categorization of risks which is generated solvency testing where the financial position of the company is evaluated from the perspective of the customers. The central idea is to quantify in probabilistic terms whether the company will be able to meet its commitments in the future. DFA is in the capital budgeting decision process of a company launching a new invention and predicting the impact of the strategic decision on the balance sheet in a horizon of few years.
The validation of economic capital models is at a very preliminary stage. There exists a wide range of validation techniques, each of which provides corroboration for (or against) only some of the desirable properties of a model. Moreover, validation techniques are powerful in some areas such as risk sensitivity but not in other areas such as overall absolute accuracy or accuracy in the tail of the loss distribution. It is advisable that validation processes are designed alongside development of the models rather than chronologically following the model building process. There is a wide range of validation processes and each one provides evidence for only some of the desirable properties of a model. Certain industry validation practices are weak with improvements needed in benchmarking, industry wide exercises, back-testing, profit and loss analysis and stress testing and followed by other advanced simulation model. For validation we adhere to the below mentioned method to calculate.
Calculation of risk measures
In their internal use of risk measures, banks need to determine an appropriate confidence level for their economic capital models. It generally does not coincide with the 99.9% confidence level used for credit and operational risk under Pillar 1 of Basel II or with the 99% confidence level for general and specific market risk. Frequently, the link between a bank’s target rating and the choice of confidence level is interpreted as the amount of economic capital necessary to prevent the bank from eroding its capital buffer at a given confidence level. According to this view, which can be interpreted as a going concern view, capital planning is seen more as a dynamic exercise than a static one, in which banks want to hold a capital buffer “on top” of their regulatory capital and where it is the probability of eroding such a buffer (rather than all available capital) that is linked to the target rating. This would reflect the expectation (by analysts, rating agencies and the market) that the bank operates with capital that exceeds the regulatory minimum requirement. Apart from considerations about the link to a target rating, the choice of a confidence level might differ based on the question to be addressed. On the one hand, high confidence levels reflect the perspective of creditors, rating agencies and regulators in that they are used to determine the amount of capital required to minimise bankruptcy risk. On the other hand, use of lower confidence levels for management purposes in order to allocate capital to business lines and/or individual exposures and to identify those exposures that are critical for profit objectives in a normal business environment. Another interesting aspect of the internal use of different risk measures is that the choice of risk measure and confidence level heavily influences relative capital allocations to individual exposures or portfolios. In short, the farther out in the tail of a loss distribution, the more relative capital gets allocated to concentrated exposures. As such, the choice of the risk measure as well as the confidence level can have a strategic impact since some portfolios might look relatively better or worse under risk-adjusted performance measures than they would based on an alternative risk measure.
Chitro Majumdar CSO – R-square RiskLab
More details: http://www.riskreturncorp.com