Perhaps we will look back at 2009 and recall that it is the turning point year for Risk Management. The year that boards ans management and regulators all at once embraced ERM and really took it to heart. The year that many, many firms appointed their first ever Chief Risk Officer. They year when they finally committed the resources to build the risk capital model of the entire firm.
On the other hand, it might be recalled as the false spring of ERM before its eventual relegation to the scrapyard of those incessant series of new business management fads like Management by Objective, Managerial Grid, TQM, Process Re-engineering and Six Sigma.
The Financial Crisis was in part due to risk management. Put a helmet on a kid on a bicycle and they go faster down that hill. And if the kid really doesn’t believe in helmets and they fail to buckle to chin strap and the helmet blows off in the wind, so much the better. The wind in the hair feels exhilarating.
The true test of whether the top management is ready to actually DO risk management is whether they are expecting to have to vhange some of their decisions based upon what their risk assessment process tells them.
The dashboard metaphor is really a good way of thinking about risk management. A reasonable person driving a car will look at their dashboard periodically to check on their speed and on the amount of gas that they have in the car. That information will occasionally cause them to do something different than what they might have otherwise done.
Regulatory concentration on Risk Management is. on the whole, likely to be bad for firms. While most banks were doing enough risk management to satisfy regulators, that risk management was not relevant to stopping or even slowing down the financial crisis.
Firms will tend to load up on risks that are not featured by their risk assessment system. A regulatory driven risk management system tends to be fixed, while a real risk management system needs to be nimble.
Compliance based risk management makes as much sense for firms as driving at the speed limit regardless of the weather, road conditions or the conditions of the car’s breaks and steering.
Many have urged that risk management is as much about opportunities as it is about losses. However, that is then usually followed by focusing on the opportunities and downplaying the importance of loss controlling.
Preventing a dollar of loss is just as valuable to the firm as adding a dollar of revenue. A risk management loss controlling system provides management with a methodology to make that loss prevention a reliable and repeatable event. Excess revenue has much more value if it is reliable and repeatable. Loss control that is reliable and repeatable can have the same value.
Getting the price right for risks is key. I like to think of the right price as having three components. Expected losses. Risk Margin. Margin for expenses and profits. The first thing that you have to decide about participating in a market for a particular type of risk is whether the market in sane. That means that the market is realistically including some positive margin for expenses and profits above a realistic value for the expected losses and risk margin.
Most aspects of the home real estate and mortgage markets were not sane in 2006 and 2007. Various insurance markets go through periods of low sanity as well.
Risk management needs to be sure to have the tools to identify the insane markets and the access to tell the story to the real decision makers.
Finally, individual risks or trades need to be assessed and priced properly. That means that the insurance premium needs to provide a positive margin for expenses and profits above the realistic provision for expected losses and a reasonable margin for risk.
There were two big hits to insurers in 2009. One was the continuing problems to AIG from its financial products unit. The main lesson from their troubles ought to be TANSTAAFL. There ain’t no such thing as a free lunch. Selling far out of the money puts and recording the entire premium as a profit is a business model that will ALWAYS end up in disaster.
The other hit was to the variable annuity writers. In their case, they were guilty of only pretending to do risk management. Their risk limits were strange historical artifacts that had very little to do with the actual risk exposures of the firm. The typical risk limits for a VA writer were very low risk retained from equities if the potential loss was due to an embedded guarantee and no limit whatsoever for equity risk that resulted in drops in basic M&E revenue. A typical VA hedging program was like a homeowner who insured every item of his possessions from fire risk, but who failed to insure the house!
So insurers should end the year of 2009 thinking about whether they have either of those two problems lurking somewhere in their book of business.
Are there any “far out of the money” risks where no one is appropriately aware of the large loss potential ?
Are there parts of the business where risk limits are based on tradition rather than on risk?
Have a Happy New Year!