Archive for the ‘Cultural Theory of Risk’ category

Risk Culture gets the Blame

March 18, 2014

Poor Risk Culture has been often blamed for some of the headline corporate failures of the past several years.  Regulators and rating agencies have spoken out about what they would suggest as important elements of a strong risk culture and the following 10 elements all show up on more than one of those lists:

1.      Risk Governance – involvement of the board in risk management

2.      Risk Appetite – clear statement of the risk that the organization would be willing to accept

3.      Compensation – incentive compensation does not conflict with goals of risk management

4.      Tone at the Top – board and top management are publically vocal in support of risk management

5.      Accountability – Individuals are held accountable for violations of risk limits

6.      Challenge – it is acceptable to publically disagree with risk assessments

7.      Risk Organization – individuals are assigned specific roles to facilitate the risk management program, including a lead risk officer

8.      Broad communication /participation in RM – risk management is everyone’s job and everyone knows what is happening

9.      RM Linked to strategy – risk management program is consistent with company strategy and planning considers risk information

10.    Separate Measurement and Management of risk – no one assesses their own performance regarding risk and risk management

Those are all good things for a firm to do to make it more likely for their risk management to succeed, but this list hardly makes up a Risk Culture.

Crowd

The latest WillisWire post in the ERM Practices series talks about Risk Culture from the perspective of the fundamental beliefs of the people in the organization about risk.

And RISKVIEWS has made over 50 posts about various aspects of risk culture.

Risk Culture Posts in RISKVIEWS

Planning for Risk in 2014

January 2, 2014

Barry Ritholtz provides some outstanding predictions for 2014.

His point, that we cannot predict the future, is well made.

But equally true, we need to have some view of the future in order to continue.  The position that Ritholtz takes, that the future cannot be predicted is actually one of the four Risk Beliefs that is described by the Theory of Plural Rationality.  If you hold that disbelief about any of your risks, then your best strategy is to make many smaller commitments.

The other three beliefs are:

  • Risk is predictable and it will be very high.  Need to be extremely careful. Probably shouldn’t plan to grow at all.
  • Risk is predictable and it will be low.  Time to expand.
  • Risk is predictable and it will be moderate.  Careful and limited risk taking and expansion can work well.

If you are in the risk business, then you choose a strategy for each risk.  Hopefully, you will be doing that AFTER you have collected information about the trajectory of each major risk.

However, some management teams will start from the results that they “must have” to determine their strategy.

If you have done that you should look now at your belief for each risk.  Where you see a mismatch between your belief and your strategy for a risk, you should start making contingency plans.  Otherwise, you will be in for a Surprise.

For example, if you planned to grow at a substantial pace, you need to experience a low risk environment.  Otherwise, your growth is likely to be a very mixed blessing.  (see the Surprise article for details of the surprises that can be experienced by every mismatch between the actual risk environment and the risk strategy)

 

Collective Approaches to Risk in Business: An Introduction to Plural Rationality Theory

December 18, 2013

New Paper Published by the NAAJ
http://www.tandfonline.com/doi/abs/10.1080/10920277.2013.847781#preview

This article initiates a discussion regarding Plural Rationality Theory, which began to be used as a tool for understanding risk 40 years ago in the field of social anthropology. This theory is now widely applied and can provide a powerful paradigm to understand group behaviors. The theory has only recently been utilized in business and finance, where it provides insights into perceptions of risk and the dynamics of firms and markets. Plural Rationality Theory highlights four competing views of risk with corresponding strategies applied in four distinct risk environments. We explain how these rival perspectives are evident on all levels, from roles within organizations to macro level economics. The theory is introduced and the concepts are applied with business terms and examples such as company strategy, where the theory has a particularly strong impact on risk management patterns. The principles are also shown to have been evident in the run up to—and the reactions after—the 2008 financial crisis. Traditional “risk management” is shown to align with only one of these four views of risk, and the consequences of that singular view are discussed. Additional changes needed to make risk management more comprehensive, widely acceptable, and successful are introduced.

Co-Author is Elijah Bush, author of German Muslim Converts: Exploring Patterns of Islamic Integration.

ERM on WillisWire

December 3, 2013

Risk Management: Adaptability is Key to Success

swiss-army-knife_645x400

There is no single approach to risk management that will work for all risks nor, for any one risk, is there any one approach to risk management that will work for all times. Rational adaptability is the strategy of altering … Continue reading →


Resilience for the Long Term

Resilient Sprout in Drought

In 1973, CS Holling, a biologist, argued that the “Equilibrium” idea of natural systems that was then popular with ecologists was wrong.He said that natural systems went through drastic, unpredictable changes – such systems were “profoundly affected by random events”.  … Continue reading →


Management is Needed: Not Incentive Compensation

Bizman in Tie

Many theoreticians and more than a few executives take the position that incentive compensation is a powerful motivator. It therefore follows that careful crafting of the incentive compensation program is all that it takes to get the most out of a … Continue reading →


A Gigantic Risk Management Entertainment System

game-controller-in-room_645x400

As video gaming has become more and more sophisticated, and as the hardware to support those games has become capable of playing movies and other media, video game consoles have now become “Entertainment Systems”.  Continue reading →


Panel at ERM Symposium: ERM for Financial Intermediaries

SS Meaning of Risk Mgmt  77408059 April 23 12

Insurance company risk managers need to recognize that traditional activities like underwriting, pricing and reserving are vitally important parts of managing the risks of their firm. Enterprise risk management (ERM) tends to focus upon only two or three of the … Continue reading →


ERM Symposium Panel: Actuarial Professional Risk Management

SS Risk Button - Blank Keys  53606569 April 23

In just a few days, actuaries will be the first group of Enterprise Risk Management (ERM) professionals to make a commitment to specific ERM standards for their work. In 2012, the Actuarial Standards Board passed two new Actuarial Standards of … Continue reading →


Has the Risk Profession Become a Spectator Sport?

The 2013 ERM Symposium goes back to Chicago this year after a side trip to DC for 2012. This is the 11th year for the premier program for financial risk managers. Continue reading →


What to Do About Emerging Risks…

snake-hatching_645x400

WillisWire has on several occasions featured opinions from a large number of our contributors about what might be the next emerging risk in various sectors. But what can be done once you have identified an emerging risk? Continue reading →


U.S. Insurers Need to Get Ready for ORSA

paperwork

Slowly, but surely, and without a lot of fanfare, U.S. insurance regulators have been orchestrating a sea change in their interaction with companies over solvency.  Not as dramatic as Solvency II in Europe, but the U.S. changes are actually happening … Continue reading →


Resiliency vs. Fragility

TREES_645_400(2)

Is there really a choice?  Who would choose to be Fragile over Resilient? Continue reading →

- See more at: http://blog.willis.com/author/daveingram/#sthash.xxAR1QAP.dpuf

Rational Adaptability is needed for risk management success

October 28, 2013

There is no single approach to risk management that will work for all risks nor, for any one risk, is there any one approach to risk management that will work for all times.  Rational Adaptability is the strategy of altering your approach to risk management with the changes in the risk environment.

Willis Re execs Dave Ingram and Alice Underwood have teamed with anthropologist Michael Thompson to produce a series of articles that discuss the four risk environments and four risk management strategies that are linked to four risk attitudes that are adapted from anthropology work from the 1980’s.

The four risk attitudes are: Pragmatists, who believe that the world is uncertain and unpredictable; Conservators, whose world belief is of peril and high risk; Maximizers, who see the world as low-risk and fundamentally self-correcting; and Managers, whose world is moderately risky, but not too risky for firms that are guided properly.

We have been living through an Uncertain risk environment where the optimal risk management strategy is Diversification of risks.  The height of the Financial Crisis was, of course, a Bust risk environment where the optimal strategy was Loss Controlling.  Prior to the crisis, some sectors were experiencing a Boom risk environment where Risk Trading was the best strategy.  And the long Moderate environment that preceded the boom for many years resulted in many companies adopting a Risk Steering strategy to optimize risk and reward.

These ideas were presented by Alice, Dave and Mike at two conferences in Europe in 2012 and published as a series of six articles on the InsuranceERM webzine.  Those six articles have been compiled into a single report by InsuranceERM that is now available from their website.

This is just the latest in a long series of work on this topic (and the most comprehensive to date).  Please see http://riskviews.wordpress.com/plural-rationalities/ for a comprehensive look at this work over the past several years.

Resilience in the Long Run

June 20, 2013

[A speech delivered at the New York Stock Exchange, June 19, 2013 by Dave Ingram]

NYSE_Door copy

Did any of you notice last fall when New York City shut down for a week?

That wasn’t on my list of likely problems for 2013.

That experience brought home to me the difference between Risk Management, the idea that I have been selling for over 10 years, and Resilience.

When I looked around during that week, I saw first hand what Resilience looked like.  And also what it looked like to be fragile.  The Resilient people and firms were going about their business.  The Fragile were waiting in lines for gas and picking up the pieces of their businesses and dwellings.

And that is when it struck me that Resilience is what people and businesses want, not Risk Management.

So today, I am going to take you on a quick tour of Resilience.

The first time I can find that someone used the term Resilience in the way that we now use it was in 1973.  CS Holling, a biologist, wrote a paper titled “Resilience and Stability of Ecological Systems”.  Hollings main point was that the EQUILIBRIUM idea of  natural systems that was then popular with ecologists was wrong.  Natural systems went through drastic, unpredictable changes – such systems were “profoundly affected by random events”.  He defined resilience as

A measure of the ability of these systems to absorb changes . . . and still persist.

He also talked about how natural systems going through a four phase cycle.  A cycle that is amazingly like what we experience in business.

To illustrate those four phases to you, I will use a graph that you are doubtless all familiar with, not necessarily this exact graph, but you are all very aware of how housing prices have performed over the past 10+ years.

Cycles

For the first 20+ years of this graph, housing prices were moderately volatile.  There were some large swings as well as short term bounces in housing prices.  We will call that a Moderate period.  Then for a few years, prices went almost straight up.  We will call that phase a Boom.  Which as we all well know as followed by a Bust.  But the unusual thing about this chart is that it very clearly shows the environment that we all have been struggling with for the past 3 – 4 years.  A time when things do not seem to be going in any direction.  An Uncertain phase.

What I came here to tell you is that Resilience means something different in each of these four phases.  And the firms that are the most Resilient will take advantage of the best strategy during each phase.

During the Boom, the best Resilience strategy is to Grow!  Triage is the strategy best suited Resilience strategy for the Bust.  During the Moderate phase steadily Improving is the best strategy.  And during Uncertain times,  as you have all figured out the hard way is to Diversify your business.  The good thing is that these four phases will be repeated and  some version of these four strategies will always be the best Resilience strategy for your firm.  Let me now take you beyond the one word description.

The strategy of the Boom is Growth.  That is not obviously a Resilience strategy.  But here is where I borrow the most from the biologist, Holling.  In Holling’s view of living systems, the species that had the best long-term resilience were those that took advantage of the best times to grow to be the most numerous and the strongest.  So Grow your business and Grow your balance sheet during the boom.  It is not hard to notice the start of the Boom.  Either your sales start to jump, or else, you notice that your competitor’s sales will jump.  During the Boom, your job will be to help to fund that expansion of capacity that is needed to grow.  The thing to watch out for is that at the end of the Boom, many, many firms have borrowed very heavily to fund their growth, and some of them are stuck with one plant too many, possibly even an unfinished plant built entirely with borrowed funds.  So for the Boom, you want to make sure that your firm can grow and take advantage of the great environment but you need to be on the look-out for the end of the Boom and help to steer your firm away from making that one too many expansionary steps.  A tricky call to make and not likely to be a popular position at the time.

The strategy of the Bust is Triage.  Trimming away those pieces of the operation that are not self supporting and not reliably profitable.  This is a drill that many of you have gone through several times now.  The Bust phase is not hard to recognize, as you know.  The bottom falls out, sometimes very quickly, and other times gradually over a few quarters.  This Triage operation needs to be started as soon as the Bust is clearly upon you.  There may not as much resistance to the Triage during the Bust.  The problem is to make sure that your firm will still have the resources for growth that will come with the end of the Bust.  The Biologist view of this phase is that the Resilient species is that the most Resilient species are the ones that can both survive their worst environment but also be healthy enough to successfully go around the cycle one more time.  So minimal survival is not sufficient.

The Moderate environment is when the somewhat boring strategy of Improving is best.  In this environment the little things add up.  Your engineers and quants and other expert employees are the best asset of the company.  Improve is a resilience strategy because these improvements are small and carefully implemented.  The Moderate environment still is dangerous and changes must be made carefully.  It is a little tricky to see the start of a Moderate environment, the indications of its start are mostly negative – extreme events, both good and bad become less and less common.  Those of us with a financial background will mostly feel at home in the Moderate background.  If your among the older half of the audience today, you doubtless remember well the Greenspan led “Great Moderation” from 1984 to 2001, a long time with only moderate ups and downs in the economy.  Our abilities to help to carefully fine tune a company to maximize its efficiency were very valuable and in demand.

But it is important to realize that that very push for efficiency gradually starts to reduce Resilience and in some ways that Great Moderation with the almost 20 year period of Improve strategy created the fragility that helped to make the Great Recession so toxic.

More on this in a minute.

Finally, in Uncertain times Diversity is the best Resilience strategy.  That means that you need to move away from the strategies that concentrated all of your investment into those things that you did best and instead limit the degree to which your firm is dependent on any one product, or territory or distributor or supplier or manufacturing process.  You have also been building up your firm’s cash position.  And as the Uncertain times persist, you start to see opportunities to acquire smaller firms who can help to broaden your base even further.  With the Diversify strategy, you are admitting that you are not really sure what will come next.  That any of your business units may be the next growth opportunity or any might well tank completely.  However, you need to be aware that the Diversify mindset is toxic when the Uncertain period ends.  Then you will need to shrug off the slow and careful decision-making and the undercommittment.

Next

So what is next?  That will certainly vary by sector.  Some sectors, like energy extraction have already entered a new Boom.  But for most of us, the most likely course is for the Uncertanly to gradually reduce and for our environment to slide into a Moderate phase.  That may have already happened in your sector.  Have you noticed it?

And when it does, you will be back in the game of promoting Efficiency and Improvement as the Resilience strategy of the firm.  Slow and gradual growth of business and of margins.

Since I expect that the Moderate environment is most likely next and because the Improve strategy that is the best Resilience strategy for that period is the strength of us financial types, I want spend just a little more time looking at how the Improve strategy works, when it is working well and what happens when it starts to erode Resilience.

EFF1

You all likely to remember fondly your first big win in a Moderate environment.  You came in and quickly identified something that was ripe for a change.  Something where the operations were highly inefficient and you made sure that things changed and a big turn around happened.  You really felt that you added to company value and to your own reputation.

eff2

Over time you were able to make many such improvements, on this picture, moving virtually everything on to the efficient frontier.

eff3

Then you felt the need to find more wins.  You were imagining that you could help to completely change the game, to move the possibilities upwards.  But in some cases, what happened instead is that you did change the game, but what you did was not exactly improve efficiency of the system, instead, you started to reduce the amounts of redundant resources of the system.  That improves the expected returns, but often drastically reduces Resilience.  On the picture above, you wanted to move from A* to A++ and instead you moved to A–.  You got the extra return that you wanted but increased the risk and reduced the resilience.  Some of the slack that you removed from the system was really needed, the system becomes very fragile without it.

So far I have been very theoretical here.  Let’s think of this in terms of Outsourcing.  Outsourcing often looks like a game changer, moving to A++.  But the reduced costs of outsourcing are only a game changer if your subcontractor maintains a similar or better resilience as your insourcing alternative.  If what you are getting is paying less for less Resilience, then you have moved to A–.  More return but at a possibly markedly increased risk.

And if you are Outsourcing something that is of primary importance to your business, then you have shifted the required key competence for your firm to succeed.  If you key competence had been to manufacture Part XYZ, and you Outsource that work, then the key competence that you now need is the management of subcontractors.  Some of the savings that you think that you are getting comes from the fact that you did not necessarily factor in enough cost for management of the subcontractors.  And a key questions becomes whether you can be sure that your firm can keep the same degree of resilience so that it really is an A++ move and not an A—move that trades off cost for Resilience.

Leverage or debt is that way that we get this wrong in the financial sector where I work.  In our sector, the relationship between equity capital and risk is the key to resilience.  But many banks and insurers will lever up their business, increasing profitability for shareholders while decreasing Resilience.

One of the key problems in even noticing this issue of decreasing Resilience with increasing efficiency is that the problem is hard to see.  Resilience is clearly a corporate asset, but it does not appear n the balance sheet.  Accounting gives exactly wrong signals about risk and resiliency.  Reducing resiliency will usually be reported on an accounting statement as an improvement in financial condition.  It is profitable.  That is a big problem because RISKS IN THE LIGHT SHRINK AND RISKS IN THE DARK GROW.  (Ingram’s Law of Risk and Light).

Now let’s look at how these ideas apply to the risks that concern us the most.  A survey conducted by Allianz Insurance Group produced this list of Top Risks for 2013:

  1. Business interruption, supply chain risk
  2. Natural catastrophes
  3. Fire, explosion
  4. Intensified competition
  5. Changes in legislation and regulation
  6. Market fluctuations
  7. Theft, fraud, corruption
  8. Loss of reputation or brand value
  9. Commodity price increases
  10. Credit availability

Let’s look at how these ideas about Resilience apply to some of these top risks:

Supply Chain

This is usually a major part of your basic business.

  •  Grow – Have suppliers or alternates that can handle big increases in your orders
  •  Diversify – Multiple really different options
  •  Improve – Need the most efficient supply chain BUT highest efficiency is VERY FRAGILE
  •  Triage – Trim without killing supplier

Natural Catastrophe

Natural Catastrophes are one of the random elements that can trigger shifts in the Environment. The year after the SF EQ of 1906 saw a major recession in the US with a 30% drop in industrial production. In recent years, major cats like Katrina have not triggered such a shift.  Seeing Sandy shut down NYC for much of a week was a shock.  A few buildings not two blocks from here were not back in operation until the end of May. In 1995, Kobe earthquake caused an unexpected drop in the Japanese stock market which led to the failure of Barings Bank

You assess RESILIENCE to Nat Cats with stress testing.  I would suggest testing stress scenarios that are two times the worst prior event

Fire, Explosion

  •  Grow – Will be adding buildings quickly
  •  Diversify – Don’t concentrate operations – no single fire can hurt much
  •  Improve – Concentrate operations for max efficiency.  Outsourcing means your resilience is affected by theirs – Bangladesh mill collapse
  •  Triage – Resilience is a factor in choosing which buildings to close

 Competition

  •  Grow – Big First mover advantage – popular to say that you are fast follower, but some followers get in fast enough to get the highest margin business, some delay just enough that they get none of the best business, Some are moving in just as the first movers are moving on to some other category killer.
  •  Diversify – Watch out for others who are diversifying into your market.  They will heedlessly reduce margins.  Make sure that you are not playing that role in some market that you are diversifying into.
  •  Improve – Arms race with competitors.  Do not try to believe that cutting costs is a long term strategy for a company.
  •  Triage – Temptation to keep looking over at your target competitors.  Don’t do that during the Bust.  That can be fatal.  You can end up following them off of the cliff.

Disclosure

I want to say just a few words about disclosure for two reasons.   First, because it is a new hot topic and second because I want to repeat something that I heard an insurer CRO say that I wanted to share.  The hot topic part of this is that the SEC has recently spoken out about risk disclosures – specifically saying that boilerplate was not sufficient, that meaningful risk disclosure was required.  And for the most part, all US firms risk disclosures are boilerplate.  And in fact, not particularly thoughtful boilerplate.  So, in advance of a major loss event, you need to make an attempt to disclose the risk that might lead to the loss.  Then comes the question of disclosing risk mitigation and other risk management activities.  Most companies do not disclose.  That decision is highly questionable in my mind.  If you are a company that is doing all that you can to promote Resilience thinking and actions, you look no different from the firm that does exactly nothing.  My guess is that these decisions are made based upon a risk only analysis, rather than a risk reward analysis.  However, after you have suffered a major loss, from a practical point of view, it is more or less mandatory to start disclosing those practices.  I am having trouble understanding that logic tree.  Maybe you do.

The idea to share, that you may want to consider when you reevaluate your policy regarding these disclosures is that a perception among investors that you are acting responsibly towards your risks that is formed from your repeated disclosure of those activities would go a long way towards putting you in the position of not needing as much apology after the loss and will regain full investor confidence sooner than your competitors who do not tell such a story in years when there were no losses.  Think about it, how does that sort of thing work within your companies?

Conclusion

Holling said that the species that were the most resilient grew enough when the environment was right so that there were still enough members left at the end of the bust.  And they also were able to avoid making any fatal errors in any of the other environments.

So my final advice is:

  • Choose the right Resilience strategy in each environment so that the company has the capacity to both survive the next bust, but also come out of it strong enough to thrive and grow in the following cycle of Moderate and Boom environments
  • Take care not to unconsciously destroy resilience when increasing efficiency
  • Shine a light on those risks in the dark
  • Stress Test your most dangerous risks to find weaknesses
  • Pay attention NOW to what you will need for the next environment

ERM Control Cycle

April 20, 2013

ERM Control Cycle

The seven principles of ERM for Insurers can be seen as forming an Enterprise Risk Control cycle.

The cycle starts with assessing and planning for risk taking.  That process may include the Diversification principle and/or the Portfolio principle.

Next to the steps of setting Considerations and Underwriting the risks.  These steps are sometimes operated together and sometimes separate, usually depending upon the degree to which the risks are  small and homogeneous or large and unique.

The Risk Control cycle is then applied to the risks that have been accepted.  That step is needed because even if a risk is properly priced and appropriately accepted, the insurer will want to manage the aggregate amount of such risks.  Within the risk control cycle, there is a risk mitigation step and within that step an insurer may choose to reduce their total risk or to increase their risk taking capacity.

Risks that have been accepted through the underwriting process and that the insurer is retaining after the risk control cycle process must be assessed for Provisioning, both for reserve and capital.

Finally, for this discussion of the ERM Cycle, the insurer needs to consider whether there are additional risks that have been unknowingly accepted that may emerge in the future.  The Future risk principle provides a path for that step.

For the ERM Cycle, there is actually no such thing as FINALLY.  As a cycle, it repeats infinitely.  The picture above has many two headed arrows in addition to the one way arrows that represent a single circular process.

The ERM idea sits in the middle of these seven principles.  The ERM idea is the idea that an insurer will follow a cycle like this for all of the risks of the insurer and in addition for the aggregation of all risks.  This will be done to protect all of the stakeholders of the insurers, policyholders, stockholders, bondholders, management, employees and communities to the greatest extent that their sometimes contradictory interests allow.

Most firms will put different degrees of emphasis on different elements.  Some will have very faint arrows between ERM and some of the other principles.  Some insurers will neglect some of these principles completely.

It may be that the choice of which principles to emphasize are tightly linked with their view of the risk environment.

env copy

This a part of the discussion of the seven ERM Principles for Insurers

Does your Risk Management Program have a Personality?

December 19, 2012

Many people are familiar with the Myers-Briggs Personality Type Indicator.  It is widely used by businesses.  What a shocker to read in the Washington Post last week that psychologists are not particularly fond of it.

The Myers-Briggs Personality types were developed directly from the work of Carl Jung, who is not highly regarded by modern psychologists according to the Washington Post story.

Psychologists have their own personality types.  The chart below is from The Personal Growth Library, and is called the Five Factor Model.

Personality

You may be able to find options here that would allign with your ERM program. 

Stability – You may seek Resilience, and settle for Responsiveness. 

Originality – You may want to be an Explorer, but much more likely, your ERM program is a Preserver.

Accommodation – Your goal is to be a Challenger, you end up a Negotiator. 

Consolidation – You should be able to achieve a Focused ERM program, but pressures of business and the never ending crises force you to be Flexible much too often. 

That seems to provide some valuable introspection. 

Next you need to look at the overall enterprise personality.  Many successful companies will have a personality that is very different from the choices that you want to steer towards as the risk manager for your program.  You should check it out and see.

If there is an actual allignment between your overall organization’s personality and the personality that you aspire to for your ERM program, then you will be running downhill to get that development accomplished. 

What does that mean when the personality that you want for your ERM program is almost totally different from the personality of your organization?  It means that you will be pulled constantly towards the corporate personallity and away from what you believe to be the most effective ERM personality.  You then have to choose whether to run your ERM program as a bunch of outsiders.  You then will need to form a tight knit support group for your outsiders.  And make sure that you watch the movie Seven Samuri or The Magnificant Seven. 

Or you can rethink the idea you have of ERM.  Think of a version of ERM that will fit with the personality of your company.  Take a look at The Fabric of ERM for some ideas.  Along with the rest of the Plural Rationality materials.

What Do Your Threats Look Like?

December 6, 2012

Severe and intense threats are usually associated with dramatic weather events, terrorist attacks, earthquakes, nuclear accidents and such like.  When one of these types of threats is thought to be immanent, people will often cooperate with a cooperative ERM scheme, if one is offered.  But when the threat actually happens, there are four possible responses:  cooperation with disaster plan, becoming immobilized and ignoring the disaster, panic and anti-social advantage taking.  Disaster planning sometimes goes no further than developing a path for people with the first response.  A full disaster plan would need to take into account all four reactions.  Plans would be made to deal with the labile and panicked people and to prevent the damage from the anti-social.  In businesses, a business continuity or disaster plan would fall into this category of activity.

When businesses do a first assessment, risks are often displayed in four quadrants: Low Likelihood/Low Severity; Low Likelihood/High Severity; High Likelihood/Low Severity; and High Likelihood/High Severity.  It is extremely difficult to survive if your risks are High Likelihood/High Severity, so few businesses find that they have risks in that quadrant.  So businesses usually only have risks in this category that are Low Likelihood.

Highly Cooperative mode of Risk Management means that everyone is involved in risk management because you need everyone to be looking out for the threats.  This falls apart quickly if your threats are not Severe and Intense because people will question the need for so much vigilance.

Highly Complex threats usually come from the breakdown of a complex system of some sort that you are counting upon.  For an insurer, this usually means that events that they thought had low interdependency end up with a high correlation.  Or else a new source of large losses emerges from an existing area of coverage.  Other complex threats that threaten the life insurance industry include the interplay of financial markets and competing products, such as happened in the 1980′s when money market funds threatened to suck all of the money out of insurers, or in the 1990′s the variable products that decimated the more traditional guaranteed minimum return products.

In addition, financial firms all create their own complex threat situations because they tend to be exposed to a number of different risks.  Keeping track of the magnitude of several different risk types and their interplay is itself a complex task.  Without very complex risk evaluation tools and the help of trained professionals, financial firms would be flying blind.  But these risk evaluation tools themselves create a complex threat.

Highly Organized mode of Risk Management means that there are many very different specialized roles within the risk management process.  May have different teams doing risk assessment, risk mitigation and assurance, for each separate threat.  This can only make sense when the rewards for taking these risks is large because this mode of risk management is very expensive.

Highly Unpredictable Threats are common during times of transition when a system is reorganizing itself.  “Uncertain” has been the word most often used in the past several years to describe the current environment.  We just are not sure what will be hitting us next.  Neither the type of threat, the timing, frequency or severity is known in advance of these unpredictable threats.

Businesses operating in less developed economies will usually see this as their situation.  Governments change, regulations change, the economy dips and weaves, access to resources changes abruptly, wars and terrorism are real threats.

Highly Adaptable mode of Risk Management means that you are ready to shift among the other three modes at any time and operate in a different mode for each threat.  The highly adaptable mode of risk management also allows for quick decisions to abandon the activity that creates the threat at any time.  But taking up new activities with other unique threats is less of a problem under this mode.  Firms operating under the highly adaptive mode usually make sure that their activities do not all lead to a single threat and that they are highly diversified.

Benign Threats are things that will never do more than partially reduce earnings.  Small stuff.  Not good news, but not bad enough to lose any sleep over.

Low Cooperation mode of Risk Management means that individuals within their firm can be separately authorized to undertake activities that expand the threats to the firm.  The individuals will all operate under some rules that put boundaries around their freedom, but most often these firms police these rules after the action, rather than with a process that prevents infractions.  At the extreme of low cooperation mode of risk management, enforcement will be very weak.

For example, many banks have been trying to get by with a low cooperation mode of ERM.  Risk Management is usually separate and adversarial.  The idea is to allow the risk takers the maximum degree of freedom.  After all, they make the profits of the bank.  The idea of VaR is purely to monitor earnings fluctuations.  The risk management systems of banks had not even been looking for any possible Severe and Intense Threats.  As their risk shifted from a simple “Credit” or “Market” to very complex instruments that had elements of both with highly intricate structures there was not enough movement to the highly organized mode of risk management within many banks.  Without the highly organized risk management, the banks were unable to see the shift of those structures from highly complex threats to severe and intense threats. (Or the risk staff saw the problem, but were not empowered to force action.)  The low cooperation mode of risk management was not able to handle those threats and the banks suffered large losses or simply collapsed.

The End of ERM

October 16, 2012

In essence, if ERM is to be implemented in a way which helps an entity get to where it wants to go, it needs to have a bias toward action which many applications currently lack.   “The End of Enterprise Risk Management”  David Martin and Michael Power

In 2007, Martin and Power argued that the regulatory based Enterprise Risk Management programs that were COSO based provided the illusion of control, without actually achieving anything.  Now if you are an executive of a firm and you believe that things are being done just fine, thank you very much, then an ineffective ERM program is just what you want.  But if you really want ERM, the something else is needed.  Martin and Power suggest that the activities of ERM are focused much too much on activities that do not reault in actions to actually change the risks of the firm.  This is a favorite topic of RISKVIEWS as well.  See Beware the Risk Management Entertainment System

RISKVIEWS always tells managers who are interested in developing ERM systems that if some part of an ERM program cannot be clearly linked to decisions to take actions that would not have been taken without ERM, then they are better off without that part of ERM. 

Martin and Power go on to suggest that ERM that uses just one risk measure (usually VAR) is difficult to get right because of limitations of VAR.  RISKVIEWS would add that an ERM program that uses only one risk measure, no matter what that measure is, will be prone to problems.  See Law of Risk and Light. 

It is very nice to find someone who says the same things that you say.  Affirming.  But even better to read something that you haven’t said.  And Martin and Power provide that. 

Finally, there is a call for risk management that is Reflexive.  That reacts to the environment.  Most ERM systems do not have this Reflexive element.  Risk limits are set and risk positions are monitored most often assuming a static environment.  The static environment presumption in a risk management system works if you are operating in an environment that changes fairly infrequently.  In fact, it works best if the frequency of change to your environment is less then the frequency of your update to the risk factors that you use.  That is, if your update includes studying the environment and majing environment driven changes. 

RISKVIEWS has worked in ERM systems that were based upon risk assessment based upon “eternal” risk factors.  Eternal Risk factors are assumed to be good “for all time”.  The US RBC factors are such.  Those factors are changed only when there is a belief that the prior factors were inadequate in representing the full range of risk “for all time”. 

But firms would be better off looking at their risks in the light of a changing risk environment.  Plural Rationality theory suggests that there are four different risk environments.  If a company adopts this idea, then they need to look for signs that the environment is shifting and when it seems to be likely to be shifting, to consider how to change their risk acceptance and risk mitigation in the light of the expected new risk environment.  The idea of repeatedly catching this wave and correctly shifting course is called Rational Adaptability

So RISKVIEWS also strongly agrees with Martin and Powers that a risk management system needs to be reflexive. 

In “The End of ERM” Martin and Powers really mean the end of static ERM that is not action oriented and not reflexive with the environment.  With that RISKVIEWS can heartily agree.

New Riskviews Wiki – Actuarial Applications of Plural Rationality

October 13, 2012

For several years now, I have been working with a small group of people to explore and write about the ideas of Plural Rationality and how it can be used in the field of risk management.  We have presented these ideas at multiple actuarial meetings around the world and published articles in a number of places.  You may be aware of this.

Recently, I recruited two new actuaries to this work and their reaction has been very favorable as they work on this and thereby learn more.  The theory of plural rationality has fairly strong explanatory powers.  They are helping to find new insights in a field that I know little about.

That experience has inspired me to invite all of you to join this effort.

To that end, I have created a wiki for development of actuarial discussions of plural rationality.

https://riskviewswiki-actuarialapplicatifpluralrationality.pbworks.com

The list below are the pages/discussion topics that have been created so far.  The Background page includes links to most of the places where you can find the work that has been done to date on this by Michael, Thompson, Alice Underwood and I.  The others are blank pages that are example of possible discussion topics.  Other discussion topics are of course possible.

(This is all free, but to access, you will need to set up a pbworks account. I am not selling pbworks.  I just happen to like how it works. And it seems to let me do this for free.)

I believe that I need to send you a personal invitation to join the Riskviews network on pbworks so that you can set up the account.  So if you are interested, please send an email to  daveingram@optonline.net.  Feel free to forward this to anyone that you feel might have an interest.  This discussion is not necessarily restricted to actuaries.

  • Background on Plural Rationality
  • Implications for Risk Management
  • Implications for Risk Measurement
  • Implications for Catastrophe Risk measurement and management
  • Implications for Pensions
  • Implications for Equity Linked Life Insurance and Annuities
  • Implications for Mutual Insurance
  • Implications for Solvency II

If you are someone who has no idea what I am talking about and want to look at the Plural Rationality background materials without joining pbworks, you can see it at Plural Rationality and ERM page here on the Riskviews blog.

Dave Ingram

What’s Your Risk Attitude?

June 11, 2012

The HBR Blog has picked up a piece by Ingram and Thompson on the dynamics of Risk Attitudes and Risk Environment.

Check it out HERE.

 RISKVIEWS has featured these ideas many times. 

See http://riskviews.wordpress.com/plural-rationalities/

Let’s get Real

November 7, 2011

Talk to CROs and all the nice theories about risk management get put in their place.  In real companies, the loudest and most influential voice is usually the people who want to add risks.

A real CRO is not often struggling with issues of risk theory.  They are totally immersed in the reality of corporate power politics.

  • In some firms, the CEO will set up the CRO in a position where risk concerns will trump all else.  The CRO will have authority to stop or curtail any activity that s/he feels is excessively risky.
  • In other firms, the CEO will set up the CRO to be one of many voices that are clamoring for attention and for their point of view to be heard.
  • And a third set of firms has the CRO as purely a reporting function, not directly involved in the actual decision making of the firm.
The first case sounds ideal, until the CRO and the CEO go head to head on a major decision.  The battle is not usually long.  The CEO’s view will will.  In these firms, it is usually true that the CRO and the CEO see eye to eye on most things.  The CEO in these firms has the opinion that the business units would take enough risk to imperil the firm if left alone.  But the CEO is still responsible to make sure that the firm is able to grow profitably.  And a CRO who gets used to power over risk decisions, sometimes forgets that power comes solely from the CEO.  But for the most part, the CRO in this firm gets to implement the risk management system that works the way that they thinks is best.
The second case sounds much more common.  The CEO is not saying exactly how much s/he supports ERM.  The CEO will decide in each situation whether to support the CRO or a business unit head on any risk related major decision.  The risk management system in this firm exists in a grey area.  It might look like the risk management system of the first firm, but it does not always have the same amount of authority.  Managers will find out quickly enough that it is usually better to ask for forgiveness rather than follow the rules in the times when they see an important opportunity.  The CRO in this firm will be seeking to make a difference but has to define their goals as all relative.  Are they able to make a noticeable shift in the way that the firm takes risk.  That shift may not go all the way to an optimal risk taking approach, but it will be a shift towards that situation.  Over time they can hope to educate the business unit management to the risk aware point of view with the expectation that they will gradually shift to more and more comfort with the risk management system.
In some of these firms, the risk management system will look more like the system of the third case below – a Risk Information system.  The approach is to keep all of the negotiation and confrontation that is involved with managing risk limits and standards to be verbal rather than on paper.
In third case, the risk management system exists to placate some outside audience.  The CEO has no intention of letting this process dictate or even change any of the decisions that s/he intends to make.  The most evident part of an ERM system is the reports, so the risk management system in these firms will consist almost entirely of reporting.  These firms will be deliberately creating an ERM Entertainment system.  The best hope in these firms is that eventually, the information itself will lead management to better decisions.
What is working against the CRO in the second and third cases are the risk attitudes of the different members of management.   If the CRO is targeting the ERM system and/or reports to the Manager risk attitude then it might be a long time before the executives with other risk attitudes see any value in ERM.

What’s Next?

October 27, 2011

Buttonwood suggests that there are four paths forward from the global debt crisis:

  1. Grow out of the problem
  2. Inflate the debt to a more manageable level
  3. Default
  4. Extended Stagnation

These four paths happen to coincide exactly with the four views of risk from Plural Rationalities.

The Maximizer will be sure that we can just Grow Out of It if the government will just get out of the way and let the market work its magic.

The Managers will believe that a careful process of gradual inflation will bring the economy back into line with the debt.  This process will work if the expert government economists who really understand the problem are given their freedom to manage this. In the meantime, they will also want to increase the laws and regulations so that this sort of thing will not happen again.

The Conservators believe that since default is inevitable, then we might as well take our lumps and get it out of the way quickly.  They will not be convinced, even after the default that anything has been completely solved and will continue to worry that there is more bad news just around the corner.  So they will be preparing for the next shoe to drop. They will probably favor cutting spending to make sure that things come back into balance.

The Pragmatist will believe that there is not really a good way out and that the economy will be stuck in this stage of uncertainty for an extended period.  They may even believe that the efforts of the others to try to solve the problems might extend that uncertain period even longer.

Looking back on the 1930′s we see that in various countries at various times during that decade that all four paths were tried by various governments.

What worked then?  Well, you can find that there are four different opinions on what was the exact reason that we came out of the depression…..

The Tea Party as a Conservator Group

August 12, 2011

The Tea Party movement in the US is well known for its lack of formal leadership and its insistence on absolute purity of ideas.

The Tea Party is an excellent example of a Conservator group in the updated terminology of Plural Rationalities.

The Conservators have the view that the world is an extremely risky place.  That deviation from the norm will cause disaster.  In fact, this Conservator group believes that the deviation has already taken place and that it is extremely important to put things back in place.

To Conservator groups it is extremely important to maintain agreement by everyone in the group to the group ideas.  They are much more likely to expel a member of the group than to allow for diversity of thought. In addition, these groups tend to an egalitarian group structure.  There is very low hierarchy in these groups.  Individual groups tend to be small.  Slight diversity of ideas tend to result in the creation of splinter groups.

The Conservator type group is actually called Egalitarians by the Anthropologists.  Their group ideas are inspired by the perception that the world is experiencing very adverse times.  In this perception they are linked to reality when such times actually exist.  Their group will gain adherents in such times as others notice the adversity and some to believe as well.

The Conservator group strategy is to seek to pull back and control risk taking so that they can keep (or in this case return to) safety.

Ironically, the Environmental movement is another contemporary example of a Conservator group.  Their approach to the world is very similar to the Tea Party in their belief that things are out of kilter and that a major pulling back is needed to get things to be safe.  They also have the same leanings toward purity of thinking and splinter groups.

The Theory of Plural Rationalities suggests that people and groups of people will always exist who have the Conservator point of view.  But when the environment aligns better with their dire view, they will attract more adherents and possibly even dominance.

When they dominate a society, there will be relatively little growth and investment.  They tend to want to keep things the same.  New ideas are not favored.  During the reign of the Conservators, excess capacity will doubtless build up which will eventually be put to use and create relative prosperity undermining the message of the Conservators.
Eventually, people will notice that some other group that is not as fixed in its approach will be doing better.  People will drift away from the Conservators to the other groups and it will lose influence.  Those other groups will be taking one of three approaches:

  • Some will be making smaller investments like the Conservators, but will be widely diversified in their approach, unlike the tightly focused Conservators.  Eventually one of their many investments will take off.  These are the Pragmatists and they are best suited for the Uncertain environment.
  • Some will be the entrepreneurs who will charge ahead with new ideas and new ventures anyway.  They are most likely to put the excess capacity to use and create the prosperity.  They are the Maximizers.  Their approach is best suited for Boom times.
  • Some will be looking for the large organizations, the governments and the large corporations to save the economy.  They favor a guided approach to innovation and growth and investments.  They are the Managers.  Their approach is best suited to Moderate times.  They hope to extend those moderate times forever through careful management of the economy.

The Tea Party is not a purely Conservator group.  Some of their main ideas are Maximizer ideas.  They are directly opposed to both the Conservator and Manager strands of the Democratic party.  The Conservator strands of the Democrats are the people who are very much in favor of helping the needy and the labor movement.  The Manager strands of the party are the big government folks who believe that the world can be made a better place by government actions.  The Republican party also has had Manager strands with its historical support of big business and the military who are both strongly Manager groups.

Another Point of View

August 1, 2011
Good Risk Management requires people who can see things from another point of view.

The various tasks that are required for good risk management actually require different people with different points of view.

  • Loss Controlling requires people who are going to be willing to painstakingly review everything that the firm does to make sure that there are not any unintended accumulations of risk (or any risk accumulations that are being deliberately hidden).  These people need to have a point of view that focuses on the details.
  • Risk Steering requires people with almost the opposite point of view, the big picture people.  To do good risk steering one must look past all of the details of risk and concentrate on the broad themes of risk that the firm is taking.
  • Risk Trading requires people who are very outward focused, who are able to pay attention in the subtle and not so subtle changes in attitudes towards towards different risks in the marketplace.  They also need to be able to discern when changes in the company’s offerings or changes in the risk of the environment.  Their task is to make sure that the price that the company is getting for the risks it assumes is sufficient to pay for both the expected losses as well as appropriate compensation for the possibility of excess losses.
  • Emerging Risks management requires people who are able to think outside the box, sometimes totally outside of the box to notice the faint signals that something is changing or something totally new is starting to happen and to imagine what might be needed to cope in the new situation.

Those are just not the same people.  So a smaller firm that has assigned their risk management to one person will be disappointed if that one person is not able to tap the skills of others who actually are readily able to think in these totally different ways.

That is one of the ways that risk management disappoints top management and frustrates the people asked to do it.  Even when an assigned risk manager is allowed or even encouraged to tap into these various other skills and points of view, it is very difficult for one person to even recognize the value of each of these different approaches.  More often the assigned risk manager will plow ahead building the risk management program that fits with their own point of view.

So no matter who you are and how good you are at risk management, remember to look for those people with the point of view that is very different from yours.  And pay attention to that they say about risk.

Resilience Realism

June 19, 2011

There are two parts to identifying and understanding whether something is a risk to your organization. The first part is to understand what might happen in the world and within your organization that might cause an adverse result. The second part is to understand the resilience of your organization to the adversity.

Consider the situation of New Orleans. For the Big Easy to be properly prepared for a major hurricane, they need to have both a realistic view of what sorts of hurricanes could hit the city AND they needed to be realistic about the resilience of their city to the impact of the hurricane.

Riskviews has featured the Plural Rationalities view that there are four different views of risk many times.  In addition to the view of risk, resiliency can follow the pattern of four different points of view.  In fact, it may well be a combination of the view of resiliency and the view of risk that makes up the four risk paradigms.

Conservators believe that the world is risky AND they are not very resilient.

Maximizers believe that the world is low risk AND that they are very resilient.

Managers believe that the world is moderately risky AND that they can be appropriately resilient if the work at it and apply the correct expertise.

Pragmatists believe that they do not know how risky that the world is and they also cannot tell whether they will be sufficiently prepared.

Consider the residents of the Atchafalaya Spillway area where the water from the flooding Mississippi River was diverted by the Army Corps of Engineers.  Some of those folks fled immediately when asked to evacuate.  They doubted that they had the resilience to face the flood.  Others stayed put because they had always survived floods before and they felt that their resilience was fine.  A few folks stayed and built up their own defenses.  You may have seen the TV footage of homes in their own little islands of recently added sandbags.  The Pragmatists may have been in any one of those three groups but for entirely different reasons.)

The feeling of resilience comes from experience – from the feedback that people get from their experiences.  And it helps to form their current approach to risk.

Bet they do not believe in preparing for the future

June 6, 2011

The New York Times uses the word “bet” extremely frequently. In almost every situation where they are describing someone making a choice about the future, they describe that choice as “betting” on a particular outcome.

It seems that in the world view, someone cannot possibly make a careful, sober choice of course of action.  They can only “bet” on one outcome or another.

Riskviews noticed this when reading the nth story about a financial firm.  Of course, in the NYT language ALL hedge activity is betting.  Even if a firm is already long a risk, if they short that same exact risk to offset their long position, then they are described as “betting” against the risk that they were previously long.

Of course, if you had simply retained your long position and it either gained or lost money, then your “bet” would have been either a winner or a loser.

, via Wikimedia Commons”]

By Toni Lozano [CC-BY-2.0 (www.creativecommons.org/licenses/by/2.0)

In terms of Plural Rationalities, that means that the NYT has a purely PRAGMATIST point of view towards risk.  A PRAGMATIST believes that no one knows the future so any decision about the future is exactly the same as a bet on the spin of a roulette wheel, a gamble.  If you do not believe me, go to their website and do a search on the word “bet”.  You will be amazed at how many times it comes up and you will see that they are always using it to describe these choice about the future.

Now Plural Rationalities suggests that there are three other points of view about the future and risk in the future:

  • Maximizers – believe that things are self correcting so if you keep your head there is little risk in the long run.
  • Conservators – believe that there is a great deal of risk so you should keep away from taking very much risk
  • Managers – who believe that there is a moderate amount of risk and if you are careful, you can take risks and get ahead

That a major voice in our country has gone over to the Pragmatist point of view is a sign of the times.  Things have been very uncertain for several years now.  It is very difficult to tell which way the economy is going.  So being a Pragmatist may just be their temporary reaction to the environment.

When things get more predictable, perhaps they will shift their point of view to that of the Manager.  And over time, as the Managers show more and more success, they may take up the viewpoint of the Maximizer as the next bubble forms somewhere.  Which makes way for the Conservator viewpoint as the bubble bursts.

And so it goes.

Dissappointment

April 12, 2011

Michael Thompson often describes the situation where a person or group does not get the experience that they expect as Surprise. I have also heard that called Disappointment.

Probably Surprise is a better term.

What is going on is that people expect one sort of experience and get another.

In a recent published article, Ingram and Thompson describe the expectations of various environments as:

  • Boom Environment – High Drift, Low Volatility
  • Moderate Environment – Moderate Drift, Moderate Volatility
  • Bust Environment – Negative Drift, Low Volatility
  • Uncertain Environment – Unpredictable Drift, Unpredictable Volatility

With those descriptions, Surprise/Disappointment is easier to describe.  If you believe that the environment is in a Boom and the experience you get is moderate drift and volatility, then you will be surprised and probably disappointed.  And similarly, if you expect a Bust environment and you experience high drift, then you will certainly be Surprised, but probably not Disappointed.  Unless you were really counting on complaining and  are disappointed about good fortune spoiling that.

Surprise is very different for those expecting an Uncertain environment.  For them, it is surprising that they are able to notice any pattern, whether it be high, low or moderate drift and volatility.  They are expecting unpredictable results, a high volatility as well as a high volatility of volatility.  For them, a surprise would be if the experiences did have a reliable volatility.

The Surprise that many of us have been experiencing started out as a Disappointment.  We thought that home prices had a large positive drift and low volatility.  So as many of us started to count upon that expectation, the system reached its carrying capacity for home real estate.  Which is hard to imagine, since with the loans that were over 100% of value, people were being paid by the financial sector to take new homes.

Suddenly, house prices stopped rising.  Most stories about the financial crisis do not even try to give any explanation for that happening.  But it is easy to picture that everyone who was willing to move had already done so recently.  Even in a pay to take, there is a high personal time cost to move.  So the hot market encouraged anyone who might be willing to move and move a year or two or three earlier than they would have otherwise.  But not enough people were willing to do that year after year.  And not enough people were crazy enough to take out mortgages that they had absolutely no chance to pay back.  So the turnover faltered.  Prices simply stopped rising.  And the Surprise hit everyone.

After an extended period of freefall, the market has settled into a much longer period of uncertainty.  No discernable pattern to drift or to volatility.  There is a large and uneven volume of foreclosed real estate in the system.  It comes to market and disrupts prices.  Because the real estate market had relied upon a rather primitive price discovery mechanism, the foreclosures are very disruptive to the pricing of non-foreclosed housing.  This is a major factor in the level of uncertainty of housing and it ripples through the entire financial system and the entire economy.

With this uncertainty, people who are expecting any of the three other patterns of risk are irregularly Surprised, and often Disappointed.  As there are more and more disappointments, more and more people shift their coping strategy to one that makes sense in an Uncertain economy, the strategy of Diversification.  That might sound to be a good thing, but in practice, it ends up meaning avoiding any large or lengthy commitments.  It means a slow down in basic investment and usually a deferral of any of the major investments that would start to fuel the next positive economic cycle.

This Uncertain cycle will end slowly because of the immense amount of extra home real estate that is still in the foreclosure pipeline.

Such cycles usually end when the flip side of the process described above that drove the stoppage in the real estate boom.  What stopped the boom was that people wore out of moving up in housing.  What will stop the Uncertain market will be that people will wear out of not changing houses.  The people who have had one more child will be fed up with the crowding in their smaller house and the people whose kids have moved away will get fed up with maintaining more house than they need.  The people who do well enough to afford a bigger and better house will be fed up with waiting for things to settle down.  And when that happens to enough people, the backlog of existing real estate will finally sell down and a new boom will start again.

And people who had adapted to uncertainty will be Surprised, but not disappointed that their house again finally starts to appreciate.

Modeling Uncertainty

March 31, 2011

The message that windows gives when you are copying a large number of files gives a good example of an uncertain environment.  That process recently took over 30 minutes and over the course of that time, the message box was constantly flashing completely different information about the time remaining.  Over the course of one minute in the middle of that process the readings were:

8 minutes remaining

53 minutes remaining

45 minutes remaining

3 minutes remaining

11 minutes remaining

It is not true that the answer is random.  But with the process that Microsoft has chosen to apply to the problem, the answer is certainly unknowable.  For an expected value to vary over a very short period of time by such a range – that is what I would think that a model reflecting uncertainty would  look like.

An uncertain situation could be one where you cannot tell the mean or the standard deviation because there does not seem to be any repeatable pattern to the experience.

Those uncertain times are when the regular model – the one with the steady mean and variance – does not seem to give any useful information.

The flip side of the uncertain times and the model with unsteady mean and variance that represents those times is the person who expects that things will be unpredictable.  That person will be surprised if there is an extended period of time when experience follows a stable pattern, either good or bad or even a stable pattern centered around zero with gains and losses.  In any of those situations, the competitors of that uncertain expecting person will be able to use their models to run their businesses and to reap profits from things that their models tell them about the world and their risks.

The uncertainty expecting person is not likely to trust a model to give them any advice about the world.  Their model would not have cycles of predictable length.  They would not expect the world to even conform to a model with the volatile mean and variance of their expectation, because they expect that they would probably get the volatility of the mean and variance wrong.

That is just the way that they expect it will happen.   A new Black Swan every morning.

Correction, not every morning, that would be regular.  Some mornings.

Risk Management Success

March 8, 2011

Many people struggle with clearly identifying how to measure the success of their risk management program.

But they really are struggling with is either a lack of clear objectives or with unobtainable objectives.

Because if there are clear and obtainable objectives, then measuring success means comparing performance to those objectives.

The objectives need to be framed in terms of the things that risk management concentrates upon – that is likelihood and severity of future problems.

The objectives need to be obtainable with the authority and resources that are given to the risk manager.  A risk manager who is expected to produce certainty about losses needs to either have unlimited authority or unlimited budget to produce that certainty.

The most difficult part of judging the success of a risk management program is when those programs are driven by assessments of risk that end up being totally insufficient.  But again the real answer to this issue is authority and budget.  If the assumptions of the model are under the control of the risk manager, that is totally under the risk manager’s control, then the risk manager would be prudent to incorporate significant amounts of margin either into the model or into the processes that use the model for model risk.  But then the risk manager is incented to make the model as conservative as their imagination can make it.  The result will be no business – it will all look too risky.

So a business can only work if the model assumptions are the join responsibility of the risk manager and the business users.

But there are objectives for a risk management program that can be clear and obtainable.  Here are some examples:

  1. The Risk Management program will be compliant with regulatory and/or rating agency requirements
  2. The Risk Management program will provide the information and facilitate the process for management to maintain capital at the most efficient level for the risks of the firm.
  3. The Risk Management program will provide the information and facilitate the process for management to maintain profit margins for risk (pricing in insurance terms) at a level consistent with corporate goals.
  4. The Risk Management program will provide the information and facilitate the process for management to maintain risk exposures to within corporate risk tolerances and appetites.
  5. The Risk Management program will provide the information and facilitate the process for management and the board to set and update goals for risk management and return for the organization as well as risk tolerances and appetites at a level and form consistent with corporate goals.
  6. The Risk Management program will provide the information and facilitate the process for management to avoid concentrations and achieve diversification that is consistent with corporate goals.
  7. The Risk Management program will provide the information and facilitate the process for management to select strategic alternatives that optimize the risk adjusted returns of the firm over the short and long term in a manner that is consistent with corporate goals.
  8. The Risk Management program will provide information to the board and for public distribution about the risk management program and about whether company performance is consistent with the firm goals for risk management.

Note that the firm’s goals for risk management are usually not exactly the same as the risk management program’s goals.  The responsibility for achieving the risk management goals is shared by the management team and the risk management function.

Goals for the risk management program that are stated like the following are the sort that are clear, but unobtainable without unlimited authority and/or budget as described above:

X1  The Risk Management program will assure that the firm maintains profit margins for risk at a level consistent with corporate goals.

X2  The Risk Management program will assure that the firm maintains risk exposures to within corporate risk tolerances and appetites so that losses will not occur that are in excess of corporate goals.

X3  The Risk Management program will assure that the firm avoids concentrations and achieve diversification that is consistent with corporate goals.

X4  The Risk Management program will assure that the firm selects strategic alternatives that optimize the risk adjusted returns of the firm over the short and long term in a manner that is consistent with corporate goals.

The worst case situation for a risk manager is to have the position in a firm where there are no clear risk management goals for the organization (item 4 above) and where they are judged on one of the X goals but which one that they will be judged upon is not determined in advance.

Unfortunately, this is exactly the situation that many, many risk managers find themselves in.

Risk Appetite and Risk Attitude

March 3, 2011

Riskczar writes about differing risk appetites this week.

I want to introduce a nuance to his discussion.  He mentions that his risk appetite is less than both his brother and his significant other.

The Risk Doctor presents a view of risk attitude that tracks directly with what Trevor calls differing risk appetites.  They both look at it as a spectrum of higher risk appetites to lower.  David suggests that anyone with a higher risk appetite has one risk attitude while someone with a lower risk appetite has another risk attitude.  Which is consistent with the digestive term appetite that is used.

However, another way of looking at this is possible and is suggested by the Plural Rationalities approach to risk that is often featured here on Riskviews.

With the Plural Rationalities approach, it is suggested that folks with an apparent higher risk appetite may well simply perceive that there is less risk than someone with a lower risk appetite.  The people who perceive that risk is very high are called Conservators.  The people who perceive that risk is very low are called Maximizers and the people who perceive that risk is moderate are called Managers. Finally Plural Rationalities suggests that there is a fourth risk attitude that is possessed by folks who just do not think that they can know how risky that something really is.  They are called Pragmatists.

These Pragmatists do not fit onto the spectrum of risk appetites.  However, plenty of these people exist.  They are the undecideds in the polls about risk.  They do not feel that the future is highly predictable, so they choose not to try.  They therefore seem to be less convinced about likelihood of favorable outcomes as well.  Or lack of likelihoods either.  Lottery tickets are appealing to some Pragmatists.  Pragmatists may take on situations that are seen to be high risk by the Conservators and pass up on situations that are seen as low risk to the Maximizers.  Pragmatists are also often frustrating to the Managers because they fail to follow the logical conclusions reached by the Managers.

But Pragmatists are well suited for the situation that seems to have settled over many economies in the world in the recent past.  The Uncertain economy.  Modern economics does not even officially have that as a phase of an economic system, though some economists have repeatedly described the current situation with that exact word.  Their approach the the Uncertain economy is to try to get it to change into one of the other stages that they do think that they understand.

So the Maximizers and Conservators are not choosing more risk or less risk as the Rational Expectations theory suggests, they are actually believing that the world is less risky (Maximizers) or more risky(Conservators).

They are not acting irrationally, they are acting according to their own rationality.

This would be irrational, except for the fact that in some periods of time, they are correct.

Once they start to notice that their view of risk is no longer correct, slowly but surely they eventually change their risk attitude to adjust to the current reality.

This process explains the market cycles without having to assume irrationalities.  Instead we need to acknowledge Plural Rationalities.

Second Step to a New ERM Program

March 1, 2011

Everyone knows the first step - Identify your risks.

But what should you do SECOND?  The list of ERM practices is long.  Riskviews uses an eight item list of ERM Fundamentals to point the way to early ERM developments.

And you want to make sure that you avoid Brick Walls and Touring Bikes.

But the Second Step is not a practice of ERM.  The Second Step is to identify the motivation for risk management.  As mentioned in another post, there are three main motivations:  Compliance, Capital Adequacy and Decision making.

If Compliance is the motivation, then the ERM development process will be to obtain or develop a checklist of items that must be completed to achieve compliance and to work to put something in place for each of those items that will create the ability to check off that item.

If Capital Adequacy is the motivation, then building an Economic Capital model is the main task that is needed for ERM development.

If Decision making is the motivation, then the process becomes somewhat more involved.  Start with identifying the risk attitude of the firm.  Knowing the risk attitude of the firm, the risk management strategy can then be selected.  Each of the ERM Fundamentals can then be implemented in a way that is adapted to the risk strategy.

This process has been described in the post Risk Attitudes and the New ERM Program.

But knowing the motivation is key.  A newly appointed risk management officer might have fallen in love with literature describing the Risk Steering strategy of ERM.  They would set up a big budget for capital modeling and start to set up risk committees and write rules and policy statements…..

And then hit a brick wall.

That is because they did not clearly identify the motivation for their appointment to be the risk management officer.  The term ERM actually means something totally different to different folks.  Usually one of the three motivations:  Compliance, Capital Adequacy, or Decision Making.

A company that is primarily motivated by Capital Adequacy will have minimal interest in any of the active parts of the ERM practices.  A company motivated by compliance will want to know that each and every step in their ERM process satisfies a requirement.  Talking about enhanced decision making as the reason for steps in the ERM development process will either confuse or even anger management of these companies.

The reaction to a mismatch of ERM program to motivation is similar to someone who booked a cruise for their vacation and found themselves on a cross country biking tour.

Most modern cruise ships feature the following facilities:

  • Casino – Only open when the ship is in open sea
  • Spa
  • Fitness center
  • Shops – Only open when ship is in open sea
  • Library
  • Theatre with Broadway style shows
  • Cinema
  • Indoor and/or outdoor swimming pool
  • Hot tub
  • Buffet restaurant
  • Lounges
  • Gym
  • Clubs

Keep that contrast in mind when you are making your plans for a new ERM system.

COSO & ISO 31000 & ERM for Insurers

February 23, 2011

Over the years, Riskviews has seen many risk management systems that are developed by people, usually auditors, from the COSO guide to ERM.  What is most commonly seen is that COSO based ERM system has a few characteristics in common:

  • They usually take at least a year to implement phase 1.  By the end of that year, no actual improvements or changes to actual risk treatment activities take place.  The most common product of that year’s efforts is a risk register.
  • The risk register usually contains at least 100 risks.  Many of these systems have closer to 200 risks identified.
  • Top management is completely baffled about why they need to spend their time paying any attention to such activity.  If you ask them anything about risk or risk management at the end of the year, you will often find that they cannot recall anything specific about the process.

The COSO process seems to be totally a Loss Controlling approach to ERM.  This approach would appeal to companies and managers of companies who have the Conservator risk attitude. Riskviews has found that a small minority of insurance company management have the Conservator risk attitude and that almost zero insurance firms are managed with a Conservator risk approach.    That is another way of saying that COSO does not fit well with insurance company management approaches.

ISO 31000 is new risk management standard that was developed from the Australia/New Zealand standards that have been used and improved over the past 15 years.  The following post gives a discussion of the differences between the two.

Norman Marks quotes Grant Purdy on the ways that ISO 31000 is superior to COSO.

ISO 31000 does not clearly fall into the Loss Controlling category of ERM approach.  It seems to seek to be in the Risk Steering camp.  Which makes it much more applicable to insurers, many of which are managed with the Manager risk approach.

Riskviews main complaint about ISO 31000 is with the degree to which it emphasizes endless process over actual risk treatment action.

ISO 31000 encourages firms to adopt what Riskviews calls a Risk Management Entertainment System.  Sadly, this is not a joke.  Many firms will proudly present a show and tell about their reports and meetings and org charts and policy statements when asked about ERM and be flummoxed when asked about any actual risk treatment that is taking place and where it fits into the risk management system.

That is a major problem with detailed prescriptive systems like ISO 31000.  While that document says nearly all the right things, the people who pick it up and seek to apply it quite often do not get the sense of what is IMPORTANT and what is less important in developing an ERM system.

In fact, what is actually IMPORTANT is that ERM helps management to focus on the important risks of the firm and making the right moves so that exposures to those risks are of the size that they would choose.  Human beings have limitations and those limitations would suggest that these important risks need to number less than 10 if they are really going to get top management attention.

And in practice, the people who implement COSO and ISO 31000 risk management systems often miss that most important objective.

Regime Change

February 18, 2011

In risk modeling, the idea of regime change is a mathematical expression.  A change from one mathematical rule to another.

But in the world, Regime Change can have a totally different meaning.  Like what is happening in Egypt.

When someone sits atop a government for 30 years, it is easy to assume that next week they will still be on top.

Until that is no longer true.

When there is a regime change, it happens because the forces that were in a stable equilibrium shift in some way so that they can no longer support a continuation of the past equilibrium.  In hindsight, it is possible to see that shift.  But the shift is often not so obvious in advance.

Again, as when the Soviet Union fell apart, the intelligence services were seemingly taken by surprise.

But is there really any difference between the two types of regime change?  Is it any easier to actually notice an impending regime change on a modeled risk than an impending political risk?

Why are we so bad at seeing around corners?

In the area of public health, it is well known that diseases follow a standard path called an S curve.  That is the path of a curve plotting the number of people infected by a disease over time.  The path has a slight upward slope at first then the slope gets much, much steeper and eventually it slows down again.

When a new disease is noticed, some observers who come upon information about the disease during that middle period during the rapid upward slope will extrapolate and predict that the disease incidence will grow to be much higher than it ever gets.

The reason for the slowdown in the rate of growth of the disease is because diseases are most often self limiting because people do not usually get the disease twice.  Diseases are spread by contact between a carrier and an uninfected person.  In the early stages of a disease, the people who make the most contacts with others are the most likely to become infected and themselves become carriers.  Eventually, they all lose the ability to be carriers and become immune and the number of times that infected carriers come into contact with uninfected persons starts to drop.  Eventually, such contacts become rare.

It is relatively easy to build a model of the progression of a disease.  We know what parameters are needed.  We can easily estimate those that we cannot measure exactly and can correct our estimates as we make observations.

We start out with of model of a disease that assumes that the disease is not permanent.

We plan for regime change.

Perhaps that is what we need for the rest of our models.  We should start out by assuming that no pattern that we observe is permanent.  That each regime carries the seeds of its own destruction.

If we start out with that assumption, we will look to build the impermanence of the regime into our models and look for the signs that will show that whatever guesses we had to make initially about the path of the next regime change can be improved.

Because when we build a model that does not include that assumption, we do not even think about what might cause the next regime change.  We do not make any preliminary guesses.  The signs that the next change is coming are totally ignored.

In the temperate zones where four very different seasons are the norm, the signs of the changes of seasons are well known and widely noticed.

The signs of the changes in regimes of risks can be well known and widely noticed as well, but only if we start out with a model that allows for regime changes.

Heresy

January 30, 2011

I do want to confess that I am a heretic.

That is because I do not believe that there is one single best ERM approach.

And I do not believe that a scientific, advanced, disciplined adherence to any single ERM system will produce best or even good results.

In fact, I think that a scientific, advanced, disciplined adherence to a single ERM system is also dangerous as a career strategy and as a strategy for the profession of risk managers.

The details of this heresy have been put forward here at Riskviews in over 20 postings and in a number of published articles and presentations that have been mentioned on the Plural Rationalities page of this blog.

One of the key underpinnings of these ideas is that our businesses will operate under  one of four different risk perspectives.  The conclusion about risk management from these ideas is that two things are needed to have a successful risk management program:

  1. At the heart of the risk management program must be a set of practices and processes and systems that are supportive of the predominant risk perspective of the firm.
  2. Some capability to see the other risk perspectives and to be able to adapt the risk management program of the firm as the predominant risk perspective of the firm changes.  None of the four risk perspectives or the risk management programs that are consistent with those perspectives will work all of the time.

Some of the most advanced firms in the risk management area will say that they are operating under all four styles of risk management all of the time and are prepared to shift emphasis at any time to the aspect of risk management that is the most effective.

That style of risk management has been titled Rational Adaptability.

The four styles of risk management are called:

Risk Regimes

November 18, 2010

Lately, economists talk of three phases of the economy, boom, bust and “normal”. These could all be seen as risk regimes. And that these regimes exist for many different risks.

There is actually a fourth regime and for many financial markets we are in that regime now. I would call that regime “Uncertain”. In July, Bernanke said that the outlook for the economy was “unusually uncertain”.

So these regimes would be:

  • Boom – high drift, low vol
  • Bust – negative drift, low vol
  • Normal – moderate drift, moderate vol
  • Uncertain – unknown drift and unknown vol (both with a high degree of variability)

So managing risk effectively requires that you must know the current risk regime.

There is no generic ERM that works in all risk regimes.  And there is no risk model that is valid in all risk regimes.

Risk Management is done NOW to impact on your current risk positions and to manage your next period potential losses.

So think about four risk models, not about how to calibrate one model to incorporate experience from all four regimes.  The one model will ALWAYS be fairly wrong, at least with four different models, you have a chance to be approximately right some of the time.

Rational Adaptability

October 7, 2010

In any given risk environment, companies holding a risk perspective and following an ERM program aligned with external circumstances will fare best.

In order to thrive under all future risk regimes, a firm ideally would follow a strategy of Rational Adaptability. This involves three key steps: 1. Discernment of changes in risk regime, 2. Willingness to shift risk perspective, and 3. Ability to modify ERM program. The difference between Rational Adaptability and the process of “natural selection” where firm go through a “natural” process of change of risk attitude and risk strategy is conscious recognition of the validity of differing risk perspectives and proactive implementation of changes in strategy. Individuals often find it difficult to change their risk perspective. Therefore, a company that wishes to adopt Rational Adaptability must ensure that its key decision-makers represent a diversity of risk perspectives.

Furthermore, the corporate culture and the managers themselves must value each of the risk perspectives for its contributions to the firm’s continued success. An insurance company is best served by drawing on the respective expertise of underwriters, actuaries, accountants, contract attorneys and claims experts—and members of one discipline should not feel slighted when the expertise of another discipline is called upon. Similarly, any firm that wishes to optimize its success under each of the various risk regimes should have Maximizers, Conservators, Managers and Pragmatists among its senior management; and those who hold any one of these risk perspectives should acknowledge that there are times when another perspective should take the lead. The CEO must exercise judgment and restraint, shifting among strategies as needed and shifting responsibilities among the management team as required.

Rational Adaptability recognizes that during Boom Times, risk really does present significant opportunities—and it is appropriate to empower the Profit Maximizers, focusing ERM efforts on Risk Trading to ensure that risks are correctly priced using a consistent firm-wide metric. When the environment is Moderate, the firm employing Rational Adaptability will give additional authority to its Risk Reward Managers, examining the results of their modeling and using these to reevaluate long-term strategies. And in times of Recession, a firm following Rational Adaptability shifts its focus to Conservation: tightening underwriting standards and placing special emphasis on firm-wide risk identification and risk control. Resisting the pull of his or her own personal risk perspective, the CEO must be willing to listen—and act—when others in the firm warn that the company’s risk management strategy is getting a little too concentrated on one and possibly not the optimal risk attitude and risk strategy.

Yet in each risk regime, there are companies following strategies that are not well aligned with the environment. Some of these firms muddle along with indifferent results and survive until their preferred environment comes back. Others sustain enough damage that they do not survive; some change their risk perspective and ERM program to take advantage of the new environment. Meanwhile, new firms enter the market with risk perspectives and ERM programs that are aligned with the current environment. Since many of the poorly aligned firms shrink, die out or change perspective— and since new firms tend to be well-aligned with the current risk regime—the market as a whole adjusts to greater alignment with the risk environment via a process of “natural selection.”

This an excerpt from the article “The Full Spectrum of RIsk Management”  co-authored by Alice Underwood.

This post is a part of the Plural Rationalities and ERM project.

 

Really Different

October 1, 2010

What if the future is really different from the past? What does that do to the whole approach of quantitative risk management? When do you give up on the models that just do not help?

Here is a scenario of a Really Different Future

Farrell suggests that the economy will go through chaos for 10 years until things get so bad that we decide to actually do something about it.

We talk about stress testing for our companies.  What I am trying to suggest here is stress testing our risk management approach.

How well does your risk management system hold up to the scenario described in that article?

I am not asking for a top of the head answer.  I am suggesting that you walk through 10 years of economic bad times, alternating with uncertain times like the past 18 months.

Does your ERM system give good advice throughout?  Or do your models continually give bad signals as they very slowly incorporate the emerging world mess?  And then when things come back in 10 years, will the models be wrong again on the low side for another 10 years or more as you incorporate better experience?

So is there another choice?  I think so.  The choice is multiple risk models of different regimes.  You need a model of high volatility and low drift, a model of high drift and low volatility, a model of moderate volatility and moderate drift and a model of negative drift and low volatility.

Think about it.  If those four models reflect states of the world, is there any point in using a model that combines all four sets of experience?  It will always be wrong.  A Bayesian model that is constantly updating for experience assumes a stable underlying distribution.  Otherwise it is just wrong all the time.

Think about it.  If the next 10 years will be years of high volatility and low drift interspersed with periods of negative drift with low volatility, what good is a model with moderate volatility and moderate drift?  Or the combined all regime model of slightly higher volatility with slightly lower drift.

Changing Your Attitude

September 23, 2010

Discipline has been touted as one of the most important things that is needed for risk management to be effective.

But in fact the world keeps changing.  The definition of Discipline needs to change with the world.  Otherwise, you will find your risk management discipline  insufficient or too restrictive.

On a recent PRMIA web seminar, I asked the approximately 100 listeners…

How many times has your firm’s risk attitude changed between 2006 and now?

And got these answers:

    • 0 - 20%
    • 1 - 31%
    • 2 - 34%
    • 3 or more - 16%

So 80% of the firms changed their view of the level of riskiness in the world.

Hopefully for the career success of the CROs of those firms, they did not maintain a steady discipline during those years.

It is not poor discipline, it is good realism to change your risk management program as times change.

General Knowledge – Brain and Bond Conference

September 6, 2010

Vienna 3,4 September

This has been the most unusual conference. Presentations by Anthropologists, Philosophers, Biologists, Psychologists, Neuro Biologists and Riskviews. We presented the Plural Rationalities and ERM story. Here are some ERM related ideas that we took away from the event…

1. Cooperation vs. autonomy is usually the trade-off. How humans choose how to decide where to come out on that trade-off depends upon the amount of co-dependency is needed for survival. And that depends upon the treats to survival.

If the threats are severe and intense, we need to choose a highly cooperative mode.

If the threats are highly complex, then we need a highly organized mode.

If the threats are highly unpredictable then we need a highly adaptive mode.

If the threats are benign, then we can opt for a low cooperation mode.

Those four modes of cooperation align with the four organizing ideas of Plural Rationalities.  Conservators, Managers, Pragmatists and Maximizers.  The ideas of some fanatics that their particular brand of organizing, whether it be the Individualism of the Maximizers or the Bureaucracy of the Managers or the Sustainability of the Conservators is just not correct in all environments.  (Pragmatists are among other things never fanatics.  That is one of their defining characteristics.)

Humans have evolved to be much more adaptive than different animals.  That is our advantage.

Relaxation of stress (a benign environment) is when diversity can expand.  [Though it is quite possible that much of the diversity that developed during the most recent benign period was wasted on dysfunctional adaptations to selling and reselling mortgages.]  It really is the Individualistic/ Maximizer phases when mankind is able to create the new things that power the future success during future threats.

How does that apply to Risk Management?  It tells you that when times are good and Risk Management is not as important or taken as seriously, Risk Management needs to be creating new tools.  The firms that survive the next crisis will be the firms that had those new tools working and had the insight to use them at the right time.

2.  Game theory tells that in groups of cooperators and defectors, the defectors will usually replace the cooperators.  But the resulting all defector group will be less robust than the all cooperator group had originally been.  This is an insight from biology that applies to firms as well.  The firms that are taken over by the defectors (pure self interest) will eventually be diminished because those defectors need the cooperators.

That tells the risk manager that they need to figure out how to control the risk from the defectors and help to create a system where they will not be allowed to take over.  This is an argument for the CEO as CRO.

3.  People have four ways to decide to divide resources:  Sharing, Ranking, Equality or Market.  Sharing and Ranking are the primitive ways.  Equality and Market both require the use of symbols to work, while Sharing and Ranking do not.  Resources are divided in a firm using mostly the first two more primitive methods.  Advanced management systems, like ERM, seek to use Equality and Market methods that require risk measurement systems.

4.  People in many cultures and languages can identify the basic choices of organizing of Plural Rationalities from simple groupings of circles.  (Not sure exactly how this is helpful, that may require someone who is more spatially oriented than Riskviews to understand.)

Which image represents a hierarchical social organization and which and egalitarian?  These pictures seem to evoke those ideas in several different groups that were tested.

5.  Kids express the thinking of the four plural rationalities groups when candy is distributed in a merit based system:

  • I deserve what I got.
  • We should all get some
  • Can he do that? (Directed towards the authority)
  • I never get any

6.  Each Plural Rationalities groupings would have their own virtues:

  • Courage = Risk Taking
  • Justice
  • Fairness
  • Forbearance

7.  Are there really any people who use expected value as a decision making criteria?  Economics says that it is THE most important criteria.  But do business leaders play lip service to the concept because they have been taught that it is what Homo Economicus does?  Oh, I forgot, Economics grad students must use it.  Otherwise they cannot get a PhD.

8.  People with Authority tend to believe that the system is fair and that their own dominance and extra rewards are fair.

9.  Information about cooperation (i.e. the opposite of anonymity) tends to change the level of cooperation completely.  Think about putting a decal of an eye on the corner of every computer screen.

10.  Game theory shows that people will abuse shared resource and that eventually all will abuse shared resource if there are no consequences.  (Of course in Game Theory, all are Homo Economicus.)  Adding a punishment for abusing shared resource, but only if that punishment is public.

11. “the reason that the invisible hand often seems invisible is that it is often not there.” Joseph Stiglitz

12.  Primates do not organize into Plural Rationalities species.  Good to know if you were thinking of selling insurance to apes.  Primates may tolerate injustice in private but protest loudly if there is a witness.

13.  In the “Ultimatum Game” the rational expectations prediction is of a minimal offer and universal acceptance.  What in fact happens is that the offers average over 40% and offers below 20% are usually rejected.  Offers generally increase when there is increased perception that the offer is public.  Self interest is greater in private.  Fairness in public.

14.  In some primate groups there is no active sharing, but theft of small amounts of food is tolerated 90% of the time.

http://rossier.usc.edu/faculty/mary_helen_immordinoyang.html

15.  Emotion is a vitally important part of risk decision making.  That is why attempts to create totally quantitative systems for risk decision making have so much trouble gaining acceptance.  People from different cultures evidence a different reaction pattern to emotional situations.  Possible explanation is that in cultures that are more highly communal, the emotional reaction is slowed while the brain processes the expectation of how the others in the group will react.  Application to risk management  – think about the issue of interaction of the emotional reactions of people to a risk or loss situation as well as well as the timing of those reactions.  In some situations, the person with the strongest and most intense reaction might set the tone and agenda for the discussion of responses.  That person may well be the one with the least regard for the reactions of others.

16. Human population growth has followed three major waves that followed major technological advancements, first with the advent of tools, then with agriculture and more recently with machines.  If the future follows the past in this regard, it is time for a new transformative technological advance.

17.  Individualism as a major group in society correlates highly with low incidence of infectious diseases.  (See comment 1)  Collectivism to a low incidence of disease.

18.  An Ethical investment program may tend to select firms that are more egalitarian dominated because the egalitarian ideals best meet the ethical criteria.  However, the egalitarian approach to risk is not necessarily best suited to superior performance in most environments.  To get better performance out of ethical investing, the investment managers need to look for firms that have the ability to adapt their risk approach to the environment without losing their adherence to the ethical criteria.  A difficult task.

19.  The Plural Rationalities risk ideas are so tightly linked to the Grid & Group relationship criteria as well as the other attitudes that are linked to those groups because those ideas all form a set of beliefs that are internally consistent and that all work together to make sense of all of the positions.

20.  Is Democracy inherently a Clumsy decision making system?  A true democrat believes in the system even when they do not win.  So they are agreeing that a different theory than their preferred theory might well be good, or at least ok, for the organization from time to time.

21.  Bounded Rationality is the concept that people are unable to make perfectly rational decisions due to limits to actual knowledge or time available to make the decisions.  In addition, there is a second order effect of the concept of bounded rationality.  Decisions that include considerations of the decisions and actions of other humans can assume that they are able to be fully rational or that they operate under bounded rationality.  Highly rational people will sometimes try to suggest that the “best” solution to a problem involves everyone else making more rational decisions.  An alternate approach would be to acknowledge the degree of bounded rationality that exists within the actual system and to reflect that reality into the solution. The former approach is a projection of ones self onto others, while the later is an attempt at realistic assessment of others.

22.  As a corollary to 21, it is important to recognize the way that bounded rationality exists in one’s own decision making.  In financial modeling, this manifests itself in the embedded assumptions and in the choice of model.  All models are perfect examples of bounded rationality.  They are always simplifications of reality and the process of deciding upon the simplifications is the process of applying one’s biases and decision making criteria to the nearly infinite number of practical and impractical possibilities for model construction.

23.  Many human behaviors evidence mirroring – that is one person will be copying the expressions or gestures or acts of another.   This is important to remember when using a model that does not include any recognition of that idea.  The other main type of human reactions are complementary behaviors.  These are reactions that are different but the result of the actions of the first person.  Most financial models assume that one can act based upon an analysis of other people’s actions and those other people will go on doing what they did before.  Instead, we need to be looking to see what would happen if others either mirror ow choose complimentary actions after we choose a different path as a result of our model.

24.  The Relational Models approach suggests four approaches, Communal Sharing, Authority Ranking, Equality Matching, Market Pricing.  It was suggested that these are different from Plural Rationalities, but Riskviews thinks not.  Clearly, Market Pricing matches up to Individualism, Equality Matching to Egalitarianism, and Authority Ranking matches to Egalitarianism.  So the only question is about whether there is a difference between Communal Sharing and Fatalism or not.  The most common description of both seem to be totally at odds.  But there are several things that the two ideas have in common.  Under both Communal Sharing and Fatalism, there is a lack of rigidity about the means or outcome of dividing resources.  Fatalists are described as not caring because of apathy, whilst Communal sharing is described as being motivated by extremes of caring.  But those seeming opposites may be closer than one might think.   The descriptions of the two ideas might just be focusing upon different aspects of the situation.  In a Communal Sharing situation, the person is indifferent to their share of the communal group resources because of a high degree of linkage to the communal group.  This might be seen as a lack of distinction between the individual and the communal group, seeing oneself as so integral to the group that the idea of an individual share does not really exist.  The Fatalist is indifferent to their share of the resources because they have no belief in a sharing process that has a predictable outcome.  The Fatalists are near total isolates in the Plural Rationalities definitions.  So it appears that the two are not the same in their motivation, but they may be the same in terms of their expectations or lack thereof.

All this seems to be quite a jumble of unrelated ideas.  They are a tiny extract of the presentations from the two day conference. It was amazing to see so many people from so many different areas coming together to actually listen intently to each other and seek to make sense of it all, to gain from this discussion some General Knowledge.

If the ideas are abstract, whose agreement or disagreement we perceive, our knowledge is universal. For what is known of such general ideas, will be true of every particular thing, in whom that essence, i.e. that abstract idea is to be found: and what is once known of such ideas, will be perpetually, and for ever true. So that as to all general knowledge, we must search and find it only in our own minds, and ‘tis only the examining of our own ideas, that furnishes us with that.  John Locke

Full Spectrum Risk Management

August 13, 2010

Lately, risk management authorities
including regulators and rating
agencies have been trying to
tell firms how they should think about
and manage risk. Actuaries who have
labored in risk management through
the boom period before the crisis—a
period when risk managers were largely
ignored—are very happy that those
authorities may finally be empowered
to force firms to get with the program.
But, such decrees are not necessarily
working and will not work in the long
run, because individuals and companies
have risk perspectives that cannot be
changed by fiat—any more than mandating
a favorite color for everyone would
change anyone’s real favorite color.

Read the rest at The Actuary Magazine

Risk Attitudes and the New ERM Program

July 25, 2010

There are four different Risk Attitudes that are found among business managers:

Conservators who are concerned that the environment is extremely risky and they must be very careful.

Maximizers who believe that the environment is fairly benign and that they need to take risk to be rewarded.

Managers who believe that the environment is risky but can be managed with the help of experts.

Pragmatists who do not know whether things are risky or not because they do not believe that anyone can know the future.

Now you are tasked with creating a new ERM program for your firm and how can you use knowledge of these Risk Attitudes to help you?

The first thing to do is to recognize which of those four attitudes predominates in the decision-making of your firm.

This question is a little tricky, because that is not the same thing as the Risk Attitude of the head of the firm in all cases.  Good leaders may choose a path for their firm that is based upon the capacities and circumstances of the firm, even if they might prefer a different strategy if they were blessed with unlimited resources and no constraints.

But in the end, you can look at the decisions of the firm over a period of time and discern which Risk Attitude is driving firm decisions and orient the new ERM program to the predominant Risk Attitude.

If the predominant risk attitude is Conservator, then the first place to take your ERM program is to worst case losses.  The risk management system can be based upon a series of stress tests, where the stresses are worst cases.  The exposure to these worst cases can be added up and reported regularly.  A limit system can be established based upon these worst case exposures to make sure that the exposure does not accidentally get any higher.  Hedging and reinsurance programs should be considered to reduce the extent of these losses. Risk management decisions will always be made with loss potential in mind.

If the predominant risk attitude is Maximizer, then the risk management system should be focused on sales.  The risk reports will be risk weighted sales reports.  In addition, they should clearly show the amount of profit margin in the sales so that the risk weighted sales can easily be compared to the profit margin.  Maximizers will want to make sure that the company is getting paid for the risk that it takes.  Note that there are two kinds of Maximizers.  Those who believe that you can lose a dollar per thousand and make it up on volume and those who believe that a sale without a profit is not a sale.  Stay away from the first type.  A company run by them will not last long. Risk management decisions will always be made with revenue in mind.

If the predominant risk attitude is Manager, then the risk management system will sooner or later be based upon an Economic Capital Model.  As the model is built, you can start to build the systems and reports that will work off of the model for capital budgeting, product pricing, risk reward monitoring and risk adjusted incentive compensation.  The Managers will very much want to form a risk tolerance for the firm and to base the risk limits off of the tolerance and to create a process for monitoring those limits.  Risk adjusted return is the banner for Managers.

If the predominant risk attitude is Pragmatist, then the risk management system will need to focus first on the spread of risk.  Reports will show the degree to which the firm holds very different risks.  Otherwise, risk reports will need to be flexible.  The Pragmatists will be irregularly be changing their minds about what they think might be most important to pay attention to about risk.  And whatever is the important topic of the moment, the risk reports need to be there to probe very deeply into that topic.  Pragmatists will want a deep dive on the hot risk topic of the day and will have a very hands on approach to decision making about that issue.

Sounds confusing.  But get it wrong and you will find that the key decision makers will quickly lose interest.  Imagine putting the information desired by the Conservators in front of a Maximizer.  Or putting the details desired by a Pragmatist in front of a Manager who wants things summarized into neat packets of information.  Get it wrong and you are done for.

Enterprise Risk Management Through the Business Cycle

July 20, 2010

A PRMIA Webinar Presented by David Ingram and Alice Underwood of Willis Re

August 10, 2010

11:00 am – 12:00 pm US Eastern Time

ERM was not a focus at the top of the business cycle, when record profits were being recorded. Many CROs now report that they gave clear warnings of impending problems — which were completely ignored! Now everyone talks as if ERM is very important and will be forever after.

Over the past several years some firms went through the motions of creating an ERM function to appease regulators. Others had a much more conservative risk culture and avoided both the profits and the madness of the boom. At some firms, “doubling down” after a loss was the preferred risk strategy; a great trader — a hero — was someone who had the fortitude to keep doubling down until the trade made a profit. A few firms were doing full-fledged ERM with intensive modeling, and yet were surprised when they confronted circumstances their models characterized as 1 in 10,000 year losses.

This presentation will suggest a new/old theory that explains all of those stories with ideas borrowed from Cultural Anthropology – The Theory of Plural Rationalities. This approach helps to explain firms’ risk strategies during different phases of the business cycle and perhaps indicates some drivers of the cycle itself. Finally, using these ideas, we will suggest a new approach to ERM through the business cycle that some ERM purists may hate, but the pragmatists in the audience might just love.


FEE: $25 -  Special Rate for CAS members (Casualty and Actuarial Society)

REGISTRATION: To register online, click on Register Online in the left-hand margin of this page. To be invoiced, Download Enrollment Form, and e-mail completed form to jill.fisher@prmia.org or contact Jill Fisher by phone at +1-612-216-5497.

About one week prior to the webinar, you will be sent information on how to access the webinar.

The Presenters


ABOUT THE WEBINAR

The webinar will conclude after 60 to 75 minutes.  The length of the webinar will  depend upon the number of discussion questions submitted by attendees during the webinar.

All attendees are muted and can submit questions to the presenter by typing them into the webinar software question pane.  You can access the webinar audio via your computer speakers or by toll-based telephone.

Unable to attend the live webinar? Register for the live webinar and the recording link and presentation will automatically be sent to you soon after the conclusion of the live webinar.

RECORDING: The webinar series will be recorded and available for review to all participants within one hour of each session. You will need Windows Media Player 9 or higher to view the presentation. If you are unable to attend the Live Webinar, you may register to receive the webinar recording only. The recording of this webinar will not be available until after the start of the live webinar. Contact Jill Fisher at training@prmia.org for more information on recordings.

This Webinar is a part of the Plural Rationalities and ERM project.

Diversification as ERM

July 19, 2010

In the recent post, Rational Adaptability, four types of ERM programs are mentioned. One of those four types of ERM is Diversification.

The fourth type of ERM program focuses on Diversification.

Modern practitioners may not agree that a program of Diversification IS in any sense a risk management program.  But in fact it has been one of the most successful risk management programs.

Think about it.  Dollar Cost Averaging is fundamentally a Diversification based risk management program.  The practitioner is admitting that at any point in time, they do not know which risk is better or worse than another.  So they rebalance to eliminate the concentration that has crept into their portfolio.

A diversification risk strategy would also mean taking very different risks.  Firms that focus on a true Diversification strategy will be regularly moving into entirely new businesses.  They are not seeking the mathematical diversification of the Managers with their Risk Steering that tries to take advantage of similar risks that are not totally correlated.  Firms that follow the Diversification strategy want risks that are totally unrelated.  Soap and machine parts.  Their business choices may seem totally insane to the tidy Managers.

Diversification can be shown to provide two benefits for the firm that practices it.  First, they will seek to avoid having too much at risk in any one situation or company.  So avoiding concentration is their prime directive.  Second, there is an upside benefit as well.  Since they are involved in many different markets, they feel that they are likely to be in at least one and possibly two hot products or markets at any one time.  Unsuccessful practitioners of this strategy will find that they have found a way to buy into different risks that are all duds at the same time.

The practitioners of this strategy will also tend to adopt the same sort of approach to the day to day work of their risk management program.  That would be the “high attention, low delegation” approach.  The conglomerates that operate in this manner will have frequent meetings between the managers and the people at the top of the conglomerate, possibly even with the top person.  Warren Buffett (Berkshire Hathaway) and Jack Welsh (GE) are two examples of this high touch style as is Hank Greenberg (AIG).

Seems pretty simple.  Mix it up and pay attention.

A few firms have managed to combine the high tech economic capital modeling approach with a Diversification ERM system.  In those firms, they have strict concentration limits requiring that at most a small percentage of their economic capital ever be from any one risk.  One such firm will never take on any large amount of any one risk unless they are able to grow all of their other risks.

This post is a part of the Plural Rationalities and ERM project.

Risk Steering as ERM

July 12, 2010

In the recent post, Rational Adaptability, four types of ERM programs are mentioned. One of those four types of ERM is Risk Steering.

If you ask most actuaries who are involved in ERM, they would tell you that Risk Steering IS Enterprise Risk Management.

Standard & Poor’s calls this Strategic Risk Management:

SRM is the Standard & Poor’s term for the part of ERM that focuses on both the risks and returns of the entire firm. Although other aspects of ERM mainly focus on limiting downside, SRM is the process that will produce the upside, which is where the real value added of ERM lies. The insurer who is practicing SRM will use their risk insights and take a portfolio management approach to strategic decision making based on analysis that applies the same measure for each of their risks and merges that with their chosen measure of income or value. The insurer will look at the possible combinations of risks that it can take and the earnings that it can achieve from the different combinations of risks taken, reinsured, offset, and retained. They will undertake to optimize their risk-reward result from a very quantitative approach.

For life insurers, that will mean making strategic trade-offs between products with credit, interest rate, equity and insurance risks based on a long-term view of risk-adjusted returns of their products, choosing which to write, how much to retain and which to offset. They will set limits that will form the boundaries for their day-to-day decision-making. These limits will allow them to adjust the exact amount of these risks based on short-term fluctuations in the insurance and financial markets.

For non-life insurers, SRM involves making strategic trade-offs between insurance, credit (on reinsurance ceded) and all aspects of investment risk based on a long-term view of risk-adjusted return for all of their choices. Non-life SRM practitioners recognize the significance of investment risk to their total risk profile, the degree or lack of correlation between investment and insurance risks, and the fact that they have choices between using their capacity to increase insurance retention or to take investment risks.

Risk Steering is very similar to Risk Trading, but at the Total Firm level.  At that macro level, management will leverage the risk and reward information that comes from the ERM systems to optimize the risk reward mix of the entire portfolio of insurance and investment risks that they hold.  Proposals to grow or shrink parts of the business and choices to offset or transfer different major portions of the total risk positions can be viewed in terms of risk adjusted return.   This can be done as part of a capital budgeting / strategic resource allocation exercize and can be incorporated into regular decision making.  Some firms bring this approach into consideration only for major ad hoc decisions on acquisitions or divestitures and some use it all of the time.

There are several common activities that may support the macro level risk exploitation:

  1. Economic Capital. Realistic risk capital for the actual risks of the company is calculated for all risks and adjustments are made for the imperfect correlation of the risks. Identification of the highest concentration of risk as well as the risks with lower correlation to those higher concentration risks is the risk information that can be exploited.  Insurers will find that they have a competitive advantage in adding risks to those areas with lower correlation to their largest risks.  Insurers should be careful to charge something above their “average” risk margin for risks that are highly correlated to their largest risks.  In fact, at the macro level as with the micro level, much of the exploitation results from moving away from averages to specific values for sub classes.
  2. Capital Budgeting. The capital needed to fulfill proposed business plans is projected based on the economic capital associated with the plans. Acceptance of strategic plans includes consideration of these capital needs and the returns associated with the capital that will be used. Risk exploitation as described above is one of the ways to optimize the use of capital over the planning period.
  3. Risk Adjusted Performance Measurement (RAPM). Financial results of business plans are measured on a risk-adjusted basis. This includes recognition of the economic capital that is necessary to support each business as well as the risk premiums and loss reserves for multi-period risks such as credit losses or casualty coverages.
  4. Risk Adjusted Compensation.  An incentive system that is tied to the risk exploitation principles is usually needed to focus attention away from other non-risk adjusted performance targets such as sales or profits.  In some cases, the strategic choice with the best risk adjusted value might have lower expected profits with lower volatility.  That will be opposed strongly by managers with purely profit related incentives.  Those with purely sales based incentives might find that it is much easier to sell the products with the worst risk adjusted returns.  A risk adjusted compensation situation creates the incentives to sell the products with the best risk adjusted returns.

A fully operational risk steering program will position a firm in a broad sense similarly to an auto insurance provider with respect to competitors.  There, the history of the business for the past 10 years has been an arms race to create finer and finer pricing/underwriting classes.  As an example, think of the underwriting/pricing class of drivers with brown eyes.  In a commodity situation where everyone uses brown eyes to define the same pricing/underwriting class, the claims cost will be seen by all to be the same at $200.  However, if the Izquierdo Insurance Company notices that the claims costs for left-handed, brown-eyed drivers are 25% lower than for left handed drivers, and then they can divide the pricing/underwriting into two groups.   They can charge a lower rate for that class and a higher rate for the right handed drivers.  Their competitors will generally lose all of their left handed customers to Izquierdo, and keep the right handed customers.  Izquierdo will had a group of insureds with adequate rates, while their competitors might end up with inadequate rates because they expected some of the left-handed people in their group and got few.  Their average claims costs go up and their rates may be inadequate.  So Izquierdo has exploited their knowledge of risk to bifurcate the class, get good business and put their competitors in a tough spot.

Risk Steering can be seen as a process for finding and choosing the businesses with the better risk adjusted returns to emphasize in firm strategic plans.  Their competitors will find that their path of least resistance will be the businesses with lower returns or higher risks.

JP Morgan in the current environment is showing the extreme advantage of macro risk exploitation.  In the subprime driven severe market situation, JP Morgan has experienced lower losses than other institutions and in fact has emerged so strong on a relative basis that they have been able to purchase several other major financial institutions when their value was severely distressed.  And by the way, JP Morgan was the firm that first popularized VaR in the early 1990’s, leading the way to the development of modern ERM.  However, very few banks have taken this approach.  Most banks have chosen to keep their risk information and risk management local within their risk silos.

This is very much an emerging field for non-financial firms and may prove to be of lower value to them because of the very real possibility that risk and capital is not the almost sole constraint on their operations that it is within financial firms as discussed above.

This post is a part of the Plural Rationalities and ERM project.

Risk Trading as ERM

July 1, 2010

In the recent post, Rational Adaptability, four types of ERM programs are mentioned. One of those four types of ERM is Risk Trading.

Modern ERM can be traced to the trading businesses of banks. Hard lessons from uncontrolled risk trading led to the development of processes and standards for controlling the traded risks. A major element in these systems is the function of valuing, or in other words, pricing of risks. For this discussion, all activities that include the deliberate acquisition of risks for the purpose of making a profit by management of a pool of risks to be risk trading. With that definition, insurance and reinsurance companies can be seen to be pure risk trading firms. Actuaries are at the heart of this activity as major players in the pricing and valuation of insurance risks. With this method of organizing risk management activities, it is clear that most actuarial activity is and has always been risk management. In fact, as is usually boasted, the actuarial profession probably has over 100 years more experience in risk management than any other field of risk management.

Risk assessment for pricing purposes involves the assessment of expected losses as well as the range of potential losses. The pricing process uses this information as well as the risk preference function of the risk trader to form a target price for a risk. This target price is compared to the market price. The risk trader will make decisions to buy or sell a risk depending on the relationship between the target price and the market price.

Some risk trading is not based on risk assessment but only on analysis of the market prices. This type of trading is only viable if there is a liquid market (or as some call it a “Greater Fool”).

In Insurance, risk pricing is most often not quite so tightly tied to market pricing because there are not usually not deep and liquid markets for insurance risks.  Instead, insurers tend to evaluate the expected claims to be paid plus expenses and then look at the risk margin that they would like to get for accepting the risk over and above those expected costs.  Evaluating and managing these risk margins has been the main concern of for the risk management of many insurers.

ERM changes risk pricing by introducing a consistent view of valuing risk margins across all risks. For actuaries and insurance products this has taken the form of economic capital and cost of capital pricing. Risk assessments are done that provide consistent information for all risks. Most commonly, the risk margins are then assessed relative to standard deviation of losses or in relation to extreme event losses stated in terms of Value at Risk or Expected Shortfall.

This post is a part of the Plural Rationalities and ERM project.

Loss Controlling as ERM

June 29, 2010

In the recent post, Rational Adaptability, four types of ERM programs are mentioned. One of those four types of ERM is Loss Controlling.

Loss Controlling in one of the traditional forms of Risk Management.  A firm with a focus on Loss Controlling will be seeking to do exactly that with their ERM program.  They will look for the most efficient ways to limit their losses.  They will be focused first on their largest possible losses, those major catastrophic situations.  Exactly what those situations might be will differ from industry, to sector, to firm.  But management of firms with a Loss Controlling focus will most often know where their major catastrophic loss exposures are.

Firms with a Loss Controlling point of view do not think of taking risks to make rewards.  They may have business models that are not particularly susceptible to risks, except for one or two big risks that they may well be totally blind to.  Most often their big risk is of a failure of their business model.

For example, a firm that has a monopoly for some product in some market will sometimes have a Loss Controlling risk management approach.  They may have an exclusive distribution agreement with an organization that has a tight membership.  Their biggest risk is the end of that relationship.  But otherwise, they may shun all other risks through a Loss Controlling system.

Many Life Insurers will operate an ALM system for controlling interest rate risks as a Loss Controlling system by setting a zero net risk (or zero duration mismatch) target.  It is nothing less than amazing that while insurers will operate with this approach to interest rate risk, banks will take the exact opposite approach, obtaining a major part of their profits from taking interest rate risks.

A firm operating under the Loss Controlling system is always prepared for a total collapse of the markets where they are trying to totally control their losses.  In the interest rate risk example above, banks will be severely disrupted when there is a major regime change in interest rates, while insurers with good ALM programs will only be minimally impacted. So this approach to risk management is the best approach in a situation when a market hits a Bust stage.  Firms are most likely to adopt this approach if they hold a Conservator attitude towards risk.  Many firms will adopt a Conservator risk attitude after they have had major losses that significantly restrict their ability to absorb future losses, or even if they see many other firms taking such major losses.

Loss Controlling is the main approach to risk management in non-financial firms. This approach was historically common in financial firms as well, but has been pushed aside in recent decades with the development of better systems for Risk Trading and Risk Steering.

Loss Controlling can become an Enterprise-wide risk management system when a firm sets out to look at all of their risks at the same time and in a similar manner.  Risk Management systems such as COSO or ISO31000 are Enterprise-wide Loss Controlling Risk Management systems.  Some people who are very highly tied to the Risk Steering approach to ERM find these systems to be highly flawed.  That is not really the case, they are simply oriented towards a different point of view about risk.

Loss Controlling systems are less likely to focus a high amount of resources on risk measurement.  They are more likely to focus on risk elimination.  No need to measure it if it is gone.

This post is a part of the Plural Rationalities and ERM project.

What’s the Truth?

May 21, 2010

There has always been an issue with TRUTH with regard to risk.  At least there is when dealing with SOME PEOPLE. 

The risk analyst prepares a report about a proposal that shows the new proposal in a bad light.  The business person who is the champion of the proposal questions the TRUTH of the matter.  An unprepared analyst can easily get picked apart by this sort of attack.  If it becomes a true showdown between the business person and the analyst, in many companies, the business person can find a way to shed enough doubt on the TRUTH of the situation to win the day. 

The preparation needed by the analyst is to understand that there is more than one TRUTH to the matter of risk.  I can think of at least four points of view.  In addition, there are many, many different angles and approaches to evaluating risk.  And since risk analysis is about the future, there is no ONE TRUTH.  The preparation needed is to understand ALL of the points of view as well many of the different angles and approaches to analysis of risk. 

The four points of view are:

  1. Mean Reversion – things will have their ups and downs but those will cancel out and this will be very profitable. 
  2. History Repeats – we can understand risk just fine by looking at the past. 
  3. Impending Disaster – anything you can imagine, I can imagine something worse.
  4. Unpredictable – we can’t know the future so why bother trying. 

Each point of view will have totally different beliefs about the TRUTH of a risk evaluation.  You will not win an argument with someone who has one belief by marshalling facts and analysis from one of the other beliefs.  And most confusing of all, each of these beliefs is actually the TRUTH at some point in time. 

For periods of time, the world does act in a mean reverting manner.  When it does, make sure that you are buying on the dips. 

Other times, things do bounce along within a range of ups and downs that are consistent with some part of the historical record.  Careful risk taking is in order then. 

And as we saw in the fall of 2008 in the financial markets there are times when every day you wake up and wish you had sold out of your risk positions yesterday. 

But right now, things are pretty unpredictable with major ups and downs coming with very little notice.  Volatility is again far above historical ranges.  Best to keep your exposures small and spread out. 

So understand that with regard to RISK, TRUTH is not quite so easy to pin down. 

Surprise, Surprise 2

April 19, 2010

At the ERM Symposium, Michael Thompson presented the Surprise Matrix.  Several people asked for copies, so here it is…

There are 16 possibilities.  The rows represent the expectations based upon the risk attitude.

The Pragmatists expect things to be unsettled.  They can be surprised by a recession, where things are consistently bad, a boom where they are consistently good and by normal markets with moderate volatility.  THey are expecting high volatility and unpredictability.

The Conservators expect a recession anr are surprised by the other three environments.

The Maximizers expect a boom and the Managers expect a normal market.

By the way, both neo classical economics and ERM are based upon the managerial mind set.  So you can see how they will be surprised.

LIVE from the ERM Symposium

April 17, 2010

(Well not quite LIVE, but almost)

The ERM Symposium is now 8 years old.  Here are some ideas from the 2010 ERM Symposium…

  • Survivor Bias creates support for bad risk models.  If a model underestimates risk there are two possible outcomes – good and bad.  If bad, then you fix the model or stop doing the activity.  If the outcome is good, then you do more and more of the activity until the result is bad.  This suggests that model validation is much more important than just a simple minded tick the box exercize.  It is a life and death matter.
  • BIG is BAD!  Well maybe.  Big means large political power.  Big will mean that the political power will fight for parochial interests of the Big entity over the interests of the entire firm or system.  Safer to not have your firm dominated by a single business, distributor, product, region.  Safer to not have your financial system dominated by a handful of banks.
  • The world is not linear.  You cannot project the macro effects directly from the micro effects.
  • Due Diligence for mergers is often left until the very last minute and given an extremely tight time frame.  That will not change, so more due diligence needs to be a part of the target pre-selection process.
  • For merger of mature businesses, cultural fit is most important.
  • For newer businesses, retention of key employees is key
  • Modelitis = running the model until you get the desired answer
  • Most people when asked about future emerging risks, respond with the most recent problem – prior knowledge blindness
  • Regulators are sitting and waiting for a housing market recovery to resolve problems that are hidden by accounting in hundreds of banks.
  • Why do we think that any bank will do a good job of creating a living will?  What is their motivation?
  • We will always have some regulatory arbitrage.
  • Left to their own devices, banks have proven that they do not have a survival instinct.  (I have to admit that I have never, ever believed for a minute that any bank CEO has ever thought for even one second about the idea that their bank might be bailed out by the government.  They simply do not believe that they will fail. )
  • Economics has been dominated by a religious belief in the mantra “markets good – government bad”
  • Non-financial businesses are opposed to putting OTC derivatives on exchanges because exchanges will only accept cash collateral.  If they are hedging physical asset prices, why shouldn’t those same physical assets be good collateral?  Or are they really arguing to be allowed to do speculative trading without posting collateral? Probably more of the latter.
  • it was said that systemic problems come from risk concentrations.  Not always.  They can come from losses and lack of proper disclosure.  When folks see some losses and do not know who is hiding more losses, they stop doing business with everyone.  None do enough disclosure and that confirms the suspicion that everyone is impaired.
  • Systemic risk management plans needs to recognize that this is like forest fires.  If they prevent the small fires then the fires that eventually do happen will be much larger and more dangerous.  And someday, there will be another fire.
  • Sometimes a small change in the input to a complex system will unpredictably result in a large change in the output.  The financial markets are complex systems.  The idea that the market participants will ever correctly anticipate such discontinuities is complete nonsense.  So markets will always be efficient, except when they are drastically wrong.
  • Conflicting interests for risk managers who also wear other hats is a major issue for risk management in smaller companies.
  • People with bad risk models will drive people with good risk models out of the market.
  • Inelastic supply and inelastic demand for oil is the reason why prices are so volatile.
  • It was easy to sell the idea of starting an ERM system in 2008 & 2009.  But will firms who need that much evidence of the need for risk management forget why they approved it when things get better?
  • If risk function is constantly finding large unmanaged risks, then something is seriously wrong with the firm.
  • You do not want to ever have to say that you were aware of a risk that later became a large loss but never told the board about it.  Whether or not you have a risk management program.

Surprise, Surprise

April 5, 2010

If any of you heard me give the luncheon talk last year at the ERM Symposium, you will have to mark your calendars to attend a follow-up session on the same topic this year.  This year, Michael Thompson will be doing most of the talking.

That topic is the application of Plural Rationalities (aka Cultural Theory) to risk management.

Over the year since I gave that speech I have been working with Michael Thompson, one of the original authors of the Cultural Theory book, to explain the ways that the ideas from anthropology help to explain and can help to plan for the various experiences.

The key idea is called Surprise!  That is the name for what happens when someone expects one thing and another happens.  Thompson will be explaining how Surprise is a key driver of how people experience the risk environment.

In addition, I will be discussing an agent based model called The Surprise Game that demonstrates the dynamics of a system that runs under the rules of Plural Rationalities.

Thompson will wrap up with a discussion of the Clumsy solutions that have been found to be the answer to the puzzle of the world of risk.

So if I caught anyone’s interest last year at lunch with my smiley faces, come back this year for some serious discussion of the four part world of Plural Rationalities.

Wednesday, April 14, 2010

10:00–11:15 a.m. Concurrent Sessions 5B

The Insurance Cycle

April 3, 2010

Nobody doubts that the insurance cycle is created by people.  So it makes sense to study people to understand the insurance cycle.

The Human Dynamics of the Cycle and Implications for Insurers

is a new paper by Alice Underwood and Dave Ingram that explores the link between the ideas of Plural Rationalities from anthropology and the people whose actions lead to the insurance cycle.

There is an interaction between the market and the people who make the decisions within insurers that is shown to create the insurance cycle.

Better insurer performance during the various stages of the insurance cycle can be obtained by better understanding these dynamics, studying the market with this understanding in mind and making choices that take advantage of that understanding.

This paper will be presented at the 2010 ERM Symposium in Chicago April 12 – 14.

Burn out, Fade Away …or Adapt

February 27, 2010

When I was a kid in the 1960′s, I was sick and tired of how much time on TV and movies was taken up with stories of WWII.  Didn’t my parent’s generation get it?  WWII was ancient history.  It was done.  Move on.  Join the real world that was happening now.

From that statement, you can tell that I am a Boomer.  But I am already sick and tired of how much ink and TV and movies and Web time is devoted to the passing of the world as the Boomers remember the golden age of our youth.  Gag me.  Am I going to have to hear this the entire rest of my life?  Get over it.  Move on.  Live in the current world.

Risk managers need to carefully convey that message to the folks who run their companies as well.  What ever way the world was in the “Glory Days” of the CEO or Business Unit manager’s career, things are different.  Business is different.  Risks are different.  Strategies and companies must adapt.  Adapt, Burn Out or Fade Away are the choices.  Better to Adapt.

I saw this happen once before in my career.  Interest rates steadily rose from the late 1940′s through the early 1980′s.  A business strategy that emphasized amassing cash, locking in a return promise and investing it in interest bearing instruments could show a steady growth in profits almost every single year without too much difficulty.  Then suddenly in the mid-1980′s that didn’t work anymore.  Interest rates went down more than up for a decade and have since stayed low.  Firms either adapted, burned out or faded away.

We have just concluded a (thankfully) brief period of massive financial destruction and are in an uncertain period.  When we come out of this uncertainty, some of the long held strategies of firms will not work.  Risks will be different.

The risk manager needs to be one of the voices that helps to make sure that this is recognized.

In addition, the risk manager needs to recognize that one or many of the risk models that were used to assess risk in past periods will no longer work well.  The risk manager needs to stand ready to adapt or fade away.

And the models need to be calibrated to the new world, not the old.  Calibrating to include the worst of the recent past might seem like prudent risk management, but it may well not be realistic.  If the world reverts to a reasonable growth pattern, the next such event may well not happen for 75 years.  Does your firm really need to avoid exposures to the sorts of things that lost money in 2008 for 75 years?  Or would that mean forgoing most of the business opportunities of that period?

Getting the correct answers to those questions will mean the different between Growth, burn out or fading away for your firm.

Avatar – The Five Rationalities

December 27, 2009

The characters of the new James Cameron movie AVATAR demonstrate the five risk rationalities of Cultural Theory.

Jake Sully is the Fatalist.  He takes over for his brother with no training and no idea of what might happen next.  Fatalists believe that the future is unpredictable.  So in the mind of a Fatalist, this day is no different from any other.  They never believe that they know what is coming next.  Jake also has some Individualist characteristics with his No Fear ethos.  The Individualists believe that everything will work out – so No Fear is an extreme form of their rationality.  Jake Scully evidences a change of rationality over the course of the movie.  The threats to the Na’vi and the Great Tree cause him to shift to the Egalitarian point of view of the Na’vi.

The Na’vi are pure Egalitarians.  Egalitarians believe that the world is in a delicate balance and that resources are finite.  Pure Egalitarian societies would not grow or change very much over time.  They would enforce a very strong degree of uniformity of belief, which the Na’vi evidence with their very intense initiation ceremony.

Parker Selfridge represents the Individualists.  Individualists believe that raw materials are infinite, because new science will always develop ways to exploit the raw materials that are available.  Individualists believe that the best ideas and people will prevail.  Might makes right is a very Individualist point of view.  Parker believes that because the Humans have superior force, then they have a right to the unobtainium by any means.  Individualists believe that risky situations will all work out because the universe will always revert back to the situation where Individualists were in total control.

Colonel Miles Quaritch and the military forces represent the Authoritarian rationality, but not well.  A true Authoritarian would believe that there was a limit to what could be accomplished – a view that the world has boundries within which one must operate to be safe.  Quaritch changes into a more Individualist point of view over the course of the movie.  Instead of trying to learn and work within the boundaries of the world he finds himself in, he works to change those boundaries to ones that he prefers, which is a more Individualist point of view.

Dr. Grace Augustine represents the Hermit, seeking to understand the world, but not necessarily to change it.  She sometimes acts more as the Authoritarian expert, trying to define and set down the boundaries within which it is safe for humans to operate and sometimes more like an Individualist when she tries to change the world theough her schools.  But you sense that the schools were more of a stalling action to allow more time for study.

Important note:  Individualists and Authoritarians are not always villains.  Individualists do not all believe that might makes right.  They do believe that individual achievement and individual rewards should go hand in hand.   Individualists are largely responsible for “progress”.  So if you like your electric light better than a candle, thank an Individualist.

Authoritarians do not all run armies.  They are usually the key people in any hierarchical system.  They are the backbone of governments and the legal profession.  Authoritarians are responsible for the idea of the rule of law.  So if you like to walk down the street in safety thank the Authoritarians.

Fatalists are not all action heroes either.  Most drug addicts and alcoholics are Fatalists.  Fatalists buy most of the lottery tickets.  Generally Fatalists do not control much of the world.  Fatalists are the perennial outsiders.  They also make up many of the ranks of the very talented computer specialists – the prototypical computer nerd is a Fatalist all the way.  Hackers are Fatalists.

Pure Egalitarians groups tend not to last for very long among humans.  Some have fantasied that Native Americans were like the Na’vi – in a stable long term relationship with nature.  Others have suggested that  there was constant war among the different groups that kept them from having the luxury of peace to develop more advance technology.  Most attempts at Egalitarian groups fail due to the tendency of Egalitarians to believe strongly in purity of common motivation and thought.  Egalitarian groups would totally lack adaptability.

Hermits are the scientists and monks who study the world, trying to understand it but not to have any influence over it.  They generally only leave their world when they take on another rationality and decide to try to act on their knowledge.

More on Cultural Theory of Risk

Risk Management Changed the Landscape of Risk

December 9, 2009

The use of derivatives and risk management processes to control risk was very successful in changing the risk management Landscape.

But that change has been in the same vein as the changes to forest management practices that saw us eliminating the small forest fires only to find that the only fires that we then had were the fires that were too big to control.  Those giant forest fires were out of control from the start and did more damage than 10 years of small fires.

The geography of the world from a risk management view is represented by this picture:

The ball represents the state of the world.  Taking a risk is represented by moving the ball one direction or the other.  If the ball goes over the top and falls down the sides, then that is a disaster.

So risk managers spend lots of time trying to measure the size of the valley and setting up processes and procedures so that the firm does not get up to the top of the valley onto one of the peaks, where a good stiff wind might blow the firm into the abyss.

The tools for risk management, things like derivatives with careful hedging programs now allowed firms to take almost any risk imaginable and to “fully” offset that risk.  The landscape was changed to look like this:

Managers believed that the added risk management bars could be built as high as needed so that any imagined risk could be taken.  In fact, they started to believe that the possibility of failure was not even real.  They started to think of the topology of risk looking like this:

Notice that in this map, there is almost no way to take a big enough risk to fall off the map into disaster.  So with this map of risk in mind, company managers loaded up on more and more risk.

But then we all learned that the hedges were never really perfect.  (There is no profit possible with a perfect hedge.)  And in addition, some of the hedge counterparties were firms who jumped right to the last map without bothering to build up the hedging walls.

And we also learned that there was actually a limit to how high the walls could be built.  Our skill in building walls had limits.  So it was important to have kept track of the gross amount of risk before the hedging.  Not just the small net amount of risk after the hedging.

Now we need to build a new view of risk and risk management.  A new map.  Some people have drawn their new map like this:

They are afraid to do anything.  Any move, any risk taken might just lead to disaster.

Others have given up.  They saw the old map fail and do not know if they are ever again going to trust those maps.

They have no idea where the ball will go if they take any risks.

So we risk managers need to go back to the top map again and revalidate our map of risk and start to convince others that we do know where the peaks are and how to avoid them.  We need to understand the limitations to the wall building version of risk management and help to direct our firms to stay away from the disasters.

Why were the 00s So Bad?

November 29, 2009

Financial markets in the 00s were dominated by the Individualist point of view described in Cultural Theory.

The Cultural Theory idea of four risk views provides some interesting insights regarding the financial crisis.

In Cultural Theory terms what happened to create the crisis was that Individualists were given control over too much of the world’s resources. Meanwhile, Authoritarians and Egalitarians degree of control over Individualists was almost totally eliminated. (Fatalists usually do not control anything for long.)

Hyman Minsky accurately describes what happens to Individualist systems – they go from investment to speculation to Ponzi to collapse.

When Individualists control fewer resources, take for example the 1987 stock market crash, there was not a major impact outside of the highly Individualist financial markets to hurt the “real” economy. When Individualists control moderate amount of resources, their cycle of financial instability ends in a mild recession. With too much resources in the hands of Individualists, a major financial crisis results.

But why did that happen? Why did Individualists get so much of the resources?

As Minsky observed; “Stability is destabilizing”

Cultural Theory makes two similar observations that help to explain what happened.

1. Each of the four views of risk is correct some of the time. (But not all at the same time – so in any period of time 3 out of 4 are incorrect.)

2. With each passing period during which their world risk view is not validated, some people shift their view to the one that has been validated by events.

Allegiances to these four risk views shift over time.

So favorable financial times led more and more people to shift their view to Individualist. The normal Individualist cycle of investment to speculation to Ponzi to crash happened.

The adverse events of the financial crisis are clearly contrary to the Individualist mean reverting idea of risk and will cause many people to now shift away from an Individualist view of risk.

As long as that trend holds, the Teens decade will end up very different from the 00s.  We must wait to see whether the Authoritarians or the Egalitarians end up dominating the decade.

The political debate in the US is over whether we must return to an almost purely Individualist system or if we can live in an Egalitarian system.

Cultural Theory of Risk

October 24, 2009

Back in 1984 an anthropologist, Mary Douglas, wrote about her theory for why people chose to form and continue to associate with groups.  She postulated that the way that people thought about RISK was a primary driver.

Cultural Theory describes four views of RISK:

Individualists see the world as mean reverting.  Any risk that they take will be offset by later gains.

Egalitarians see the world in a delicate balance where any risky behaviors might throw off that balance and result in major problems.

Authoritarians see the world as dangerous by manageable.  Some risk can be taken but must be tightly controlled.

Fatalists see the world as unpredictable.  No telling what the result might be from risk taking.

The dynamics of human behavior are influenced by these four groups.  People shift between the four groups because they find the environment either validating their belief or failing to validate their belief.

Cultural Theory also see that there are broadly four different risk regimes in the world.  The four groups exist because the risk regime that validates their view of risk will exist some of the time.

These four regimes are:

Normal Risk – when the ups and downs of the world fall within the expected ranges.

Low Risk – when everything seems to be working out well for the risk takers and the dips are quickly followed by jumps.

High Risk – when the world is on the edge of disaster and hard choices must be made very carefully.

High Loss – when the risks have all turned to losses and survival does not seem certain.

There are huge implications of these ideas for risk managers.  Risk management, as currently practiced, is process that is designed by Authoritarians for the Normal Risk regime.  The Global Financial Crisis has shown that current risk management fails when faced with the other regimes.

One solution would be to redesign risk management to be a broader idea that can both use the skills of those other three views of risk, adapting to the other three regimes of risk.

This idea is discussed in more detail here and in a forthcoming series of articles in Wilmott Magazine.

Visions of Risk

October 5, 2009

How do you see risk?

One of the most difficult issues for many risk managers is the fact that people do not all see risk the same way.  No matter how hard they try, they cannot get some people to take risk management seriously.  On the other hand some people are eager to eliminate all risk.  Why cannot people just see risk the way that Enterprise Risk Managers have learned to see it?

1.  Do you see risk as something that could lead to severe problems, but if treated properly using well developed risk management techniques, then it can be controlled?

2.  Do you see risk as something that we have almost too much of – if we take any more risk then we will suffer dire consequences?  We need to work to lessen the risk that we are taking at all costs.

3.  Do you think that risk comes and goes, but in the end it all works out?  That periods of risk and loss are always followed by periods of low risk and large gains, so that over the cycle, it all works out.

4.  Or do you think that risk is unpredictable, that it is almost impossible to tell whether risks will turn into losses, so it is best not to bother with risk management?

Those are four views of risk that you probably have seen in your life and work.  As a risk manager, you need to figure out how to work with all four views, because there is little likelihood that you will convert everyone over to your view of risk.


Follow

Get every new post delivered to your Inbox.

Join 552 other followers

%d bloggers like this: