Delusions about Success and Failure

In his book, The Halo Effect: … and the Eight Other Business Delusions That Deceive Managers, author Phil Rosenzweig discusses the following 8 delusions about success:

1. Halo Effect: Tendency to look at a company’s overall performance and make attributions about its culture, leadership, values, and more.

2. Correlation and Causality: Two things may be correlated, but we may not know which one causes which.

3. Single Explanations: Many studies show that a particular factor leads to improved performance. But since many of these factors are highly correlated, the effect of each one is usually less than suggested.

4. Connecting the Winning Dots: If we pick a number of successful companies and search for what they have in common, we’ll never isolate the reasons for their success, because we have no way of comparing them with less successful companies.

5. Rigorous Research: If the data aren’t of good quality, the data size and research methodology don’t matter.

6. Lasting Success: Almost all high-performing companies regress over time. The promise of a blueprint for lasting success is attractive but unrealistic.

7. Absolute Performance: Company performance is relative, not absolute. A company can improve and fall further behind its rivals at the same time.

8. The Wrong End of the Stick: It may be true that successful companies often pursued highly focused strategies, but highly focused strategies do not necessarily lead to success.

9. Organizational Physics: Company performance doesn’t obey immutable laws of nature and can’t be predicted with the accuracy of science – despite our desire for certainty and order.

By Julian Voss-Andreae (Own work) [CC-BY-SA-3.0 (http://creativecommons.org/licenses/by-sa/3.0)%5D, via Wikimedia Commons

A good risk manager will notice that all 8 of these delusions have a flip side that applies to risk analysis and risk management.

a.  Bad results <> Bad Culture – there are may possible reasons for poor results.  Culture is one possible reason for bad results, but by far not the only one.

b.  Causation and Correlation – actually this one need not be flipped.  Correlation is the most misunderstood statistic.  Risk managers would do well to study and understand what valuable and reliable uses that there are for correlation calculations.  They are very likely to find few.

c.  Single explanations  – are sometimes completely wrong (see c. above), they can be the most important of several causes, they can be the correct and only reason for a loss, or a correct but secondary reason.  Scapegoating is a process of identifying a single explanation and quickly moving on.  Often without much effort to determine which of the four possibilities above applies to the scapegoat.  Scapegoats are sometimes chosen that make the loss event appear to be non-repeatable, therefore requiring no further remedial action.

d.  Barn door solutions – looking backwards and finding the activities that seemed to lead to the worst losses at the companies that failed can provide valuable insights or it can lead to barn door solutions that fix past problems but have no impact on future situations.

e.  Data Quality – same exact issue applies to loss analysis.  GIGO

f.  Regression to the mean – may be how you describe what happens to great performing companies, but for most firms, entropy is the force that they need to be worried about.  A firm does not need to sport excellent performance to experience deteriorating results.

g.  Concentration risk – should be what a risk manager sees when strategy is too highly concentrated.

h.  Uncertainty prevails – precision does not automatically come from expensive and complicated models.

Unintended Consequences – Distortion of Decisions

Central bankers have tools to help the economy, but for the most part, those tools all have the effect of lowering interest rates.

But there are consequences of overriding the market to change the price of something.  The consequences are that every decision that uses the information from the affected market prices will be distorted.

Interest rates are a price for deferral of receiving cash.  Low interest rates signal that there is very little risk to deferral of receiving cash.  So one only has to pay a little extra to pay later rather than now.

This is helpful in stimulating consumption.  People without the money right now can promise to pay later with low penalty for the deferral.

But is the risk from the deferral really lower?  The interest rates are very low because the central bank is overwhelming the market demand.  Not because anyone really believes that deferral of receipt of cash is low risk.

But anyone who simply uses the market interest rates is having their decision distorted.  They are open to taking deferral risk without expecting to be reasonably compensated for that risk.

To purists who believe that the only usable value is the market price, this is the only real information.

But if you want to make good decisions about transactions that stretch out over a long time, you might want to consider making your own adjustment for the risk of deferral.

What is Risk?

from Max Rudolph

As I deal with a variety of industries, professionals, investors and even risk managers, it has become obvious that the first issue that needs to be addressed from a risk management context is to define the term “risk”. I generally get pushback on this, but what I find is that everyone has a strong definition in their own mind that varies from person to person. How you define risk drives both risk appetite and risk culture. One of the keys in many of the management classes I have attended over the years has been to recognize that others tend to not think like I do. This is important here too. Before reading further, how do you define risk? Let me know if you don’t see your personal high level definition below.

Knightian Risk

Probably the most interesting risk definition I have seen, and the one I had never considered in its extreme, was put forth by Frank Knight in his 1921 book Risk, Uncertainty and Profit. Risk is defined as uncertainty. It is best explained by an example. If you were to launch yourself into space with no protection against the cold and lack of oxygen that defines space, you know you would die. By this definition there is no risk. If there is no uncertainty, in any direction, there is no risk. Sure to fail, no risk. Sure to win, no risk. Most people consider this definition in moderation when managing risk, although most would override it with one of the definitions we will consider next.

Downside Risk

When managing a business or portfolio, many managers consider risk only with respect to something bad that could happen. Outcomes can be defined numerically as more of something is either good or bad, and less of something is the opposite. An additional nuance is needed, and it has been mentioned by others. I like to look at “good” outcomes and “bad” outcomes. To follow an example earlier in this thread, higher sales might initially be called a good outcome, but often it eventually becomes a bad outcome as it outstrips capital availability or flags a pricing issue. Keep in mind that what is important is the overall impact on the entity, so a good overall outcome should be encouraged even if some lines of business would call it a bad outcome for their silo. High mortality is an example of this, with a life insurance line saying it is a bad outcome and a payout annuity considering it a good outcome. This is an example of a natural hedge, provided by two lines with offsetting risks in their portfolio.

Most companies today are looking at risk from a one sided perspective to meet their regulatory compliance needs. Risk management is viewed as a fixed cost under this paradigm. This approach is useful and helps the company avoid bankruptcy. It also provides a base from which you can leverage your ERM efforts.

Volatility Risk

I often think of traders when considering a volatility driven definition of risk. Opportunities abound if prices move, no matter which direction. Those who look at risk from a two sided perspective, and are good at it, can provide an organization with a competitive advantage as enterprise risk management becomes a major part of the strategic planning process. Everything is on the table. This helps an organization grow and prosper, in addition to lowering the probability of ruin. Incorporating risk into decision making provides a competitive advantage in all environments. The downside of this approach is that many who think of volatility as risk also believe that risk can be modeled accurately. They are more prone to model risk.

Not everyone is capable of the two sided risk approach. Risk culture can get in the way, but you also need the right people in place to drive risk management opportunities to senior team members. A risk manager should try to nudge their firm in this direction, but trying to leap there all at once is not likely to work.

Which risk definition is the best one?

It will depend on firm culture and risk appetite to know which definition is most consistent within an entity, and employing people with each definition can help a firm avoid overfocusing on one of the definitions. This will allow the firm to make better decisions. Risk is Opportunity!

©2011 Rudolph Financial Consulting, LLC

Warning: The information provided in this post is the opinion of Max Rudolph and is provided for general information only. It should not be considered investment advice. Information from a variety of sources should be reviewed and considered before decisions are made by the individual investor. My opinions may have already changed, so you don’t want to rely on them. Good luck!

All Risks are not Enterprise Risks

Some Enterprise Risk management programs feature lists of 75 or more risks that the ERM program attends to.

This approach to ERM drastically reduces the potential power of ERM to help to focus attention to Enterprise Risks.

An Enterprise Risk is a class of events that could severely damage the capability of the enterprise to achieve its mission.  No serious undertaking has 75 classes of events that could stop them in their tracks.

A serious undertaking might have 5 such risks.  Usually less.  Things that in spite of the best efforts of management could stop them in their tracks.  There are probably another 5 or so risks that are potentially that serious, but that the firm has, for the most part, under control.

What Enterprise Risk Management is about is a constant effort to pay attention to those 10 or so top risks.  To make sure that a new potential trouble is not creeping into that top 10.  To make sure that  they are not accidentally taking on much more of those risks.  To find ways to mitigate that first group of top risks.  To make sure that the controls on that second group of top risks are still sufficient.  And to make sure that there are not any secondary risks outside of this list that are very highly correlated with the Enterprise Risks.

Dave Sandberg likes to classify risks into three classes:

• Risks that threaten the earnings of the firm
• Risks that threaten the capital of the firm
• Risks that threaten the promises of the firm

A well managed firm will attend to all three types of risks, but the Enterprise Risks are the risks that threaten capital and promises that should be the concern of the Enterprise Risk Management program of the firm.  They should be the concern of the top executives of the firm.  Those risks should be the concern of the directors of the firm.

Are you Risk Competent?

Find out by taking the Risk Competency Quiz.

Then come back here and let RISKVIEWS know what questions you would put onto a Risk Competency Quiz for people in Banks?  In Insurance Companies?

Is Social Security a Ponzi Scheme?

The name calling involved is a distraction from the real problem – the problem of how to keep our entire economic system working with the massive shifting of people into the non-productive retirement ages. Besides the imbalances in pay as you go programs like social security and medicare, there is the problem of who is going to buy the securities that the retirees will need to sell to pay for living expenses? What usually happens when the market knows that someone MUST sell something? What percentage of the stock market’s total holdings MUST be sold over the next 30 years?

Everyone keeps pretending that this is some sort of marginal change situation.  It is definitely not.

What happens if the Boomers sell off causes the market to drop by another 25 – 30%?

Sounds crazy?  But the charts below from the San Fran FRB tells a story…

The solid line represents the ratio of middle aged people (40 – 49) to Old Agers (60 – 69).

This picture shows a 30% drop in PE.  If earnings are also challenged by the low or negative population growth during the same time period, the massive drop is stock prices is quite possible.

So even the people who did save for retirement may be woefully surprised that their money does not save them.

The stock market is but a large and often somewhated distorted mirror of the economy.  If the stock market is challenged by the low growth of the population and the shift from production to consumption of the large retiree population, then that is a reflection that the economy could be challenged in just the same manner.

That is the REALLY BIG problem that needs to be solved.

The Social Security problem is not at all difficult to solve.  According to the most recent actuarial report to the trustees, the shortfall in Social Security is 14% of projected benefits or 17% of projected revenues.  So anyone who can do arithmetic can work out some combination of increases to taxes and decreases to benefits that would bring the program into balance over the 75 year projection period.  Split it down the middle and decrease benefits by 7% and increase social security taxes by 8.5% and it is solved.  But the fact of the matter is that there is no serious consideration being given to any solution, let alone a straightforward solution like the above that anyone could understand.

Time to Ban RISK FREE!

Perhaps the very act of declaring something a RISK FREE ASSET guarantees that it will not be such. 

Underneath that declaration of RISK FREE is a presumption that the RISK FREE entity can absorb an unlimited amount of debt.  When in fact, the thing that we are seeing over and over again is that it is the debt itself that causes the risk!

In insurance, if insurers allowed someone to insure a building that they own for five times its value in the event of a fire, we all understand that a fire becomes highly likely.

In banking, it is also a basic tenet of lending that if you lend someone much, much more than they could ever possibly repay, that they will not repay.  But in banking, we have let the concept of RISK FREE creep into our heads and let that overcome the basic tenet about lending and repayment.  Banks are actually encouraged to put more of their money into RISK FREE securities to make them more secure.  But in the case of both the sub prime and the sovereign crises, the problem comes from assets that were improperly designated RISK FREE.

But what if it is the designation of RISK FREE itself that leads to the problems?

In the US Life insurance sector, the regulators provide a Risk Based Capital (RBC) regime.  It assigns a level of capital based upon the regulators understanding of the risk of various activities.  Most life insurance products at the time of the creation of the RBC regime in the early 1990′s involved a guarantee from the general account of the insurer to the beneficiaries of the insureds.  Life insurers traditionally took large amounts of credit risk to support those guarantees.  The RBC originally was focused first on the largest risk of the life insurers, credit.

Variable Annuities did not involve a guarantee from the general account and were therefore considered RISK FREE.  Many insurers wrote that business and did not attribute any capital because the products were RISK FREE.  From the start, insurers paid a fixed commission to brokers who wrote the business.  Insurers did not directly charge the customers for those commissions, but instead recovered those payments from the accounts over time.  Later, life insurers started to also add guarantees from the general account of the benefits from the variable annuities.  The variable annuities were still considered to be RISK FREE so there was still no RBC charge.

It was not a surprise that valuable risk protection that was highly underpriced was attractive to buyers and these products became very heavy sellers for a dozen or more companies.  So much so that attempts to later change the RBC to require proper capital amounts for the product were potentially critically damaging to some of those firms. Eventually, when the financial crisis hit, some of those dozen insurers that wrote large amounts of these products were looking for help from the TARP program

So perhaps we should be rethinking this concept of RISK FREE.   When the activity deemed as RISK FREE starts to become risky, it starts (or in the case of the sub prime backed CDOs always) pays a higher return than the lowest risk activities.  When the denominator for RISK FREE is zero or very near zero, very tiny amounts of excess returns from growing risk of the activity which is now designated RISK FREE in error will look to be fantastically profitable.  A firm that is trying to optimize its return on capital will shift as much activity as possible into the improperly designated assets class.

As long as there is a RISK FREE class, there will be an incentive to shift as much activity as possible into any security in that class that is misclassified. 

And because the capital requirements for risk free are zero, there is no limit to how much banks can move into that class.  They actually look good if they leverage up to increase activity in RISK FREE.

We need to stop even saying that any class of investments is RISK FREE.  As we see where that idea has led us, we need to leave it in the universities where it belongs and keep it out of the business world.  They can keep it on a shelf right next to their bottles of perfect vacuum and along side their frictionless surfaces.  That is where it belongs.

In the real world, there are no RISK FREE assets.  The capital requirements need to be floored with a positive number and graded up with the level of returns.  The market really is telling us something about risk when returns are higher, not about the brilliance of the companies that are able to find the misclassified RISK FREE investments.

 

Charging into the Valley of Death

Half a league, half a league,
Half a league onward,
All in the valley of Death
Rode the six hundred.
“Forward, the Light Brigade!
“Charge for the guns!” he said:
Into the valley of Death
Rode the six hundred.

From Charge of the Light Brigade, by Alfred, Lord Tennyson

 In about 30 minutes, over 2/3 of the British Light Brigade were slaughtered in 1854.  Horsemen with swords charged cannon and rifles and grapeshot.   Tennyson made it sound grand and brave and somehow an admirable thing.  But Tennyson points out the the fact that it made no sense to do what they were doing – that the soldiers knew it.

“Forward, the Light Brigade!”
Was there a man dismay’d?
Not tho’ the soldier knew
Someone had blunder’d:
Theirs not to make reply,
Theirs not to reason why,
Theirs but to do and die:
Into the valley of Death
Rode the six hundred.

Military schools have used the story of the charge as an example of what can go wrong when intelligence is weak at the command center and when orders are ambiguous.

The Earl of Cardigan who was in command, reported to Parliament:

But what, my Lord, was the feeling and what the bearing of those brave men who returned to the position. Of each of these regiments there returned but a small detachment, two-thirds of the men engaged having been destroyed? I think that every man who was engaged in that disastrous affair at Balaklava, and who was fortunate enough to come out of it alive, must feel that it was only by a merciful decree of Almighty Providence that he escaped from the greatest apparent certainty of death which could possibly be conceived.

You might ask what this might have to do with Risk Management?

While the willingness to follow orders might have appealed to the Victorian English, those are not the sort of folks that you want handling risk.  Following orders that are that far wrong is not what you want someone doing with the  risks to your firm’s existence.

You want people in both your risk management area and in the front line areas where there is the most risk taking to be the sorts who question authority when they do not understand why a new order makes sense.

Risk needs to be attended to at both the center and the fringes.  And thoughtfully attended to.  When the risk seems high to someone, that should be a signal to reconsider.

Playground Risk

Some of us are old enough to remember going to a playground without an adult trailing along to make sure that we played safely. Oh, there were always a few parents there, but they were with the pre-k aged kids. Anyone old enough to go to school was generally thought to be old enough to be able to play.

Well, thanks to the immense safety movement that has caused everything to be swathed in bubble wrap and foam padding, all of the risk is now gone from playgrounds. AND if you did go to a playground (and almost no one ever does anymore – they are no fun at all) you find that there is usually at least one and probably two adults supervising each child.

Thanks to Claire Wilkinson at the Terms and Conditions Blog of the III, we find that a new study of childhood risk taking suggests that risk taking is a necessary part of growing up to face the world as an adult. Children’s Risky Play from an Evolutionary Perspective: The Anti-Phobic Effects of Thrilling Experiences is the article.  The article says

we may observe an increased neuroticism or psychopathology in society if children are hindered from partaking in age adequate risky play

Roll the experiences of the last generation of kids forward twenty years, when they start to run the world.  They have been deprived of any chance at risk taking as kids.  Not safe enough.  They will also be living in a world dominated by the aged baby boomers.

Apply that picture to future risk appetites.  Any discussion of risk appetite talks about the amount of risk that someone is comfortable taking.

The lesson that we have taught our kids is that ZERO risk is the only level that they should be comfortable with.

I imagine that it would be a good thing to invest in a company that makes that rubber stuff that lines the floor of the playground.  That is much safer than concrete for sidewalks. It will be everywhere.

And business risk taking – forget about it.  Your business may fall and skin its knee.

Kids and adults and businesses and current and future business leaders need to experience risks and get comfortable with the losses that sometimes come from risk taking.  They need to learn that it is not the end of the world if they skin their knee.  Or even break a leg.  Maybe when that happens, we learn something new about ourselves and our ability to take risks in the world. 

Because if someone believes that they are not taking any risks then the only risks that they have are risks that they are not aware of.

High Risk Adjusted Returns and Risk Management – 10 Key ERM Questions from an Investor – The Answer Key (5)

Riskviews was once asked by an insurance sector equity analyst for 10 questions that they could ask company CEOs and CFOs about ERM.  Riskviews gave them 10 but they were trick questions.  Each one would take an hour to answer properly.  Not really what the analyst wanted.

Here they are:

1. What is the firm’s risk profile?
2. How much time does the board spend discussing risk with management each quarter?
3. Who is responsible for risk management for the risk that has shown the largest percentage rise over the past year?
4. What outside the box risks are of concern to management?
5. What is driving the results that you are getting in the area with the highest risk adjusted returns?
6. Describe a recent action taken to trim a risk position?
7. How does management know that old risk management programs are still being followed?
8. What were the largest positions held by company in excess of risk the limits in the last year?
9. Where have your risk experts disagreed with your risk models in the past year?
10. What are the areas where you see the firm being able to achieve better risk adjusted returns over the near term and long term?

They never come back and asked for the answer key.  Here it is:

5.  In the sub prime market prior to the crisis, investors were buying AAA securities but getting a little more yield.  Since they were AAA rated, the capital required was minimal.  So the return on equity could be attractive.  Unless you held that story up to the light and freely admitted that your bank profits were bolstered by exploiting the fact that the market and the regulators had different opinions of the creditworthiness of the sub prime securities.

So, if the banks had answered honestly, they would have been saying that their profits were coming from regulatory arbitrage.  There are only three possible outcomes from this situation.  First, the market could wise up and the excess profits would disappear.  Second, the regulators could wise up and suddenly the banks would find themselves needing lots more capital, and third, the market persists in its opinion of higher risk and it turns out the market is correct.  But since under this third option, the bank is playing the regulators for the fools, as the risks stay the same or grow ever larger, the banks take more and more advantage of the stupid regulators.  They pretend to their board that the bank is safe because they are holding the capital that the regulators require.  The banks takes more and more risk – the compulsion to grow and grow earnings in the face of the shrinking spreads for everything with “normal” risk is an immutable imperative that requires banks to multiply their risk.

So one of the possible reasons that Risk Adjusted Return is high is that the risk adjustment is based upon regulatory requirements – not on an actual assessment of risk.  And there are three possible outcomes of playing the regulatory arb game that are unfavorable.

Another reason for higher risk adjusted returns is a competitive advantage.  Investors should be happy to hear about a competitive advantage.  They should also do their own assessment about how permanent that advantage might be.

From the point of view of assessing an ERM system, the answer to this question should reveal how seriously that management takes the idea of risk management.  High and unexpected returns are as good a signal as any of higher risk.  In fact, in the financial markets, high returns are almost always a symptom of higher risk.

Cavalcade of Risk

If you, like Riskviews, enjoys reading about risk, you will love the Cavalcade of Risk.  The Cavalcade of Risk focuses on how people and businesses deal with the element of uncertainty in their lives, weekly presenting a wide ranging list of links to blogs and other places where all different aspects of risk are being discussed.

 

Cavalcade of Risk 133

Cavalcade of Risk 56 

Cavalcade of Risk  131

Cavalcade of Risk 128

With a little effort, you can track down all of them.

 

 

 

 

 

 

 

 

 

Cellphone Danger

The WHO has just released a statement about possible cancer risk from cell phones.

Cell Phones are definitely dangerous.  Just try walking down any street.  Watch people suddenly stop walking or erratically change their pace of walking, even in a crowded sidewalk.  Invariably they have a cell phone up to their ear.  It is clear that cell phones suck the self preservation part of the brain right out of the ear.

And much more risky is the effect of cell phones on driving.  Some safety experts attribute as many as half of the auto accidents in the US to cell phones.  Cell phones seem to prevent people from noticing red lights, stop signs, stopped vehicles and pedestrians in their way. Thousands of deaths and millions of damage.

The cancer risk is the least part of the risk of cell phones.

Leave Something on the Table

What was the difference between the banks and insurers with high tech risk management programs that did extremely poorly in the GFC from those with equally high tech risk management programs who did less poorly?

One major difference was the degree to which they believed in their models.  Some firms used their models to tell them exactly where the edge of the cliff was so that they could race at top speed right at the edge of the cliff.  What they did not realie was that they did not know, nor could they know the degree to which the edge of that cliff was sturdy enough to take their weight.  Their intense reliance on their models, most often models that focused like a lazer on the most important measure of risk, left other risks in the dark.  And those other risks undermined the edge of the cliff.

Others with equally sophisticated models were not quite so willing to believe that it was perfectly safe right at the edge of the cliff.  They were aware that there were things that they did not know.  Things that they were not able to measure.  Risks in the dark.  They took the information from their models about the edge of the cliff and they decided to stay a few steps away from that edge.

They left something on the table.  They did not seek to maximize their risk adjusted returns.  Maximizing risk adjusted return in the ultimate sense involved identifying the opportunity with the highest risk adjusted return and taking advantage of that opportunity to the maximum extent possible, then looking to deploy remaining resources to the second highest risk adjusted return and so on.

The firms who had less losses in the crisis did not seek to maximize their risk adjusted return.

They did not maximize their participation in the opportunity with the highest risk adjusted return.  They spread their investments around with a variety of opportunities.  Some with the highest risk adjusted return choice and other amounts with lesser but usually acceptable return opportunities.

So when it came to pass that everyone found that their models were totally in error regarding the risk in that previously top opportunity, they were not so concentrated in that possibility.

They left something on the table and therefore had something left at the end of that round of the game.

Rents vs. Risk and Reward

Many people talk and write as if risk and reward were the true trade-offs in a capitalist system.  It certainly makes risk management important if that were true.

But unfortunately for us risk managers, and fortunately for business managers, choosing among risky alternatives is not the best choice for business success.

In fact, the natural tendency of capitalism is directly away from risk and towards Competitive Advantage.  If a business can find a competitive advantage, their first choice forever after is to strengthen that advantage and to reduce their risk.

A business with a total competitive advantage, also called a monopoly, is crazy to then take any risk.  Economists call their income a rent.  The income from risk taking is called a risk premium.  All businesses prefer rents to risk premiums under that definition.

So the risk managers who talk all of the time about the risk and reward continuum and about the efficient frontier of risk taking are talking nonsense to any business person who knows the story of any of the most successful businesses.  The most successful businesses all made fortunes for their founders by collecting rents.

What we should be talking about is the Rent / Risk continuum.  If you want to be really successful, you need to find a way to collect rents.  If you want to get mediocre returns, then you can go out and take risks.

Many years ago, Riskviews was producing risk reports for return on risk capital for an insurer.  The insurer had some fee for service business.  This business did not fit into the risk reward framework.

Investment Banks had at one time been mostly fee for services businesses.  Then for a time, they decided that they could make more money taking risks.  It turns out that they were largely wrong.  The “profits” that they were recording on their risk taking were risk premiums for taking very large risks that were “in the dark“.  According to Taleb, they were being massively underpaid for those large but infrequent risks.

Some reinsurers that make their business taking on large amounts of catastrophe risks can be shown to be taking a significant amount of their value from the “default put” that is created because they collect premiums for all expected claims under their reinsurance contracts, but they do not intend to pay off on the largest catastrophes because they will have defaulted.

Risk taking is a questionable way to make profits.

So risk managers need to work to identify rents and properly reflect the superior place that rents should have in business goals.  Risk managers should be slow to claim that any risk taking behavior will make a profit and not just mistaken accounting of risks that are waiting in the dark and growing stronger to take back all of the so called profits from risk taking.

Dissappointment

Michael Thompson often describes the situation where a person or group does not get the experience that they expect as Surprise. I have also heard that called Disappointment.

Probably Surprise is a better term.

What is going on is that people expect one sort of experience and get another.

In a recent published article, Ingram and Thompson describe the expectations of various environments as:

• Boom Environment – High Drift, Low Volatility
• Moderate Environment – Moderate Drift, Moderate Volatility
• Bust Environment – Negative Drift, Low Volatility
• Uncertain Environment – Unpredictable Drift, Unpredictable Volatility

With those descriptions, Surprise/Disappointment is easier to describe.  If you believe that the environment is in a Boom and the experience you get is moderate drift and volatility, then you will be surprised and probably disappointed.  And similarly, if you expect a Bust environment and you experience high drift, then you will certainly be Surprised, but probably not Disappointed.  Unless you were really counting on complaining and  are disappointed about good fortune spoiling that.

Surprise is very different for those expecting an Uncertain environment.  For them, it is surprising that they are able to notice any pattern, whether it be high, low or moderate drift and volatility.  They are expecting unpredictable results, a high volatility as well as a high volatility of volatility.  For them, a surprise would be if the experiences did have a reliable volatility.

The Surprise that many of us have been experiencing started out as a Disappointment.  We thought that home prices had a large positive drift and low volatility.  So as many of us started to count upon that expectation, the system reached its carrying capacity for home real estate.  Which is hard to imagine, since with the loans that were over 100% of value, people were being paid by the financial sector to take new homes.

Suddenly, house prices stopped rising.  Most stories about the financial crisis do not even try to give any explanation for that happening.  But it is easy to picture that everyone who was willing to move had already done so recently.  Even in a pay to take, there is a high personal time cost to move.  So the hot market encouraged anyone who might be willing to move and move a year or two or three earlier than they would have otherwise.  But not enough people were willing to do that year after year.  And not enough people were crazy enough to take out mortgages that they had absolutely no chance to pay back.  So the turnover faltered.  Prices simply stopped rising.  And the Surprise hit everyone.

After an extended period of freefall, the market has settled into a much longer period of uncertainty.  No discernable pattern to drift or to volatility.  There is a large and uneven volume of foreclosed real estate in the system.  It comes to market and disrupts prices.  Because the real estate market had relied upon a rather primitive price discovery mechanism, the foreclosures are very disruptive to the pricing of non-foreclosed housing.  This is a major factor in the level of uncertainty of housing and it ripples through the entire financial system and the entire economy.

With this uncertainty, people who are expecting any of the three other patterns of risk are irregularly Surprised, and often Disappointed.  As there are more and more disappointments, more and more people shift their coping strategy to one that makes sense in an Uncertain economy, the strategy of Diversification.  That might sound to be a good thing, but in practice, it ends up meaning avoiding any large or lengthy commitments.  It means a slow down in basic investment and usually a deferral of any of the major investments that would start to fuel the next positive economic cycle.

This Uncertain cycle will end slowly because of the immense amount of extra home real estate that is still in the foreclosure pipeline.

Such cycles usually end when the flip side of the process described above that drove the stoppage in the real estate boom.  What stopped the boom was that people wore out of moving up in housing.  What will stop the Uncertain market will be that people will wear out of not changing houses.  The people who have had one more child will be fed up with the crowding in their smaller house and the people whose kids have moved away will get fed up with maintaining more house than they need.  The people who do well enough to afford a bigger and better house will be fed up with waiting for things to settle down.  And when that happens to enough people, the backlog of existing real estate will finally sell down and a new boom will start again.

And people who had adapted to uncertainty will be Surprised, but not disappointed that their house again finally starts to appreciate.

Modeling Uncertainty

The message that windows gives when you are copying a large number of files gives a good example of an uncertain environment.  That process recently took over 30 minutes and over the course of that time, the message box was constantly flashing completely different information about the time remaining.  Over the course of one minute in the middle of that process the readings were:

8 minutes remaining

53 minutes remaining

45 minutes remaining

3 minutes remaining

11 minutes remaining

It is not true that the answer is random.  But with the process that Microsoft has chosen to apply to the problem, the answer is certainly unknowable.  For an expected value to vary over a very short period of time by such a range – that is what I would think that a model reflecting uncertainty would  look like.

An uncertain situation could be one where you cannot tell the mean or the standard deviation because there does not seem to be any repeatable pattern to the experience.

Those uncertain times are when the regular model – the one with the steady mean and variance – does not seem to give any useful information.

The flip side of the uncertain times and the model with unsteady mean and variance that represents those times is the person who expects that things will be unpredictable.  That person will be surprised if there is an extended period of time when experience follows a stable pattern, either good or bad or even a stable pattern centered around zero with gains and losses.  In any of those situations, the competitors of that uncertain expecting person will be able to use their models to run their businesses and to reap profits from things that their models tell them about the world and their risks.

The uncertainty expecting person is not likely to trust a model to give them any advice about the world.  Their model would not have cycles of predictable length.  They would not expect the world to even conform to a model with the volatile mean and variance of their expectation, because they expect that they would probably get the volatility of the mean and variance wrong.

That is just the way that they expect it will happen.   A new Black Swan every morning.

Correction, not every morning, that would be regular.  Some mornings.

Where to Draw the Line

“The unprecedented scale of the earthquake and tsunami that struck Japan, frankly speaking, were among many things that happened that had not been anticipated under our disaster management contingency plans.”  Japanese Chief Cabinet Secretary Yukio Edano.

In the past 30 days, there have been 10 earthquakes of magnitude 6 or higher.  In the past 100 years, there have been over 80 earthquakes magnitude 8.0 or greater.  The Japanese are reputed to be the most prepared for earthquakes.  And also to experience the most earthquakes of any settled region on the globe.  By some counts, Japan experiences 10% of all earthquakes that are on land and 20% of all severe earthquakes.

But where should they, or anyone making risk management decisions, draw the line in preparation?

In other words, what amount of safety are you willing to pay for in advance and what magnitude of loss event are you willing to say that you will have to live with the consequences.

That amount is your risk tolerance.  You will do what you need to do to manage the risk – but only up to a certain point.

That is because too much security is too expensive, too disruptive.

You are willing to tolerate the larger loss events because you believe them to be sufficiently rare.

In New Zealand,  that cost/risk trade off thinking allowed them to set a standard for retrofitting of existing structures of 1/3 of the standard for new buildings.  But, they also allowed 20 years transition.  Not as much of an issue now.  Many of the older buildings, at least in Christchurch are gone.

But experience changes our view of frequency.  We actually change the loss distribution curve in our minds that is used for decision making.

Risk managers need to be aware of these shifts.  We need to recognize them.  We want to say that these shifts represent shifts in risk appetite.  But we need to also realize that they represent changes in risk perception.  When our models do not move as risk perception moves, the models lose fundamental credibility.

In addition, when modelers do things like what some of the cat modeling firms are doing right now, that is moving the model frequency when people’s risk perceptions are not moving at all, they also lose credibility for that.

So perhaps you want scientists and mathematicians creating the basic models, but someone who is familiar with the psychology of risk needs to learn an effective way to integrate those changes in risk perceptions (or lack thereof) with changes in models (or lack thereof).

The idea of moving risk appetite and tolerance up and down as management gets more or less comfortable with the model estimations of risk might work.  But you are still then left with the issue of model credibility.

What is really needed is a way to combine the science/math with the psychology.

Market consistent models come the closest to accomplishing that.  The pure math/science folks see the herding aspect of market psychology as a miscalibration of the model.  But they are just misunderstanding what is being done.  What is needed is an ability to create adjustments to risk calculations that are applied to non-traded risks that allow for the combination of science & math analysis of the risk with the emotional component.

Then the models will accurately reflect how and where management wants to draw the line.

ERM Questions for US Insurers

By Max Rudolph

A.M. Best added a Supplemental Rating Questionnaire (SRQ) for insurers at the end of 2010. While it will provide interesting information that will aid the analyst develop questions for a face-to-face meeting, the mainly checklist format will limit its value. A better option would be for a company to utilize this SRQ to develop an internal risk management report that could be presented to the board and external stakeholders much as insurers generate an investment management report. The A.M. Best checklist could be a by-product of this process. A.M. Best’s statement that “each company’s need for ERM is different” is absolutely correct. Organizations with complex and varied product mixes should spend their time understanding both the silo risks and the interactions between those silos. Going into 2006 insurers (and rating agencies) did not have leading indicators in place to monitor housing prices, yet that proved to be the driver leading to the financial crisis. There is little in this questionnaire that is forward looking toward new and emerging risks.

Concentration

The questionnaire does not do enough to focus on concentration of exposures. No credit is awarded for a diversified group of independent risks. There is also no mention of counterparty risk with reinsurers. The financial crisis left reinsurers ever more entangled, and if one ever experiences financial difficulties a contagion effect could drag quite a few down with them. If that happens there is no reason to think that insurers would not batten down the hatches as banks did with their loan portfolios. Insurers should have a contingency plan for this possibility, along with performing other stress tests and board discussions.

Key Risk Indicators

The questionnaire refers to reporting risk metrics. This should be more specific. Financial statements do a pretty good job of reporting lagging indicators such as revenue and net income. What would be more useful when managing risk are leading indicators. What metric can I look at today to anticipate future revenue? Keeping track of metrics such as agent retention, applications received, or unemployment will allow the line manager to better understand the business line and the risk manager to better identify potential risks. Today, many insurers are developing this process but it is still evolving.

Risk Culture

In the risk culture section of the questionnaire, terms such as risk/return measures and reporting risk jump out at me. Not all risks can be measured, and many can’t be measured accurately. That does not mean they can’t, and certainly does not mean they should not, be managed. Examples would include the likelihood and severity of civil unrest around the world. It is not important to judge precisely how likely these events might be, but it is important to think about how you might react if such an event does occur. Options are generally limited after an event occurs, and time is often the critical factor. Reporting risk means many things to many people. It would be preferred to have a dialogue about risks, using a written report as a starting point.

Identifying Risks

In the Risk Identification/Measurement/Monitoring section of the questionnaire, A.M. Best asks “Who is the most responsible for identifying material risks to the company’s financial position?” This seems to be a no-win question, as no matter who is listed shortcomings will be associated with it. If you list the CEO, then the CRO is short-changed. If you list the CRO, the line managers wonder what their role is. Perhaps a better question would be to ask who is responsible for consolidating risks and looking at them holistically, scanning for emerging risks as well. It will be interesting to see what A.M. Best does with the table considering the largest potential threats to financial strength. There is no consistent approach to estimated potential impact. Two companies with the exact same exposure to a risk might report vastly different dollar figures. The higher number might be generated by the organization that better understands the risk.

Economic Capital

The most interesting question to me would be to ask how independent of results are the modelers? Who do they report to? How is their bonus determined? My perception is that there is subtle pressure put on modelers to hit certain results and that they should understand their models well enough to know which levers to pull that won’t raise a warning flag. At this point there is no audit requirement for an economic capital model.

Forward Looking

Missing in this questionnaire, as well as the NAIC’s Risk Focused Examinations, is a view of the future. In my opinion, if there is not an immediate solvency issue then the most interesting question is what could impair this organization in the future. For many insurance firms this will be related to selling profitable products and being flexible. It is hard to find distribution without giving away either options or returns. Consolidation in the insurance industry is likely. How many companies have considered their competitive position is their competitors merge? For distressed firms it is rarely a previously managed risk that takes them down. What environmental scanning is being done? What Risks are you Worried about Today? Risks that could be included in this type of analysis would be considered stress tests by many, but how many organizations would share more than they think their competitors are sharing? Here are some risks to ponder, along with their unintended consequences, in no order.

• Low interest rate environment is replaced by an inflationary shock
• A new competitor enters the insurance market with a known and trusted brand and new distribution channel (WalMart comes to mind)
• A reinsurer becomes insolvent due to investment losses, stressing other reinsurers.
• The insurance industry experiences higher trending mortality, with a flurry of 30-50 deaths due to obesity
• Climate change results in changing weather patterns, with more volatile weather and crop patterns
• A consolidator enters the industry, generating economies of scale that reduce potential returns by 2%.
• Infrastructure around the world ends its useful lifetime and is not replaced.
• Water wells are drilled in developed countries by farmers and local communities to access an aquifer.

Warning: The information provided in this newsletter is the opinion of Max Rudolph and is provided for general information only. It should not be considered investment advice. Information from a variety of sources should be reviewed and considered before decisions are made by the individual investor. My opinions may have already changed, so you don’t want to rely on them. Good luck! Warning: The information provided in this newsletter is the opinion of Max Rudolph and is provided for general information only. It should not be considered investment advice. Information from a variety of sources should be reviewed and considered before decisions are made by the individual investor. My opinions may have already changed, so you don’t want to rely on them. Good luck!

Risk Capacity Measurement

By  Jean-Pierre Berliet

In insurance companies, where “production” consists of risk assumption and risk accumulation, measuring a company’s risk capacity and risk capacity utilization is not as straightforward as in companies that manufacture widgets. Like industrial companies, insurance companies need to measure and manage their “production” or rather “risk” (accumulation) capacity.

 

The recent crisis has demonstrated that insurance companies need to measure and manage their risk capacity utilization in relation to the amount of risk capacity lest they become overextended. In insurance companies, risk capacity needs to be determined so as to satisfy:

• Solvency concerns of policyholders, for which insurance strength ratings assigned by the leading independent rating agencies and A.M. Best are generally accepted as proxies. Shareholders are also interested in these ratings, which they view as indicators of companies’ ability to attract and retain customers and achieve their financial objectives.
• Maintenance of regulatory Risk Based Capital (RBC) adequacy ratios sufficient to prevent regulators from intervening in company management.

 

Risk capacity is most commonly a measure of an insurance company’s ability to accumulate risk exposures, on a going concern basis, while meeting risk tolerance constraints of solvency-focused stakeholders (policyholders, rating agencies and regulators). Risk concerns of these stakeholders are generally expressed as confidence levels at which a company is capable of meeting particular standards of performance, (e.g. maximum probability of default, maintenance of the capital needed to support a target rating or RBC adequacy level) over a defined time horizon.

 

A company’s risk capacity is customarily measured by its available capital and its risk capacity utilization is measured by the amount of capital needed to meet the risk tolerance constraints of credit-sensitive stakeholders, given its present portfolio of risk exposures. In order to gain the confidence of investors and customers and to enjoy a viable future, an insurance company needs to understand how its strategic plan impacts the prospective utilization of its risk capacity, and therefore the adequacy of its capital in relation to its projected financial performance and growth aspirations.

 

To perform this assessment, a company needs to estimate its prospective risk capacity utilization (i.e. capital required) for executing its strategic plan. To perform this analysis, it needs to project its risk profile over a three to five years planning horizon (approximating going concern conditions), under growth assumptions embedded in its strategic plan. A properly constructed risk profile should enable a company to consider the impact of extreme conditions, often scenarios that include multiple catastrophes or financial crises, as well as the contribution of earnings retention to risk capacity. This basic strategic planning exercise, completed in a risk-aware framework will demonstrate the risk capital (and, thus, capacity utilization) required to execute the strategic plan.

Ideally, the required financial models should be capable of producing i) full distributions of financial outcomes rather than tail sections of these distributions, ii) elements of the balance sheet and P&L statements needed to calculate earnings, earnings volatility, downside risk from planned earning amounts in future periods, iii) calculations of RBC, and associated capital adequacy ratios, including A.M. Best’s capital adequacy ratio (BCAR) and iv) financial performance reports developed under multiple accounting standards, including statutory and GAAP or IFRS, or on an economic basis. These data are needed for management to explore how capital requirements and thus also risk capacity utilization respond to changes in risk strategy and business strategy.

 

The company’s risk profile can be derived from the aggregation of the distributions of financial results of individual lines or business segments based on the amount and volatility characteristics of exposures, limits assumed, applicable reinsurance treaties, and asset mix, over a three to five year time horizon so as to approximate going concern conditions.

 

The use of multi-year solvency analyses of companies’ risk profile, instead of a one year horizon required under the regulatory provisions of many jurisdictions, typically results in significantly higher estimates of risk capital requirements and risk capacity utilization than those obtained under the one year horizon. As a result, companies that rely primarily on one year solvency analyses to assess the adequacy of their capital tend to understate their capital requirements and are more likely to overextend themselves. Importantly, the underlying assumption that capital shortfalls could be covered as and when needed by raising capital from investors has been shown to be unrealistic during the recent financial crisis, highlighting what may be a fundamental flaw in the widely touted Solvency II framework.

 

 

 

 

 

Jean-Pierre Berliet

(203) 247-6448

jpberliet@att.net

 

February 14, 2011

 

 

Note: This article is abstracted from the “Risk Management and Business Strategy in P/C Insurance Companies” briefing paper published by Advisen (www.advisen.com) and available at the Corner Store.

 

Avoiding Risk Management

In the past two years, many firms and many investors have de-risked their world.

On the other hand, there is no shortage of advice that you should never seek to avoid all risk.  Try typing the two words “Avoid Risk” into Google and more than half of the links that come up are discussions of why that is not a good strategy.

But one of the links that is on the first page is from the Chronicle of Higher Education.  The headline is “Most Colleges Avoid Risk Management“

So you now have the classic two by two grid of choices:

Each of the four choices has adherents.  But there are pluses and minuses to each choice.

1.  Avoid Risk/Avoid Risk Management – a person or organization can do very well with this choice.  Until – - – they are struck by a risk that they did no know that they were taking.  The only risks that a person who avoids all risk takes are those risk that they are unaware of.  This strategy also requires that the world not change too much.  The largest risk to this choice is the risk that the person or organization will no longer have a viable strategy.  By avoiding risk, they have saved themselves from the agony of failure but also from the joy of successfully developing new strategies – some of which might become the strategy for the future.

2.  Avoid Risk/Risk Management – This was the Mubarak strategy.  It was very successful for 30 years.  Then, suddenly, it stopped working.  It feel victim to the failure to adapt risk which is the second type mentioned above.   But by practicing risk management, he was able to avoid the first risk above – the risk of taking risks unawares.  A firm with a very successful product or business might take up this strategy, seeking to maximize value of that successful strategy.

“People who don’t take risks generally make about two big mistakes a year. People who do take risks generally make about two big mistakes a years.” – Peter F. Drucker

3.  Take Risks/ Avoid Risk Management – On its face, this choice seems clearly irrational.  However, it is widely practiced and sometimes by people that are held to be highly successful geniuses in their fields.  What we fail to recognize is that some of these folks are simply lucky and the rest might well be geniuses.  The lucky are noticed because of survivor bias.  So if you choose this strategy, you are following in the footsteps of some of the most famous.  And in your own experience, you have probably worked with people who got where they are because of luck.  Someone has to get 8 tails in a row flipping coins.  And if you award a senior vice presidency to everyone who does …

4.  Take Risks / Risk Management – this seems like the most sensible choice.  You are then left with the decision of how to choose the risks that you take and which sort of risk management to practice.  Which are the main topics of this blog.

In my experience, I have found that some people define risk taking as 3 above – that is diving off the board without looking down first.  When they say “you must take risks to get the rewards” they are thinking about the blind risk taking of 3.  I can only suggest that a firm should seek to avoid applying strategy 3 to something on which the survival of the firm depends.

Thanks to Riskczar for the Drucker quote.

The Year in Risk – 2010

It is very difficult to strike the right note looking backwards and talking about risk and risk management.  The natural tendency is to talk about the right and wrong “picks”.  The risks that you decided not to hedge or reinsure that did not develop losses and the ones that you did offload that did show losses.

But if we did that, we would be falling into exactly the same trap that makes it almost impossible to keep support for risk management over time.  Risk Management will fail if it becomes all about making the right risk “picks”.

There are other important and useful topics that we can address.  One of those is the changing risk environment over the year. In addition, we can try to assess the prevailing views of the risk environment throughout the year.

VIX is an interesting indicator of the prevailing market view of risk throughout the year.  VIX is in indicator of the price of insurance against market volatility.  The price goes up when the market believes that future volatility will be higher or alternately when the market is simply highly uncertain about the future.

Uncertain is the word used most throughout the year to represent the economic situation.  But one insight that you can glean from looking at VIX over a longer time period is that volatility in 2010 was not historically high.

If you look at the world in terms of long term averages, a single regime view of the world, then you see 2010 as an above average year for volatility.  But if instead of a single regime world, you think of a multi regime world, then 2010 is not unusual for the higher volatility regimes.

So for stocks, the VIX indicates that 2010 was a year when market opinions were for a higher volatility risk environment.  Which is about the same as the opinion in half of the past 20 years.

That is what everyone believed.

Here is what happened:

	Return
December	6.0%
November	-0.4%
October	3.5%
September	8.7%
August	-5.3%
July	6.8%
Jun	-5.2%
May	-8.3%
April	1.3%
March	5.8%
February	2.8%
January	-3.8%
Average	1.0%
Std Dev	5.6%

That looks pretty volatile.  And comparing to the past several years, we see below that 2010 was just a little less actually volatile than 2008 and 2009.  So we are still in a regime of high volatility.

So we can conclude that 2010 was a year of both high expected and high actual volatility.

If an exercize like this is repeated each year for each important risk, eventually insights of the possibilities for both expectations and actual risk levels can be formed and strategies and tactics developed for different combinations.

The other thing that we should do when we look back at a year is to note how the year looked in the artificial universe of our risk model.

For example, when many folks looked back at 2008 stock market results in early 2009, many risk manager had to admit that their models told them that 2008 was a 1 in 250 to 1 in 500 year.  That did not quite seem right, especially since losses of that size had occurred two or three times in the past 125 years.

What many risk managers decided to do was to change the (usually unstated) assumption that things had permanently changed and that the long term experience with those large losses was not relevant. Once they did that, the risk models were recalibrated and 2008 became something like a 1 in 75 to 1 in 100 year event.

For the stock market, the 15.1% total return was not unusual and causes no concern for recalibration.

But there are many other risks, particularly when you look at general insurance risks, that had higher than expected claims.  Some were frequency driven and some were severity driven.  Here is a partial list:

• Queensland flood
• December snowstorms (Europe & US)
• Earthquakes (Haiti, Chile, China, New Zealand)
• Iceland Volcano

Munich Re estimates that 2010 will go down as the sixth worst year for amount of general insurance claims paid for disasters.

Each insurer and reinsurer can look at their losses and see, in the aggregate and for each peril separately, what their models would assign as likelihood for 2010.

The final topic for the year in risk is Systemic Risk.  2010 will go down as the year that we started to worry about Systemic Risk.  Regulators, both in the US and globally are working on their methods for inoculating the financial markets against systemic risk.  Firms around the globe are honing their arguments for why they do not pose a systemic threat so that they can avoid the extra regulation that will doubtless befall the firms that do.

Riskviews fervently hopes that those who do work on this are very open minded.  As Mark Twain once said,

“History does not repeat itself, but it does rhyme.”

And for Systemic Risk, my hope is that the resources and necessary drag from additional regulation are applied, not to prevent an exact repeat of the recent events, while recognizing the possibility of rhyming as well as what I would think would be the most likely systemic issue – that financial innovation will bring us an entirely new way to bollocks up the system next time.

Happy New Year!

Action and Inaction

Running a successful business requires doing something almost constantly.

But successful risk management may require doing very little for long stretches of time.

“Just because they say “ACTION” doesn’t mean you have to do anything”  Al Pacino

Good risk management means picking your times and picking your actions.

But there is much for the new risk manager to do between the day when they are first given their charge (the call of ACTION) and the day when they must take their first ACTION.

Many new risk managers get completely caught up in the process of creating a risk management system and the idea of ACTION gets moved into some sort of bureaucratic haze.  The risk management systems that are described in many textbooks and articles make it seem like ACTIONs will simply happen on their own if the system is all in place.

But any risk manager who has worked through the financial crisis or through any other major loss making crisis will tell you that the ACTIONs that take care of themselves through the system are only the easiest part of the ACTION that is really needed, that really adds value to the organization.  The really difficult ACTIONs are the ones that are not so clearly indicated, or the ACTIONs that come after a long period of inaction.

Those actions include things like stopping the growth of a profitable risk, stopping writing a particular risk or even shrinking risk positions.

“Every great mistake has a halfway moment, a split second when it can be recalled and perhaps remedied.”
Pearl Buck

There is a time as well when it is too late for the ACTION.  That is because it is usually in the late stages of a boom that the firm takes on the risks that end up making the largest losses.

And when the problem starts to become evident, it is usually much too expensive to lay off the risk positions.  The best you can hope for is to stop growing the positions.

So there are times, during a boom, when the most important but most difficult ACTION for a risk manager to take is to stop the growth of an overheated risk.

But there are many other times when the risk manager can concentrate on inaction.  Just letting the risk control system do its work.

Eggs and Baskets

Andrew Carnegie once famously said

“put all your eggs in one basket. and then watch that basket”

It seems impossible on first thought to think of that as a view consistent with risk management.  But Carnegie was phenomenally successful.  Is it possible that he did that flaunting risk management?

Garry Kasparov – World Chess Champ (22 years) put it this way…

“You have to rely on your intuition.  My intuition was wrong very few times.”

George Soros has said that he actually gets an ache in his back when the market is about to turn, indicating that he needs to abruptly change his strategy.

Soros, Kasparov, Carnegie are not your run of the mill punters.  They each had successful runs for many years.

My theory of their success is that the intuition of Kasparov actually does take into account much more than the long hard careful consideration of a middling chess master.  Carnegie and Soros also knew much more about their markets than any other person alive in their time.

While they may not have consciously been following the rules, they were actually incorporating all of the drivers of those rules into their decisions.  Most of those rules are actually “heuristics” or shortcuts that work as long as things are what they have been but are not of much use when things are changing.  In fact, those rules may be what is getting one into trouble during shifts in the world.

Risk models embody an implicit set of rules about how the market work.  Those models fail when the market fails to conform to the rules embedded in the model.  That is when things change, when your thinking needs to transcend the heuristics.

So where does that leave the risk manager?

The insights of the ultra successful types that are cited above can be seen to refute the risk management approach, OR they can be seen as a goal for risk managers.

The basket that Carnegie was putting all of his eggs into was steel.  His insight about steel was correct, but his statement about eggs and baskets is not particularly applicable to situations less transformational than steel.  It is the logic that many applied during the dot com boom, much to their regret in 2001/2002.

The risk manager should look at statements and positions like those above as levels of understanding to strive for.  If the risk managers work starts and remains a gigantic mass of data and risk positions without ever reaching any insights about the underlying nature of the risks that are at play, then something is missing.

Perhaps the business that the risk manager works for is one that by choice and risk tolerance insists on plodding about the middle of the pack in risk.

But the way that the risk manager can add the most value is when they are able to provide the insights about the baskets that can handle more eggs.  And can start to have intuitions about risks that are reliable and perhaps are accompanied by unmistakable physical side effects.

Intrinsic Risk

If you were told that someone had flipped a coin 60 times and had found that heads were the results 2/3 of the time, you might have several reactions.

• You might doubt whether the coin was a real coin or whether it was altered.
• You might suspect that the person who got that result was doing something other than a fair flip.
• You might doubt whether they are able to count or whether they actually counted.
• You doubt whether they are telling the truth.
• You start to calculate the likelihood of that result with a fair coin.

Once you take that last step, you find that the story is highly unlikely, but definitely not impossible.  In fact, my computer tells me that if I lined up 225 people and had them all flip a coin 60 times, there is a fifty-fifty chance  that at least one person will get that many heads.

So how should you evaluate the risk of getting 40 heads out of 60 flips?  Should you do calculations based upon the expected likelihood of heads based upon an examination of the coin?  You look at it and see that there are two sides and a thin edge.  You assess whether it seems to be uniformly balanced.  Then you conclude that you are fairly certain of the inherent risk of the coin flipping process.

Your other choice to assess the risk is to base your evaluation on the observed outcomes of coin flips.  This will mean that the central limit theorem should help us to eventually get the right number.  But if your first observation is that person described above, then it will be quite a few additional observations before you find out what the Central Limit Theorem has to tell you.

The point being that a purely observation based approach will not always give you the best answer.   Good to make sure that you understand something about the intrinsic risk.

If you are still not convinced of this, ask the turkey.  Taleb uses that turkey story to explain a Black Swan.  But if you think about it, many Black Swans are nothing more than ignorance of intrinsic risk.

Hierarchy of Corporate Needs and ERM

In psychology 101 class you heard about Maslow’s hierarchy of needs, They are:

1. Physiological Needs
2. Safety Needs
3. Belonging
4. Eswteem
5. Self-Actualization

Corporations have needs as well.  The needs of firms is similar to the needs of the people in the firms.

Hierarchy of Corporate Needs

• Sales

• Profits

• Security

• Growth of Value

The ERM process can help companies to satisfy these needs.  In ways that no other business management process will. This is true for all businesses, but it is particularly true for financial services businesses like insurance and banking where every transaction can have a significant element of risk for the firm.

Sales

• For a business to exist, it must have something that it can sell to some market.
• ERM is usually thought of as “the Sales Prevention Department”.  But ERM can be instrumental in planning the sales process.  But let’s come back to that after discussing the other corporate needs.

Profits

• Once a firm has mastered the ability to produce or otherwise provide something that some market will buy, they need to figure out how to deliver that product or service at a cost lower than the price that the market will pay.  This is a combination of managing costs and convincing the market of the price that the product/service is worth.
• In businesses like insurance or banking, the fundamental transactions of the business involve risk taking in a way that is different from most other businesses.  Making a profit ultimately means getting the price right for risk and properly managing the risk so that it rarely gets out of hand.
• That is the prime territory for ERM – evaluating and managing risks.  So to satisfy this second need of corporations, at least for the corporations in the risk business,  ERM is needed.
• Without ERM, profits are hit or miss for firms in the risk business.

Security

• Once a business has a product that they can reliably sell to a market and has figured out a way to reliably deliver that product at a profit, then that business has value.  And the third need becomes important; Security.
• This is the case not just for companies in the risk business,  but for all types of firms.  Once they get used to making money, there is a strong need to keep that happening.
• But there are many, many things that can go wrong and put an end to that profitable business.  As a general class, we call those things RISKS.
• So risk management is applied by firms to deal with those things that might go wrong and end the stream of profits – separately, risk by risk as management becomes aware of those risks.
• Enterprise Risk Management provides a different approach, and one that should appeal to those who are fundamentally interested in the security of the firm.  While risk management seeks to prevent outsized losses from one cause or another, ERM seeks to manage outsized losses from ANY and ALL sources.

Growth of Value

• Once a business has Sales, Profits and Security the focus shifts.  And it shifts to growing the value of the firm.
• Some firms focus on growing their value by making more of the sales that they mastered at the outset of their existence.  Others seek to grow value by increasing their efficiency and increasing the profitability of their business.  A few are able to focus on both at the same time.
• However, the value of the firm, by some reckonings is the present value of future earnings.  Those future earnings can be higher because sales grow or because profits per unit grow.  But that future will be discounted by the market.  Discounted for both risk and for time.
• Since Risk is a major component to value, growing value means managing risk.  SO we are again back to ERM.  ERM helps management to see the trade-offs, the risk reward trade-offs, that will influence value.

Sales

• And so, back to sales.  What you find when you look to manage value with ERM is that it helps you to see the value of sales.  And what you see will be that different sales have a different impact on the value of the firm.
• So ERM can halp to guide the sales planning process, shedding light on which sales to plan to grow the most and which to limit.

So ERM can play a major role in the achievement of all four of the main Corporate Needs.

Risk means Loss Potential

Definition of Risk from Merriam-Webster online dictionary:

Definition of RISK

1: possibility of loss or injury :peril

2: someone or something that creates or suggests a hazard

3: the chance of loss or the perils to the subject matter of an insurance contract; also: the degree of probability of such loss b: a person or thing that is a specified hazard to an insurer c: an insurance hazard from a specified cause or source <war risk>

4: the chance that an investment (as a stock or commodity) will lose value

These are the only four definitions offered.

So if you build an ERM system and want to use the definition of risk that is popular with ERM folks:

Risk is a deviation from expected.

It is almost certain that among an English speaking non-risk manager management audience, your program will start out with at one count of DOUBLESPEAK against you.

The definition of DOUBLESPEAK, per Wikipedia is:

Doublespeak (sometimes called doubletalk) is language that deliberately disguises, distorts, or reverses the meaning of words. Doublespeak may take the form of euphemisms (e.g., “downsizing” for layoffs), making the truth less unpleasant, without denying its nature. It may also be deployed as intentional ambiguity, or reversal of meaning (for example, naming a state of war “peace”). In such cases, doublespeak disguises the nature of the truth, producing a communication bypass.

You start your discussion of Risk Management by telling everyone that UP is DOWN and HOT is COLD.  That OPPORTUNITIES are RISKS.

There is a common English meaning of the word risk that works very well to support Risk Management activities.

The objective of that other DOUBLESPEAK meaning of the word risk is to convey that risk managers can help to find and support opportunities.

Just say that. Say that you can help to find and support opportunities.

It will come off much better than redefining words that everyone knows the meaning of at the outset of your discussion.

Risk Management Learns from Sun Tzu

Usually risk managers do not think of themselves as being at war.  But a risk manager is facing a number of foes.  And failure to succeed against those foes can result in the end of the enterprise.  So maybe the risk manager can learn from The Art of War.

Sun Tzu’s The Art of War has 11 chapters.  Each of these topics can be seen to have a lesson for risk managers.

1. Laying Plans explores the five fundamental factors that define a successful outcome (the Way, seasons, terrain, leadership, and management). By thinking, assessing and comparing these points you can calculate a victory, deviation from them will ensure failure. Remember that war is a very grave matter of state.             The risk manager of course needs plans.  Remember that risk management is a grave matter for the enterprise.
2. Waging War explains how to understand the economy of war and how success requires making the winning play, which in turn, requires limiting the cost of competition and conflict.        Risk management does not run on an unlimited budget.  In some cases risk managers have not completed their preparations because they have gone forward as if they could spend whatever it took to fulfill their vision for risk management.  Of course risk management spending needs to be at a sensible level for the enterprise.  Excessive risk management spending can harm an enterprise just as much as an unexpected loss.

1. Attack by Stratagem defines the source of strength as unity, not size, and the five ingredients that you need to succeed in any war.            The risk manager succeeds best if they are able to get the entire organization to support the risk management efforts, not just a large corporate risk management department.
2. Tactical Dispositions explains the importance of defending existing positions until you can advance them and how you must recognize opportunities, not try to create them.           The risk manager needs to build organizational strength to support risk management opportunistically.  A risk management program that does not wait for the right opportunities will create internal enemies and will then be fighting both the external risks as well as the internal enemies.
3. Energy explains the use of creativity and timing in building your momentum.            The risk manager also needs to be creative and needs to build momentum.  The best risk management program fits well with the culture of the organization.  That fit will need to be developed by creatively combining the ideas of risk management with the written and unwritten parts of the organizational imperatives.
4. Weak Points & Strong explains how your opportunities come from the openings in the environment caused by the relative weakness of your enemy in a given area.             Quite often the risk manager will know the right thing to do but will not be able to execute except at extreme danger to their position in the firm.  The openings for a risk manager to make the moves that will really lake a difference in the future of the firm come infrequently and without warning.  The Risk manager must be looking at these openings and be ready and able to act.
   
5. Maneuvering explains the dangers of direct conflict and how to win those confrontations when they are forced upon you.      Some thing that the risk managers job is the direct conflict with the important people in the firm who would put the firm in an excessively risky position.  This in inadvisable
6. Variation in Tactics focuses on the need for flexibility in your responses. It explains how to respond to shifting circumstances successfully.       Risk Management tactics will be the most successful if they are alligned with the actual risk environment.  See Plural Rationalities and ERM.
7. The Army on the March describes the different situations in which you find yourselves as you move into new enemy territories and how to respond to them. Much of it focuses on evaluating the intentions of others.        Rational Adaptability is the process of assessing the risk environment and selecting the risk management strategy that will work best for the environment.
8. Terrain looks at the three general areas of resistance (distance, dangers, and barriers) and the six types of ground positions that arise from them. Each of these six field positions offer certain advantages and disadvantages.      The risk environment has four main stages, Boom, Bust, Moderate and Uncertain.
9. The Nine Situations describe nine common situations (or stages) in a campaign, from scattering to deadly, and the specific focus you need to successfully navigate each of them.      Companies must determine their risk taking strategy and their risk appetite by looking at the risk environment as well as at their risk taking capacity.
10. The Attack by Fire explains the use of weapons generally and the use of the environment as a weapon specifically. It examines the five targets for attack, the five types of environmental attack, and the appropriate responses to such attack.
11. The Use of Spies focuses on the importance of developing good information sources, specifically the five types of sources and how to manage them.

A Posteriori Creation

The hunters had come back to the village empty handed after a particularly difficult day. They talked through the evening around the fire about what had happened. They needed to make sense out of their experience, so that they could go back out tomorrow and feel that they knew how the world worked well enough to risk another hunt. This day, they were able to convince themselves that what had happened was similar to another day many years ago and that it was an unusually bad day, but driven by natural forces that they could expect and plan for in the future.

Other days, they could not reconcile an unusually bad day and they attributed their experience to the wrath of one or another of their gods.

Risk managers still do the same thing.  They have given this process a fancy name, Bayesian inference.  The very bad days, we now call Black Swans instead of an act of the gods.

Where we have truly advanced is in our ability to claim that we can reverse this process.  We claim that we can create the stories in advance of the experience and thereby provide better protection.

But we fail to realize that underneath, we are still those hunters.  We tell the stories to make ourselves feel better, to feel safe enough to go back out the next day.  Once we have gone through the process of a posteriori creation of the framework, the past events fit neatly into a framework that did not really exist when those same events were in the future.

If you do not believe that, think about how many risk models have had to be significantly recalibrated in the last 10 years.

To correct for this, we need to go against 10,000 or more years of human experience.  The correction can be summed up with the line from the movie The Fly,

Be afraid.  Be very afraid.

There is another answer.  That answer is

Be smart.  Be very smart.

That is because it is not always the best or even a very good strategy to be very afraid.  Only sometimes.  So you need to become smart enough to:

1. Know when it is really important to mistrust the models and to be very afraid
2. Have built up the credibility and trust so that you are not ignored.

While you are doing that,be careful with the a posteriori creations.  The better people get with explaining away the bad days, the harder it will be for you to convince them that a really bad day is at hand.

Survival of the Firm is not Mandatory

Is that idea really understood by top management and the board?

Does the board leave every meeting certain that the firm will still be in business when the next scheduled board meeting comes around?  How did they get to that certainty?

Can management tell them the likelihood that the firm will experience a fatal loss and how much that likelihood has changed since the previous board meetings?

Can management tell them exactly what sorts of events could put the firm out of business?  Have they discussed the sorts of “highly unlikely” events that might take the firm down if they suddenly did happen?

Those are, of course, the conversations that the board might well demand to have if they really understood that Survival is not Mandatory.

Around the Corner Risk

That is where the risk manager really earns their money.

The risks that are coming straight down the road, well that is important to pay attention to them.  But those are the obvious risks.  I would not pay very much for help in avoiding serious accidents from those risks.

But those round the corner risks, that would be very valuable, to have someone who can help to make sure that those out of sight risks do not ruin things.

However, what any risk manager who has tried to focus attention on the Around the Corner Risks has learned is that attending to such risks is often seen as spoiling the game.

In the Black Swan, Nassim Taleb talks about the degree to which businesses are in effect selling out of the money puts and pocketing the risk premium as if it is pure profits.

And that is often the case.  Risk managers should extend their view to include analysis of the actual source of profits of the various endeavors of their firms.  Any place where the profits are larger than can be explained is a place where the firm might well be getting paid for selling those puts.

The risk manager needs to be able to take that analysis of sources of profits back to top management to have a frank discussion of those unexplained sources of profits.

In most cases, those situations are risks to the firm, either because they represent risk premium for out of the money puts or because they represent temporary inefficiencies.  The risk from the temporary inefficiencies is that if management mistakenly assumes that those inefficiencies are permanent, then the firm may over-invest in that activity.  That over-investment may then eventually lead to the creation of those our of the money puts as a way to sustain profits when the inefficiencies are extinguished by the market.

An example of this situation is the Variable Annuity market in the US.  In the early 1990′s firms were able to achieve good profits from this business largely because there were too few companies in the market.  Every market participant could show good profits and growth in this new market without resorting to price competition.  This situation attracted many additional insurers into the market, flattening the profitability.  The next phase in the market was to offer additional benefits to customers at prices below market cost.  These additional benefits were in the form of out of the money puts – guarantees against adverse experience of the investments underlying the product.  And the risk premium charged for these benefits was often booked as a profit.

One of the reasons for the confusion between risk premium and profit is the way in which we recognize profits on risks where the period of the risk occurrence is much longer than the period for financial reporting.

The analysis of source of profits can be a powerful tool to help risk managers to both see those around the corner risks and to communicate the possible around the corner risks before them become immanent.

Regime Change

If something happens more or less the same way for any extended period of time, the normal reaction of humans is consider that phenomena as constant and to largely filter it out.  We do not then even try to capture new information about changes to that phenomena because our senses tell us that that input is “pure noise” with no signal.  Hence the famous story about boiling frogs.  Which may or may not be actually true about frogs, but it definitely reveals something about the way that humans take in information about the world.

But things can and do actually change.  Even things that are more or less the same for a very long time.

In the book, “This Time It’s Different”, the authors state that

“The median inflation rates before World War I were well below those of the more recent period: 0.5% per annum for 1500 – 1799 and 0.71% for 1800 – 1913, in contrast with 5% for 1914 – 2006.”

Imagine that.  Inflation averaged below 0.75% for about 300 years.  Since there is no history of extended periods of negative inflation, to get an average that low, there must be a very low standard deviation as well.  Inflation at a level of 3 or 4% is probably a one in a million situation.  Or so intelligent financial analysts before WWI must have thought that they could make plans without any concern for inflation.

But in the years following WWI, governments found a new way to default on their debts, especially their internal debts.  Reinhart and Rogoff point out that almost all of the discussion by economists regarding sovereign default is about external debt.  But they show that internal debt is very important to the situations of sovereign defaults.  Countries with high levels of internal debt and low external debt will usually not default, but countries with high levels of both internal and external debt will often default.

So as we contemplate the future of the aging western economies, we need to be careful that we do not exclude the regime changes that could occur.  And which regime changes that we should be concerned about becomes clearer when we look at all of the entitlements to retirees as debt (is there any effective difference between debt and these obligations?).  When we do that we see that there are quite a few western nations with very, very large internal debt.  And many of those countries have indexed much of that debt, taking the inflation option off of the table.

Reinhart and Rogoff also point out the sovereign default is usually not about ability to pay, it is about willingness to make the sacrifices that repayment of debt would entail.

So Risk Managers need to think about possible drastic regime changes, in addition to the seemingly highly unlikely scenario that the future will be more or less like the past.

Responsibility for Risk Management

Who should have responsibility for risk management?

Is it the CRO? Is it the Business Unit Heads? Is it everyone? or is it the CEO (As Buffet suggests)?

My answer to those questions is YES. Definitely.

You see, there is plenty of risk to go around.

The CEO should be responsible for the Firm Killing Risks. He/She should be the sole person who is able to commit the firm to an action that creates or adds to a firm killing risk position. He/She should have control systems in place so that they know that no one else is taking and Firm Killing Risks. He/She should be in a constant dialog with the board about these risks and the necessity for the risks as well as the plans for managing those sorts of risks.

At the other end of the spectrum, there are the Bad Day Risks. Everyone should be responsible for their share of the Bad Day Risks.

And somewhere in the middle are the risks that the CRO and Business Unit Heads should be managing. Those might be the Bad Quarter Risks or the Bad Year Risks.

As the good book says, “To each according to his ability”. That is how Risk Management responsibility should be distributed.

Crippling Epistemology

Google the term crippled epistemology and you get lots of articles and blog posts about extremists and fanatics and also some blog posts BY the extremists and fanatics.

Crippled epistemology means that someone cannot see the truth.

Daniel Patrick  Moynahan is reported as saying “Everyone is entitled to his own opinion, but not his own facts.”

But there are just too many facts.  Any one person cannot attend to ALL of the facts.  They must filter the facts, choose the facts that are more important.  We all filter the facts that we pay attention to.

But sometimes, those filters become too strong.  Things went along in a certain pattern for a length of time, so we filtered out of our consideration many of those things that either failed to evidence any variability or that had totally predictable variability.

Those filters take on the aspect of a crippling epistemology.  Our approach to knowledge keeps us from understanding what is actually happening.

Sounds pretty esoteric.  But in fact it is one of the most important issues in risk management.

We need to have systems that work on a real time basis to provide the information that drives our risk decisions.  But we must be careful that that expensive and impressive risk information system does not actually obscure the information that we really need.

For the investors in sub prime mortgages prior to 2007, they had developed an epistemology, an approach to their knowledge of the markets.  Ultimately that epistemology crippled them, because it did not allow them to see the real underlying weakness to that market.

So a very important step to be performed periodically for risk managers is an Epistemology Review.  Making sure that the risk systems actually are capturing the needed information about the risks of the firm.

Risk Managers MUST be Humble

Once you think of it, it seems obvious.  Risk Managers need humility.

If you are dealing with any killer physical risk, there are two types of people who work close to that risk, the humble and the dead.

Being humble means that you never lose sight of the fact that RISK may at any time rise up in some new and unforeseen way and kill you or your firm.

Risk managers should read the ancient Greek story of Icarus.

Risk managers without humility will suffer the same fate.

Humility means remembering that you must do every step in the risk management process, every time.  The World Cup goalkeeper Robert Green who lets an easy shot bounce off of his hands and into the goal has presumed that they do not need to consciously attend to the mundane task of catching the ball.  They can let their reflexes do that and their mind can move on to the task of finding the perfect place to put the ball next.

But they have forgotten their primary loss prevention task and are focusing on their secondary offense advancement task.

The risk managers with humility will be ever watchful.  They will be looking for the next big unexpected risk.  They will not be out there saying how well that they are managing the risks, they will be more concerned about the risks that they are unprepared for.

Risk managers who are able to say that they have done all that can be done, who have taken all reasonable precautions, who can help their firm to find the exact right level and mix of risks to optimize the risk reward of the firm are at serious risk of having the wax holding their feathers melt away and of falling to earth.

Reconciling Risk Concerns

From Jean-Pierre Berliet

Discussions with senior executives have suggested that decision signals from ERM would be more credible and that ERM would be a more effective management process if ERM were shown to reconcile the risk concerns of policyholders and shareholders.

Creditors, including policyholders, and rating agencies or regulators whose mission it is to protect creditors, and shareholders are all interested in the financial health of an insurer, but in different ways. Creditors want to be assured that an insurance company will be able to honor its obligations fully and in a timely manner. For creditors, the main risk question is: what is the risk of the business? This is another way to ask whether the company will remain solvent.

Shareholders, however, are interested in the value of the business as a going concern, in how much this value might increase and by how much it might decline. For shareholders, the main risk question is: what is the risk to the business? Shareholders are interested in what ERM can do to increase and protect the value of their investment in a company. While both creditors and shareholders are interested in the tail of the distribution of financial results, as an indicator of solvency risk, shareholders are also very interested in the mean of these financial results and their volatility, which could have an adverse impact on the value of their investment.

Policyholders and shareholders’ views are different but not incompatible: a company could not stay in business if it were not able to persuade regulators that it will remain solvent and should be allowed to keep its license, or obtain from rating agencies a rating suitable for the business it writes.  Its value to investors would be significantly impaired..

Insurers recognize that the main drivers of their risk profile are financial risks, including insurance risk accumulations and concentrations, and the related market risk associated with their investment activities. They understand that resulting risks are best controlled at the point of origination through appropriate controls on underwriting and pricing and through reinsurance and asset allocation strategies that limit the volatility of financial outcomes. Stochastic modeling is being used more broadly by companies to understand how such risks accumulate, interact and develop over time and to evaluate strategies that enhance the stability of outcomes. Capital adequacy is the ultimate defense against severe risk “surprises” from insurance and investment activities. It is of interest to policyholders who want to be certain to collect on their claims, but also to shareholders who want assurance that a company can be viewed as a going concern that will write profitable business in the future.

Methodologies used by rating agencies on behalf of creditors describe in detail how the rating process deals with the three main drivers of a company’s financial position and of the volatility (risk) of this position. In response to rating agency concerns, insurance companies focus on determining how much “economic capital” they need to remain solvent, as a first step toward demonstrating the adequacy of their capital. Analyses they perform involve calculation of the losses they can suffer under scenarios that combine the impact of all the risks to which they are exposed. This “total risk” approach and the related focus on extreme loss scenarios (“high severity/low frequency” scenarios) are central to addressing creditors’ concerns.

To address the solvency concerns of creditors, rating agencies and regulators and the value risk of shareholders, insurance companies need to know their complete risk profile and to develop separate risk metrics for each group of constituents. Knowledge of this risk profile enables them to identify the distinct risk management strategies that they need to maintain high ratings while also protecting the value of their shareholders’ investment. Leading ERM companies have become well aware of this requirement and no longer focus solely on tail scenarios to develop their risk management strategies.

(more…)

What’s the Truth?

There has always been an issue with TRUTH with regard to risk.  At least there is when dealing with SOME PEOPLE. 

The risk analyst prepares a report about a proposal that shows the new proposal in a bad light.  The business person who is the champion of the proposal questions the TRUTH of the matter.  An unprepared analyst can easily get picked apart by this sort of attack.  If it becomes a true showdown between the business person and the analyst, in many companies, the business person can find a way to shed enough doubt on the TRUTH of the situation to win the day. 

The preparation needed by the analyst is to understand that there is more than one TRUTH to the matter of risk.  I can think of at least four points of view.  In addition, there are many, many different angles and approaches to evaluating risk.  And since risk analysis is about the future, there is no ONE TRUTH.  The preparation needed is to understand ALL of the points of view as well many of the different angles and approaches to analysis of risk. 

The four points of view are:

1. Mean Reversion – things will have their ups and downs but those will cancel out and this will be very profitable. 
2. History Repeats – we can understand risk just fine by looking at the past. 
3. Impending Disaster – anything you can imagine, I can imagine something worse.
4. Unpredictable – we can’t know the future so why bother trying. 

Each point of view will have totally different beliefs about the TRUTH of a risk evaluation.  You will not win an argument with someone who has one belief by marshalling facts and analysis from one of the other beliefs.  And most confusing of all, each of these beliefs is actually the TRUTH at some point in time. 

For periods of time, the world does act in a mean reverting manner.  When it does, make sure that you are buying on the dips. 

Other times, things do bounce along within a range of ups and downs that are consistent with some part of the historical record.  Careful risk taking is in order then. 

And as we saw in the fall of 2008 in the financial markets there are times when every day you wake up and wish you had sold out of your risk positions yesterday. 

But right now, things are pretty unpredictable with major ups and downs coming with very little notice.  Volatility is again far above historical ranges.  Best to keep your exposures small and spread out. 

So understand that with regard to RISK, TRUTH is not quite so easy to pin down. 

Risk Never Sleeps

LIVE from the ERM Symposium

(Well not quite LIVE, but almost)

The ERM Symposium is now 8 years old.  Here are some ideas from the 2010 ERM Symposium…

• Survivor Bias creates support for bad risk models.  If a model underestimates risk there are two possible outcomes – good and bad.  If bad, then you fix the model or stop doing the activity.  If the outcome is good, then you do more and more of the activity until the result is bad.  This suggests that model validation is much more important than just a simple minded tick the box exercize.  It is a life and death matter.
• BIG is BAD!  Well maybe.  Big means large political power.  Big will mean that the political power will fight for parochial interests of the Big entity over the interests of the entire firm or system.  Safer to not have your firm dominated by a single business, distributor, product, region.  Safer to not have your financial system dominated by a handful of banks.
• The world is not linear.  You cannot project the macro effects directly from the micro effects.
• Due Diligence for mergers is often left until the very last minute and given an extremely tight time frame.  That will not change, so more due diligence needs to be a part of the target pre-selection process.

• For merger of mature businesses, cultural fit is most important.
• For newer businesses, retention of key employees is key

• Modelitis = running the model until you get the desired answer
• Most people when asked about future emerging risks, respond with the most recent problem – prior knowledge blindness
• Regulators are sitting and waiting for a housing market recovery to resolve problems that are hidden by accounting in hundreds of banks.
• Why do we think that any bank will do a good job of creating a living will?  What is their motivation?
• We will always have some regulatory arbitrage.
• Left to their own devices, banks have proven that they do not have a survival instinct.  (I have to admit that I have never, ever believed for a minute that any bank CEO has ever thought for even one second about the idea that their bank might be bailed out by the government.  They simply do not believe that they will fail. )
• Economics has been dominated by a religious belief in the mantra “markets good – government bad”
• Non-financial businesses are opposed to putting OTC derivatives on exchanges because exchanges will only accept cash collateral.  If they are hedging physical asset prices, why shouldn’t those same physical assets be good collateral?  Or are they really arguing to be allowed to do speculative trading without posting collateral? Probably more of the latter.
• it was said that systemic problems come from risk concentrations.  Not always.  They can come from losses and lack of proper disclosure.  When folks see some losses and do not know who is hiding more losses, they stop doing business with everyone.  None do enough disclosure and that confirms the suspicion that everyone is impaired.
• Systemic risk management plans needs to recognize that this is like forest fires.  If they prevent the small fires then the fires that eventually do happen will be much larger and more dangerous.  And someday, there will be another fire.
• Sometimes a small change in the input to a complex system will unpredictably result in a large change in the output.  The financial markets are complex systems.  The idea that the market participants will ever correctly anticipate such discontinuities is complete nonsense.  So markets will always be efficient, except when they are drastically wrong.
• Conflicting interests for risk managers who also wear other hats is a major issue for risk management in smaller companies.
• People with bad risk models will drive people with good risk models out of the market.
• Inelastic supply and inelastic demand for oil is the reason why prices are so volatile.
• It was easy to sell the idea of starting an ERM system in 2008 & 2009.  But will firms who need that much evidence of the need for risk management forget why they approved it when things get better?
• If risk function is constantly finding large unmanaged risks, then something is seriously wrong with the firm.
• You do not want to ever have to say that you were aware of a risk that later became a large loss but never told the board about it.  Whether or not you have a risk management program.

Risk Adjusted Compensation Analysis

Game Theory suggests that you can get pretty far simply looking at expected values.  But the expected values need to be done right, looking at both upside and downside.

Looking at the consequences of the compensation paid by financial institutions suggests that boards who approved the compensation did not do their Game Theory homework.  Management is given a huge share of the upside and their incentives are thought to be aligned with shareholders because of a stock component to their compensation.

Maybe that works, maybe not.  The math is simple enough.  They should check.  A Game Theory, risk adjusted compensation analysis (simplified for this post) would look like this:

Proposed Transaction:

Upside:  $100,000,000 – likelihood 60%

Downside:  ($100,000,000) – likelihood 40%

Expected Value: $20,000,000

So far so good.  Now the firm already has a risk adjusted compensation system.  Under that system, there is a cost of capital charge assessed against profits before calculating bonus.  In this case, the capital is based upon the $100,000,000 downside.  The cost of capital is 5%, so the “risk adjustment” is 5%.  The bonus formula will pay out 40% of the risk adjusted gain, half in cash and half in stock.  In the past, the compensation committee has seen this process and stopped there. It seems that they took care of every angle.

But this year, one comp committee member hears a lecture on Game Theory and asks for additional analysis:

Risk Adjusted Expected Value Analysis:

Management:

Upside:  40% of $100,000,000 less $5,000,000 equals $38,000,000.  Pay $19,000,000 cash and $19,000,000 stock.  Stock is purchased at time of award.  Likelihood 60%

Downside:  Zero Current award.  Loss in value of stock holdings from past awards.  Back to that in a minute.

Shareholders:

Upside:  $62,000,000 of gains plus risk charge times 10 equals $620 million. Likelihood of 60%

Downside $$100,000,000 of losses times 10 equals ($1 Billion). Likelihood of 40%

Expected value:  ($2.8 million)

Now back to the employees…

The downside from their 0.1% of stock is ($1 million) so their expected value is $22 million positive.

So a real Game Theory based risk adjusted analysis would show that there is huge upside to management for risky deals and much smaller risk adjusted expectation for the shareholders. (In this example an expected loss).

Perhaps every deal should be presented on this risk adjusted basis.  It might take a few of these presentations, but sooner or later the lopsided deal will sink in.

But then the game will shift.  Already, the game is to present these deals optimistically, so that the likelihood of upside is overstated and the downside is underestimated.  If compensation is skewed as drastically as the above example, highly risky deals look just fine on a risk adjusted expected value basis to employees.  If the board insists that the shareholders really have a positive expected value, then the deals will need to be much less risky – at least on paper.

The stress testing that is being promoted as a major risk management tools (in part because of this very problem of over optimistic risk models) needs to then also be done to the risk adjusted compensation analysis.  The stress tests for this purpose do not need to be as drastic as the stress tests for solvency management.  What you should be looking for is the inflection point where the deal starts to fall into the situation where the management and shareholders are no longer on the same side, where their expected values are of opposite signs.  If that inflection point is found with a stress test that is somewhat close to the base model assumptions, then that is a flashing red light for the risk manager and the board.

Burn out, Fade Away …or Adapt

When I was a kid in the 1960′s, I was sick and tired of how much time on TV and movies was taken up with stories of WWII.  Didn’t my parent’s generation get it?  WWII was ancient history.  It was done.  Move on.  Join the real world that was happening now.

From that statement, you can tell that I am a Boomer.  But I am already sick and tired of how much ink and TV and movies and Web time is devoted to the passing of the world as the Boomers remember the golden age of our youth.  Gag me.  Am I going to have to hear this the entire rest of my life?  Get over it.  Move on.  Live in the current world.

Risk managers need to carefully convey that message to the folks who run their companies as well.  What ever way the world was in the “Glory Days” of the CEO or Business Unit manager’s career, things are different.  Business is different.  Risks are different.  Strategies and companies must adapt.  Adapt, Burn Out or Fade Away are the choices.  Better to Adapt.

I saw this happen once before in my career.  Interest rates steadily rose from the late 1940′s through the early 1980′s.  A business strategy that emphasized amassing cash, locking in a return promise and investing it in interest bearing instruments could show a steady growth in profits almost every single year without too much difficulty.  Then suddenly in the mid-1980′s that didn’t work anymore.  Interest rates went down more than up for a decade and have since stayed low.  Firms either adapted, burned out or faded away.

We have just concluded a (thankfully) brief period of massive financial destruction and are in an uncertain period.  When we come out of this uncertainty, some of the long held strategies of firms will not work.  Risks will be different.

The risk manager needs to be one of the voices that helps to make sure that this is recognized.

In addition, the risk manager needs to recognize that one or many of the risk models that were used to assess risk in past periods will no longer work well.  The risk manager needs to stand ready to adapt or fade away.

And the models need to be calibrated to the new world, not the old.  Calibrating to include the worst of the recent past might seem like prudent risk management, but it may well not be realistic.  If the world reverts to a reasonable growth pattern, the next such event may well not happen for 75 years.  Does your firm really need to avoid exposures to the sorts of things that lost money in 2008 for 75 years?  Or would that mean forgoing most of the business opportunities of that period?

Getting the correct answers to those questions will mean the different between Growth, burn out or fading away for your firm.

Take CARE in evaluating your Risks

Risk management is sometimes summarized as a short set of simply stated steps:

1. Identify Risks
2. Evaluate Risks
3. Treat Risks

There are much more complicated expositions of risk management.  For example, the AS/NZ Risk Management Standard makes 8 steps out of that. 

But I would contend that those three steps are the really key steps. 

The middle step “Evaluate Risks” sounds easy.  However, there can be many pitfalls.  A new report [CARE] from a working party of the Enterprise and Financial Risks Committee of the International Actuarial Association gives an extensive discussion of the conceptual pitfalls that might arise from an overly narrow approach to Risk Evaluation.

The heart of that report is a discussion of eight different either or choices that are often made in evaluating risks:

1. MARKET CONSISTENT VALUE VS. FUNDAMENTAL VALUE 
2. ACCOUNTING BASIS VS. ECONOMIC BASIS         
3. REGULATORY MEASURE OF RISK    
4. SHORT TERM VS. LONG TERM RISKS          
5. KNOWN RISK AND EMERGING RISKS        
6. EARNINGS VOLATILITY VS. RUIN    
7. VIEWED STAND-ALONE VS. FULL RISK PORTFOLIO       
8. CASH VS. ACCRUAL 

The main point of the report is that for a comprehensive evaluation of risk, these are not choices.  Both paths must be explored.

Concentration of Power Risk

 

Guest Post from Max J. Rudolph, FSA CERA CFA MAAA

Rudolph Financial Consulting

A risk that we never talk about has become the elephant in the room. Some would call this ego risk, but at most institutions decision making occurs primarily at only the highest levels. It has been a year since I wrote a financial essay titled Does Your Company Need a Chief Skeptical Officer? I don’t think it has gotten any better. This is not due to poor goal setting. These senior officers believe they are doing what is best for their firm. Unfortunately, all of us tend to fall in love with our best ideas. We see that when we invest, where we hold losers far too long. When a manager has worked hard for a long period of time to develop an opportunity it can gain such momentum that it can’t be stopped no matter how poor the idea or the timing for the idea is. Many companies continued to write loans that previously had been securitized while liquidity in this market dried up. Others threw good money after bad on commercial real estate properties while existing properties were sitting vacant. There are very few companies that have instilled this skepticism in their risk culture. Berkshire Hathaway is one, where both Warren Buffett and Charlie Munger are comfortable in their own views and are encouraged to say what they think to each other. It will be interesting to see if this culture extends to the next generation of leaders at this highly successful firm. One way to ensure this is to practice consistent pricing discipline. When an opportunity comes about, the same financial analysis should always occur. This will include setting risk appetite, hurdle rates, and capital. It will not include having the CEO override the discussion.

There is no momentum to create this type of culture. Perhaps it should be developed at the board level with independent ERM experts providing the process and bringing in specific topic experts to anonymously consider these risks.

Warning: The information provided in this Post is the opinion of Max Rudolph and is provided for general information only. It should not be considered investment advice. Information from a variety of sources should be reviewed and considered before decisions are made by the individual investor. My opinions may have already changed, so you don’t want to rely on them. Good luck!

©2009 Rudolph Financial Consulting, LLC

Crisis Pre-Nuptial

What is the reaction of your firm going to be in the event of a large loss or other crisis? 

If you are responsible for risk management, it is very much in your interest to enter into a Crisis Pre-Nuptial. 

The Crisis Pre-Nuptial has two important components. 

1. A protocol for management actions in the event of the crisis.  There is likely a need for there to be a number of these protocols.   These protocols can be extremely valuable, their value will most likely far exceed the entire cost of a risk management function.  Their value comes because they eliminate two major problems that firms face in the event of a crisis or large loss.  First is the deer in the headlights problem – the delay when no one is sure what to do and who is to do it.  That delay can mean that corrective actions are much less effective or much more expensive or both.  Second is the opposite, that too many people take actions, but that the actions are conflicting.  This again increasses costs and decreases effectiveness.  Just as with severe medical emergencies, prompt corrective actions are almost always more likely to have the most favorable results. 
2. Setting up an expectation that the crises and losses either are or are not an expected part of the risks that the firm is taking.  If the firm is taking high risks, but does not expect to ever experience losses, then there is a major disconnect between the two.  Just as a marital pre-nuptial agreement is a conscious acknowledgement that marriages sometimes end in divorce, a Crisis Pre-Nuptial is an acknowledgement that normal business activity sometimes involves losses and crises. 

Risk managers who have a Crisis Pre-Nuptial in place might, just might, have a better chance to survive with their job in tact after a crisis or large loss. 

And if someday, investors and/or boards come to the realization that firms that plan for rainy days are, in the long run, going to be more valuable, the information that is in the Crisis pre-nuptial could be very important information for them.

Best Risk Management Quotes

The Risk Management Quotes page of Riskviews has consistently been the most popular part of the site.  Since its inception, the page has received almost 2300 hits, more than twice the next most popular part of the site.

The quotes are sometimes actually about risk management, but more often they are statements or questions that risk managers should keep in mind.

They have been gathered from a wide range of sources, and most of the authors of the quotes were not talking about risk management, at least they were not intending to talk about risk management.

The list of quotes has recently hit its 100th posting (with something more than 100 quotes, since a number of the posts have multiple quotes.)  So on that auspicous occasion, here are my favotites:

1. Human beings, who are almost unique in having the ability to learn from the experience of others, are also remarkable for their apparent disinclination to do so.  Douglas Adams
2. “when the map and the territory don’t agree, always believe the territory” Gause and Weinberg – describing Swedish Army Training
3. When you find yourself in a hole, stop digging.-Will Rogers
4. “The major difference between a thing that might go wrong and a thing that cannot possibly go wrong is that when a thing that cannot possibly go wrong goes wrong it usually turns out to be impossible to get at or repair” Douglas Adams
5. “A foreign policy aimed at the achievement of total security is the one thing I can think of that is entirely capable of bringing this country to a point where it will have no security at all.”– George F. Kennan, (1954)
6. “THERE ARE IDIOTS. Look around.” Larry Summers
7. the only virtue of being an aging risk manager is that you have a large collection of your own mistakes that you know not to repeat  Donald Van Deventer
8. Philip K. Dick “Reality is that which, when you stop believing in it, doesn’t go away.”
9. Everything that can be counted does not necessarily count; everything that counts cannot necessarily be counted.  Albert Einstein
10. “Perhaps when a man has special knowledge and special powers like my own, it rather encourages him to seek a complex explanation when a simpler one is at hand.”  Sherlock Holmes (A. Conan Doyle)
11. The fact that people are full of greed, fear, or folly is predictable. The sequence is not predictable. Warren Buffett
12. “A good rule of thumb is to assume that “everything matters.” Richard Thaler
13. “The technical explanation is that the market-sensitive risk models used by thousands of market participants work on the assumption that each user is the only person using them.”  Avinash Persaud
14. There are more things in heaven and earth, Horatio,
    Than are dreamt of in your philosophy.
    W Shakespeare Hamlet, scene v
15. When Models turn on, Brains turn off  Til Schuermann

You might have other favorites.  Please let us know about them.

Lessons for Insurers (1)

In late 2009,  the The CAS, CIA, and the SOA’s Joint Risk Management Section funded a research report about the Financial Crisis.  This report featured nine key Lessons for Insurers.  Riskviews will comment on those lessons individually…

1. The success of ERM hinges on a strong risk management culture which starts at the top of
a company.

This seems like a very simple statement that is made over and over again by most observers.  But why is it important and why is it very often lacking?

First, what does it mean that there is a “strong risk management culture”?

A strong risk management culture is one where risk considerations make a difference when important decisions are made PERIOD

When a firm first adopts a strong risk management culture, managers will find that there will be clearly identifiable decisions that are being made differently than previously.  After some time, it will become more and more difficult for management to notice such distinctions because as risk management becomes more and more embedded, the specific impact of risk considerations will become a natural inseparable part of corporate life.

Next, why is it important for this to come from the top?  Well, we are tying effective risk management culture to actual changes in DECISIONS and the most important decisions are made by top management.  So if risk management culture is not there at the top, then the most important decisions will not change.  If the risk management culture had started to grow in the firm,

when middle managers see that top management does not let risk considerations get in their way, then fewer and fewer decisions will be made with real consideration risk.

Finally, why is this so difficult?  The answer to that is straight forward, though not simple.  The cost of risk management is usually a real and tangible reduction of income.  The benefit of risk management is probabilistic and intangible.  Firms are compared each quarter to their peers.

If peer firms are not doing risk management, then their earnings will appear higher in most periods.

Banks that suffered in the current financial crisis gave up 10 years of earnings!  But the banks that in fact correctly shied away from the risks that led to the worst losses were seen as poor performers in the years leading up to the crisis.

So what will change this?  Only investors will ultimately change this.  Investors who recognize that in many situations, they have been paying un-risk adjusted multiples for earnings that have a large component of risk premiums for low frequency, high severity risks.

They are paying multiples, in many cases where they should be taking discounts!

Lessons for Insurers (1)

Lessons for Insurers (2)

Lessons for Insurers (3)

Lessons for Insurers (4)

Lessons for Insurers (5)

Lessons for Insurers (6)

A Bird in the Hand

is Worth Two in the Bush. 

is an old maxim for risk adjusting asset valuation.  It suggests a 50% discount for recording unrealized values.  Notice that is not a discount for recognizing unrealized GAINS, it is a discount on VALUE. 

You have to wonder whether that 50% discount is because there is only a 50% chance that you will catch a bird in the bush or if it reflects a higher chance of actually catching the bird, plus some risk premium because there is some chance that you will catch none.  Is catching none your risk tolerance, or can you go several days without bird for supper, so you have a risk tolerance of zero birds for two or even three days? 

How do you provide for that worst case?  Do you hold a bird in reserve?  Or half a bird?  How do you keep the reserve bird?  Do you have to feed it or refrigerate it? 

Older versions of the saying show a much higher discount.  Two versions from the 1400′s suggest a 90% discount for birds that are on the fly or in the wood.  Were the risk tolerances much lower then or methods of catching birds much less developed?  We may never know. 

But times change and discounts change.  Following the pattern of diminishing discounts, the current standard is that one bird in the hand is worth one bird in the bush according to current accounting standards.  

That is called mark to market accounting.  Older acounting standards might have applied 100% discounts to unrealized GAINS.  But the current wisdom is to not discount anything ever.  So holding cash is exactly the same as holding paper that does not even promice to be worth any cash if at some time in the recent past, someone thought that paper had a particular value. 

With a 50% discount on unrealized VALUES, there was little chance of ever having to do a write-off.  Usually recoveries even in dire situations exceed 50%.  With no discount, there is a very high chance of a write-off because the assets are booked at a value that is the most that one might expect to recover. 

Clever people have figured ways to go even further.  For assets where there are no easy market prices, they get to count future birds that they haven’t even seen yet. 

That is one reason why banks are fighting so hard to keep derivatives off of exchanges, so that they can keep those future birds on their books and do not have to suffer the discounts that an exchange would impose.

You may not be able to Grow out if it

Growth does not always mean excessive risk, but excessive risk is almost always associated with high growth.

Growth has a way of masking problems.  Things are changing and it is often very difficult to understand whether the changes are just a lag in reporting the good things that come from healthy growth or if they are leading indicators of major problems.

The firm needs to grow risk management analysis and attention along with highest growth activities.  That needs to be demanded from the top.  No middle or even high level risk officer will ever have the authority to slow down the part of the company that is growing the best.  Firms need to have CEO commitment to extra risk analysis of the fastest growing business.

The firm needs to establish its operational capacity for handling growth.  The most common reaction to unexpected growth is to delay hiring additional staff (along with delaying adding additional risk staff as mentioned above).  After more delay and more growth, the business might seem much more profitable than expected.  Some of that excess profitability is coming from the understaffing.  Some of the profitability might be coming from mistakes in recordkeeping due to the understaffing.  A sudden delayed effort to fix the under staffing will most often hurt more than it helps in the short run.

And what is most likely to be shortchanged in an understaffed growing situation  Why it is quality control and recordkeeping.  So if there is a growing problem it is very hard to notice it.

So what to do?

Every great mistake has a halfway

moment, a split second when it can be

recalled and perhaps remedied.

Pearl Buck

Part of the process of planning for each new thing that might grow, if it is as successful as is hoped, needs to be to determine where that halfway moment might be.

Risk Intelligence

Nick sent out a link to a test that you can take that measures Risk Intelligence

http://www.projectionpoint.com/

Try it…  I believe that it does give some insight to a different aspect of intelligence that is needed for good risk management.

I would not say that it suggests anything new.  In fact, it seems to link Risk Intelligence back to the ancient inscription at the Oracle of Delphi,

KNOW THYSELF

To be able to understand RISK, that is a good first step, to be able to distinguish between things that you know and things that you do not know are true. I would suggest that is pretty basic for success in any endeavor, including risk management.

However, I would suggest a slightly different standard as the most important kind of intelligence needed for risk management. That would be the ability to

Distinguish between Future Events that are Certainties and Future Events that are Uncertain.

Distinguish between RISK and UNCERTAINTY in a Knightian sense for the Uncertain events.

Remember after the fact that at some past time, when a decision had to be made, the future events that we now all know to be certain because they have happened, were uncertain.

But those conditions seem like boundary conditions – there is no Risk Intelligence if those conditions are not met.

Real Risk Intelligence would then be the ability to make reliable estimates of the likelihood of Uncertain Events.

Real Risk Intelligence would need to be scored as the Projection Point test is scored, that is against a scale that incorporates the idea that answers are not right or wrong, but that acknowledges that probabilistic answers should be scored on a curve (actually they use a diagonal) that reflects the likelihood as well as the outcome.

I would suggest that taking the Projection Point Risk Intelligence Test is worth the 10 minutes that it takes.  But it is the beginning rather than the end of investigation into the idea of Risk Intelligence.

Does Bloomberg Understand Anything about Risk Management?

On December 18, Bloomberg posted a story about losses on interest rate swaps at Harvard.   The story says that in 2004, Harvard entered into long term swaps to lock in future rates for planned borrowing.  That seems like ok risk management.  But as it happened, interests did not rise, they fell.  So the hedge was not needed.  They type of hedging strategy that they chose had no initial cost.  The cost of risk management was incurred only if the hedged event did not happen.   If interest rated did risk, then the swaps would have resulted in a gain so that Harvard’s costs were limited to a predetermined amount.  If Interest rates fell, then Harvard would pay on the swaps, but save on the interest costs, bring the sum of interest paid on their borrowing and the swap payments to a fixed predetermined total in all cases.

However, Bloomberg chooses to say is this way:

Harvard was betting in 2004 that interest rates would rise by the time it needed to borrow.

The bulk of the story is about how Harvard lost their “bet” and how much money that they lost because they lost the “bet” when interest rates fell, and Harvard had to postpone their planned borrowing.

No wonder it is difficult for firms to disclose any information about actual risk management actions and plans.  If a reasonable, but not perfect risk management action is seen as a “bet”, rather than a move to stablize interest costs.

Every risk management action will have a cost.  Harvard’s real bad move, similar to the one by Soc Gen in January 2008, the choice to lock in losses, and at the worst time.  Interest rates cannot go below zero, so there is absolutely no reason to get out of those swaps, unless their cashflow was so, so poor that they had no way to pay the monthly interrest swap amount (even though they somehow had the cash to settle all of the swaps, presumably paying the present value of the long term swap amounts as viewed at a time ov very low interest rates).

Their other bad move was to fail to hedge the possibility that they would not even do the project and therefore not need the hedge.  To identify how to hedge that situation, they would have had to do some scenario testing of scenarios of extreme losses in their endownment that would have resulted in the situation that they now find themselves.  That analysis should have resulted in some far out of the money hedges on the investments in Harvard’s portfolio.  And the fact that much of their portfolio may be unhedegable should have been a warning about the wisdom of making forward committments like the swaps that presume that the endownment will not tank.

Seeing how wrongheaded the coverage of the transactions was, Harvard probably felt that they had long term reputational risk from paying the monthly payments.

Alternately, if as the article says, the swap markets are so much more liquid at periods for up to 3 years, they why didn’t they enter into trades to reverse the first 3 years of the payments?

No matter what the market says right this minute, I find it hard to believe that interest rates for Harvard will never again reach 4.72% that the swaps were locking in as the rate.

But that is not the point.  The point is that Bloomberg reports Risk Management as a “bet” implying that lack of risk management is not a “bet”.

But, how many companies are implicitly taking a “bet” that the future will never get worse than the present by not hedging anything?

Why is that NEVER a story?

Live Ammunition

Are you working with live ammunition with your risk management program?

What I mean is, when the risk models and the risk reports show a problem, is the reaction to promptly fix the problem, or is the reaction to start a study of the problem?

The question really is whether the risk management information streams are considered primary information for managing the firm or are they secondary systems?

If the reaction to an indication of a problem from the risk management systems is to initiate a study, then the implied presumption is that the real information systems say that everything is ok, and this secondary system says not. So we need to check this out.

Many commentators about risk management have been calling for “RISK” to be given authority. What I think that means is that RISK would be empowered to act when the risk management system tells of a problem. RISK would order that something be bought or sold or whatever to fix the problem.

I think that the presumption there is that there is no possibility that anyone other than RISK would actually ever act upon a warning from the risk management systems. So if risk management is to be taken seriously, then it must be for RISK to do that.

Well, wouldn’t it be much better if the risk management information was considered to be a primary information source for the folks who actually run the businesses? Think about it. If you run a bus company and want the drivers to stay within the speed limit, do you put someone in the back of the bus with a speedometer and a break pedal who will step on the brake whenever the bus starts to go too fast? Or do you train the bus driver to use the brake pedal herself?

Risk Management needs to be everyone’s job. If the CEO of the firm is not willing to hold business managers responsible for risk, then he really does not want risk management.

The job of RISK is not to over ride the bus drivers, it is to make sure that the speedometers and brakes work right, that the acceleration pedal does not stick down and that the driver is well trained in how to interpret the speedometer and use the brakes in the right way. RISK keeps the CEO and the Board informed about the effectiveness of the risk management system and helps top management to understand the risk reward choices that they are faced with when the major decisions about the firm’s future are being made.