Severe and intense threats are usually associated with dramatic weather events, terrorist attacks, earthquakes, nuclear accidents and such like. When one of these types of threats is thought to be immanent, people will often cooperate with a cooperative ERM scheme, if one is offered. But when the threat actually happens, there are four possible responses: cooperation with disaster plan, becoming immobilized and ignoring the disaster, panic and anti-social advantage taking. Disaster planning sometimes goes no further than developing a path for people with the first response. A full disaster plan would need to take into account all four reactions. Plans would be made to deal with the labile and panicked people and to prevent the damage from the anti-social. In businesses, a business continuity or disaster plan would fall into this category of activity.
When businesses do a first assessment, risks are often displayed in four quadrants: Low Likelihood/Low Severity; Low Likelihood/High Severity; High Likelihood/Low Severity; and High Likelihood/High Severity. It is extremely difficult to survive if your risks are High Likelihood/High Severity, so few businesses find that they have risks in that quadrant. So businesses usually only have risks in this category that are Low Likelihood.
Highly Cooperative mode of Risk Management means that everyone is involved in risk management because you need everyone to be looking out for the threats. This falls apart quickly if your threats are not Severe and Intense because people will question the need for so much vigilance.
Highly Complex threats usually come from the breakdown of a complex system of some sort that you are counting upon. For an insurer, this usually means that events that they thought had low interdependency end up with a high correlation. Or else a new source of large losses emerges from an existing area of coverage. Other complex threats that threaten the life insurance industry include the interplay of financial markets and competing products, such as happened in the 1980′s when money market funds threatened to suck all of the money out of insurers, or in the 1990′s the variable products that decimated the more traditional guaranteed minimum return products.
In addition, financial firms all create their own complex threat situations because they tend to be exposed to a number of different risks. Keeping track of the magnitude of several different risk types and their interplay is itself a complex task. Without very complex risk evaluation tools and the help of trained professionals, financial firms would be flying blind. But these risk evaluation tools themselves create a complex threat.
Highly Organized mode of Risk Management means that there are many very different specialized roles within the risk management process. May have different teams doing risk assessment, risk mitigation and assurance, for each separate threat. This can only make sense when the rewards for taking these risks is large because this mode of risk management is very expensive.
Highly Unpredictable Threats are common during times of transition when a system is reorganizing itself. “Uncertain” has been the word most often used in the past several years to describe the current environment. We just are not sure what will be hitting us next. Neither the type of threat, the timing, frequency or severity is known in advance of these unpredictable threats.
Businesses operating in less developed economies will usually see this as their situation. Governments change, regulations change, the economy dips and weaves, access to resources changes abruptly, wars and terrorism are real threats.
Highly Adaptable mode of Risk Management means that you are ready to shift among the other three modes at any time and operate in a different mode for each threat. The highly adaptable mode of risk management also allows for quick decisions to abandon the activity that creates the threat at any time. But taking up new activities with other unique threats is less of a problem under this mode. Firms operating under the highly adaptive mode usually make sure that their activities do not all lead to a single threat and that they are highly diversified.
Benign Threats are things that will never do more than partially reduce earnings. Small stuff. Not good news, but not bad enough to lose any sleep over.
Low Cooperation mode of Risk Management means that individuals within their firm can be separately authorized to undertake activities that expand the threats to the firm. The individuals will all operate under some rules that put boundaries around their freedom, but most often these firms police these rules after the action, rather than with a process that prevents infractions. At the extreme of low cooperation mode of risk management, enforcement will be very weak.
For example, many banks have been trying to get by with a low cooperation mode of ERM. Risk Management is usually separate and adversarial. The idea is to allow the risk takers the maximum degree of freedom. After all, they make the profits of the bank. The idea of VaR is purely to monitor earnings fluctuations. The risk management systems of banks had not even been looking for any possible Severe and Intense Threats. As their risk shifted from a simple “Credit” or “Market” to very complex instruments that had elements of both with highly intricate structures there was not enough movement to the highly organized mode of risk management within many banks. Without the highly organized risk management, the banks were unable to see the shift of those structures from highly complex threats to severe and intense threats. (Or the risk staff saw the problem, but were not empowered to force action.) The low cooperation mode of risk management was not able to handle those threats and the banks suffered large losses or simply collapsed.