Linking Strategy and ERM – The Final Frontier

Posted July 19, 2016 by riskviews
Categories: Enterprise Risk Management

4 steps to linking strategy and ERM

Many organizations have use the concepts and practices of Enterprise Risk Management to improve the control of their major risks. If applied properly, ERM will improve the transparency and discipline of risk management.  With a risk management regime that is transparent and disciplined, management should begin to notice whether it is aligned with company objectives…whether it is linked with strategy.  When linked with strategy, ERM can act like the crew on a catamaran who lean against the tilt of the boat in heavy wind.  Or to use another nautical analogy, can be the keel of the boat that helps to keep it upright.  The aligned ERM program will not be heavy cargo stacked on the deck, nor will it act like the passengers who run to the low side of the boat.

And better still, ERM can help the boat to get where it is going by helping to choose a path between or around the rocks.  But insurer strategies vary widely, so it seems logical that the linkage of ERM with strategy will vary.  And that may be the reason that there is so much difficulty with the process of aligning strategy and ERM.  Too much advice that focuses on just one way to accomplish that – one way that will work best with just one of the dozens of existing insurer strategies.

4 steps to linking strategy and ERM continues this discussion on the Willis Towers Watson blog.

You have to show up

Posted June 20, 2016 by riskviews
Categories: Chief Risk Officer, Enterprise Risk Management, ERM, Insurance Risk

Woody Allen’s adage that 80% of success is showing up is particularly difficult for some managers to take to heart regarding risk management.

When risk management is successful, there is no bell that rings.  There are no fireworks.  Usually, a successful risk management moment is evidenced by a lack of big surprises.

But most days, big surprises do not happen anyway.

So if risk managers want to be appreciated for their work, they have to do much more than just show up.  They need to build up the story around what a very good day looks like.

  • One such story would be that a very good day might happen when the world experiences a major catastrophe.  A catastrophe that is in the wheel house of the firm.  And because of a good risk management process, the firm finds that its losses are manageable within its capacity to handle losses.
  • In 2011, there were major earthquakes in New Zealand, Japan and Chile.  One reinsurer reported that they had exposures in all three zones but that they were still able to show a (very small) profit for the year.  They credited that result to a risk management process that had them limiting their exposure to any one zone.  A risk manager could work up a story of events like that happening (multi event stress scenarios) and preview the benefits of ERM.

With such stories in mind, when that big day comes when “Nothing Happens”, the risk managers can be ready to take credit!

But to do that, they need to be sure to show up.

 

Management by Onside Kick

Posted June 6, 2016 by riskviews
Categories: Credit Risk, Data, Decision Makng, Enterprise Risk Management, Hedging, Uncategorized

Tags:

Many American football fans can recall a game when their team drove the ball 80 or more yards in the waning moments of the game to pull within a touchdown of the team that had been dominating them. Then they call for the on side kick – recover the ball and charge to a win within a few more plays.

But according to NFL stats, that onside kick succeeds only 20% of the time in the waning minutes of the game.

Mid game onside kicks – that are surprises – work 60% of the time.

But mostly it is the successful onside kicks that make the highlights reel. RISKVIEWS guesses that on the highlights those kicks are 80% or more successful.

And if you look back on the games of the teams that make it to the Super Bowl, they probably were successful the few times that they called that play.

What does that mean for risk managers?

Be careful where you get your statistics. Big data is now very popular. Winners use Big Data. So many conclude that it will give better indications. But make sure that your data inputs are not from highlight reels or from the records of the best year for a company.

Many firms use default data collected by rating agencies for example to parameterize their credit models. But the rating agencies would point out that the data is from rated companies only. This makes little difference for rated Bonds. There the bonds are rated from issue to maturity or default. But if you want to build a default model of insurers or reinsurers then you need to know that many insurers and some reinsurers will drop their rating if it falls below a level where it hurts their business. So ratings transition statistics for insurers are more like the highlight reels below a certain level.

Some models of dynamic hedging strategies were in effect taking the mid game success rates and assuming that they would apply in bad times. But like the onside kick, things worked very different.

So realize that a business strategy and especially a risk mitigation strategy may work differently when things have gone all a mess.

And an onside kick is nothing more than putting the ball in play and praying that something good will happen.

Have you become “Nose Blind” to deficiencies in your ERM program?

Posted May 16, 2016 by riskviews
Categories: Enterprise Risk Management

You may have seen the commercial for the room freshener about becoming “Nose Blind” to odors.

Well, the same thing happens all the time, even in good ERM programs.

In the early days of ERM, the smart CRO is willing to take the victories that they can get and not let the “perfect be the enemy of the good”. And if they do it right, they will end up with an ERM program much faster then the perfectionist CRO and his two or three successors.

But, that CRO will eventually become “nose blind” to the weak spots in ERM. Just as a long term homeowner who goes to sell a house and has a hard time believing that new buyers cannot just step over that bad spot on the floor just as they have been doing for 10 years.

That is the reason that an outside audit of an ERM program is needed every so often.  The outside audit brings in a fresh nose.  But you need to be careful in charging the auditor.

There are two aspects of the ERM program that the auditor needs to look for:

  1. Poor execution of the ERM Framework
  2. Incomplete ERM Framework

And the nose blindness might apply in either aspect.  The CRO may have become nose blind to the places where someone is doing a weak job of execution.  Again, this may have been the area that was least supportive of ERM when the program was new.  So due to steady opposition, the CRO eventually just learns to live with whatever the managers in that area are willing to do, however minimal and ineffective.  And the CRO could be responsible to choosing to not attempt some normal parts of an ERM program when they are first making up the ERM Framework of the company.  Or, the standard that was initially used as the template for the ERM Framework might not have been very good for the types of risks that are taken by the company.  For example, the COSO ERM standard is intended to be applicable to all sorts of firms.  Its advise is fairly generic.  An insurer is a firm whose business it is to accept financial responsibility for other people’s risks.  There are a number of ERM standards developed specifically for insurers.  But an insurer that uses the COSO ERM standard as its sole guide will have difficulty achieving the level of ERM program maturity of those who followed insurance specific standards.

For those without the budget to hire an outside auditor can use two techniques can help you to clear the air and smell things with fresh nose:

  1. For execution issues, ask your folks to do peer audits of each other.  When people from your weakest area see the level of practice in another area, they will get some sense of what they are missing.  And when the people from the strongest execution area folks do an audit of another area, their best practices can be spread more widely.
  2. Review your ERM Framework against a different standard than the one that you used to create it.  Do not pull punches, if that different standard says to do something in a certain manner, mark your framework as potentially deficient if you are not operating in that manner.  Then work to honestly resolve these issues.  These alternate standards may have their own area of nose blindness, but they would never have risen to standard status unless they had some serious benefits for the users.

Frequency and Severity

Posted April 19, 2016 by riskviews
Categories: Enterprise Risk Management

There are not any statistics available, but some form of guessing frequency and severity for each risk is most likely the most popular approach to risk assessment.

Which is a problem, since that approach is fatally flawed.

There are at least three fatal flaws:

  1. Guessing is a weak approach to assessing anything.
  2. The Frequency/Severity idea only actually applies to a few rare situations.
  3. Frequency/Severity pairs are not actually comparable.

But there is a simple fix for this.  That fix would be to pick two levels of frequency and then determine the loss that is likely at both levels of frequency.  Most useful would be to look at worse losses that might occur under “Normal Volatility” and also look at the losses for each risk that would be considered a “Realistic Disaster”.  Losses from different risks CAN be compared on each of those two levels.

For more information about the Frequency Severity approach and this alternate approach, see:

For ERM, a Better Solution to Guessing Frequency and Severity Pairs for Risks on the Willis Towers Watson Wire

 

Real World Risks

Posted December 16, 2015 by riskviews
Categories: Black Swan, Enterprise Risk Management, Risk

Tags:

There are many flavors of Risk Management.  Each flavor of risk manager believes that they are addressing the Real World.

  • Bank risk managers believe that the world consists of exactly three sorts of risk:  Market, Credit and Operational.  They believe that because that is the way that banks are organized.  At one time, if you hired a person who was a banking risk manager to manage your risks, their first step would be to organize the into those three buckets.
  • Insurance Risk Managers believe that a company’s insurable risks – liability, E&O, D&O, Workers Comp, Property, Auto Liability – are the real risks of a firm.  As insurance risk managers have expanded into ERM, they have adapted their approach, but not in a way that could, for instance, help at all with the Credit and Market risk of a bank.
  • Auditor Risk Managers believe that there are hundreds of risks worth attention in any significant organization. Their approach to risk is often to start at the bottom and ask the lowest level supervisors.  Their risk management is an extension of their audit work.  Consistent with the famous Guilliani broken windows approach to crime.  However, this approach to risk often leads to confusion about priorities and they sometimes find it difficult to take their massive risk registers to top management and the board.
  • Insurer Risk Managers are focused on statistical models of risk and have a hard time imagining dealing with risks that are not easily modeled such as operational and strategic risks.  The new statistical risk managers often clash with the traditional risk managers (aka the underwriters) whose risk management takes the form of judgment based selection and pricing processes.
  • Trading Desk Risk Managers are focused on the degree to which any traders exceed their limits.  These risk managers have evolved into the ultimate risk takers of their organizations because they are called upon to sometime approve breaches when they can be talked into agreeing with the trader about the likelihood of a risk paying off.  Their effectiveness is viewed by comparing the number of days that the firm’s losses exceed the frequency predicted by the risk models.

So what is Real World Risk?

Start with this…

Top Causes of death

  • Heart disease
  • stroke
  • lower respiratory infections
  • chronic obstructive lung disease
  • HIV
  • Diarrhea
  • Lung cancers
  • diabetes

Earthquakes, floods and Hurricanes are featured as the largest insured losses. (Source III)

Cat LossesNote that these are the insured portion of the losses.  the total loss from the Fukishima disaster is estimated to be around $105B.  Katrina total loss $81B. (Source Wikipedia)

Financial Market risk seems much smaller.  When viewed in terms of losses from trading, the largest trading loss is significantly smaller than the 10th largest natural disaster. (Source Wikipedia)

Trading LossesBut the financial markets sometimes create large losses for everyone who is exposed at the same time.

The largest financial market loss is the Global Financial Crisis of 2008 – 2009.  One observer estimates the total losses to be in the range of $750B to $2000B.  During the Great Depression, the stock market dropped by 89% over several years, far outstripping the 50% drop in 2009.  But some argue that every large drop in the stock market is preceded by an unrealistic run up in the value of stocks, so that some of the “value” lost was actually not value at all.

If your neighbor offers you $100M for your house but withdraws the offer before you can sell it to him and then you subsequently sell the house for $250k, did you lose $99.75M?  Of course not.  But if you are the stock market and for one day you trade at 25 time earnings and six months later you trade at 12 times earnings, was that a real loss for any investors who neither bought or sold at those two instants?

So what are Real World Risks?

 

Comments welcomed…

 

Real World Risk Institute

Posted November 28, 2015 by riskviews
Categories: Enterprise Risk Management

They work first to develop

the principles and methodology for what we call real-world rigor in decision making and codify a clear-cut way to approach risk.

Then they offer to teach those principles and methods to a small group of students.

They are

  • 2 risk takers, former full-time traders (with combined experience of more than half a century)
  • 2 persons known to have an attitude problem
  • 6 Phds (quant/math), 4 businessmen/quants/advisors to hedge funds, 2 owners of analytics firms (competing with one another)
  • 2 UHNWI (Ultra High Net Worth Individuals)
  • 4 persons who specialize in tail events in both theory and real-life practice
  • More than 25 books, and around 500 scholarly publications
  • 4 are probabilists with deep enough a knowledge of probability to respect practice and explain things with concepts and pictures

Their leader is Nassim Taleb, author of The Black Swan and other books.

They are offering a MINI-CERTIFICATE IN REAL WORLD RISK MANAGEMENT* Feb 22-26 2016, New York City, 9 AM-5 PM.

Find them at Real World Risk Institute


Follow

Get every new post delivered to your Inbox.

Join 826 other followers

%d bloggers like this: