Real World Risks

Posted December 16, 2015 by riskviews
Categories: Black Swan, Enterprise Risk Management, Risk


There are many flavors of Risk Management.  Each flavor of risk manager believes that they are addressing the Real World.

  • Bank risk managers believe that the world consists of exactly three sorts of risk:  Market, Credit and Operational.  They believe that because that is the way that banks are organized.  At one time, if you hired a person who was a banking risk manager to manage your risks, their first step would be to organize the into those three buckets.
  • Insurance Risk Managers believe that a company’s insurable risks – liability, E&O, D&O, Workers Comp, Property, Auto Liability – are the real risks of a firm.  As insurance risk managers have expanded into ERM, they have adapted their approach, but not in a way that could, for instance, help at all with the Credit and Market risk of a bank.
  • Auditor Risk Managers believe that there are hundreds of risks worth attention in any significant organization. Their approach to risk is often to start at the bottom and ask the lowest level supervisors.  Their risk management is an extension of their audit work.  Consistent with the famous Guilliani broken windows approach to crime.  However, this approach to risk often leads to confusion about priorities and they sometimes find it difficult to take their massive risk registers to top management and the board.
  • Insurer Risk Managers are focused on statistical models of risk and have a hard time imagining dealing with risks that are not easily modeled such as operational and strategic risks.  The new statistical risk managers often clash with the traditional risk managers (aka the underwriters) whose risk management takes the form of judgment based selection and pricing processes.
  • Trading Desk Risk Managers are focused on the degree to which any traders exceed their limits.  These risk managers have evolved into the ultimate risk takers of their organizations because they are called upon to sometime approve breaches when they can be talked into agreeing with the trader about the likelihood of a risk paying off.  Their effectiveness is viewed by comparing the number of days that the firm’s losses exceed the frequency predicted by the risk models.

So what is Real World Risk?

Start with this…

Top Causes of death

  • Heart disease
  • stroke
  • lower respiratory infections
  • chronic obstructive lung disease
  • HIV
  • Diarrhea
  • Lung cancers
  • diabetes

Earthquakes, floods and Hurricanes are featured as the largest insured losses. (Source III)

Cat LossesNote that these are the insured portion of the losses.  the total loss from the Fukishima disaster is estimated to be around $105B.  Katrina total loss $81B. (Source Wikipedia)

Financial Market risk seems much smaller.  When viewed in terms of losses from trading, the largest trading loss is significantly smaller than the 10th largest natural disaster. (Source Wikipedia)

Trading LossesBut the financial markets sometimes create large losses for everyone who is exposed at the same time.

The largest financial market loss is the Global Financial Crisis of 2008 – 2009.  One observer estimates the total losses to be in the range of $750B to $2000B.  During the Great Depression, the stock market dropped by 89% over several years, far outstripping the 50% drop in 2009.  But some argue that every large drop in the stock market is preceded by an unrealistic run up in the value of stocks, so that some of the “value” lost was actually not value at all.

If your neighbor offers you $100M for your house but withdraws the offer before you can sell it to him and then you subsequently sell the house for $250k, did you lose $99.75M?  Of course not.  But if you are the stock market and for one day you trade at 25 time earnings and six months later you trade at 12 times earnings, was that a real loss for any investors who neither bought or sold at those two instants?

So what are Real World Risks?


Comments welcomed…


Real World Risk Institute

Posted November 28, 2015 by riskviews
Categories: Enterprise Risk Management

They work first to develop

the principles and methodology for what we call real-world rigor in decision making and codify a clear-cut way to approach risk.

Then they offer to teach those principles and methods to a small group of students.

They are

  • 2 risk takers, former full-time traders (with combined experience of more than half a century)
  • 2 persons known to have an attitude problem
  • 6 Phds (quant/math), 4 businessmen/quants/advisors to hedge funds, 2 owners of analytics firms (competing with one another)
  • 2 UHNWI (Ultra High Net Worth Individuals)
  • 4 persons who specialize in tail events in both theory and real-life practice
  • More than 25 books, and around 500 scholarly publications
  • 4 are probabilists with deep enough a knowledge of probability to respect practice and explain things with concepts and pictures

Their leader is Nassim Taleb, author of The Black Swan and other books.

They are offering a MINI-CERTIFICATE IN REAL WORLD RISK MANAGEMENT* Feb 22-26 2016, New York City, 9 AM-5 PM.

Find them at Real World Risk Institute

Inequality and Lotteries

Posted October 21, 2015 by riskviews
Categories: Compensation


There has been much talk about how unacceptable the degree of financial inequality that there is in the US.  And it seems to be getting worse and worse.

But what we have seems to be exactly what most people want in general.  Probably the only part of it that most people would change is the part where they personally are not one of the fortunate wealthy few.

The lottery is the perfect example of a mechanism to achieve an unequal society.

Everyone buys a ticket for a small amount of money.  The jackpot grows until it reaches $301 million.  The winner is drawn.  The result is one rich person with $301M and everyone else goes back to their regular life and stops dreaming about becoming that one rich person – for a week at least.

If that happens several times a year and everyone is either a winner or has a low to moderate job, then a vastly unequal society develops.

After one year, there will be 3 – 4 multi-millionaires and the entire rest of the population will have wealth that is a tiny fraction of those ultra rich.  After a decade, the ranks of the ultra rich will have grown to 30 or 40.  At that point, the top .000001% of the population will have .03% of the total wealth.

Each year, the country will grow more and more unequal, with a tiny fraction of the population commanding an ever growing proportion of the total wealth.

But that is why there is no uprising against the super rich.  Everyone else believes that they might one day hit the lottery and win their position in that group.  And when that happens, they do not want a tax regime, for instance, that will just take their riches away.


No Reward without Risk

Posted September 29, 2015 by riskviews
Categories: Business, Enterprise Risk Management

Tags: ,

Is that so? Well, only if you live in a textbook. And RISKVIEWS has not actually checked whether there really are text books that are that far divorced from reality.

Actually, in the world that RISKVIEWS has inhabited for many years, there are may real possibilities, for example:

  • Risk without reward
  • Reward without risk
  • Risk with too little Reward
  • Risk with too much Reward
  • Risk with just the right amount of reward

The reason why it is necessary to engage nearly everyone in the risk management process is that it is very difficult to distinguish among those and other possibilities.

Risk without reward describes many operational risks.

Reward without risk is the clear objective of every capitalist business.  Modern authors call it a persistent competitive advantage, old school name was monopoly.  Reward without risk is usually called rent by economists.

Risk with too little reward is what happens to those who come late to the party or who come without sufficient knowledge of how things work.  Think of the poker saying “look around the table and if you cannot tell who is the chump, it is you.”  If you really are the chump, then you are very lucky if your reward is positive.

Risk with too much reward happens to some first comers to a new opportunity.  They are getting some monopoly effects.  Perhaps they were able to be price setters rather than price takers, so they chose a price higher than what they eventually learned was needed to allow for their ignorance.  Think of Apple in the businesses that they created themselves.  Their margins were huge at first, and eventually came down to …

Risk with just the right amount of reward happens sometimes, but only when there is a high degree of flexibility in a market – especially no penalty for entry and exit.  Sort of the opposite of the airline industry.

No Reward Without Risk

Comparing Eagles and Clocks

Posted August 11, 2015 by riskviews
Categories: Enterprise Risk Management

Tags: ,

Original Title: Replacing Disparate Frequency Severity Pairs.  Quite catchy, eh?

But this message is important.  Several times, RISKVIEWS has railed against the use of Frequency Severity estimates as a basis for risk management.  Most recently

Just Stop IT! Right Now. And Don’t Do IT again.

But finally, someone asked…

What would you do instead to fix this?

And RISKVIEWS had to put up or shut up.

But the fix was not long in coming to mind.  And not even slightly complicated or difficult.

Standard practice is to identify a HML for Frequency and Severity for each risk.  But RISKVIEWS does not know any way to compare a low frequency, high impact risk with a medium frequency, medium impact risk.  Some people do compare the risks by rating the frequency and severity on a numerical scale and then adding or multiplying the values for frequency and severity for each risk to get a “consistent” factor.  However, this process is frankly meaningless.  Like multiplying the number of carrots times the number of cheese slices in your refrigerator.

But to fix it is very easy.

The fix is this…

For each risk, develop two values.  First is the loss expected over a 5 year period under normal volatility.  The second is the loss that is possible under extreme but not impossible conditions – what Lloyd’s calls a Realistic Disaster.

These two values then each represent a different aspect of each risk.  They can each be compared across all of the risks.  That is you can rank the risks according to how large a loss is possible under Normal Volatility and how large a loss is possible under a realistic disaster.

Now, if you are concerned that we are only looking at financial risks with this approach, you can go right ahead and compare the impact of each risk on some other non-financial factor, under both normal volatility and under a realistic disaster.  The same sort of utility is there for any other factor that you like.

If you do this carefully enough, you are likely to find that some risks are more of a problem under normal volatility and others under realistic disasters.  You will also find that some risks that you have spent lots of time on under the Disparate Frequency/Severity Pairs method are just not at all significant when you look at the consistently with other risks.

So you need to compare risk estimates where one aspect is held the same.  Like comparing two bikes:


Or two birds:


But you cannot compare a bird and a Clock:



And once you have those insights, you can more effectively allocate your risk management efforts!

“Adalberti 1” by Juan lacruz – Own work. Licensed under CC BY-SA 3.0 via Wikimedia Commons –

Separation of Risk Taking and Reporting

Posted July 23, 2015 by riskviews
Categories: Enterprise Risk Management

The separation of Risk Reporting from risk taking is a key tenet of ERM and especially of bank risk culture. The idea is that someone other than the person who is judged for the P& L of risks must be the one who reports on risk positions.

If looked at from a logical perspective, this must be because business unit people, such as risk traders, are not to be trusted. When faced with the opportunity, they will lie about their risk positions.

This might be because the people who might be doing the false reporting believe that what they are doing is ok because that there is something different between risk and profit. Risk is about the future. A measure of risk is ephemeral. It exists in a moment and is never proven by experience. In most cases, risk either becomes a loss or it evaporates to nothingness. It is that later sense that tempts the traders and other risk miss reporters. In their reckoning, “no harm, no foul”. If the risk didn’t become a loss, it really doesn’t matter what number we wrote down for it. And if these is a loss, what is important is the amount of the loss, not the potential loss that we call the risk measure. They may consider themselves to be realists.

Profits are different, aren’t they? They are about the past. So when they are recorded, profits are facts, aren’t they? Well, no, not really. Profits usually depend upon several estimates of provisions for future contingencies.  Sarbanes-Oxley in the US, has set up a massive system that leads to a statement by the CEO that the financial reports, the reports of profits are correct. So for profits, the CEO can be the ultimate arbiter if the company spends enough time following auditing procedures. The CEO can be trusted to report on his or her own profits, usually a key determinate in compensation. But for Risk, many call for a CRO who is independent of the CEO, who reports directly to the board, so that this independence of risk reporting and risk taking can be maintained at every level. The presumption is that the CEO does not believe in ERM, so will be tempted to apply the “no harm, no foul” principle from time to time.

This is evidence of a broken  risk culture, not a part of an effective risk culture.

That line of thinking means that in general, management and especially the traders do not believe in the risk management program of the organization. It means that no one actually believes that it is important whether the bank stays within its risk tolerance. That if a risk trader were to lie about their risk position and make a profit because the risk did not become a loss, that the organization would not fire or censure or probably even sincerely reprimand the trader as a matter of policy. And the manager who gave the “reprimand with a wink” would be considered the real carrier of the company culture rather than the risk management person who pointed out the misrepresentation. That risk management person would be considered in league with the regulators, not the bank. A member of the Business Prevention Squad.

That is not the reaction of a bank to most dishonest actions. For example, if someone in a bank were caught walking out of work one day with their pockets stuffed with cash, that person would doubtless be sacked immediately and turned over to the police. But if a risk trader misstates their risk position and because of that misstatement is able to maintain a risk position that they otherwise would have had to sell or offset that leads to them walking out of the bank with a large (sometimes extremely large) check, then that dishonest is ok. It is ok because “no harm, no foul”. Which is the same as saying that the bank does not really believe in one of the central tenants of risk management. That is the idea that your risk evaluation is a good indicator of your expected losses over time. Which leads to the belief that limiting the potential loss indicated from risk evaluation, over the long haul will limit the losses.

That is what is totally wrong about the Risk Culture discussion from the regulators as epitomized in the FSB paper on Risk Culture. In that document, regulators are urged to perform evaluation of the risk culture of the bank. But the evaluation is all about assessing whether banks are going through the motions of a good risk culture. It includes the separation of risk reporting and risk taking as one of the key components of a strong risk culture. By this approach, the regulators are acknowledging that the banks will never actually reform their cultures to the extent that they will actually expect their employees not to lie about their activities. They are, in effect, saying that the key financial services of the advanced economies of the world should be expected to always operate in such a manner.

The most important aspect of risk management culture is whether the board and management believe in the importance of ERM. If they believe in ERM, they will execute as competently as they execute most other important functions. If they do not believe in ERM, telling them in detail how to execute ERM is of little impact.  And the aspect of risk culture called “Tone at the Top” will be delivered without a wink.

Knowing the results from Stress Tests in Advance

Posted July 13, 2015 by riskviews
Categories: Enterprise Risk Management, Stress Test


Insurers and regulators need to adopt the idea of characterizing stress tests scenario frequency as:


Normal Volatility

Realistic Disaster

Worst Case


Or something equivalent.


With the idea that it is reasonable for an insurer to prepare for a Realistic Disaster Scenario, but not practical to be prepared for all Worst Case scenarios. Not practical because the insurance would cost too much and less insurance would be sold.


With such a common language about frequency relating to stress tests, the results of the stress testing and the response to those results can make much more sense.


The outcomes of stress testing then fall into a pattern as well.


  • An insurer should be able to withstand normal volatility without any lasting reduction to capital.


  • An insurer should be able to withstand a Realistic Disaster for most of their risks without a game changing impairment of capital, i.e. it would be realistic for them to plan to earn their way back to their desired level of capital. For the most significant one or two risks, a Realistic Disaster may result in Capital impairment that requires special actions to repair. Special actions may include a major change to company strategy.


  • An insurer can usually withstand a Worst Case scenario for most of their risks with the likelihood that for some, there will be an impairment to capital that requires special actions to repair. For the largest one or two risks, the insurer is unlikely to be able to withstand the Worst Case scenario.


Those three statements are in fact a requirement for an insurer to be said to be effectively managing their risks.

So the ORSA and any other stress testing process should result in the development of the story of what sorts of stresses require special management actions and what types result in failure of the insurer.  And for an insurer with a risk management program that is working well, those answers should be known for all but one or two of their risks.  Those would the second and third largest risks.  An insurer with a perfect risk management program will not have very much daylight between their first, second and third largest risks and therefore may well be able to survive some worst case scenarios for even their largest risks.


Get every new post delivered to your Inbox.

Join 782 other followers

%d bloggers like this: