UNRISK (2)

From Jawwad Farid

UNRISK Part 2 – Understanding the distribution

(Part One)

Before you completely write this post off as statistical gibberish, and for those of you were fortunate enough to not get exposure to the subject, let’s just see what the distribution looks like.

Not too bad! What you see above is a simple slotting of credit scores across a typical credit portfolio. For the month of June, the scores rate from 1 to 12, with 1 good and 12 evul. The axis on the left hand side shows how much have we bet per score / grade category. We collect the scores, then sort them, then bunch them in clusters and then simply plot the results in a graph (in statistical terms, we call it a histogram). Drawn the histogram for a data set enough number of times and the shape of the distribution will begin to speak with you. In this specific case you can see that the scoring function is reasonably effective since it’s doing a good job of classifying and recording relationships at least as far as scores represent reasonable credit behavior.

So how do you understand the distribution? Within the risk function there are multiple dimensions that this understanding may take.

The first is effectiveness. For instance the first snapshot of a distribution that we saw was effective. This one isn’t?

Why? Let’s treat that as your homework assignment. (Hint: the first one is skewed in the direction it should be skewed in, this one isn’t).

The second is behavior over time. So far you have only seen the distribution at a given instance, a snapshot. Here is how it changes over time.

Notice anything? Homework assignment number two. (Hint: 10, 11 and 12 are NPL, Classified, Non performing, delinquent loans. Do you see a trend?)

The third is dissection across products and customer segments. Heading into an economic cycle where profitability and liquidity is going to be under pressure, which exposure would you cut? Which one is going to keep you awake at night? How did you get here in the first place? Assignment number three.

Can you stop here? Is this enough? Well no.

This is where my old nemesis, the moment generating function makes an evul comeback. Volatility (or vol) is the second moment. That is a fancy risqué (pun intended) way of saying it is the standard deviation of your data set. You can treat volatility of the distribution as a static parameter or treat it with more respect and dive a little deeper and see how it trends over time. What you see above is a simple tracking series that is plotting 60 day volatility over a period of time for 8 commodity groups together.

See vol. See vol run… (My apologies to my old friend Spot and the HBS EGS Case)

If you are really passionate about the distribution and half as crazy as I am, you could also delve into relationships across parameters as well as try and assess lagged effects across dimensions.

The graph above shows how volatility for different interest rates moves together and the one below shows the same phenomenon for a selection of currency pair. When you look at the volatility of commodities, interest rates and currencies do you see what I see? Can you hear the distribution? Is it speaking to you now?

Nope. I think you need to snort some more unrisk! Home work assignment number four. (Hint: Is there a relationship, a delayed and lagged effect between the volatility of the three groups? If yes, where and who does it start with?)

So far so good! This is what most of us do for a living. Where we fail is in the next step.

You can understand the distribution as much as you want, but it will only make sense to the business side when you translate it into profitability. If you can’t communicate your understanding or put it to work by explaining it to the business side in the language they understand, all of your hard work is irrelevant. A distribution is a wonderful thing only if you understand it. If you don’t, you might as well be praising the beauty of Jupiter’s moon under Saturn’s light in Greek to someone who has only seen Persian landscapes and speaks Pushto.

To bring profitability in, you need to integrate all the above dimensions into profitability. Where do you start? Taking the same example of the credit portfolio above you start with what we call the transition matrix. Remember the distribution plot across time from above.

THis has appeared previously in Jawwad’s excellent blog.

Advertisement

Black Swan Free World (3)

On April 7 2009, the Financial Times published an article written by Nassim Taleb called Ten Principles for a Black Swan Free World. Let’s look at them one at a time…

3. People who were driving a school bus blindfolded (and crashed it) should never be given a new bus. The economics establishment (universities, regulators, central bankers, government officials, various organisations staffed with economists) lost its legitimacy with the failure of the system. It is irresponsible and foolish to put our trust in the ability of such experts to get us out of this mess. Instead, find the smart people whose hands are clean.

Since I cannot claim to have completely clean hands, I will simply point to the writings of Hyman Minsky.  His Financial Instability Hypothesis describes how a financial system goes to the extremes of leverage that creates a crash like what we just experienced.  He wrote this in the 1980’s and early 1990’s and then did not feel that there was much chance of the extreme part of that cycle happening any time soon.  He thought that the Fed had enough of a handle on the financial system to keep things from getting to a blow up state.

However, he did mention that with the advent of sources of debt and leverage and money outside of the traditional financial system, that if those elements grew enough then they could be the source of a severe problem.

How prescient.

In addition to reading what Minsky wrote, we should also be studying the thinking of those who totally avoided the sub prime securities that caused so much problems for so many very large financial institutions or who were in but got out in time to avoid fatal damages.

Those are often the people with the common sense that we should be using as the basis for the way forward.

Risk management programs need to have a deliberate risk learning function, where insights are developed from the firm’s losses and near misses as well as from others losses and near misses.

In this crisis, we should all seek to learn from those who were not enticed into the web of false knowledge about the riskiness of the sub prime securities.   One of the most interesting that I hear at the time when the markets were seizing up was that those who had escaped were too unsophisticated to have gotten into that market.

I spoke to one of those severely unsophisticated people on the buy side and he said that he never did spend too much time looking into the CDOs.  He said that he knew what the spreads were on straight mortgage backed securities.  And he had some idea of how many additional people were getting a slice in the creation of the CDOs.  And then he knew that the CDOs were promising higher yields for the same credit rating as the straight mortgage backed securities.   At that point, he was sure that something did not add up and he moved on to look at other things where the numbers did add up.  I guess he was just too unsophisticated to understand the stochastic calculus needed to explain how 2-1-1-1 = 3.

We need to learn that kind of unsophistication.

Black Swan Free World (10)

Black Swan Free World (9)

Black Swan Free World (8)

Black Swan Free World (7)

Black Swan Free World (6)

Black Swan Free World (5)

Black Swan Free World (4)

Black Swan Free World (3)

Black Swan Free World (2)

Black Swan Free World (1)

Black Swan Free World (2)

On April 7 2009, the Financial Times published an article written by Nassim Taleb called Ten Principles for a Black Swan Free World. Let’s look at them one at a time…

2. No socialisation of losses and privatisation of gains. Whatever may need to be bailed out should be nationalised; whatever does not need a bail-out should be free, small and risk-bearing. We have managed to combine the worst of capitalism and socialism. In France in the 1980s, the socialists took over the banks. In the US in the 2000s, the banks took over the government. This is surreal.

Most assuredly the socialization of losses and privatization of gains is what has anyone outside of the banking sector furious. Within the sector, everyone seems to believe that they earned their share of the gains. Think about what you hear about the bonus scheme at the banks – the investment banks are said to be paying out about 50% of gains before bonus. I imagine that puts them approximately on par with the hedge funds, if the banks profit figure takes out overhead before calculating the 50% ratio. So the bank incentive comp is based upon the hedge fund incentive comp. Amazingly, the hedge fund managers manage to convince investors to give them their money and lenders to advance them funds to leverage without any hint of a bailout ever in their future. The hedge fund managers generally walk away from the fund when things go wrong and they are no longer have a chance for outsized gains.

Do the bank shareholders understand that they are really investing in a highly leveraged hedge fund? The folks getting those bonuses surely understand that.

Is this the worst of capitalism and socialism? Probably so.

How do we get out of this? It seems that rather than limiting compensation, we ought be assuring shareholders and debt holders of any firms that structure their compensation like hedge funds that they should expect to be treated like hedge funds in the event of failure. Goodbye, no regrets.

One way of looking at the compensation issue is to focus on time frame.  There are four time frames to consider:

1.  The employees – the recipients of the bonuses.  Their time frame looks backwards.  They want to be paid for the value that they created for the firm.  They want to be paid in cash for that value.

2.  The Short Term shareholders.  Their time frame is in quarters.  They are most interested in what will be posted as the next quarterly earnings.  They want to be able to cash out their investment at the point where they believe that the next quarter’s earnings will not grow enough to support future price increases.

3.  The Long Term shareholders.  Their time frame is in years – probably 3 – 5 years.  Which is the expected holding period for a long term shareholder.  They are looking for growth in value compared to share price and will usually sell when they believe that the intrinsic value of the firm starts to catch up with the market value.

4.  The public.  Our time frame is our lifetime.  We need to have a financial system that works our entire lifetime.   The public gets nothing from the changes in value of the financial system but ends up paying off the losses that exceed the capacity of the financial system.

The compensation and prudential capital for banks is a trade-off between the interests of all four of these groups.  In the run up to the crisis, the system tilted in the favor of employees and short term investors to the extreme detriment of the long term shareholders and public.

So the solution is likely to be best if the interests of the long term shareholders are made more important.  Right now, a large, possibly most of the long term shareholders are index funds.  Index funds are extremely unlikely to want to have any say in corporate governance or compensation.

So you could surmise that the compensation aspect of the crisis and the drift of all things corporate to fall under the sway of short term investors is a result of the prevalence of index funds.

Black Swan Free World (10)

Black Swan Free World (9)

Black Swan Free World (8)

Black Swan Free World (7)

Black Swan Free World (6)

Black Swan Free World (5)

Black Swan Free World (4)

Black Swan Free World (3)

Black Swan Free World (2)

Custard Cream Risk – Compared to What???

It was recently revealed that the custard Cream is the most dangerous biscuit.

But his illustrates the issue with stand alone risk analysis.  Compared to what?  Last spring, there was quite a bit of concern raised when it was reported that 18 people had died from Swine Flu.  That sounds VERY BAD.  But Compared to What?  Later stories revealed that seasonal flu is on the average responsible for 30,000 deaths in the US.  That breaks down to an average of 82 per day annually, or more during the flu season if you reflect the fact that there is little flu in the summer months.  No one was ever willing to say whether the 18 deaths were in addition to the 82 expected or if they were just a part of that total.

The chart below suggests that Swine flu is significantly less deadly than the seasonal flu.  However, what it fails to reveal is that Swine Flu is highly transmissable because there is very little immunity in the population.  So even with a very low fatality rate per infection, with a very high infection rate, expectations now are for more than twice as many deaths from the Swine Flu than from the seasonal flu.

For many years, being aware of the issue I tried to make a comparison whenever I presented a risk assessment.  Most commonly, I used a comparison to the risk in a common stock portfolio.  Was the risk I was assessing more or less risky than the stocks.  I would compare both the average return, the standard deviation of returns as well as the tail risk.  If appropriate, I would make that comparison for one year as well as for many years.

But I now realize that was not the best choice.  Experience in the past year reveals that many people did not really have a good idea of how risky the stock market is.  Many risk models would have pegged the 2008 37% drop in the S&P as a 1/250 year event or worse, even though there have now been similar levels of loss three times in the last 105 years on a calendar year basis and more if you look within calendar years.

The chart above was made before the end of the year.  By the end of the year, 2008 fell back into the 30% to 40% return column.  But if your hypothesis had been that a loss that large was a 1/200 event, the likelihood of one occurrence in a 105 year period is only about 31%.  Much more likely to see none (60%).  Two occurrences only about 8% of the time.  Three or more, only about 1% of the time.  So it seems that a 1/200 return period hypothesis has about a 99% likelihood of being incorrect.  If you assume a return period of 1/50 years, that would make the three observations a 75th percentile event.

So that is a fundamental issue in communicating risk.  Is there really some risk that we really know – so that we can use it as a standard of comparison?

The article on Custard Creams was brought to my attention by Johann Meeke.  He says that he will continue to live dangerously with his biscuits.

ERM: Law of Unintended Consequences [2]

From Neil Bodoff

One of the reasons that so many counterparties bought CDS protection [from the same counterparty, precipitating a crisis] was their desire to reduce their regulatory capital requirements. So the regulatory framework had high capital requirements for credit risk, but low capital requirements when the credit risk was hedged. Basically the regulatory framework created a strong incentive for all banks to simultaneously execute the same strategy of hedging risk via CDS. Lessons are: [1] Whereas individual firms in a competitive market may pursue various strategies, the government’s monopoly on regulation might create a homogenizing effect on firms’ behavior, thus concentrating risk. Thus the regulatory framework itself becomes a systemic risk and thus requires extra scrutiny and care. [2] For any regulatory framework, the designers ought to choose someone to “roleplay” the part of firms trying to minimize regulatory capital requirements, so as to understand the behaviors and countermeasures the firms might take in response to the regulatory demands. [3] Beware of unintended consequences.

The Cheeky, the Funky and the Dummy Monkey… (2)

From Stelios Ioannides (risk manager)

Continuation of earlier post.

Who is to blame?

OK enough, I agree with you: this is an exaggeration of the situation or the situations that we are currently experiencing but reality can be quite close. What happened in the credit sub-prime crisis can only be justified, in my opinion, by such “monkey” logic. At the end of the day, it’s about designing products, valuing (appropriately) risk, and getting on board the “right” clients with a “desirable”, for our purposes profile. Who is doing that?  And how? The industry failed spectacularly on that. It allowed to this “monkey” concept to grow and to gain potential.

Who cares about Value at Risk or CTE and the associated graphics, if there is no clue at all on how these “interesting” numbers were derived in the first place? Using a number with out know the source it is like having a map with numbers but with no street names. You do not know where you are, you might know where you are heading (vaguely) but there is absolutely no way you can reach your destination.

Having some well defined risk measures is just a well accepted methodology that justifies capital intensive and risk sensitive decisions at the big scale. So if you are applying it wrongly, things can fail dramatically, at a huge scale, causing chaos. And of course, when things go wrong the funky or the dummy monkeys will be blamed… These are the ones that will loose their jobs. The cheeky ones stay alive and are the ones that will be hiring soon again.

The way forward

Understanding the details and being aware with the fundamentals is crucial is this arena. “Understanding” is about having the right combination of skills and applying these fundamentals. It is also about being able to realize how decisions that might be executed in interrelated contexts like pricing, capital reserving and hedging (just to mention a few) might be derived by ones work.

Knowledge exists, technology exists and in my opinion, it is a pity that people still stick to the old practices.  There is strong need to refresh or at least fine tune these well established “ways of doing things”. In no situation, we should act like “robots” that mechanically do things.  We need monkeys that are owners and responsible of their piece of work regardless how small that is.

If we fail to do that then the “disease” might propagate in otter industries, and in that case of course, the consequences might scary (at least to say).  We spent millions or even billions for initiatives like Basel, but we have to make sure that some basic, common sense and ethical rules are being obeyed at all levels.

Risk industry calls for better quality transparency and people should soon or later realize that sharing knowledge and information and aligning interests and objectives would benefit, in most cases all parties (of the same side) involved in the project or deal. The way assumptions are derived is crucial. At the same time, being able to control the behavior of clients is of paramount importance.  How this is achieved? A way is possibly by proper underwriting and classification.

Conclusions

We are working in various dimensions, we are dealing with risk free worlds, real words, real market assumptions, marking to market and so on and so fourth. Concepts like “Stress Testing” are gaining momentum and potential.  In our daily work we have to face concepts like implied volatilities, volatility surfaces, “short-selling” (it took me a while to get this right, honestly) and a few even more complicated terms that I do not want to even to mention them here. The list of these complicated terms is endless and growing fast.

In any case, people have the duty to use these concepts in a consistent and ethical way.  Sticking to basic and rather simplistic approaches with regards o problem solving is not wise in the fast world we are living.

We have the duty to teach the new generations how to synthesize skills and knowledge and judge impartially and ethically. I personally believe that the future belongs to the people that the have the courage to ask right questions and the patience to apply the fundamentals … it is the duty of each one of us to find out what that really means.

Perhaps, we could elaborate more one that but due to lack to time I cannot. Hopefully this won’t be the case when I will have to deliver a super important risk project in the future. What am I? Well something in between the dummy and the funky monkey (hopefully closer to the later or better the former?)…

No Thanks, I have enough “New”

It seems sad when 75 year old businesses go bust.  They had something that worked for several generations of managers, employees and investors.  And now they are gone.  How could that be?

There are two ways that old businesses can come to their demise.  They can do it because they stick to what they know and their product or service  (usually) slowly goes out of fashion.  Usually slowly, because all but the most ossified large successful companies can adapt enough to keep going for quite some time, even when faced by competition with a better business model/product or service.  Think of the US auto industry slowly declining for 40 years.

The second way is a quick demise. This usually happens after the old company chooses to completely embrace something completely new.  If their historic business is in decline, many large old firms are on the look out for that new transformational thing.  The mistake that they sometimes make is to be in much too much of a hurry. They want to apply their size advantage to the new thing and start getting economies of scale in addition to early adopter advantages.

The failure rate of new business is very, very high.  A big business that jumps to putting a large amount of its resources into the new business will be transforming a solid longstanding business effectively into a start-up.  But rarely do the big businesses in restart mode deliver anything like start-up returns.  So investors bare the risks of of the start-up with the returns only slightly higher than long term averages.

This is a clear example of when the CEO needs to be the risk manager.  The established firm needs to have a limit for “New” businesses.  The plan for the new business should reflect an orderly transition between the franchise business and what MAY become the new franchise.  This requires the CEO to have a time frame in mind that is appropriate for a business that may have existed before he/she was born and that, if the risks are managed well, should exist long after they are gone.

There are good underlying reasons why the “New” needs to be limited for a company with long term survival plans.  “New” involves several risks that a well established firm may have mastered a generation ago and have relegated to the corporate unconscious.

The first is execution risk.  The established firm will doubtless be excellent at execution of its franchise business.  But the “New” will doubtless require different execution.  An example of this from the insurance industry, when US Life Insurers started into the equity linked products, man of them experienced severe execution problems.  Their traditional products involved collecting cash and putting it into their general fund.  They only provided annual information to their customers if any.  Their administrative systems and procedures were set up within an environment that was not particularly time sensitive.  The money was in the right place, their accounting could catch up “whenever”.   With the new equity linked products, exacting execution was important.  Money was not left in the general fund of the insurer but needed to be transferred to the investment manager within three days of receipt.  So insurers adapted to this new world by getting to the accounting and cash transfers “whenever” but crediting the customer with the performance of their chosen equity fund within the legal 3 day limit.  This worked out fine with small timing delays creating some small gains and some small losses for the insurers.  But the extended bull market of the late 1990’s made for a repeated loss because the delay of processing and cash transfer meant that the insurer was commonly backdating to a lower purchase price for the shares than what they paid.  Some large old insurers who had jumped into this new world with both feet were losing millions to this simple execution risk.  In addition, for those who were slow to fix things, they got hit on the way down as well.  When the Internet bubble popped, there were many, many calls for customer funds to be taken out of the equity funds.  Slow processing meant that they paid out at a higher rate than what they received from their delayed transactions with the investment funds.

The insurers had a well established set of operational procedures that actually put them at a disadvantage compared to start-ups in the same business.

The second is the “unknown” risk.  A firm that has been operating for many years is often very familiar with the risks of its franchise business.  In fact, their approach to risk management for that business may well be so ingrained, that it is no longer considered a high priority.  It just happens.  And the risk management systems that have been in place may work well with little active top management attention.  These organizations are usually not very well positioned to be able to notice and prepare for the new unknown risks that the new business will have.

The third is the “Unknowable”.  For a new activity, product or business, you just cannot tell what the periodicity of loss events or the severity of those events.  That was one of the mistakes in the sub prime market  The mortgage market has about a 15 year periodicity.  Since a large percentage of people operating in the sub prime space were not in that market the last time there was a downturn, they had no personal experience with the normal cycle of losses in the mortgage market.  Then there was the unknowable impact of the new mortgage products and the drastic expansion into sub prime.  It was just unknowable what would be the periodicity and severity of losses in the “new” mortgage market.

So the point is that these things that are observed about the prior “new” things can be learned and extrapolated to future “new” things.

But the solution is not to never do anything “new”, it is to keep the “new” reasonable in proportion to the rest of the organization, to put limits on “new” just like there are limits on any other major aspect of risk.

ERM: Law of Unintended Consequences [1]

From Neil Bodoff

Accounting on the basis of Historical Cost turned out to cause lots of problems in the 1980’s when banks made loans at low interest rates and then interest rates shot up. Ironically, however, the rules requiring Historical Cost were first required after discovering the abuses leading up to the Great Depression; thus there was a consensus to impose the “more conservative” accounting of Historical Cost. So the crusaders who during the 1930s thought they had fixed financial reporting and prevented crises by imposing “more conservative” accounting had, unwittingly, planted the seeds of a banking crisis that would blossom 40 years later. Lesson: be wary of using measurements that are more conservative or more liberal than they ought to be – strive for accuracy. Broader lesson: beware of unintended consequences.

Crafting Risk Policy and Processes

Post from Jawwad Farid

As an inanimate object one would think that a risk policy document would not lead to such intense, passionate discussion at the drafting stage. A policy document is just a policy document, where are these extreme reactions coming from?

Apparently there are two schools of thought when it comes to crafting policy. The less is more school of thought believes that a policy document should be philosophical in nature and rather than describing all risks in great detail, it should focus more on how risk would be handled and treated at a (you guessed it) at a policy level. For this school a policy document focuses more on the logistics of approvals, exceptions and mandates rather than actual limits or categorization of risk. The risk identification, limit setting, evaluation and reporting component is left to the supporting process document that accompanies the policy everywhere.

In their defense the less is more school believes that Boards do not have sufficient time to do justice to risk policy. An involved, multi chapter risk policy document would only get a superficial review at the Board level and would most likely get stamped for approval on account of the shortage of time and the competition for attention within the number of items on Board’s agendas’ these days. So it is better to keep the policy short, sweet and relevant and shift the details to the process document that may or may not require direct approval from the Board. As long as the process document is in alignment with the policy, the Board has discharged its primary obligation by reviewing and approving the policy document without creating un-necessary delays in the approval process. There after the Board can be pulled in and involved on an as needed basis on risk issues without spending too much time on the approval of minor or process oriented changed to the policy or process documents.

On the other side is the descriptive and prescriptive school of policy thought. Under this approach the policy document is a far more comprehensive write up that not just includes the types and categories of risks addressed but also suggested and proposed limits. These policies include everything the less and more school suggests and then some.

Both schools have their place in a risk group. Which one is right depends on how involved your Board is in the risk management process, the frequency with which it meets, its composition, its accessibility and the amount of time it can honestly devote to risk items on its agenda. Where a Board’s risk review group includes members whose availability and time is limited, where risk committee meetings are held once every quarter and where even ordinary risk items often get covered over multiple Board meetings, the less is more school is a better bet. Where Board’s are more actively involved and Board members are easily accessible and where risk agenda items are covered in the same meeting, the second school may be more appropriate.

In the end what really matters is that both the process and policy documents support the reality that unfortunately exist regarding demands on Board of Directors time, at least here in this region. In the absence of SOX like regulation in large parts of Middle East and Asia Pacific it means that your policy documents shouldn’t turn the Board of Directors meeting into a recurring bottleneck when it comes to implementing risk policy.

Lessons from a Bull Market that Never Happened

This is the 10 year anniversary of the publication of the book Dow 36000. Right now, the Dow is actually below the level of the Dow of 10 years ago.

Bret Arends writes about the lessons that two market crashes might have brought to investors in the Wall Street Journal.

Here are some thoughts on his seven lessons from the point of view of a risk manager, rather than an investor.

1.  Don’t forget dividends

Dividends are the hard cash part of stock returns.  As a risk managers, we need to keep in mind the difference between the real hard cash elements of the risks that we evaluate as opposed to the models and market values.

2.  Watch Out for Inflation

Inflation creates two major concerns for a risk manager.  The first is of course the concern of whether you have taken rising costs into account properly in the evaluation of multi period risks.  The second goes the other direction.  Because of inflation, the over conservative risk manager is a danger to his organization because she might just keep the business from growing enough to keep up with inflation.  A constant cycle of cost cutting to keep costs in line is not a viable long term strategy for a company.

3.  Don’t Overestimate Long Term Stock Returns.

The risk manager needs to keep reminding management of things like this.  Once someone pointed out that long term stock market average returns, even if you got them right, were misleading anyway because some part of that long run average was built up in a period when PE grew to historical highs.  So te starting point matters.  The same logic will apply to other financial series.  The starting point matters.

4.  Volatility Matters

You have to live through the short term to get to the long term.  The fact that your firm can afford the volatility does not mean that the board will keep the same management through what seems to them to be excessive volatility.  It is only the regulators who are focused on ruin only.  Watch your volatility.  Have conversations with your board about volatility.  Understand their volatility tolerance, both on a relative and on an absolute basis.

5.  Price Matters.

Risk managers need to focus both on controlling losses and on optimizing returns on risk.  So the prices of your risks does matter.  Some would argue that you only need to get a better return for risk that the market you are in (i.e. that risk reward is purely relative to the market), but just like volatility, the risk manager needs to understand the degree to which her board cares about absolute return and how much they care about relative return.

6.  Don’t Hurry.

Even more than investing, risk management needs careful thought.  That is why risk management is so very unlikely in a bank trading area where there is tremendous pressure to keep up with the frenetic pace of the trading desks.  If you are a risk manager in any other situation, you need to learn to insist on being given enough time to get your analysis correct.  If you are that risk manager on the trading desk, that is when you must have that authority to unwind things that turn out, when you take the time, after the fact, to be much worse than advertized by the trader.

7.  Don’t Forget Your Lifeboats.

The first thing that a risk manager needs to know is the exact situations where his firm will need a life boat.  Then he has to make sure that there are enough lifeboats and finally she must carefully watch for distant signs that the storm that will swamp the ship is on the horizon.  A firm that wants to survive for the long term will give its risk manager some leeway for false alarms, so that they are sure to be ready for the real thing.

The Cheeky, the Funky and the Dummy Monkey…

Guest Post from Stelios Ioannides (risk manager)

In the risk management field, various players are being involved; quite a few are more sophisticated, others are more intelligent and some others are being better informed than the rest. It is a fact that each of these players (as it happens besides in a variety of disciplines) has a different vision and understanding on what is meant by “risk management”. Most importantly, few of them might be passionate about pure modeling and quantitative work, and in the other extreme, a few others might even really hate their risk related work: as they view it as a very, very, boring task. They still continue to do it though out of necessity or due to lack to alternative options. As you can understand, the way these different people apply the concepts of risk management is quote different.

In this short piece of opinion, I will try to present the current “crisis” situation, trying to understand how we end up like this; I will focus on mainly three kinds of professionals or alternatively on three “Monkey” beings that are directly or indirectly relayed with this interesting and fast paced arena.

Using Sophisticated Risk Measures…

There has been a debate around on the usage and applicability of metrics like Value at Risk (VaR) and similar risk sensitive measures. Very important people support these measures but on the other side there is a group of equally intelligent and prestigious practitioners and academics that basically scarp such “dump” initiatives. Who is right? And who is wrong?

I think that metrics like VaR etc are quite useful as long as long their user knows the fundamentals, the assumptions and what is essentially happening the behind the senses. If you blindly trust such measures without asking the right questions or without challenging your assumptions, I think you run a high risk for various reasons. Let’s see how our professionals (all “males” monkeys” for simplicity) behave in this complex and chaotic world.

The Dummy Monkey…

This kind of professional, never or rarely asks questions. He blindly trusts the risk software that he is using in order to perform his job. Work can be hectic as he might need to elaborate and complete loads of calculations on a daily basis. He is neither interested or cares on risk management concept or best practices. The important thing for him is to prepare the report with the numbers or the information being asked for and that’s it.  The consequences of his work are unknown to him. He is not necessarily aware of the decisions that will be taken (such decisions will be based on the work that HE eventually has produced). In the majority of the cases he is not aware how the models were built or who was involved in the development of the models or software.  In that respect, he cannot improve or correct things. He is just capable of typing various inputs into the right, hopefully, boxes and derives some automated reports that in most cases mean nothing to him.  So who can build the models then? What is really going on here?!

The Funky Monkey…

The intellectual curiosity of the kind of professional urges him to study and work hard.  This monkey is very clever and gifted. He works restless and builds fantastic models. The thing is these models might be wrong and very possibly, these models do not necessarily reflect reality. But who cares?  That is fine thought. As long as these “reliable – enough” (who gives the approval, who validates?) financial models, that can be used easily by the dummy (user) monkeys is fine. Who cares about reflecting reality and getting the fundamentals 100% right? The thing is to have more or less an acceptable and an “accurate” tool (or better framework) that behaves as he (the model creator) wishes. But what happens when these “funky” beings are wrong? Because they can get perfectly wrong – they work hard, long hours and alone… – who guarantees that somewhere or somehow a mistake was not made (everybody can get confused every now and then, right?)? Do we have the right, objective and independent control measures in place? What happens if not?

Funky monkeys get hired by the Cheeky Monkeys; they get paid good money…

The Cheeky Monkey…

This “being” is the risk management professional at the very high level. Quite powerful and important, he dedicates loads of time executing risk management decisions. He is not merely interested on how answers are being derived or who derived these answers or even who designed the application, model or framework. As long as a clear and straight forward audit trail (well not necessarily) is accompanying such results, then is perfectly fine. The only thing that matter is that such risk measures are being used as indicators and reference for his performance bonus.

More stuff on this worth examining profile? Well, I cannot say mush as I having reached that level…

(To be Continued)

The Content and Process of ERM

Guest Post from Riskczar

http://riskczar.com/2009/08/31/the-content-and-process-of-erm/

I doubt you will find anyone else who breaks ERM into these two components: content and process.

Content includes all the stuff that consultants deliver such as lists of categorized risks, control plans, outstanding actions and colourful heat maps. This content is what I was once told by an EVP is the stuff “I put in a drawer after the meeting and never look at.” (Needless to say hearing this for the first time knocked the wind out of me!)

ERM is just a bunch of stuff that goes into a drawer until you build the process that supports the content. And this is the hard part.

I see the ERM process as a mechanism that provides everyone in the organization with an opportunity to stand on their desks and yell at the top of their lungs that they know where to find their organization’s risks and they should be heard (figuratively speaking!) I always say: the top five executives in any organization do not have a monopoly on all the risk identification in any organization.

Now the trouble with this approach lies in the fact that not all organizations have the sort of culture that promotes this kind of sharing.  More often that not, the entry-level AP clerk doesn’t know what to do with their awareness of a risk; they may share it with their supervisor and the information dies right there never to be escalated until something blows up (figuratively or literally) but it is too little tool late.

ERM has to create process and, tools and processes that allow the AP clerk to share their awareness of this risk, without fear, and this requires a change in the culture.

Black Swan Free World (1)

On April 7 2009, the Financial Times published an article written by Nasim Taleb called Ten Principles for a Black Swan Free World. Let’s look at them one at a time…

1. What is fragile should break early while it is still small. Nothing should ever become too big to fail. Evolution in economic life helps those with the maximum amount of hidden risks – and hence the most fragile – become the biggest.

It does seem safer to that fragile things break when they are small.  Unfortunately, what seems to have happened was that big things were permitted to become fragile.  So large things need to be encouraged to avoid becoming fragile.  It is hard to imagine why such encouragement might be needed.  For something to be large, it is usually very valuable. (Unless it is a US auto manufacturer)  And most sane people work very hard to protect their valuable possessions.  And most of the people who are engaged to run large firms are sane people who would be expected to avoid fragility as well.

So one explanation that fits the facts is that almost everyone did not know that the large firms were fragile.

Which leads to the third sentence.  The easy conclusion is that the risks of the big banks were hidden.  Some they hid themselves – such as all of the off balance sheet risks.  Other risks was hidden even from them.

And fortune favors those with hidden risks because they will hold capital based upon the visible risks and report profits from the actual risks.

So how do we solve the riddle? How do we make sure that large organizations do not become fragile?

The only sensible answer seems to be that there needs to be better risk assessment, probably independent reliable risk assessment.

And because of the extreme complexity of the larger firms, the resources applied to this independent assessment need to be quite substantial.

Time will be required for a thorough risk assessment.  It is unlikely that a good job could be done in time for a financial statement, unless the independent assessors are working inside the institutions with full knowledge of positions at all times.

The second sentence suggests that the risk assessments should have a negative size bias- the larger the firm the more risk would be assumed.  There seems to be some talk in that direction from the regulators.  But the thing that will put that to an abrupt end will be if one or more of the countries with major international banks fails to adopt the same sort of anti-size bias, tilting competition in the favor of their banks.

What can a risk manager take from this?  For assessing investment risk, it may make sense for risk models to take a sector, rather than an index or ratings approach to looking at investment risk.  The financial sector tends to lead the real economy in timing and severity of downturns.  More robust modeling may reveal better strategies for investing that reflect the real risks in financial firms.

And finally, the risk manager should really question whether it ever makes sense to invest in financials unless their risk disclosures become much, much better.  There was really no hint to investors that the large banks had built up so much risk.  Why, from a risk management point of view, does it make any sense to make an investment that you cannot find out the nature or extent of the underlying risks or any usable information about when that risk materially changes.

Black Swan Free World (10)

Black Swan Free World (9)

Black Swan Free World (8)

Black Swan Free World (7)

Black Swan Free World (6)

Black Swan Free World (5)

Black Swan Free World (4)

Black Swan Free World (3)

Black Swan Free World (2)

The Interest Rate Spike of the Early 1980s: An Epic Dislocation in the Life Insurance Business

From Mike Cohen

Perspective: The life insurance business was a relatively straightforward business from its inception and early growth years in the nineteenth century up until the late 1970’s.  Whole life insurance, with a fixed rate of return on its savings component in the 4% range, was sold by career agents who were ‘captive’ to (sold exclusively for) their companies. The business model clearly appeared to be sound. An inside joke at life insurance companies (insurance humor being what it is) was that “All you had to do was turn the lights on” and the business worked.

An unprecedented economic event occurred over a span of 4 1/2 years, from late 1976 until the third quarter of 1981, that changed all that. Interest rates spiked to levels never before seen in the United States. The prime rate rose from a cyclical trough of 6.25% in December, 1976 to unheard of levels of 20% or higher in April, 1980, crossed the 20% threshold again for a two month stretch in December, 1980 through February, 2001, and yet again from May through September, 2001. This shock challenged literally everything about the life insurance business:

1) Guaranteed interest rates offered by whole life products were not (at all) competitive with other investment options consumers could get. Policyholders were borrowing heavily from their policies, as the loan interest rates were well below rates they could earn on their investments.  This dynamic spawned the financial strategy known as “buy term and invest the difference”, and drove insurers to develop products that paid competitive (relative to the market) rates, such as Universal Life

2)  Bonds values were far ‘under water’ (below cost), as the rates of interest they paid were substantially below what investors could earn on other instruments. Without wanting to realize capital losses on their sale, insurers generally had little choice but to hope for a lower interest rate environment.

3) Given that cash flow was leaving companies in substantial and potentially crippling amounts, many companies made one of two disastrous choices (and often both):

– They paid their producers first year (heaped) commissions to rewrite business already on the books so it wouldn’t surrender, ruining the profitability on that business

– They sold business offering current interest rates (GICs were an egregious example) to raise cash, but they weren’t able to invest the cash at comparable rates, locking in a negative spread, and losses. This dynamic spawned the creation of a critical financial/ actuarial technique, Asset Liability Management.

As companies’ profitability reeled from these and related problems, they looked much closer looks at their profit fundamentals and sought ways to improve results. One area of many came under intense scrutiny … distribution costs. In this new environment, companies across the industry learned that an entirely new distribution model was critical for survival, let alone success.

My company at the time (a life insurer) undertook a major strategic analysis in 1983 … products, markets, distribution were the key areas, but not the only ones. I was a member of the four person team heading this critical project. Overheard in one of our working sessions:

“If we could only come up with a diamond in the rough”, said one of the other members on the project team, a close friend of mine.

“We’ve already had it, and it endured for over 100 years.”, I replied. “We now need to develop significantly different solutions, and more fundamentally focus on entirely new ways to think about our business”.

The life insurance industry had reached a dislocation. All of its strategic dynamics changed, and its companies were forced to change with it in order to survive. It took many years;  many industry observers would say more than a decade, but the industry was able to essentially reinvent itself and prosper.

Now, in 2009, the life insurance industry is in the throes of the current dislocation as is the entire financial services industry, and its companies are faced with the challenge of responding to a new set of dynamics.

Four Seasons of Risk

In reaction to the continuing financial crisis, many firms are starting new risk management programmes. They often begin by defining the word “risk.” What follows is usually generic and usually almost totally useless. In some technical sense, there is risk out there in all directions. But is any of that risk really RISKY? Is any of it actually DANGEROUS?

There are times when situations are low risk, times when they are high risk and times when they are absolutely dangerous. Risk management needs to be designed to recognize the different situations and to act accordingly.

The most important skill becomes outward- and forward-looking to understand where the environment is and where it is moving. Previously, much of risk management attention has been directed inwardly towards evaluation of existing risks and looking backwards to historical experience to do that.

The role of risk management needs to shift to identifying major changes in the environment.  In addition to preparing reports looking inwards about the risks of the firm, the risk managers will be regularly reporting on the ability of the firm to withstand the changing environment.

An excerpt from Insurance Risk and Capital where the four seasons are explained.

Choosing the Wrong Part of the Office

From Neil Bodoff

Researchers have discovered, in the broader corporate landscape, that greater financial rewards accrue to the “line managers” who run a business unit and have responsibility for Profit and Loss; on the other hand, corporate (or “support”) functions such as HR, Legal, etc, receive comparatively less money, prestige, and influence. An acute example occurs on Wall Street, where there is a significant difference between “front office” [traders] and “back office” [risk management, etc]. So if actuaries are going to focus on working in risk management, are they relegating themselves to a position of secondary influence?

How about a Risk Diet?

Why do you need an aggregate risk limit?

For the same reason that a dieter needs a calorie limit.  There are lots and lots of fad diets out there.  Cottege Cheese diets, grapefruit diets, low carb, low fat, liquid.  And they might work, but only if you follow them exactly, with absolutely no deviation.  If you want to make some substitution, many diets do not have any way to help you to adapt.  Calories provide two things that are desparately needed to make a diet work.  Common currency for substitutions and a metric that can b applied to things not contemplated in the design of the diet.

So if you do a calorie counting diet, you can easily substitute one food for another with the same calorie count.  If some new food becomes available, you do not have to wait for the author of the diet book to come up with a new edition and hope that it includes the new food.  All you need to do is find out how much calories the new food has.

The aggregate risk limit serves the exact same role role for an insurer.  There may be an economic capital of other comprehensive risk measure as the limit.  That risk measure is the common currency.  That is the simple genius of VaR as a risk metric.  Before the invention of VaR by JP Morgan, every risk limit was stated in a different currency.  Premiums for one, PML for another percentages of total assets for a third.  But the VaR thinking was to look at everything via its distribution of gains and losses.  Using a single point on that distribution.  That provided the common currency for risk.

The same approach provided the method to consistently deal with any new risk opportunity that comes along.

So once an insurer has the common currency and ability to place new opportunities on the same risk basis as existing activities, then you have something that can work just like calories do for dieters.

So all that is left is to figure out how many calories – or how much risk – should make up the diet.

UNRISK (Part 1)

Post from Jawwad Farid

I have now been doing this “risk” business for more than a decade. Eleven years ago, right about this time, I was rudely introduced to my first risk application. Fresh from my actuarial exams, I was stumped on an interview question dealing with moments of a distribution. I have read the material, struggled with it, taken an exam on it and passed it. But in the room overlooking Fleet Street in London, in the month Russia defaulted on its domestic debt, I couldn’t explain it.

A question dealing with the moment generating function has an exact and mathematical answer. These days, across three continents, clients ask more difficult questions. “Does risk really works? Or is it smoke and mirrors” and/or “what is the one thing I can do to better manage my exposures?” While risk managers are generally stereotyped as the quite sort with short snappy answers (or little to say as some uncharitable critics suggest), it has been difficult to come up with a catchy symbolic one word answer to the above two questions.

Sometime last year while reviewing a list of competitors I came across an interesting name “Unrisk”. Same concept as insured, uninsured. Risk, unrisk. Just the word I had been looking for. Catchy, symbolic and with far more cool/mystique factor than just plain simple risk management. A bright new term for an age old profession. When I saw it for the first time, I instantly knew that Unrisk would represent a state of institutional nirvana that we would achieve when we have done all that we could possibly do to manage risk on our platforms.

Next time a client would ask for a guide to a risk based paradise; you would simply give him the road map to the Unrisk state. The real question would be what you would put on that road map? And would it really protect you from all that an evil generating function could throw at you.

Second question first. No the unrisk state won’t really guarantee immunity from the evil eye. Neither will we stop booking risk. We will keep on carrying exposures on our balance sheet and will load as much risk as we can carry, sometimes even more.

And yes it won’t stop us from falling, stumbling or faltering.

Just that the frequency and severity of our nightmares would reduce a bit; we would still degrade but we would do it far more gracefully.

My personal recipe for the state is a short one. It only has one item on it.

1. Understanding the distribution

To be continued

What ERM Is… and Is Not…

We see ERM as:

* An approach to assure the firm is attending to all risks;
* A set of expectations among management, shareholders, and the board about  which risks the firm will and will not take;

* A set of methods for avoiding situations that might result in losses that would be outside the firm’s tolerance;
* A method to shift focus from “cost/benefit” to “risk/reward”;
* A way to help fulfill a fundamental responsibility of a company’s board and senior management;
* A toolkit for trimming excess risks and a system for intelligently selecting which risks need trimming; and
* A language for communicating the firm’s efforts to maintain a manageable risk profile.

Alternatively, we feel ERM is not:

* A method to eliminate all risks;
* A guarantee that the firm will avoid losses;
* A crammed-together collection of longstanding and disparate practices;
* A rigid set of rules that must be followed under all circumstances;
* Limited to compliance and disclosure requirements;
* A replacement for internal controls of fraud and malfeasance;
* Exactly the same for all firms in all sectors;
* Exactly the same from year to year; nor
* A passing fad.

From an S&P publication in May 2008.  I wrote it and I still like it.

Dave Ingram

Another Reason That ERM Will Not Prevent Firms from Failing

Guest post from Neil Bodoff

Firms use ERM techniques to quantify and reduce risk. But the very act of doing so makes firms feel safer and more secure, leading them to take more risk. This phenmomenon is often described as the “Peltzman effect“:
http://en.wikipedia.org/wiki/Peltzman_effect

So even though ERM can help firms master risk, the net result will be that firms take more risk, leading us back to the original situation in which the amount of risk that firms take will lead, eventually, to some
failures.

Another Risk Management Book On The Best–Sellers List…

Guest Post from Ronald Poon Affat

What do these books have in common?

* “The Smartest Guys in the Room: The Amazing Rise and Scandalous Fall of Enron”

* “When Genius Failed: The Rise and Fall of Long-Term Capital Management”

* “The Black Swan: The Impact of the Highly Improbable”

* “Against the Gods: The Remarkable Story of Risk”

They are all about risk management and they all rub shoulders with best-selling books widely sold in airports. OK, they haven’t quite made Oprah’s book club as yet… but have patience. I recall when I qualified way back in 1987 no one could have imagined that a book on risk management would venture out of an actuarial reading list. Well, so much for being trained to predict the future.

Sadly, these days one does not have to visit the local Barnes & Noble to gawk at the latest corporate crash sites. The TV reports and newspapers are full of the stuff. Disgraced CEOs, CFOs, CROs and even reinsurance managers are now targets of the paparazzi.

Enoch Powell, the controversial British politician, once remarked, “All political lives end in failure.” Are risk managers destined to suffer the same fate?

My guess is that the fallen CEOs and Boards of Directors felt totally safe in the hands of these responsible looking, well-qualified risk management individuals. The trouble was both that the CEOs and Boards of Directors assumed that the company’s risks were being well-managed and it is quite likely that the risk manager did not have any influence regarding product design or pricing. It’s all too often the case that it is only after the product is on the street and the damage has been done that the risk manager is involved. Then he or she is reminded that the company must “deliver the year end numbers.”

Not too long ago, The Economist questioned, “What’s the single most important price in the world?” The popular answers were the price of oil, American interest rates, and the dollar. However, none of these–The Economist argued–may be as important as the price of Chinese wages. So now that we know what the most important prices are, how do we manage these risks? We don’t! I would like to argue that we can’t truly eliminate risk. We can only measure risks and determine the most effective ways to protect ourselves, either through avoidance (changing our activities) or mitigation (protection, such as reinsurance, hedges, etc.).

The discipline of risk measurement results in the formulation of appropriate risk management policies, which then leads to the establishment of reserves, capital adequacy, risk margins and procedures that aim to both recognize and reduce extreme tail events. Highly rated reinsurers hold huge catastrophic reserves for tail events. Even our most infamous Black Swan event, the World Trade Center, did not bring down reinsurers or insurers. Those recent mark-to-market mega balance sheet write downs on the asset side by the banks and AIG, just did not have a corresponding contingency reserve on the liability side to absorb the financial impact. However, it should be noted that the herd effect of bankers led to lots of simultaneous World Trade Center-sized financial events.

So what are the conclusions? It’s time that the CEO and the Board of Directors realize that this responsibility cannot simply be delegated away and also that the risk management process is as crucial in the opening gambit as it is in the end game. Risk management is here to stay! So fellow actuaries, let’s work together with senior management to make sure our companies and clients stay out of the crash-site books at the Barnes & Noble.

The views expressed in this article are those of the author and are not intended to express the views of his employer.

Ronald Poon-Affat FSA, FIA, MAAA, CFA
http://www.linkedin.com/in/ronaldpoonaffat
poolside06@yahoo.com

Beware the Risk Management Entertainment Systems

To shoot a gun, the proper command is “Ready, Aim, Fire.”  While the Fire part is the only active part of that sequence, it is clearly known by all that there is usually little point to simply sighting a gun without firing.  And in fact, for anyone who has ever owned a gun, there is at least some attention required to keep the gun clean and free of obstructions and the ammunition “fresh”.  I suppose that all fits into the “Ready” command.  So guns are not all about “fire,” but it would make little sense to talk about a gun without spending quite a bit of time talking about what happens when you pull the trigger.

Many firms have invested in ERM.  They have spent money on creating elaborate measurement systems; they have invested much, much management time in Identifying, Monitoring, Analyzing, Discussing, Reviewing, Evaluating, Communicating and Consulting about their risks.  They have brought this information to their boards and communicated about all of this activity to their board.

When asked what happens when there is a problem indicated by all of this activity, some of these firms would say that when a problem is found, they put it on the agenda for the next risk committee meeting, which may well recommend that a study be performed and the study would be reviewed at the next committee meeting.  The committee might then decide to move that risk to the top of the next report into the highlighted section of the report, when it will stay until the situation is resolved.

Perhaps these risk management systems are like the gun that is never fired.  It is cleaned repeatedly, new ammunition is purchased on time and the sight is checked, but the gun is just not fired.

In the ERM field, this is what can be called a Risk Management Entertainment System (RMES).  Below is a flow chart depicting a RMES.

In many cases, literature that describes ERM programs give so much attention to these components and so little to the other component that actually turns a RMES into an actual Risk Management System – the action part of ERM, that is when the risk manager pulls the trigger and actually does something.

The following picture, taken from the AS/NZ 4360 Risk Management Standard shows a complete Risk Management system.  The additional section of the chart that differentiates this from a RMES, titled here “Risk Treatment,” is the only active section of the chart.

But the picture of ERM is still dangerously misleading.  The danger is both to the firm managers who think that ACTION is just a tiny part of ERM and to the ultimate reputation of ERM.

The Risk Maangement Entertainment Systems create a very strong impression that ERM is a talking and paper shuffling activity.  A waste of scarce corporate time, resources and dollars.

ERM needs to be about action.  If in the end, ERM does not result in any changes to a firm’s treatment of risks or selection of risks, then there was no real business reason for ERM.

ERM needs to look like this:

Enterprise Risk Management for Smaller Insurance Companies

Guest Post By Max J. Rudolph, FSA CERA CFA MAAA

http://www.rudolphfinancialconsulting.com/index.html

In today’s volatile world insurance companies need an ERM framework in place to help manage risk. The path taken can vary, but iterative movements to improve risk culture and risk identification can lead to an optimization of the balance between risk and reward. Better decisions are made and value is added.

Large insurers tend to have specialized staffs, with pricing actuaries separated from reporting actuaries both physically and culturally. Small and mid-sized insurers have actuarial staffs that do it all. This requires a team of detail oriented generalists, a true oxymoron. These actuaries price the products, develop the projections, and complete any regulatory reporting that is necessary. Managements often use senior actuaries as key members of their team, and this often leads to long and fulfilling careers.

The goal of enterprise risk management is to make better decisions regarding the overall risks taken by a firm. This means looking at specific risks holistically, across all business lines, as well as aggregating risks across the enterprise.

What’s in it for me?

Why should small company actuaries, already stressed by regulatory burdens and increasingly complex models, embrace enterprise risk management (ERM)? In many ways the profile at smaller firms I described means that the actuary is already highly involved in ERM without calling it that. Leadership teams at small firms are asked to address all risks and talk through issues as a group. The senior actuary is typically one of the primary go to employees for financial issues, providing peer review capabilities for the CEO. These teams are tackling ERM, but when an external stakeholder like a rating agency asks about the firm’s ERM process the question might be left blank or given an incomplete answer. This is partly due to newness to the subject for the external stakeholders. The way the question is asked does not elicit a full response. There are generally so many things to discuss during an annual visit that developing ERM with small firms rarely makes the cut for the live presentations.

In many ways, suggestions for small insurer ERM parallel that of larger firms. Identifying and prioritizing risks taken, developing strategies to manage them, and most importantly using this information to improve decision making does not vary in concept. It is the implementation that is different. While large firms will involve many people from a variety of units, small firms can accomplish much of the project with a small group sitting together for a much shorter period of time. This is more efficient but other means must be used to instill the risk culture throughout the organization.

ERM Framework

With limited resources, actuaries must plan in advance how to best leverage an ERM framework to help meet the needs of other projects as well. Principles-based approaches to reserves and capital requirements are right around the corner and serve as an excellent example of how ERM and other projects can leverage each other to accomplish multiple   tasks. Model improvements can be made in a base model that is then used for many tasks, including pricing, cash-flow testing, and strategic planning. Using one base model will save time when others ask you to explain the differences between them. The AAA is also developing tools to help practitioners meet the new regulatory requirements of PBA. Know what is available. For example, the AAA interest rate scenario generator provides a safe harbor for regulatory purposes as well as a learning tool for internal decision making as modelers get more comfortable with stochastic analysis. Using it first can provide an opportunity to better understand the nuances of a firm’s business.

This continues in August Newsletter

How Many Dependencies did you Declare?

Correlation is a statement of historical fact.  The measurement of correlation does not necessarily give any indication of future tendencies unless there is a clear interdependency or lack thereof.  That is especially true when we seek to calculate losses at probability levels that are far outside the size of the historical data set.  (If you want to calculate a 1/200 loss and have 50 years of data, you have 25% of 1 observation)

Using historical correlations in the absence of understand the actual interdependencies could possibly result in drastic problems.

An example is the sub primes.  One of the key differences between what actually happened and the models used prior to the collapse of these markets is that historical correlations were used to drive the models for sub primes.  The correlations were between regions.  Historically, there had been low correlations between mortgage default rates in different regions of the US.  Unfortunately, those correlations were an artifact of regional unemployment driven defaults and unemployment is not the only factor that affects defaults.   The mortgage market had changed drastically from the period over which the defaults were measured.  Mortgage lending practices changed in most of the larger markets.  The prevalence of modified payment mortgages meant that the relationship between mortgages and income was changing as the payments shifted.  In addition, the amount of mortgage granted compared to income also shifted drastically.

So the long term low regional correlations were no longer applicable to the new mortgage market, because the market had changed.  The historical correlation was still a true fact, but is did not have much predictive power.

And it makes some sense to talk about interdependency rising in extreme events.  Just like in the subprime situation, there are drivers of risks that shift into new patterns because systems exceed their carrying capacity.

Everything that is dependent on confidence in the market may not correlate in most times, but that interdependency will show through when confidence is shaken.  In addition to confidence, financial market instruments may also be dependent on the level of liquidity in the markets.  Is confidence in the market a stochastic variable in the risk models?  It should be – it is one of the main drivers of levels of correlation of otherwise unrelated activities.

So before jumping to using correlations, we must seek to understand dependencies.

Project Risk Management

A Guest Post from Johann Meeke

Why do most projects overrun on time or cost?

Perhaps it’s because sane people are involved. One of the components of sanity is optimism. (It’s why we are happy to get out of bed each morning – because we think things will be okay). Sane people, trying to anticipate the problems ahead, on a new venture, will most often believe things will be good … and that bad things can be dealt with!

When is a risk a threat and when is it an opportunity?

Imagine you commissioned a new bridge. The week before opening the constructor tells you that it needs to be delayed by 48 hours. Do you cancel the whole project … or just wait 48 hours?  What happens if they come to you and say they can open it early by 24 hours. Do you declare the project a failure? Of course not. But this is the point about project risk. The very essence of what we mean by risk needs to be reflected on. Now the nature of risk is much more uncertain.

Contrast this to an incident where the bridge is built but collapses through poor workmanship. Now there is no doubt about the nature of risk. It’s very clear.

Projects present a particular form of challenge to the risk manager. Firstly, the definition of risk needs to more balanced. Secondly, the processes used to identify and evaluate risk need to be specifically considered and finally the risk mitigation techniques require tailored consideration.

Typically projects have three main risk variables:

• Price – will you make a profit by building/delivering for less cost that you can eventually sell it for. (Or will you be on budget).
• Performance – will it work to customer specification, over its entire life (or life of contract obligations)
• Programme – will you complete on time.

All these variables interact in a positive and negative way. You could deliver early but might have to sacrifice performance and price (by compromising spec or putting more resource, i.e. cost, into the project). You could delay the programme (a negative) by reducing costs (normally a positive).

What is actually happening is a trade-off between threat and opportunity in a manner that’s doesn’t happen so directly in most others areas of risk management.

For example, installing automatic sprinklers in a factory doesn’t provide a direct opportunity to earn more profit. It might protect the profit you have projected. But as can be seen above, trading off programme and performance risk, on a project, might lead to directly increased profits (because costs have been reduced through less overtime working for example).

The reason this point has been concentrated on is because there is a strong tendency to assume project risk management is just like any other form of risk management – with just a few more time and cost constraints.

So what are the main differences in managing risk?

Well, for this article we will ignore those risks that can be subject to some form of preconception e.g. building site health and safety where normal safeguards should be applied. Let’s instead focus on the unique aspects.

Risk identification

By definition a project is a new thing. Whether developing a new product, building a new factory or installing a new IT system – it will never have been done before, under quite the same circumstances. You may have built a similar factory nearby, but the ground conditions will be different, the neighbours, the weather, key staff might have left and so it goes on.

In short, you can learn from the past but the future consists of potentially significant new elements. Therefore, whilst you can rely on checklists and lessons learned you will also have to consider the unknowns that have never been encountered in quite the permutation you will come across. For this reason, some form of multi-disciplinary “brainstorming” or scenario envisaging should take place. This will allow you to comprehensively explore the future and how it might manifest itself. The multidisciplinary approach allows quick identification of risks that arise through a combination of circumstance or that might fall through gaps.

Risk Assessment

Determining downside threat without also calculating upside opportunity would make a project risk management exercise like a car with brakes but no engine. For example, considering the costs of project overrun will give one view of management action – however, looking at the potential benefits of delivering early (e.g. improved cash flow, availability of staff for other projects, project bonuses etc.) will give a completely different emphasis. Blending the upside/downside trade-offs between performance, programme and price is the very essence of good project management.

Risk  Treatment or Mitigation

Dealing with risk here is more than ensuring compliance. It is about having the correct upside and downside KPI’s. it’s about integrated contract negotiation with proper project monitoring. It is about mitigation that starts at the bid phase with clear contracts and a thorough understanding of what needs to be done, by whom and by when. It’s about having the right staff and material, when and where needed. In short, it’s a whole world of complex interactions requiring experience and skill, underpinned by robust processes.

Some concluding thoughts

How does one tell a good project risk management process from a mediocre one?

Perhaps the most obvious indicator is where the risk management starts when the project starts. In reality it should have started at the bid or inception phase.

On other occasions it has actually occurred at the bid phase – but has never been integrated into the project plan after contract start.

But perhaps the best indicator of all is a bit more personal. Most project risk assessments are de-humanised. It’s the modern way as we search for the commanding heights of objectivity. But imagine the effect of an excellent project manager versus an average one. Would it affect timings, costings, relationships. You bet. If your project risk management hasn’t even assessed this most obvious of risks then I suggest it is back to the drawing board.

DISLOCATION

Guest post from Mike Cohen

http://www.cohenstrategicconsulting.com/index.php

Dislocation: dis-lo-ca-tion (\,dis-(,)lō-’ka-shən): a disruption of an established order

The financial world has undergone a dislocation of epic proportions, one that is rivaled by only two such situations in our lifetimes: the Great Depression and to a lesser magnitude the interest spike and related chain of events of the early 1980’s. Financial institutions, and even more profoundly the world financial order, have been found to be standing on foundations of sand, and dynamics/financial behaviors/paradigms/systems that we took for granted are not effective, or at the very least stumbling along in a state of disarray and confusion.

As our ‘rose-colored glasses’ (spawned by over-optimism, greed, laziness, ignorance and unjustified trust) have been taken away and replaced with optical devices fitted with Coke-bottle lenses with Vaseline smeared on them, we are confronted with the critical endeavor of recreating nothing less than our way of life and arguably the most important underpinning of it, our financial system.

Our World Has Changed: This dislocation is different and more troubling than any other in history, in large part because it almost triggered the collapse of the world’s financial system.  The crisis we are faced with today was caused by widespread business practices where society’s hard learned lessons were ignored:

–       The financial system is based on trust (in people, in the system itself), and the resulting belief that it works; there has been a considerable amount of activity that almost any observer would describe as untrustworthy

–       Accurate, objective analysis is critical

–       Greed kills, sooner or later

Joseph Schumpeter, the famous Czechoslovakian economist, observed in the 1920’s:

Capitalism moves forward following a process of creative destruction. Inevitable cycles of expansion and retraction are not only survivable but are in fact the secret of capitalism’s extraordinary power to inspire innovation and progress.”

It would be completely inaccurate to describe the financial crisis that has occurred as the result of ‘creative destruction’. The root causes of this crisis are much darker.

How did we get to where we are?

–       Unjustifiably easy credit was offered to homebuyers who very logically couldn’t have been expected to be able to service their mortgage loans.  A substantial price bubble was created and inevitably burst, as many have before it, but this time the entire American society was hurt badly as opposed to individual investors in past bubbles.

–       Asset managers making ambitious claims about investment returns they said they couldn’t possibly achieve, and others committing outright fraud

–       Rating analysts not adequately analyzing securities, causing them to be overrated and underpriced

–       Investment bankers and others facilitating transactions built on elements that had not been properly vetted, and which have turned out to have crushing levels of risk and unforeseen financial liabilities

Macro Issues Abounded:

– The banking system almost collapsed, and may have had it not been for considerable government intervention, which has raised a host of other profound issues. An enormous amount of bad loans were made as the result of capricious underwriting, leading to huge amounts of bad assets on banks’ books and causing a paralyzing level of fear for making further loans.

– The financial markets ‘froze’. The flow of capital slowed to a trickle because lenders did not believe that borrowers were credit-worthy; ironically, the thought process evolved from lending money to anybody to lending money to no one. The markets are just beginning to thaw, a year later.

– Complicated financial instruments confused and overwhelmed the system, creating enormous risk. Counterparties, partners in transactions, did not understand these vehicles they were buying and selling (and in many cases how their counterparts were managing their own enterprises) … and the risks they were taking on. A certain notorious business operation has long held the notion that “Be close to your friends, and closer to your enemies”.

– The real estate market plunged into its worst cycle in decades, and possibly ever. This collapse was caused by a number of dynamics:

* Selling housing/making loans to individuals or companies whose financial positions were not strong enough to service their financial obligations

– The rating agencies have been called to task over their role in the current situation, and a number of vexing questions have been raised:

* How are they analyzing companies and investment vehicles?

* How are they to be paid for their rating services? Are there conflicts of interest imbedded in their client relationships?

* How will they be operating going forward?

* How will they be regulated?

– Consumer attitudes have been more negative than ever since they began being monitored in the 1960’s, although recently they have improved marginally as economic and financial stabilization is beginning to occur.  The widespread view is that the current situation is beyond a cyclical downturn and is perceived as a failure of the system. Uncertainty about the financial system, rising unemployment, restricted credit, and a depressed housing market have all contributed to plummeting consumer sentiment.

– Government responses in the form of rescue programs of various types are beginning to fix the problems within the financial system (banks and insurers) and key industries (automotive), and are gradually beginning to calm fears. Substantial efforts to revise the nation’s financial services regulatory infrastructure are underway, conceived to both address current issues and create a more shock-free system in the future. A number of vexing problems have arisen, however, that will be very difficult to solve:

* Well intentioned programs to interject capital to troubled sectors of the economy have been slow to take effect

* Massive budget deficits are building, which will lead to substantial debt servicing obligations in the future and consequentially depressed economic growth

* The government owns stakes in huge corporations (with the implication of socialistic-type government in the United States, for crying out loud!), and is being perceived as making broad decisions on which corporations will survive or fail.

* Understanding that things that can go wrong (either known or unknown), and making sure the adverse affects do not cause crippling and irreversible harm

* A fundamental question begging to be asked is “how did so many elements of this financial disaster occur that had aspects and implications of risk that no one either understood or quantified anywhere close to properly, or didn’t bother to look at?”

The Days After – NEVER AGAIN

How does a company react to a major setback or loss event?

In his book, The Survivor’s Club, Ben Sherwood talks of several common reactions that people have to a near death situation..

1. Some want things to be like they were before.  They want the experience to be forgotten completely.
2. Some are willing to accept some memory of the crisis, but do not want to remember the really bad parts – the uncertainty of survival, the struggle and the unpleasantness.  They want to white wash their memory.
3. Others will always make it a joke – never allowing their crisis to be taken serious by anyone around them.
4. Some turn the event into a heroic story, often painting themselves or sometimes another as the hero.
5. Others consider themselves veterans of a war against adversity or perhaps graduates of a particularly difficult course from the school of hard knocks.

Many companies that were among the first wave of serious practitioners of ERM had survived a near death experience.  They had been over concentrated in one of the long list of major hits to the insurance and financial systems over the past 10 years.

At every single one of these firms, managers who lived through those days of uncertainty, when they were going through the darkest days and perhaps went home more than once not knowing if their employer would open again in the morning all have the exact same mantra “NEVER AGAIN“.

To these firms, there is no question about whether they will take ERM seriously the next time that things get tough.  That is because at these firms, ERM is not some sort of management buzz word, it is the logical path to accomplishing their key goal for the future “NEVER AGAIN“.

They do not struggle to develop an agenda for their Risk Committee meetings.  They know how to focus on the real risk and risk management issues that are life and death.  They will make sure that they are aware of their concentrations, that all of their risk mitigation strategies are working and if not they will not hesitate to make changes so that they will be effective.  They are always on the lookout for the next change in the environment that means that yesterday’s rules are out the window and are ready to take those actions that might put them enough ahead of the crowd to miss the next big loss event.  This is because they are clear about why they do all of this, “NEVER AGAIN“.

So these firms fall into the fifth group – the graduates of the school of hard knocks. What they learned is that risk management is really important.

Other firms went through those same events and did not have that near death experience.  Most of those firms had one of the other four reactions to their losses.  They want to forget about it as quickly as possible.  They create a whitewashed history.  They create a heroic story that has as its base the idea that they will always be the survivors.

They went to the school of hard knocks, passed the course and may not have really learned anything.

Zombie, Elephant and Monkey Risk

This is a guest post from Trevor Levine at riskczar.com

Is it too soon to add Zombie Risk to our heat maps?

According to researchers at two Ottawa universities who modeled a zombie attack using biological assumptions based on popular zombie movies, “classic” slow-moving zombies could take over our cities in under a week. (The “nimble, intelligent creatures” would take a few days less I imagine.)

And while we can all laugh this one off and conclude that at best Zombie Risk would be in the upper corner or our heat map (Extremely Unlikely and Catastrophic), a zombie “plague” in fact resembles any sort of lethal, rapidly spreading infection.

Where are those H1N1 sort of risks on your heat maps?

You can read more about this at http://news.bbc.co.uk/2/hi/science/nature/8206280.stm

Elephant Risk

A few weeks ago, I wrote about the threat of zombies and whether it was too soon to ad zombie risk to your risk register or heat map. Well what about Elephant Risk?

The Scientific Leader Blog writes about the increasing danger of elephants in India and Sri Lanka entering cities and causing trouble. For those of us sitting in Toronto, New York or Chicago, elephants are not risk we need to add to our heat maps but it does make you think about unknown unknows.

What’s out there that we have not thought about before?

Monkey Risk

Earlier today I wrote about the threat of elephants in some parts of India or Sri Lanka; risks we would never consider including in a heat map in major North American cities but are threats in other parts of the world.

Well, if you were tasked with identifying and assessing risk to the municipal government of Delhi, India in 2007, would you have included Monkey Risk?

A BBC article from October 2007 reads:

The deputy mayor of the Indian capital Delhi has died a day after being attacked by a horde of wild monkeys. SS Bajwa suffered serious head injuries when he fell from the first-floor terrace of his home on Saturday morning trying to fight off the monkeys. The city has long struggled to counter its plague of monkeys, which invade government complexes and temples, snatch food and scare passers-by.

I am not advocating adding Monkey Risk to your risk maps, just open your minds to identify and assess all sorts of risks while searching for similarities in seemingly dissimilar things. Maybe we don’t have to worry about monkeys but what about rats, birds, insect infestations, etc.

Just think about it and how something so far fetched could affect your business plan.

http://news.bbc.co.uk/2/hi/south_asia/7055625.stm

Three Faces of Risk Management

There is quite a bit of confusion around risk management.  Some of that confusion comes  from the fact that there are three largely different activities out there that are by different groups considered to be Risk Management,  When you read about risk management, you need to somehow guess which of the three versions of risk management the author intends to discuss.  Most folks, including many of the risk management experts, do not even know that they are only talking about one of the three faces of ERM. So here they are:

I.  Loss Controlling – this aspect of ERM focuses on minimizing losses.  It is the more traditional type of risk management and is the main type of ERM that is practices outside of the financial sector.

II.  Risk Trading – is the focus of ERM for banks that buy and sell risks and for insurers who sell their risk aggregation capabilities.  THe main focus of risk trading is the pricing of risks.  Complex models are usually used to do the pricing and evaluation of risks.

III.  Risk Steering – is the practice of looking at broad risk choices for a firm the same way that a portfolio manager does strategic asset allocation. This aspect of ERM is very popular in theory, but in fact, there are very few firms that are really doing this.

No wonder there is confusion.  These things seem to be almost totally different topics.

Materials from banks that make up the vast majority of the words about risk management talks almost solely about risk trading.  In a bank risk trading operation, the main important thing is to keep track of the fluctuations in market prices.  Anyone from outside of banking is easily frustrated by reading this literature since it does not seem to apply.  The holy grail of financial economics enthusiasts was to securitize and trade all risks so that they all could be managed using the risk trading techniques.  The atomization of risk allowed by these techniques was believed to have drastically reduced the overall risk of the system.  (Events of the financial crisis seem to disprove the notion that atomizing a risk reduces the amount of risk in any way – it seems to have turned concentrated risks into systemic risks – not exactly a good result.)

Insurers also live primarily in a risk trading world, but in a very different risk trading world from the banks.  That is because insurers turnover period for its risks is much, much longer than the banks.  Banks think of their trading risks as having a turnover period of one month or less.  Insurers holding period is measured in years or even decades.  Unfortunately the bank led focus on very short term movements in market values is being applied to insurance for both accounting and solvency assessment.  There are many possible consequences of this very short term focus on risks with long term holding periods.  A few of them are good, making insurers attend to the messages that the market sends through price changes is the primary benefit.  But there will doubtless be many unintended consequences, and some of them will be adverse.  Considering how poorly this system has worked for banks the severity might be extreme.

And then there are the other 90%+ of the businesses in the world.  They do not generally trade their risks either and for the most part do not even have tradable risks.  Risk Trading and the entire ERM system built up for risk trading does not apply to them.

The non-financial firm risk managers who try to read the literature from the financial sector come away thinking that ERM is just not for them at all.  But that is because of the trading orientation of that literature.

Loss controlling is the historical version of ERM that perhaps banks will start to re-emphasize after the massive losses from the risk trading system.  Loss controlling is the process of evaluating risks (underwriting for credit and insurance risks) and limiting total exposures and concentrations of risk.

Loss controlling is the where the action is for non-financial firms.  But every indication is that business schools teach about risk management solely in terms of risk trading.  All of this adds to the feeling that is common among non-financial firm management that ERM is just not for them.

The third area of Risk managment, Risk Steering is named that way to evoke the idea of steering a super-tanker.  Risk Steering involves evaluating and changing the risk profile of the firm at a macro level.  Risk Steering is a macro version of Risk Trading, but it does not in any way require any of the detailed market based analysis that is used for risk trading.

Many firms have tried to use risk steering models for risk trading or risk trading models for steering.  Speed boats and supertankers cannot be interchanged.

Risk Steering involves bringing the consideration of risk and the firms risk profile into the strategic decision making process.  It requires a broad and high level understanding of the firm’s risks – the degree to which they diversify each other and the degree to which they are concentrated.  Major decisions, such as acquisitions are examined in the light of the risk profile and change in risk profile that they entail.  Businesses with high risk are regularly examined to verify that the firm continues to want all of the risk created.  Businesses that produce high returns are examined to determine whether  the high return is the result of some risk that was not accounted for.

So next time you read about risk management, ask yourself which of these three types of risk management the author is referring to.

Are You Sure About That?

Most risk models consist of a series of best guesses for the size of each risk. Some of the risks are very well known. The risk models here have relatively little uncertainty. They are mostly models of volatility, where there is a long history of past volatility and good reason to expect future volatility to be similar. Others of the risks have little or no track record. The volatility assumptions in these models are based on extensions of information from other situations. There may be very high degrees of uncertainty in the parameters for these models. However, many of the folks who build the models believe for various reasons that reflecting parameter uncertainty is too cautious an approach to the risk model and adds so much to the risk evaluation that it makes the risk model unusable. The numbers from both types of risk are usually just added together or presented on the same page with no distinction between their credibility. So it seems that the users of risk models are faced with two choices – to have risk models that reflect high potential risk for new and untested risks and therefore stifle participation in new business opportunities and risk models that sometimes drastically understate the risks.

The alternate is to keep track of many different aspects of risk and pay attention to all of them.  See Multidimensional risk.

Then everyone can know that the economic capital or any other comprehensive risk measurement does NOT reflect the degree of uncertainty, but that another report gives information about uncertainty.

The report on uncertainty might look at each of the risks and give an indication of the level of uncertainty of each of the values in the economic capital.  So it might say that 75% of economic capital comes from risks with low uncertainty, 20% moderate and 5% high uncertainty.

Even more revealing, profits could be analyzed in the same manner.  That might help to show how much of profits are coming from activities with higher uncertainty – a dangerous situation that should trigger a high degree of concern among management.

Animal Spirits Eating Green Shoots

Guest Post from David Merkel

http://alephblog.com/2009/09/01/animal-spririts-eating-green-shoots/

I have never liked Keynes concept of “animal spirits.” (I reread that piece, and though it is long, I think it is worth another read.  I try not to say that about my own stuff too often.)  Businessmen are generally rational, and take opportunities when they see them.  As for those that invest in the stock market, perhaps the opposite is true — panicking near bottoms, and buying near tops.

Most businessmen are risk-averse.  They do what they can to avoid insolvency.  But debt capital is cheap during the boom phase of an economic cycle, and businessmen load up on it then.  During the bear phase of the cycle, overly indebted businessmen pull in their horns and try to survive.  At bottoms, deals are too attractive for businessmen with spare cash to ignore — businessmen are rational, and seek deals that offer profitability with reasonable probability.

Unlike this article, I’m not convinced that the news does that much to affect behavior.  Movements in asset values are self-reinforcing not because of crowd opinion, but because of the accumulation and decumulation of debt and other financial claims.  As businessmen get closer to insolvency, they trim activity.  As their financial constraints get looser, they are willing to consider more investments with free cash.

As for the current situation, I am less confident of the “green shoots.”  Yes, inventory decumulation has slowed down.  So has the increase in unemployment, maybe.  Yes, financing rates have fallen.  We still face a situation where China is force feeding loans for non-economic reasons into its economy, and where the financial sector of the US is still weak due to commercial real estate loans, bank loans to corporations, and weak financial entities propped up by the US government.  Even residential real estate is not done, because of the number of properties that are inverted, and the increase in unemployment, which I think is likely to get worse.

Applications: I think it is more likely than not that there will be another crisis with the banks, and another round of monetary rescue from the government.  I also think that many speculative names like AIG have overshot, and the advantage now rests with the shorts for a little while.  Real money selling is overcoming day traders.

Be cautious in this environment.  After I put out my nine-year equity management track record, the next project is to dig deeper in the risks in my own portfolio, and make some changes.

Disclosure

This post is produced by David Merkel CFA, a registered representative of Finacorp Securities as an outside business activity. As such, Finacorp Securities does not review or approve materials presented herein. By viewing or participating in discussion on this blog, you understand that the opinions expressed within do not reflect the opinions or recommendations of Finacorp Securities, but are the opinions of the author and individual participants. Neither the information nor any opinion expressed constitutes a solicitation for the purchase or sale of any security or other instrument. Before investing, consider your investment objectives, risks, charges and expenses. Any purchase or sale activity in any securities instrument should be based upon your own analysis and conclusions. Past performance is not indicative of future results. Finacorp Securities is a member FINRA and SIPC.

Counterparties

When you substitute counterparty risk for another risk, you are essentially bringing their entire balance sheet proportionately onto yours.  Counterparty due diligence is key.  Collateral agreements are important.  Some would say that collateral agreements brought down the banks that failed and AIG that was rescued, but from the counterparty point of view…  In addition to traditional credit analysis that is mostly backward looking, insurers should try to understand the approach to risk taking of their counterparties so that they can become comfortable with the risks that they may take in the future.  The counterparty exposure that exists right now may not be representative of the size of the exposures right after a major loss event.  Examination of those potential exposures and the potential losses to the reinsurer in a major loss event should be studied and factored into risk and reinsurance decisions.

This means plotting the level of obligation from the counterparty in the event of an extremely adverse scenario.  That is when the idea of taking on a proportionate share of the counterparties balance sheet takes on significant importance.  The degree to which the counterparty is concentrated in that particular risk becomes key.  That is not information that is available from just looking at the rating of the counterparty.  You must know and understand the other obligations of the counterparty to know the degree to which they are at risk from the type of event that you are offsetting (not transferring see Bad Labels ).

This means that a stress test becomes most important.  The stress test will look at (1) the amount of gross loss, (2) the amount due from the counterparty under the stress scenario in the form of a claim, a reserve credit, or collateral and (3) the degree to which the stress scenario impacts the ability of the counterparty to make good on their obligations.  As was seen during the financial crisis, the liquidity of the counterparty under stress may well be the constraint.  If your firm does not have the liquidity to easily pay the gross losses under that are due in cash, then you are relying on the counterparty as a source of liquidity.

Good data, Models, Instincts and statistics

Guest Post from Jawwad Farid

http://alchemya.com/wordpress2/

Risk and transaction systems differ in many ways. But they both suffer from a common ailment – Good data and working models. On a risk platform the integrity of the data set is dependent on the underlying transaction platform and the quality of data feeds. Keeping the incoming stream of information clean and ensuring that the historical data set remains pure is a full time job. The resources allocated to this problem show how committed and reliant an organization is to its risk systems.

In organizations still ruled by the compliance driven check list mindset, you will find that it is sufficient to simply generate risk reports. It is sufficient because no one really looks at the results and when they do in most cases they may not have any idea about how to interpret them. Or even worse, work with the numbers to understand the challenges they represent for that organization’s future.

The same problem haunts the modeling domain. It is not sufficient to have a model in place. It is just as important to understand how it works and how it will fail. But once again as long as a model exists and as long as it produces something on a periodic basis, most Boards in the region feel they have met the necessary and sufficient condition for risk management.

Is there anything that we can do to change this mindset and fix this problem?

One could start with the confusion at Board level between Risk and the underlying transaction. A market risk platform is a very different animal from the underlying treasury transaction. The common ground however is the pricing model and market behavior, the uncommon factor is the trader’s instinct and his gut. Where risk and the transaction systems clash is on the uncommon ground. Instincts versus statistics!

The instinct and gut effect is far more prominent on the credit side. Relationships and strategic imperatives drive the credit business. Analytics and models drive the credit risk side. The credit business is “name” based, dominated by subjective factors that asses relationship, one at a time. There is some weight assigned to sector exposure and concentration limits at the portfolio level but the primary “lend”, “no lend” call is still relationship based. The credit risk side on the other hand is scoring, behavior and portfolio based. A payment delay is a payment delay, a default is a default. While the softer side can protect the underlying relationship and possibly increase the chances of recovery and help attain “current” status more quickly, the job of a risk system is to document and highlight exceptions and project their impact on the portfolio. A risk system focuses on the trend. While it is interested in the cause of the underlying event, the interest is purely mathematical; there is no human side.

I asked earlier if there is anything we can do to change. To begin with Boards need to spend more time and allocate more resources to the risk debate. Data, models and reports are not enough. They need to be poked, challenged, stressed, understood, grown and invested in. Two hours once a quarter for a Board Risk Committee meeting is not sufficient time to dissect the effectiveness of your risk function. You may as well close your eyes and ignore it.

But before you do that remember hell hath no fury like a risk scorned.

Models & Manifesto

Have you ever heard anyone say that their car got lost? Or that they got into a massive pile-up because it was a 1-in-200-year event that someone drove on the wrong side of a highway? Probably not.

But statements similar to these have been made many times since mid-2007 by CEOs and risk managers whose firms have lost great sums of money in the financial crisis. And instead of blaming their cars, they blame their risk models. In the 8 February 2009 Financial Times, Goldman Sachs’ CEO Lloyd Blankfein said “many risk models incorrectly assumed that positions could be fully hedged . . . risk models failed to capture the risk inherent in off-balance sheet activities,” clearly placing the blame on the models.

But in reality, it was, for the most part, the modellers, not the models, that failed. A car goes where the driver steers it and a model evaluates the risks it is designed to evaluate and uses the data the model operator feeds into the model. In fact, isn’t it the leadership of these enterprises that are really responsible for not clearly assessing the limitations of these models prior to mass usage for billion-dollar decisions?

But humans, who to varying degrees all have a limit to their capacity to juggle multiple inter-connected streams of information, need models to assist with decision-making at all but the smallest and least complex firms.

These points are all captured in the Financial Modeler’s Manifesto from Paul Wilmott and Emanuel Derman.

But before you use any model you did not build yourself, I suggest that you ask the model builder if they have read the manifesto.

If you do build models, I suggest that you read it before and after each model building project.