Aligning Interests

By Jean-Pierre Berliet

Companies that withstood the crisis and are now poised for continuing success have been disciplined about aligning interests of shareholders and managers

Separation of ownership and control creates conflicts of interests between managers and owners. To mitigate this situation, companies expend much effort to develop and implement incentive compensation systems that align the interests of managers and shareholders. The present crisis demonstrates clearly, however, that such arrangements are imperfect: large incentive payments were made to many people in companies that have performed poorly or even failed. There has been a public outcry.

But there is nothing really new in misalignments of incentives, or weaknesses in incentive designs that produce harmful results: they exist in every company to some degree. In a typical situation, managers are concerned about minimizing financial and career consequences of not achieving their objectives. If the situation requires it, managers will exploit every opportunity to change their operating plans to achieve their targets. They will seek and capitalize on opportunities to convert unreported intangible assets, such as market share, product or service quality, product leadership, plant productivity or customer service responsiveness into current profits by postponing and reducing related expenses. Financial results will look good, and they will be praised for accomplishing their objectives. Actions that they took, however, accelerated uncertain future income to the present period while undermining the company’s competitive capabilities and reducing the sustainability of its performance. This is dangerous. Mitigating this form of moral hazard is difficult because its effects are not readily apparent.

In insurance companies (and banks), business managers have even greater opportunities to “game” incentive plans:  they can increase reported business volume and profit in the current period by slightly under-pricing or increasing risks assumed.  This approach to “making the numbers” is particularly tempting in lines of coverage in which losses can take many years to emerge and develop; it is also particularly dangerous because losses from mispriced policies, especially in lines with high severity/low frequency loss experience can be devastating.  Similarly, investment officers can invest in assets that offer higher yields to increase portfolio performance, while involving risks that can result in significant capital losses later.

Based on these observations, Directors and CEOs of insurance companies need to work with management to:

• Link incentive compensation payments to the ultimate outcome of business written rather than to current profits (especially when fair value accounting standards cause immediate recognition of profits on contracts).
• Establish and empower an internal control and audit function to verify that managers’ actions are aligned with business strategies and plans.
• Verify the integrity of underwriting and investment decisions, in relation to explicitly approved guidelines and processes.

The present crisis has demonstrated how unbundling of risk assumption businesses can increase moral hazard by redistributing risks, gains and potential losses across originators, arrangers of securitization transactions and investors/risk bearers.

Reconstruction of incentive programs and establishment of appropriate oversight and enforcement mechanisms are needed to reduce moral hazard and restore confidence in the financial system, including insurance companies.

©Jean-Pierre Berliet   Berliet Associates, LLC  (203) 972-0256 jpberliet@att.net

Stress to Failure

It is clear and obvious that BP and the US government regulators were not at all prepared for failure of a deep water oil rig in the Gulf.

What would have helped them is a procedure that I have heard Dave Sandberg describe many times that is used at his employer, Allianz.

Stress to Failure.

1. Whenever something new is proposed, they require that a demonstration is prepared that shows the type of stress that will cause complete failure. That test provides them with several pieces of very valuable information: It helps to put a boundry around the situations under which it will NOT fail. This is the green (and yellow) zone for the new project. They can then evaluate the expected return and volatility of return in those scenarios.
2. It allows an estimate of the likelihood of success vs. failure of the project.  This can be seen by looking at the type of situation that causes failure and the likelihood of that situation.  However, caution should be applied to not put too much weight on this likelihood estimate if the failure type of even has never before happened.  Human nature may well be biased towards underestimating adversity. 
3. It allows for planning for the failure event.  This is where the BP folks and Transocean as well as the Minerals Management Service failed.  They clearly had no plan for the failure event.  It sounds like they were able to convince themselves that any failure event was so remote in likelihood that there was no need to plan for one. 
4. Understanding the true weaknesses of the system.  If you do not know how to break it, then perhaps you do not understand the system. 

This is an idea our of engineering and probably we could learn much by studying how they have used the idea.

Window Dressing

The Wall Street Journal reported today that banks are again very actively doing significant amounts of end out the quarter clean-up that is otherwise known as “window dressing“.

This is a practice that works well, allowing banks to hold capital (figured on their quarter end balance sheets) that is much lower than the risk levels that they are using to create their profits.  This makes them look safer to investors in addition to boosting their ROE.

And while it probably is within the rules of Basel II, it violates the underlying idea behind Pillar 1 and Pillar 3.

The idea behind Pillar 1 is that the banks should hold capital for their risks.  This window dressing practice clearly illustrates one of the major logical flaws in the application of Pillar 1.

To understand the flaw, you need to think for a minute about what the capital is for.  It is not actually for the risks that the bank held during the quarter, nor is it mostly for the risks that happen to be on the balance sheet as of the end of the quarter.  It is primarily to protect the bank in the event of losses form the risks that the banks will be exposed to during the next quarter.  The beginning of quarter balance sheet is being used as a proxy for the risks over the coming quarter.

For a firm that has a highly disciplined risk management process, it would actually make more sense for the firm to hold capital for the RISK LIMITS that it has extended for the coming quarter.  That would be a firm where you could rely upon them to keep their risks within their risk limits for the most part. This makes more sense than holding capital for some arbitrary point in time.  The window dressing proves that point better than any possible theoretical argument.  Besides being the wrong idea, it is subject to easy manipulation.

For firms that are not disciplined in keeping their risks within their risk limits, something higher than the level of capital on their risk limits would be the logical level.  For these firms it would make sense to keep track of the degree to which they exceed their limits (at maximum) and charge them for capital at a level above that.  Say for example 200%.  So if a firm exceeds its risk limits by 10% at maximum in a quarter, their capital for the next quarter would be 120% of the capital needed to support their risk limits for the following quarter.

This check on risk discipline would have several benefits.  It moves the easy possibility of manipulation away from the capital level.  The “legal” window dressing would have to be replaced by fraudulent manipulation of risk reports to fix the capital level.  In addition, disclosure of the degree to which a bank exceeds its risk limit could be disclosed under Pillar 3 and then investors and counterpraties could give their reaction to a bank that cannot control its risks exposures.

In addition, this same logic could be applied to insurers under Solvency II.  There is no reason why insurance regulators need to follow the flawed logic of the banking regulators.

Addendum:  Above I say that the window dressing works well.  That is only partly true.  Sometimes, it does not work at all.  And banks can become stuck with risks and losses from those risks that are far larger than what they had been disclosing.  That happens when markets freeze up.

You see, if many banks are doing the same sorts of window dressing, they all run the risk that there will be too many sellers and not enough buyers for those couple of days at the end of the quarter.  Or maybe just for that one night.  And the freeze is likeliest when the losses are about tho strike.

So in reality, window dressing is not a good plan if you believe that things can ever go poorly.

Lessons for Insurers (6)

In late 2008, the The CAS, CIA, and the SOA’s Joint Risk Management Section funded a research report about the Financial Crisis. This report featured nine key Lessons for Insurers. Riskviews will comment on those lessons individually…

6. Insurers must pay special attention to high growth/profit areas in their companies, as these are often the areas from which the greatest risks emanate.

All high growth areas are not risk problems, but almost all risk problems come from areas of high growth.

And high growth areas present several special problems for effective risk management.

1. High growth in the financial services field usually results when a firm has a new product or service or territory.  There is almost always a deficit of experience and data about the riskiness of the new area.  Uncertainty rules.
2. In new high growth areas, pricing can be far off the mark at the outset.  If the initial experience is benign, then the level of pricing can become firmly set in the minds of the distributors, the market and the management.  When adverse experience starts to undermine the pricing, it may be initially dismissed as an anomaly, a temporary loss.  It may be very difficult to determine the real situation.
3. If risk resources were included in the plan for the high growth activity, they were probably not increased when the growth started to exceed expectations.  As growth occurs, the risk resources are most often held at the level called for in the initial plan.  Any additional resources that are applied to the growing area are needed to support the higher level of activity.  Often this is simply a natural caution about increasing expenses in what may well be a temporary situation.  This caution is often justified as growth ebbs.  But in the situations where growth does not wane, a major mismatch between risk resources and business activity develops.
4. There is usually a political problem within the firm.  The management of the highest growth area are most likely the current corporate heroes.  It is very highly unlikely that the CRO will have as much clout within the organization as the heroes.  The only solution to this issue is support from the CEO for the importance of risk.
5. Risk efforts need to be seen not as “business prevention” but as a partner with the business in getting it right.  This is difficult to accomplish unless risk is involved from the outset.  If the business gets going and growing with procedures that are questionable from a risk perspective, then it is quite possible that changing those procedures might well hurt the growth of the area.  Risk needs to be involved form the outset so that appropriate procedures and execution of those procedures does not become a growth issue later on.

This is the most difficult and important area for the risk management of the firm.  The business needs to be able to take chances in new areas where good growth is possible.  The Risk function needs to be able to help these new activities to have the chance to succeed.

At the same time, the organization needs to be protected from the sort of corner cutting that leads to growth through drastically under-priced risks.

It is a delicate balancing act that requires a high degree of political skill as well as good business judgment about when to dig in the heels and when to let go.

Lessons for Insurers (1)

Lessons for Insurers (2)

Lessons for Insurers (3)

Lessons for Insurers (4)

Lessons for Insurers (5)

Lessons for Insurers (6)

Holding Sufficient Capital

From Jean-Pierre Berliet

The companies that withstood the crisis and are now poised for continuing success have been disciplined about holding sufficient capital. However, the issue of how much capital an insurance company should hold beyond requirements set by regulators or rating agencies is contentious.

Many insurance executives hold the view that a company with a reputation for using capital productively on behalf of shareholders would be able to raise additional capital rapidly and efficiently, as needed to execute its business strategy. According to this view, a company would be able to hold just as much “solvency” capital as it needs to protect itself over a one year horizon from risks associated with the run off of in-force policies plus one year of new business. In this framework, the capital need is calculated to enable a company to pay off all its liabilities, at a specified confidence level, at the end of the one year period of stress, under the assumption that assets and liabilities are sold into the market at then prevailing “good prices”. If more capital were needed than is held, the company would raise it in the capital market.

Executives with a “going concern” perspective do not agree. They observe first that solvency capital requirements increase with the length of the planning horizon. Then, they correctly point out that, during a crisis, prices at which assets and liabilities can be sold will not be “good times” prices upon which the “solvency” approach is predicated. Asset prices are likely to be lower, perhaps substantially, while liability prices will be higher. As a result, they believe that the “solvency” approach, such as the Solvency II framework adopted by European regulators, understates both the need for and the cost of capital. In addition, these executives remember that, during crises, capital can become too onerous or unavailable in the capital market. They conclude that, under a going concern assumption, a company should hold more capital, as an insurance policy against many risks to its survival that are ignored under a solvency framework.

The recent meltdown of debt markets made it impossible for many banks and insurance companies to shore up their capital positions. It prompted federal authorities to rescue AIG, Fannie Mae and Freddie Mac. The “going concern” view appears to have been vindicated.

Directors and CEOs have a fiduciary obligation to ensure that their companies hold an amount of capital that is appropriate in relation to risks assumed and to their business plan. Determining just how much capital to hold, however, is fraught with difficulties because changes in capital held have complex impacts about which reasonable people can disagree. For example, increasing capital reduces solvency concerns and the strength of a company’s ratings while also reducing financial leverage and the rate of return on capital that is being earned; and conversely.

Since Directors and CEOs have an obligation to act prudently, they need to review the process and analyses used to make capital strategy decisions, including:

• Economic capital projections, in relation to risks assumed under a going concern assumption, with consideration of strategic risks and potential systemic shocks, to ensure company survival through a collapse of financial markets during which capital cannot be raised or becomes exceedingly onerous
• Management of relationships with leading investors and financial analysts
• Development of reinsurance capacity, as a source of “off balance sheet” capital
• Management of relationships with leading rating agencies and regulators
• Development of “contingent” capital capacity.

The integration of risk, capital and business strategy is very important to success. Directors and CEOs cannot let actuaries and finance professionals dictate how this is to happen, because they and the risk models they use have been shown to have important blind spots. In their deliberations, Directors and CEOs need to remember that models cannot reflect credibly the impact of strategic risks. Models are bound to “miss the point” because they cannot reflect surprises that occur outside the boundaries of the closed business systems to which they apply.

©Jean-Pierre Berliet   Berliet Associates, LLC (203) 972-0256  jpberliet@att.net

What’s the Truth?

There has always been an issue with TRUTH with regard to risk.  At least there is when dealing with SOME PEOPLE. 

The risk analyst prepares a report about a proposal that shows the new proposal in a bad light.  The business person who is the champion of the proposal questions the TRUTH of the matter.  An unprepared analyst can easily get picked apart by this sort of attack.  If it becomes a true showdown between the business person and the analyst, in many companies, the business person can find a way to shed enough doubt on the TRUTH of the situation to win the day. 

The preparation needed by the analyst is to understand that there is more than one TRUTH to the matter of risk.  I can think of at least four points of view.  In addition, there are many, many different angles and approaches to evaluating risk.  And since risk analysis is about the future, there is no ONE TRUTH.  The preparation needed is to understand ALL of the points of view as well many of the different angles and approaches to analysis of risk. 

The four points of view are:

1. Mean Reversion – things will have their ups and downs but those will cancel out and this will be very profitable. 
2. History Repeats – we can understand risk just fine by looking at the past. 
3. Impending Disaster – anything you can imagine, I can imagine something worse.
4. Unpredictable – we can’t know the future so why bother trying. 

Each point of view will have totally different beliefs about the TRUTH of a risk evaluation.  You will not win an argument with someone who has one belief by marshalling facts and analysis from one of the other beliefs.  And most confusing of all, each of these beliefs is actually the TRUTH at some point in time. 

For periods of time, the world does act in a mean reverting manner.  When it does, make sure that you are buying on the dips. 

Other times, things do bounce along within a range of ups and downs that are consistent with some part of the historical record.  Careful risk taking is in order then. 

And as we saw in the fall of 2008 in the financial markets there are times when every day you wake up and wish you had sold out of your risk positions yesterday. 

But right now, things are pretty unpredictable with major ups and downs coming with very little notice.  Volatility is again far above historical ranges.  Best to keep your exposures small and spread out. 

So understand that with regard to RISK, TRUTH is not quite so easy to pin down. 

A Risk Management Classic

I had occasion recently to search the Basel website to try to document the history of their involvement in risk management. 

The oldest document that is still available there that has the term Risk Management in its title is July 1994, Risk Management Guidelines for Derivatives.  That matches up with my impression that modern risk management can be traced back to the efforts of banks and banking supervisors to contain the risks associated with derivatives trading that had lead to several blow-ups in the early 1990’s. 

But the first real classic is the next oldest document on the Basel website,  Principles for the management of interest rate risk, from September 1997.  That document clearly lays out the structure and process for a full scale risk management system.  If you take that link, it will tell that the 1997 document has been superceded.  But if you look at the 2004 update and the 1997 original, you will see that they have added lots of details and lost most of the clarity to the original.  So if you want trees, take the 2004 version, if you want forest, like me, you would prefer the original 1997 version. 

What I particularly liked about the original is that it really wasn’t about interest rate risk at all.  It really captured the essence of risk management and applied that essence to interest rate risk.  Therefore, I believe that the document can easily be used as a guide to building a risk management system for any risk. 

The document is built around 1o Principles:

The role of the board and senior management

Principle 1: In order to carry out its responsibilities, the board of directors in a bank should approve strategies and policies with respect to interest rate risk management and ensure that senior management takes the steps necessary to monitor and control these risks. The board of directors should be informed regularly of the interest rate risk exposure of the bank in order to assess the monitoring and controlling of such risk.

 Principle 2: Senior management must ensure that the structure of the bank’s business and the level of interest rate risk it assumes are effectively managed, that appropriate policies and procedures are established to control and limit these risks, and that resources are available for evaluating and controlling interest rate risk.

Principle 3: Banks should clearly define the individuals and/or committees responsible for managing interest rate risk and should ensure that there is adequate separation of duties in key elements of the risk management process to avoid potential conflicts of interest. Banks should have risk measurement, monitoring and control functions with clearly defined duties that are sufficiently independent from position-taking functions of the bank and which report risk exposures directly to senior management and the board of directors. Larger or more complex banks should have a designated independent unit responsible for the design and administration of the bank’s interest rate risk measurement, monitoring and control functions.

Policies and procedures

Principle 4: It is essential that banks’ interest rate risk policies and procedures be clearly defined and consistent with the nature and complexity of their activities. These policies should be applied on a consolidated basis and, as appropriate, at the level of individual affiliates, especially when recognising legal distinctions and possible obstacles to cash movements among affiliates.

 Principle 5: It is important that banks identify the risks inherent in new products and activities and ensure these are subject to adequate procedures and controls before being introduced or undertaken. Major hedging or risk management initiatives should be approved in advance by the board or its appropriate delegated committee.

Measurement and monitoring system

 

Principle 6: It is essential that banks have interest rate risk measurement systems that capture all material sources of interest rate risk and that assess the effect of interest rate changes in ways that are consistent with the scope of their activities. The assumptions underlying the system should be clearly understood by risk managers and bank management.

 Principle 7: Banks must establish and enforce operating limits and other practices that maintain exposures within levels consistent with their internal policies.

Principle 8: Banks should measure their vulnerability to loss under stressful market conditions – including the breakdown of key assumptions – and consider those results when establishing and reviewing their policies and limits for interest rate risk.

Principle 9: Banks must have adequate information systems for measuring, monitoring, controlling and reporting interest rate exposures. Reports must be provided on a timely basis to the bank’s board of directors, senior management and, where appropriate, individual business line managers. 

Internal controls

Principle 10: Banks must have an adequate system of internal controls over their interest rate risk management process. A fundamental component of the internal control system involves regular independent reviews and evaluations of the effectiveness of the system and, where necessary, ensuring that appropriate revisions or  enhancements to internal controls are made. The results of such reviews should be available to the relevant supervisory authorities. 

 

  

 

I would generalize these with very simple editing.  Here is Generalized Principle 1:

Principle 1: In order to carry out its responsibilities, the board of directors in a firm should approve strategies and policies with respect to  risk management and ensure that senior management takes the steps necessary to monitor and control these risks. The board of directors should be informed regularly of the  risk exposure of the firm in order to assess the monitoring and controlling of such risk.

This was done by simply deleting 2 instances of the words “interest rate” and exchanging the word “firm” for the word “bank”. 

This mindless editing can be done to almost every one of the 10 principles and the result is not just usable, but is a very clear and basic guideline for any risk management program. 

That is what makes this a classic.

Managing Strategic Risks

Contributed by Jean-Pierre Berliet

It is not enough for insurance companies to understand and manage the financial risks of their business that can cause insolvency. They need also to manage external “strategic” risks to their business. Strategic risks result from events that can undermine the viability of their business models and strategies or reduce their growth prospects and damage their market value. Strategic risks include changes in competitive dynamics, regulations, taxation, technology and other innovations that disrupt market equilibrium. They also include events and changes in other industries that can impact adversely the going concern viability and financial performance of insurance companies.

Until the present crisis, many insurers did not think much about their dependence on the efficient functioning of credit and other financial markets or the overall safety and soundness of the banking system. Now they do. Although the sub-prime mortgage crisis and resulting credit market meltdown can be viewed simply as market risk events, they should be seen as the combined, unexpected but theoretically predictable result of design weaknesses in institutional and regulatory arrangements and changes in financial technology.

From this vantage point, the near collapse of the financial system resulted from:

• Pro-cyclical effects of capital regulations under fair value accounting standards,
• Explosive growth of outstanding derivative contracts, especially credit default swaps
• The redistribution of housing finance risks (especially sub-prime) across financial institutions on a global basis, facilitated by securitization.

Together, these factors combined to create a time bomb. That it exploded is no market risk event, but rather a failure of risk management.

The explosion could have been anticipated. Had CROs not abdicated their responsibilities to rating agencies and conducted appropriate due diligence, toxic securities would not have found their way to their balance sheets. Similarly, fundamental changes in the characteristics of mortgage products and the creditworthiness of the customer base should have been examined closely. Such examination would have diminished the attractiveness of CDOs as investments, have reduced their spread throughout the financial system and have prevented or reduced the losses of capital that caused confidence to collapse and market liquidity to vanish.

Insurers, however, did not understand that risks to the financial system were elements of their strategic risk. Strategic risk elements embedded in the financial system are difficult to mitigate. They create dependencies among businesses that undermine diversification benefits achieved through underwriting of a multiplicity of risks and exposures. They have a tendency to hit all activities at the same time.

In this area, prudence is the source of wisdom. Companies that have had the discipline not to underwrite exposures that they did not understand, or invest in financial instruments or asset classes that they could not assess to their satisfaction (e.g., tranches of securitization backed by sub-prime mortgages), have withstood the crisis comparatively well. Some of these companies are benefiting from the weakness of their less thoughtful and less disciplined competitors. For example, Warren Buffett’s decision to create a financial guaranty insurer recently and to resume investing in U.S. companies appears perfectly timed to capitalize on opportunities created by the weakness of established competitors and the steep fall in the market value of many companies.

Methodologies for identifying, measuring and managing strategic risks are in their infancy. Since there are no established conceptual frameworks to guide analysis and decision making, building resilient portfolios of insurance businesses and protecting them from strategic risks is a challenge. In their oversight roles, directors and CEOs can help company executives by re-examining the appropriateness of traditions, conventions and modes of thought that influence risk assumption decisions.

They should demand that company management:

• Conduct periodic defensibility analyses of their companies’ business models and strategy, including consideration of weaknesses in institutional arrangements of the financial system. Such strategy review must also focus on the identification and monitoring of emerging trends with adverse effects on competitive advantage and pricing flexibility (loss of business to competitors, emergence of new risk transfer technologies or product innovations, regulatory developments, etc.) that can reduce company valuations sharply and rapidly.
• Reassess periodically the company’s strategy for controlling performance volatility and achieving a balance between risk and return through specialization in risk assumption, diversification (e.g., across lines, industries, regions or countries), ceded reinsurance or structural risk sharing and financing vehicles such as captives or side-cars.
• Assess the possibility for disruption of business plans caused by events that reduce capital availability or flexibility in capital deployment.
• Develop appropriate responses through adjustment in capabilities, redeployment of capacity across lines of activity, change in limits offered, exclusions, terms and conditions, ancillary services provided, lobbying of lawmakers and regulators and participation in industry associations.
• Hold executives accountable for discipline in under writing and investment decisions.

Because the insurance industry has been highly regulated, many insurance companies have not developed a deep strategic risk assessment capability. They need one urgently.

©Jean-Pierre Berliet   Berliet Associates, LLC (203) 972-0256  jpberliet@att.net

Risk/Reward NOT Linked

At least they are not automatically linked.

Here is a description of the “Law of Risk and Reward” from somewhere on the web. . .

The risk versus reward curve is a fundamental principle in business. The simple explanation is that, as risk in a given transaction increases so does the reward.

This is the fallacy that most of us have heard many, many times.  We hear it so often, it actually seems to be true. 

But it definitely is not now, nor was it ever true that increasing risk increases reward.  

Alfred Marshal is the originator of the supply and demand curves that we were all taught in microeconomics. 

“in all undertakings in which there are risks of great losses, there must also be hopes of great gains.”
Alfred Marshall 1890 Principles of Economics

Somehow, as his idea above about “hopes” for gains was repeated over the years, the word “hopes” was left off. 

And in fact, it takes much more than “hopes” to get great gains out of great risks.  In fact, there are two paths to great gains…

• Great Luck
• Great Risk Management

The “Law of Risk and Reward” above seems to follow a fairness sort of reasoning.  It would only be fair if increased risk resulted in increased reward.  But the world is not fair. 

It is quite possible to:

1. Get a large gain after taking a small risk
2. Get a large loss after taking a small risk
3. Get a small gain after taking a large risk
4. Get a small gain after taking a small risk
5. Get a large gain after taking a large risk
6. Get a large loss after taking a large risk

There are several reasons for this.  First of all, the size of the risk is always an estimate made in advance with incomplete information.  Clearly the situations like number 2 above are cases where the risk may have been underestimated.  Also, the economists will emphasize that situations like 1 do not usually last for long.  (See the old joke about the economist and the $20 bill.)  A second reason is that the risk management performed by the risk taker can be effective both in terms of risk selection and in terms of loss severity mitigation.  However, the risk management tasks that result in good risk selection and effective loss severity mitigation require skill and execution. 

Risk takers who believe in the “Law of Risk and Reward” will tend to think that the time, effort and expense of doing good risk management is wasted effort since more risk results in more reward by law.

Risk and Strategy

Understanding the relationship between RISK and STRATEGY is an extremely important step in incorporating ERM into strategic decision making.

Management and the Board need to decide which of three fundamental relationships that the firm expects to persue over the near term (next several years):

1. The Firm can GROW the business and the risks taken by the business significantly faster than the growth of capital.
2. The Firm can MAINTAIN the relationship between the capital of the firm and the risks of the firm at the current level.
3. The Firm can STRENGTHEN the firm by growing capital faster than the business grows.

If management and the board do not understand these three fundamental choices AND have a clear idea of which choice that the Firm is persuing, it is highly unlikely that conversations about risk and risk management will go anywhere.  In fact, what will happen is that they will spin in whirlpools of changing topics and inconsistencies.

The choice among these three ideas is not permanent.  But it should be a choice that is set down for a multi year period of time.  It should reflect management and the board’s understanding of both the level of resources of the firm as well as the opportuinities in the marketplace.

GROW –  This choice represents the understanding that there are very good opportunities in the marketplace and that the firm has excess capacity to take risks.  That excess capacity might have arisen because of some non-repeatable gains.  The underlying profitability of the business of the firm is not high enough to fund the growth of the firm for some period of time.  The firm either cannot obtain additional outside funding for the growth or else the available funding is too expensive or restrictive.  This strategy cannot be the long term strategy of the firm because the firm will grow ever more risky over time and will eventually experience a loss that will impair the firm.

MAINTAIN – This choice comes from a conclusion that the firm can fund its desired growth level by the profits of the business of the firm.  It might also mean that some of the growth will be funded from outside and that with the funding and the growth and the retained profits, the firm will be able to maintain the level of security that it has had over the recent past.  This strategy is sustainable over a long time period.

STRENGTHEN – This choice is often made after a loss event weakens the firm.  It can be accomplished by increasing profit margins or by limiting growth.  Often, increasing profit margins will limit growth.  This can also be a necessary choice after growth that has far exceeded the level that can be sustained by the earnings of the business.  It can also be a choice that is made during a period when the markets are particularly soft and the choices for profitable growth are poor.  Firms may choose to “keep their powder dry” and to increase their capacity for future growth once market opportunities improve.

The choice among these three strategies is made by every firm, either consciously or unconsciously resulting from their other choices.

A good starting point for bringing Risk into the Strategy discussions is to have a direct discussion of this choice and to find out whether it is possible to get management to clearly understand the choice that is needed at the time for the firm.

Risk Never Sleeps

The LORD and Risk Management

Great post by Jos Berkemeijer

Check it out.

Managed Risk Taking

Is your ALM system a risk management system or is ALM a process at your firm for managed risk taking?

It appears that banks and insurers both use the term ALM to refer to the process that they use with interest rate change risk.  But in general, banks are using ALM as a part of a managed risk taking system, while insurers are most often using ALM as a risk management system.

The difference is in the acceptable targets.  Insurers most often have a target for matching of assets and liabilities to within a 0.50 tolerance in difference in duration for example.  The tolerance is most often justified as a practical consideration, allowing the managers of the ALM system to avoid making too many expensive small moves and to gently steer the portfolio into the matched situation.

Banks will have a much larger mismatch allowance.  A part of the basic business of banks is to borrow funds short term and to lend them long term.  There is a significant duration mismatch embedded into their business model.  The ALM managers are there to make sure that the interest rate risk does not grow beyond those tolerances.  The bank should be setting the limit for mismatch to a level of loss that they can afford.

It is fascinating that for the most part, insurers who are generally buy and hold risk takers are unwilling to take advantage of the generally upward sloping yield curve in anywhere near the level that banks are.  Insurers tend to look at their risks as good risks and bad risks and to avoid any exposure to the bad risks if possible.  Interest rate change risk is seen as a bad risk, probably because (a) there us no underwriting, no selection involved and (b) the risk is totally uncontrollable.

Insurers like risks where they can develop an expertise of underwriting the risk, selecting the better risks over the worse risks.  Interest rate risk, at least within economies has no specific risk component.  If there was underwriting involved, that underwriting would be trying to figure out the forces that drive interest rates up and down.  And that is very difficult to do.

The interest rate change risk is totally uncontrollable because there is no claims management.  There is a major subjective, personal element in the form of the central bankers setting the rates at the short end.  The rates at the long end are driven by both supply and demand as well as by inflation assumptions.  So to get interest rates risht, one would need to read the minds of the central bankers, predict the need for funding and the amount of capital available at various rate levels for various terms as well as the expectations of the market for inflation.  Good luck.

There is another difference between banks and insurers that perhaps explains the difference in strategies.  THe banks are usually able to get their money on a short term basis, paying the low short term interest rates.  Insurers, on the other hand usually get their funds for a longer term.  They may not always need to promise a long term interest rate, but they usually want to keep their customers for the long term, so they want to make plans to pay interest rates at a level consistent with long term.

And if you follow yield curves over time, you will notice that the steepest and most reliable part of the yield curve is at the very short end of the curve.  At the middle of the curve, there is not always an upward slant that is large enough to justify the risk of a significant mismatch, not is it reliable enough to build your business off of it.

So maybe the two segments have it right for their situations.  Banks can have their managed risk taking system while insurers need their risk management system.

Comprehensive Actuarial Risk Evaluation

The new CARE report has been posted to the IAA website this week.CARE_EN

It raises a point that must be fairly obvious to everyone that you just cannot manage risks without looking at them from multiple angles.

Or at least it should now be obvious. Here are 8 different angles on risk that are discussed in the report and my quick take on each:

1. MARKET CONSISTENT VALUE VS. FUNDAMENTAL VALUE   –  Well, maybe the market has it wrong.  Do your own homework in addition to looking at what the market thinks.  If the folks buying exposure to US mortgages had done fundamental evaluation, they might have noticed that there were a significant amount of sub prime mortgages where the Gross mortgage payments were higher than the Gross income of the mortgagee.
2. ACCOUNTING BASIS VS. ECONOMIC BASIS  –  Some firms did all of their analysis on an economic basis and kept saying that they were fine as their reported financials showed them dying.  They should have known in advance of the risk of accounting that was different from their analysis.
3. REGULATORY MEASURE OF RISK  –  vs. any of the above.  The same logic applies as with the accounting.  Even if you have done your analysis “right” you need to know how important others, including your regulator will be seeing things.  Better to have a discussion with the regulator long before a problem arises.  You are just not as credible in the middle of what seems to be a crisis to the regulator saying that the regulatory view is off target.
4. SHORT TERM VS. LONG TERM RISKS  –  While it is really nice that everyone has agreed to focus in on a one year view of risks, for situations that may well extend beyond one year, it can be vitally important to know how the risk might impact the firm over a multi year period.
5. KNOWN RISK AND EMERGING RISKS  –  the fact that your risk model did not include anything for volcano risk, is no help when the volcano messes up your business plans.
6. EARNINGS VOLATILITY VS. RUIN  –  Again, an agreement on a 1 in 200 loss focus is convenient, it does not in any way exempt an organization from risks that could have a major impact at some other return period.
7. VIEWED STAND-ALONE VS. FULL RISK PORTFOLIO  –  Remember, diversification does not reduce absolute risk.
8. CASH VS. ACCRUAL  –  This is another way of saying to focus on the economic vs the accounting.

Read the report to get the more measured and complete view prepared by the 15 actuaries from US, UK, Australia and China who participated in the working group to prepare the report.

Will History Repeat?

In the 1980’s a dozen or more firms in the US and Canadian Life Insurance sector created and used what were commonly called required surplus systems.  Dale Hagstrom wrote a paper that was published in 1981, titled Insurance Company Growth .  That paper described the process that many firms used of calculating what Dale called Augmented Book Profits.  An Augmented Book Profit later came to be called Distributable Earnings in insurance company valuations.  If you download that paper, you will see on page 40, my comments on Dale’s work where I state that my employer was using the method described by Dale.

In 1980, in the first work that I was able to affix my newly minted MAAA, I documented the research into the risks of Penn Mutual Life Insurance Company that resulted in the recommendation of the Required Surplus, what we would now call the economic capital of the firm.  By the time that Dale’s paper was published in 1981, I had documented a small book of memos that described how the company would use a capital budgeting process to look at the capital utilized by each line of business and each product.  I was the scribe, the ideas come mostly from the Corporate Actuary, Henry B. Ramsey. We created a risk and profit adjusted new business report that allowed us to show that with each new product innovation, our agents immediately shifted sales into the most capital intensive or least profitable product.  It also showed that more and more capital was being used by the line with the most volatile short term profitability.  Eventually, the insights about risk and return caused a shift in product design and pricing that resulted in a much more efficient use of capital.

Each year, throughout the 1980’s, we improved upon the risk model each year, refining the methods of calculating each risk.  Whenever the company took on a new risk a committee was formed to develop the new required surplus calculation for that risk.

In the middle of the decade, one firm, Lincoln National, published the exact required surplus calculation process used by their firm in the actuarial literature.

By the early 1990’s, the rating agencies and regulators all had their own capital requirements built along the same lines.

AND THEN IT HAPPENED.

Companies quickly stopped allocating resources to the development and enhancement of their own capital models.  By the mid-1990’s, most had fully adopted the rating agency or regulatory models in the place of their own internal models.

When a new risk came around, everyone looked into how the standard models would treat the new risk.  It was common to find that the leading writers of a new risk were taking the approach that if the rating agency and regulatory capital models did not assess any capital to the new risk, then there was NO RISK TO THE FIRM.

Companies wrote more and more of risks such as the guaranteed minimum benefits for variable annuities and did not assess any risk capital to those risks.  It took the losses of 2001/2002 for firms to recognize that there really was risk there.

Things are moving rapidly in the direction of a repeat of that same exact mistake.  With the regulators and rating agencies more and more dictating the calculations for internal capital models and proscribing the ERM programs that are needed, things are headed towards the creation of a risk management regime that focuses primarily on the management of regulatory and rating agency perception of risk management and away from the actual management of risks.

This is not what anyone in the risk management community wants.  But once the regulatory and rating agency visions of economic capital and ERM systems are fully defined, the push will start to limit activity in risk evaluation and risk management to just what is in those visions – away from the true evaluation of and management of the real risks of the firm.

It will be clear that it is more expensive to pursue the elusive and ever changing “true risk” than to satisfy the fixed and closed ended requirements that anyone can read.  Budgets will be slashed and people reassigned.

Another Fine Mess

High speed trading ran amok on Thursday, May 6.  It sounds like exactly the same thing that lead to the 1987 market crash.  There never was an explanation in 1987 and there most likely will not be one now.

Why not?  Because it is not in the interest of the people who are in a position to know the answer to tell anyone.

Look, the news says that this high speed trading is 75% of the volume of trading on the exchanges. That means that it is probably close to 75% of the exchanges revenue.

Most likely, the answer is that this sort of crash has always been possible at any time of any day with computers sending in orders by the thousands per minute. The people who programmed the computers just do not have enough imagination to anticipate the possibility that no one would want to take the other side of their trade.

Of course this is much less likely if someone actually looked at what was going on, but that would eliminate 90% of that volume.  Back before we handed all of the work to computers, the floor brokers who were the market makers would take care of these situations.

The exchange, that is benefiting from all of this volume, should perhaps be responsible to take some responsibility to maintain an orderly market.  Or else someone else should.  The problem is that there needs to be someone with deep pockets and the ability to discern the difference between a temporary lack of buyers or sellers and a real market route.

Oh, that was the definition of the old market makers – perhaps we eliminated that job too soon.  But people resented paying anything to those folks during the vast majority of the time when their services were not needed.

The problem most likely is that there is not a solution that will maintain the revenue to the exchanges.   Because if you brought back the market makers and then they got paid enough to make the very high risk that they were taking worth their while, that would cut into the margins of both the exchanges and the high speed traders.

Just one more practice that is beneficial to the financial sector but destructive to the economy.  After the 1929 crash, many regular people stayed out of the markets for almost 50 years.  It seems that every year, we are learning one more way that the deck is stacked against the common man.

In poker, when you sit down at the table, it is said that you should look around and determine who is the chump at the table.  If you cannot tell, then you are the chump.

As we learn about more and more of these practices that are employed in the financial markets to extract extra returns for someone, it seems more and more likely that those of us who are not involved in those activities are the chumps.

Much Worse than Anticipated

Arianna Huffington recently pointed out that time and time again, the crises that we face turn out to be Much Worse than We thought it would be.

And she has a good point there.  One that is important for risk managers to contemplate.  One that we are often asked after a major loss…

Why did your risk model get that wrong?

There is a correct answer, but it is one that we can never successfully use.

In situations where major risks are being underestimated widely in the market place, the risk managers who correctly size the worst risks can run into two responses:

1. Their firm believes their evaluation of the risk and exits the exposure as rapidly as they can.
2. Their firm does not believe their evaluation and will only believe a risk evaluation that gives a similar (under) estimation of the risk as the rest of the market.

It is a survival of the underestimators.

And this doesn’t just apply to risk managers and risk models.  Who do you think buys a house on a flood plain?  Someone who has a clear and realistic view of the risk or someone who vastly underestimates the risk?  The underestimator will out bid the realistic every time.

So after a flood, go around to those flooded out and ask if they expected this and most will tell you that this is “much worse that we thought it would be”.

Many “emerging risks” and “black swans” are such because most people had misunderestimated the size of the risk or the likelihood.

And one way to think of it is to go back to Knight and realize that all profits are simply rewards for the uncertainties.  So when we find ourselves getting profits where we cannot figure out the uncertainty that drives the profits, maybe we should go back and figure it out.

The solution is not to curl up in a ball, nor is it to just ignore all risks that pose these potential major threats.  The solution is to take our best shot at really evaluating the risks and make our decisions, eyes wide open, to the possibility that things might just be Much Worse than Anticipated.

Maybe we need to regularly add a column to our risk reports.  To the right of the column labeled Risk.  This one labeled “Worse Case”.

Many insurers with Cat risk exposures will report the 1/250 loss potential that is the focus of rating agencies, but along side of that show a 1/500 loss potential to remind management of just how much worse it might get.

Some people complain that risk managers are just too pessimistic.  But to me this sort of practice just seems to be acting as an adult and facing our risks honestly.  Not with the intention that we stop taking risks.  Instead hoping that we stop experiencing losses that are MUCH WORSE THAN ANTICIPATED.

Is Reputation Risk Manageable?

Many people would put reputation risk at the top of their list of the most important risks to their firms. 

However, their very next conclusion is that since a good reputation is something that you either have or you do not, then it is not very manageable.  By thinking of Reputation Risk as a cliff, there seems to be very little to monitor or manage. There are several problems with this view.  First of all, reputations can be destroyed in many ways.  Think of a reputation as a glass and a spill of water from the glass as a busted reputation.  The glass can be made to overflow all at once with one big pour of water from a large pitcher, or it can be made to overflow by a long slow steady set of small drips. 

Usually hits to the reputation are caused by problems that come from other risks that the organization faces.  Each risk of the firm should be examined and the degree to which a reputation problem might arise from the risk identified.  Moderate risks that have a significant potential reputational hit probably should be elevated to be treated among the major risks. 

The incidence of the small hits to reputation can and should be tracked.  The impact of these events upon the reputation also can and should be monitored.  They are monitored by constantly checking with customers and potantial customers about the reputation of the firm. 

So if these hits to reputation are tracked, then actions to improve reputation can be undertaken and efforts redoubled when these hits reach a critical level.  This means figuring out the ways to take the water back out of the glass. 

Also, the other major way to manage reputation risk is to plan ahead for the response to major reputational problems.  One of the major differences between situations where firms have been devastated by reputation damaging events and firms that have quickly recovered from similar events is the degree to which the firm has a rapid and sure-footed response to the event.  These types of repsonses can only come from advance planning and preparation.  That is not to say that a firm must anticipate every possible reputation damaging event.  However, it is important to anticipate a wide range of events.  The anticipation and advance planning may prove to provide the exact plan for a specific event that comes up, but more likely what the exercize will provide is some experience in formulating the types of responses needed.  Managers who have participated in these exercizes will be more likely to perform as needed when the real reputation hit happens. 

Finally, there is one type of reputation risk that is real, but is used often as a red herring to distract risk managers from the main reputational risks as described above.  This is the risk from an undeserved blow to reputation from the mdeia, regulators or courts.  This is something that can and should be anticipated, but should not be an excuse for not anticipating the other and usually much more likely reputation risks that can come from within the firm.

Risk Impact Thresholds

Tipping the ERM Scale Toward Survival

By MICHAEL A. COHEN

Enterprise risk management experts, and surely even many neophytes, are fairly adept at identifying exposures and events that can impede their organizations. What is much more difficult is measuring the potentially adverse impact of risks, making this the biggest X factor in the ERM process.

Consequently, it is quite challenging to determine how much risk exposure an organization can “tolerate”—that is, the extent of adverse risk impact a company can absorb so that the attainment of its goals will not be jeopardized.

It is equally difficult to assess a company’s “threshold” to absorb these risk consequences—that is, the cross-over points beyond which significant strategic and operational changes need to be made.

What Might Your Stakeholders Do?

TRIGGERS:

• Financial Outcomes: impact on capital and earnings
• Business Line inadequacy: products and features, service
• Business Misconduct and reputational impairment: putting future viability at risk

REACTIONS:

• Customers or producers might cease doing business with firm or reduce volume
• Investors might sell stock lowering the price in the process
• Board might replace management or reduce compensation
• Lenders might charge a higher price for capital
• Rating agencies might downgrade
• Institutional customers might not be permitted to do business with firm

As a result, it is likely that many organizations are exposed to risks that would materially compromise not only their current course but their very existence. In fact, the events of the last two years have dramatically highlighted this exposure, and many firms have been greatly harmed. Just ask AIG and Lehman Brothers.  Measurement of risk impact—both quantitative and qualitative—is clearly the most critical endeavor to perform accurately in determining an organization’s tolerance for risk.  It is possible for each element of the risk measurement and reporting process to be flawed, as they are often performed in a vacuum—the result can be too narrow and theoretical in scope.  The quantifying component of risk measurement is built upon mathematics and modeling, utilizing:

• A series of approximations and assumptions.
• Identification of elements/variables to measure.
• Determination of the relationship between the various risk factors and the outcomes they might jeopardize

The qualifying component, however, is often built on psychology—its effect on decision-making and the “emotional intelligence” of the individuals making judgments on risk. Consider the following:

• People work on problems they think they can solve, and they avoid those they don’t think they can solve—due to complexity or political reasons. Elements in the latter category won’t be addressed.
• They are slow and cautious in reacting to new information and reluctant to admit ignorance or mistaken assumptions. Solutions to risk mitigation may exist, but might not be implemented without inordinate study—paralysis by analysis.
• They look at fewer as opposed to more perspectives, possibly missing a better solution.
• They often place greater value on what they themselves have created than on what others have done, and may well miss out on higher-order thinking generated by a group and on the critical perspectives of others.

(more…)