Archive for June 2010

Loss Controlling as ERM

June 29, 2010

In the recent post, Rational Adaptability, four types of ERM programs are mentioned. One of those four types of ERM is Loss Controlling.

Loss Controlling in one of the traditional forms of Risk Management.  A firm with a focus on Loss Controlling will be seeking to do exactly that with their ERM program.  They will look for the most efficient ways to limit their losses.  They will be focused first on their largest possible losses, those major catastrophic situations.  Exactly what those situations might be will differ from industry, to sector, to firm.  But management of firms with a Loss Controlling focus will most often know where their major catastrophic loss exposures are.

Firms with a Loss Controlling point of view do not think of taking risks to make rewards.  They may have business models that are not particularly susceptible to risks, except for one or two big risks that they may well be totally blind to.  Most often their big risk is of a failure of their business model.

For example, a firm that has a monopoly for some product in some market will sometimes have a Loss Controlling risk management approach.  They may have an exclusive distribution agreement with an organization that has a tight membership.  Their biggest risk is the end of that relationship.  But otherwise, they may shun all other risks through a Loss Controlling system.

Many Life Insurers will operate an ALM system for controlling interest rate risks as a Loss Controlling system by setting a zero net risk (or zero duration mismatch) target.  It is nothing less than amazing that while insurers will operate with this approach to interest rate risk, banks will take the exact opposite approach, obtaining a major part of their profits from taking interest rate risks.

A firm operating under the Loss Controlling system is always prepared for a total collapse of the markets where they are trying to totally control their losses.  In the interest rate risk example above, banks will be severely disrupted when there is a major regime change in interest rates, while insurers with good ALM programs will only be minimally impacted. So this approach to risk management is the best approach in a situation when a market hits a Bust stage.  Firms are most likely to adopt this approach if they hold a Conservator attitude towards risk.  Many firms will adopt a Conservator risk attitude after they have had major losses that significantly restrict their ability to absorb future losses, or even if they see many other firms taking such major losses.

Loss Controlling is the main approach to risk management in non-financial firms. This approach was historically common in financial firms as well, but has been pushed aside in recent decades with the development of better systems for Risk Trading and Risk Steering.

Loss Controlling can become an Enterprise-wide risk management system when a firm sets out to look at all of their risks at the same time and in a similar manner.  Risk Management systems such as COSO or ISO31000 are Enterprise-wide Loss Controlling Risk Management systems.  Some people who are very highly tied to the Risk Steering approach to ERM find these systems to be highly flawed.  That is not really the case, they are simply oriented towards a different point of view about risk.

Loss Controlling systems are less likely to focus a high amount of resources on risk measurement.  They are more likely to focus on risk elimination.  No need to measure it if it is gone.

This post is a part of the Plural Rationalities and ERM project.

Advertisements

Increasing the usefulness of ERM

June 27, 2010

By Jean-Pierre Bertiet

Discussions with senior executives have suggested that decision signals from ERM would be more credible and that ERM would be a more effective management process if ERM frameworks were shown to:

  • Align performance metrics with management’s performance measurement philosophy
  • Integrate ERM into daily management activities

The following two sections discuss these issues and suggest action steps that insurance companies should take to establish ERM as a more robust and valuable management process.

1.  Aligning performance metrics with management’s performance measurement philosophy

To provide useful guideposts for business decisions, the risk adjusted performance measurement framework supporting ERM needs to reflect senior management’s views regarding alignment of responsibilities and performance metrics. Alignment is ensured by i) matching of the structure of the financial management reports to the boundaries of business segment, ii) accurate attribution of capital, premium revenues, investment income and expenses to business segments and iii) segregation in financial reports of the results associated with the current period from the impact of business written in prior years.

This alignment ensures appropriate distinctions between results of current and past decisions and a sharp focus on differences in drivers of performance.

In practice, leading companies are making explicit decisions about the design and features of the financial performance measures they develop by developing customized answers to questions such as the following:

  • Are business segments to be evaluated on a stand alone basis or in a portfolio context (i.e. after attribution of a capital credit for diversification)?
  • Are business segments to be evaluated as if assets they earned risk free, duration matched investment income? Or the average rate of return on the investment portfolio?
  • Are business segments to be evaluated in relation to their ‘consumption” of economic capital? Regulatory capital? Rating agency capital?
  • Should individual business segments bear the cost of “excess” or “stranded” capital?
  • Should performance benchmarks vary across business segments, in line with differences in the volatility of their total risk? Or differences in exposure/premium leverage across lines? Or differences in contribution to corporate debt capacity?
  • How granular does such reporting need to be?
  • Should performance metrics be developed in a policy/underwriting year framework? Would such metrics need to be reconciled with metrics based on fiscal year GAAP reported numbers?
  • How should the period performance of the in-force (or liabilities run off) be measured and separated from the performance of the “new business”? To what extent and how should the performance of “renewal” policies be separated from that of policies written for new customers in property, casualty companies?
  • Should the performance reporting framework provide only period measures of performance or should it be extended to capture the longer term economic value of insurance contracts, such as the change in the embedded value of the business?
  • Should the performance reporting framework be extended to incorporate stochastic performance metrics such as Earnings@Risk or Embedded Value@Risk?

Leading ERM practitioners, especially in Europe, have found that the usefulness, but also the complexity and cost of risk adjusted performance metrics are determined by the desired level of granularity in reporting, and design decisions in i) risk measurement,

ii) capital measurement and, iii) financial reporting. The availability and quality of risk and financial data determine to a significant degree the level of granularity that can be built to support ERM.

In my experience, success in establishing ERM is highly dependent on the level of effort that companies devote to designing a reporting framework that the organization can understand and embrace intuitively, without having to be trained in advanced financial or risk topics. Setting out to develop the most rigorous and actuarially correct framework is likely to result in poor acceptance by operating managers.

2. Integrating ERM into daily management activities

Many senior executives recognize that establishing an ERM process is an obligation that cannot be avoided in today’s environment. They also have a strong intuitive sense that the science of risk measurement and analysis offered by the actuarial profession and other specialists in risk does not yet provide robust answers to many important questions that are asked by people who manage the operations of insurance companies day by day. Differences in perspectives between executives in the corporate center and the managers of business units hamper the effectiveness of ERM. Bridging these differences is a major challenge to the establishment of ERM. This challenge is rooted in fundamental differences in the roles and responsibilities of these actors.

Corporate center executives who operate under oversight of the Board of Directors are highly sensitive to risk concerns of shareholders. It is natural for these executives to take an aggregate view of risk, across the business portfolio. They contribute to corporate performance by  making i) strategic risk management decisions in connection with capacity deployment, reinsurance and asset allocation, ii) operational risk management decisions principally in connection with the management of shared services. Their most important risk decisions, related to capital allocation, involve significant strategic risks.

By contrast, business unit managers have a different outlook. They are typically more focused on meeting the needs of policyholders. They are more likely to view risk as stemming from products and customers.  From their point of view risk management starts with product design, underwriting and pricing decisions, control of risk accumulations and concentrations, product mix and customer mix. With regards to operational risk, their activity places them on the front line to control the “execution risks” elements of operational risk. Business unit managers tend to view requests for support of ERM as distractions from serving policyholders and accomplishing their goals. They believe that they help protect shareholders from value loss by focusing on establishing and maintaining a competitive advantage.

The CFO of a very large insurance group confided to me recently that aligning the perspectives of executives at the corporate center with that of business managers was a challenge of great importance. He expressed the view that results from risk models cannot be used simplistically and that experience and business judgment are needed to guide decisions. Caution and prudence are especially important in interpreting decision signals when model results appear unstable or when complexity makes it difficult to recognize possible biases. He had become interested in using a combination of approaches to develop reliable insights into strategy and risk dynamics in his company.  He was particularly focused on finding ways to bring these insights to bear on the daily activities of employees who manage risk accumulation, risk mitigation and risk transfer activities, on both sides of the balance sheet. In his judgment, borne out by other discussions and my experience with clients, ERM comes to life and creates value best when a top down framework initiated by senior management is embraced bottom up throughout the organization.

Consistent with these considerations, ERM appears to work best in companies in which operating managers have “bought in” ERM and embraced the perspective it provides. In many of these companies, one observes that:

  • Risk management responsibility is owned by operating managers
  • Product definitions and investment boundaries are clear and matched to explicit risk limits
  • Policies and procedures have been co-developed with operating personnel
  • Product approval and risk accumulation are subject to oversight by the central ERM unit
  • Risk and value governance are integrated through a committee with authority to adjudicate decisions about trade-offs between risks and returns
  • Compliance and exceptions are subject to review by senior management

It is important to observe that none of the considerations discussed in the two sections of this note are about the technical components of risk management. Rather, they define a context for accountability, empowerment and appropriate limitations on the activities of people who run day to day operation in insurance companies.

©Jean-Pierre Berliet

Berliet Associates, LLP

(203) 247 6448

jpberliet@att.net

Regulatory Risk Management

June 24, 2010

There are at least two fundamental problems with risk management that is driven by regulators:

  1. All risk management activities that would go beyond what the regulator requires usually cease.  Firms will not do the chaotic process of making their own decisions about how risky their activities are.  They will know because the regulator tells them.
  2. Everyone will work under the same exact view of risk measurement and risk management.  If there are flaws, those flaws will have systemic ripples.  Where the regulators set the capital requirements too high, then businesses will either cease that activity or will engage in regulatory arbitrage.  Where the regulators set the risk capital requirements too low, businesses will over leverage their risks and some businesses will participate in risks that they might not have were the risks properly assessed.

And if the regulators take the step of creating a world wide system where there is no place to go to get regulatory relief, or arbitrage of risks with excessive capital requirements, then the entire world will fall all at once when what ever risk they have set the requirement too low is over used by the firms to get the profits that they believe that they need.

So there are no happy endings for a regulatory driven risk management regime.  None unless the regulators are absolutely perfect in their work.

One of the many roots of the financial crisis was a regulatory driven risk management system used by banks, Basel 2.  The system was so wrong headed that the two largest banks that were stricken by the crisis, Bear Stearns and Lehman both were in fine health according to the Basel measures of risk taking capacity, right up until the time that they failed (or were taken over).

In the June 24, 2010 WSJ, an article entitled BP Relied on Faulty U.S. Data, it says that the regulators REQUIRED the oil drillers to use a specified model of risk of oil spill damage.  According to the article, the model set the risk very close to zero, making it not sensible to spend any money on safety of the rigs or on preparation for a spill.  So that was the way that the drillers leveraged up their risk.  By taking fewer and fewer precautions against a problem, until one did occur.  And the wrong model from the regulators resulted in the situation where none of the firms were prepared for a spill, and furthermore, it probably led to much of the complacency the immediately followed the rig exploding.

So if you find yourself in a business where the regulators are specifying the risk management floor, beware.  It is quite likely that sooner or later that floor will collapse from under all who are standing on it.

Risk Adjusted Performance Measures

June 20, 2010

By Jean-Pierre Berliet

Design weaknesses are an important source of resistance to ERM implementation. Some are subtle and thus often remain unrecognized. Seasoned business executives recognize readily, however, that decision signals from ERM can be misleading in particular situations in which these design weaknesses can have a significant impact. This generates much organizational heat and can create a highly dysfunctional decision environment.

Discussions with senior executives have suggested that decision signals from ERM would be more credible and that ERM would be a more effective management process if ERM frameworks were shown to produce credible and useful risk adjusted performance measures

Risk adjusted performance measures (RAPM) such as RAROC (Risk Adjusted Return On Capital), first developed in banking institutions, or Risk Adjusted Economic Value Added (RAEVA) have been heralded as significant breakthroughs in performance measurement for insurance companies. They were seen as offering a way for risk bearing enterprises to relate financial performance to capital consumption in relation to risks assumed and thus to value creation.

Many insurance companies have attempted to establish RAROC/RAEVA performance measurement frameworks to assess their economic performance and develop value enhancing business and risk management strategies. A number of leading companies, mostly in Europe where regulators are demanding it, have continued to invest in refining and using these frameworks. Even those that have persevered, however, understand that framework weaknesses create management challenges that cannot be ignored.

Experienced executives recognize that the attribution of capital to business units or lines provides a necessary foundation for aligning the perspectives of policyholders and shareholders.

Many company executives recognize, however, that i) risk adjusted performance measures can be highly sensitive to methodologies that determine the attribution of income and capital and ii) earnings reported for a period do not adequately represent changes in the value of insurance businesses. As a result, these senior executives believe that decision signals provided by risk adjusted performance measures need to be evaluated with great caution, lest they might mislead. Except for Return on Embedded Value measures that are comparatively more challenging to develop and validate than RAROC/RAEVA measures, risk adjusted performance measures are not typically capable of relating financial performance to return on value considerations that are of critical importance to shareholders.

To provide information that is credible and useful to management and shareholders, insurance companies need to establish risk adjusted performance measures based on:

  • A ( paid up or economic) capital attribution method, with explicit allowance for deviations in special situations, that is approved by Directors
  • Period income measures aligned with pricing and expense decisions, with explicit separation of in-force/run-off, renewals, and new business
  • Supplemental statements relating period or projected economic performance/ changes in value to the value of the underlying business.
  • Reconciliation of risk adjusted performance metrics to reported financial results under accounting principles used in their jurisdictions (GAAP, IFRS, etc.)
  • Establishment and maintenance of appropriate controls, formally certified by management, reviewed and approved by the Audit Committee of the Board of Directors.

In many instances, limitations and weaknesses in performance measures create serious differences of view between a company’s central ERM staff and business executives.

Capital attribution

(more…)

Biased Risk Decisions

June 18, 2010

The information is all there.  We have just wrapped it in so many technical terms that perhaps we forget what it is referring to.

Behavioral Finance explains exactly how people tend to make decisions without models.  They call them Biases and Heuristics.

This link is to one of my absolute favorite pages on the entire internet.  LIST OF COGNITIVE BIASES Take a look.  See if you can find the ways that you made your last 10 major business decisions there.

Now models are the quants ways to overcome these biases.  Quants believe that they can build a model that keeps the user from falling into some of the more emotional cognitive biases, such as the anchoring effect.  With a model, for example, anchoring is avoided because the modeler very carefully gives equal weight to many data points instead of more weight to the most recent data point.

But what the quants fail to recognize is that models strengthen some of the biases.  For example, models and modelers often fall under the Clustering illusion, finding patterns and attributing statistical distributions to data recording phenomena that has just finished one phase and is about to move on to another.

Models promote the hindsight bias.  No matter how surprising an event is at the time, within a few years, the data recording the impact of the event is incorporated into the data sets and the modelers henceforth give the impression that the model is now calibrated to consider just such an event.

And in the end, the model is often no more than a complicated version of the biases of the modeler, an example of the Confirmation Bias where the modeler has constructed a model that confirms their going in world view, rather than representing the actual world.

So that is the trade-off, between biased decisions with a model and biased decisions without a model.  What is a non-modeling manager to do?

I would suggest that they should go to that wikipedia page on biases and learn about their own biases and also sit down with that list with their modeler and get the modeler to reveal their biases as well.

Fortunately or unfortunately, things in most financial firms are very complicated.  It is almost impossible to get it right balancing all of the moving parts that make up the entirety of most firms without the help of a model.  But if the decision maker understands their own biases as well as the biases of the model, perhaps they can avoid more of them.

Finally, Jos Berkemeijer asks what must a modeler know if they are also the decision maker.  I would suggest that such a person needs desperately to understand their own biases.  They can get a little insight into this from traditional peer review.  But I would suggest even more than that they need to review the wiki list of biases with their peer reviewer and hope that the peer reviewer feels secure enough to be honest with them.

Risk Velocity

June 17, 2010

By Chris Mandel

Understand the probability of loss, adjusted for the severity of its impact, and you have a sure-fire method for measuring risk.

Sounds familiar and seems on point; but is it? This actuarial construct is useful and adds to our understanding of many types of risk. But if we had these estimates down pat, then how do we explain the financial crisis and its devastating results? The consequences of this failure have been overwhelming.

Enter “risk velocity,” or how quickly risks create loss events. Another way to think about the concept is in terms of “time to impact” a military phrase, a perspective that implies proactively assessing when the objective will be achieved. While relatively new in the risk expert forums I read, I would suggest this is a valuable concept to understand and more so to apply.

It is well and good to know how likely it is that a risk will manifest into a loss. Better yet to understand what the loss will be if it manifests. But perhaps the best way to generate a more comprehensive assessment of risk is to estimate how much time there may be to prepare a response or make some other risk treatment decision about an exposure. This allows you to prioritize more rapidly, developing exposures for action. Dynamic action is at the heart of robust risk management.

After all, expending all of your limited resources on identification and assessment really doesn’t buy you much but awareness. In fact awareness, from a legal perspective, creates another element of risk, one that can be quite costly if reasonable action is not taken in a timely manner. Not every exposure will result in this incremental risk, but a surprising number do.

Right now, there’s a substantial number of actors in the financial services sector who wish they’d understood risk velocity and taken some form of prudent action that could have perhaps altered the course of loss events as they came home to roost; if only.

More at Risk and Insurance

Winners and Losers

June 14, 2010

Sometimes quants who get involved with building new economic capital models have the opinion that their work will reveal the truth about the risks of the group and that the best approach is to just let the truth be told and let the chips fall where they may.

Then they are completely surprised that their project has enemies within management.  And that those enemies are actively at work undermining the credibility of the model.  Eventually, the modelers are faced with a choice of adjusting the model assumptions to suit those enemies or having the entire project discarded because it has failed to get the confidence of management.

But that situation is actually totally predictable.

That is because it is almost a sure thing that the first comprehensive and consistent look at the group’s risks will reveal winners and losers.  And if this really is a new way of approaching things, one or more of the losers will come as a complete surprise to many.

The easiest path for the managers of the new loser business is to undermine the model.  And it is completely natural to find that they will usually be completely skeptical of this new model that makes their business look bad.  It is quite likely that they do not think that their business takes too much risk or has too little profits in comparison to their risk.

In the most primitive basis, I saw this first in the late 1970’s when the life insurer where I worked shifted from a risk approach that allocated all capital in proportion to reserves to one that recognized the insurance risk as well as the investment risk as two separate factors.  The term insurance products suddenly were found to be drastically underpriced.  Of course, the product manager of that product was an instant enemy of the new approach and was able to find many reasons why capital shouldn’t be allocated to insurance risk.

The same sorts of issues had been experienced by firms when they first adopted nat cat models and shifted from a volatility risk focus to a ruin risk focus.

What needs to be done to diffuse these sorts of issues, is that steps must be taken to separate the message from the messenger.  There are 2 main ways to accomplish this:

  1. The message about the new level of risks needs to be delivered long before the model is completed.  This cannot wait until the model is available and the exact values are completely known.  Management should be exposed to broad approximations of the findings of the model at the earliest possible date.  And the rationale for the levels of the risk needs to be revealed and discussed and agreed long before the model is completed.
  2. Once the broad levels of the risk  are accepted and the problem areas are known, a realistic period of time should be identified for resolving these newly identified problems.   And appropriate resources allocated to developing the solution.  Too often the reaction is to keep doing business and avoid attempting a solution.

That way, the model can take its rightful place as a bringer of light to the risk situation, rather than the enemy of one or more businesses.


%d bloggers like this: