Archive for June 2010

Loss Controlling as ERM

June 29, 2010

In the recent post, Rational Adaptability, four types of ERM programs are mentioned. One of those four types of ERM is Loss Controlling.

Loss Controlling in one of the traditional forms of Risk Management.  A firm with a focus on Loss Controlling will be seeking to do exactly that with their ERM program.  They will look for the most efficient ways to limit their losses.  They will be focused first on their largest possible losses, those major catastrophic situations.  Exactly what those situations might be will differ from industry, to sector, to firm.  But management of firms with a Loss Controlling focus will most often know where their major catastrophic loss exposures are.

Firms with a Loss Controlling point of view do not think of taking risks to make rewards.  They may have business models that are not particularly susceptible to risks, except for one or two big risks that they may well be totally blind to.  Most often their big risk is of a failure of their business model.

For example, a firm that has a monopoly for some product in some market will sometimes have a Loss Controlling risk management approach.  They may have an exclusive distribution agreement with an organization that has a tight membership.  Their biggest risk is the end of that relationship.  But otherwise, they may shun all other risks through a Loss Controlling system.

Many Life Insurers will operate an ALM system for controlling interest rate risks as a Loss Controlling system by setting a zero net risk (or zero duration mismatch) target.  It is nothing less than amazing that while insurers will operate with this approach to interest rate risk, banks will take the exact opposite approach, obtaining a major part of their profits from taking interest rate risks.

A firm operating under the Loss Controlling system is always prepared for a total collapse of the markets where they are trying to totally control their losses.  In the interest rate risk example above, banks will be severely disrupted when there is a major regime change in interest rates, while insurers with good ALM programs will only be minimally impacted. So this approach to risk management is the best approach in a situation when a market hits a Bust stage.  Firms are most likely to adopt this approach if they hold a Conservator attitude towards risk.  Many firms will adopt a Conservator risk attitude after they have had major losses that significantly restrict their ability to absorb future losses, or even if they see many other firms taking such major losses.

Loss Controlling is the main approach to risk management in non-financial firms. This approach was historically common in financial firms as well, but has been pushed aside in recent decades with the development of better systems for Risk Trading and Risk Steering.

Loss Controlling can become an Enterprise-wide risk management system when a firm sets out to look at all of their risks at the same time and in a similar manner.  Risk Management systems such as COSO or ISO31000 are Enterprise-wide Loss Controlling Risk Management systems.  Some people who are very highly tied to the Risk Steering approach to ERM find these systems to be highly flawed.  That is not really the case, they are simply oriented towards a different point of view about risk.

Loss Controlling systems are less likely to focus a high amount of resources on risk measurement.  They are more likely to focus on risk elimination.  No need to measure it if it is gone.

This post is a part of the Plural Rationalities and ERM project.

Increasing the usefulness of ERM

June 27, 2010

By Jean-Pierre Bertiet

Discussions with senior executives have suggested that decision signals from ERM would be more credible and that ERM would be a more effective management process if ERM frameworks were shown to:

  • Align performance metrics with management’s performance measurement philosophy
  • Integrate ERM into daily management activities

The following two sections discuss these issues and suggest action steps that insurance companies should take to establish ERM as a more robust and valuable management process.

1.  Aligning performance metrics with management’s performance measurement philosophy

To provide useful guideposts for business decisions, the risk adjusted performance measurement framework supporting ERM needs to reflect senior management’s views regarding alignment of responsibilities and performance metrics. Alignment is ensured by i) matching of the structure of the financial management reports to the boundaries of business segment, ii) accurate attribution of capital, premium revenues, investment income and expenses to business segments and iii) segregation in financial reports of the results associated with the current period from the impact of business written in prior years.

This alignment ensures appropriate distinctions between results of current and past decisions and a sharp focus on differences in drivers of performance.

In practice, leading companies are making explicit decisions about the design and features of the financial performance measures they develop by developing customized answers to questions such as the following:

  • Are business segments to be evaluated on a stand alone basis or in a portfolio context (i.e. after attribution of a capital credit for diversification)?
  • Are business segments to be evaluated as if assets they earned risk free, duration matched investment income? Or the average rate of return on the investment portfolio?
  • Are business segments to be evaluated in relation to their ‘consumption” of economic capital? Regulatory capital? Rating agency capital?
  • Should individual business segments bear the cost of “excess” or “stranded” capital?
  • Should performance benchmarks vary across business segments, in line with differences in the volatility of their total risk? Or differences in exposure/premium leverage across lines? Or differences in contribution to corporate debt capacity?
  • How granular does such reporting need to be?
  • Should performance metrics be developed in a policy/underwriting year framework? Would such metrics need to be reconciled with metrics based on fiscal year GAAP reported numbers?
  • How should the period performance of the in-force (or liabilities run off) be measured and separated from the performance of the “new business”? To what extent and how should the performance of “renewal” policies be separated from that of policies written for new customers in property, casualty companies?
  • Should the performance reporting framework provide only period measures of performance or should it be extended to capture the longer term economic value of insurance contracts, such as the change in the embedded value of the business?
  • Should the performance reporting framework be extended to incorporate stochastic performance metrics such as Earnings@Risk or Embedded Value@Risk?

Leading ERM practitioners, especially in Europe, have found that the usefulness, but also the complexity and cost of risk adjusted performance metrics are determined by the desired level of granularity in reporting, and design decisions in i) risk measurement,

ii) capital measurement and, iii) financial reporting. The availability and quality of risk and financial data determine to a significant degree the level of granularity that can be built to support ERM.

In my experience, success in establishing ERM is highly dependent on the level of effort that companies devote to designing a reporting framework that the organization can understand and embrace intuitively, without having to be trained in advanced financial or risk topics. Setting out to develop the most rigorous and actuarially correct framework is likely to result in poor acceptance by operating managers.

2. Integrating ERM into daily management activities

Many senior executives recognize that establishing an ERM process is an obligation that cannot be avoided in today’s environment. They also have a strong intuitive sense that the science of risk measurement and analysis offered by the actuarial profession and other specialists in risk does not yet provide robust answers to many important questions that are asked by people who manage the operations of insurance companies day by day. Differences in perspectives between executives in the corporate center and the managers of business units hamper the effectiveness of ERM. Bridging these differences is a major challenge to the establishment of ERM. This challenge is rooted in fundamental differences in the roles and responsibilities of these actors.

Corporate center executives who operate under oversight of the Board of Directors are highly sensitive to risk concerns of shareholders. It is natural for these executives to take an aggregate view of risk, across the business portfolio. They contribute to corporate performance by  making i) strategic risk management decisions in connection with capacity deployment, reinsurance and asset allocation, ii) operational risk management decisions principally in connection with the management of shared services. Their most important risk decisions, related to capital allocation, involve significant strategic risks.

By contrast, business unit managers have a different outlook. They are typically more focused on meeting the needs of policyholders. They are more likely to view risk as stemming from products and customers.  From their point of view risk management starts with product design, underwriting and pricing decisions, control of risk accumulations and concentrations, product mix and customer mix. With regards to operational risk, their activity places them on the front line to control the “execution risks” elements of operational risk. Business unit managers tend to view requests for support of ERM as distractions from serving policyholders and accomplishing their goals. They believe that they help protect shareholders from value loss by focusing on establishing and maintaining a competitive advantage.

The CFO of a very large insurance group confided to me recently that aligning the perspectives of executives at the corporate center with that of business managers was a challenge of great importance. He expressed the view that results from risk models cannot be used simplistically and that experience and business judgment are needed to guide decisions. Caution and prudence are especially important in interpreting decision signals when model results appear unstable or when complexity makes it difficult to recognize possible biases. He had become interested in using a combination of approaches to develop reliable insights into strategy and risk dynamics in his company.  He was particularly focused on finding ways to bring these insights to bear on the daily activities of employees who manage risk accumulation, risk mitigation and risk transfer activities, on both sides of the balance sheet. In his judgment, borne out by other discussions and my experience with clients, ERM comes to life and creates value best when a top down framework initiated by senior management is embraced bottom up throughout the organization.

Consistent with these considerations, ERM appears to work best in companies in which operating managers have “bought in” ERM and embraced the perspective it provides. In many of these companies, one observes that:

  • Risk management responsibility is owned by operating managers
  • Product definitions and investment boundaries are clear and matched to explicit risk limits
  • Policies and procedures have been co-developed with operating personnel
  • Product approval and risk accumulation are subject to oversight by the central ERM unit
  • Risk and value governance are integrated through a committee with authority to adjudicate decisions about trade-offs between risks and returns
  • Compliance and exceptions are subject to review by senior management

It is important to observe that none of the considerations discussed in the two sections of this note are about the technical components of risk management. Rather, they define a context for accountability, empowerment and appropriate limitations on the activities of people who run day to day operation in insurance companies.

©Jean-Pierre Berliet

Berliet Associates, LLP

(203) 247 6448

jpberliet@att.net

Regulatory Risk Management

June 24, 2010

There are at least two fundamental problems with risk management that is driven by regulators:

  1. All risk management activities that would go beyond what the regulator requires usually cease.  Firms will not do the chaotic process of making their own decisions about how risky their activities are.  They will know because the regulator tells them.
  2. Everyone will work under the same exact view of risk measurement and risk management.  If there are flaws, those flaws will have systemic ripples.  Where the regulators set the capital requirements too high, then businesses will either cease that activity or will engage in regulatory arbitrage.  Where the regulators set the risk capital requirements too low, businesses will over leverage their risks and some businesses will participate in risks that they might not have were the risks properly assessed.

And if the regulators take the step of creating a world wide system where there is no place to go to get regulatory relief, or arbitrage of risks with excessive capital requirements, then the entire world will fall all at once when what ever risk they have set the requirement too low is over used by the firms to get the profits that they believe that they need.

So there are no happy endings for a regulatory driven risk management regime.  None unless the regulators are absolutely perfect in their work.

One of the many roots of the financial crisis was a regulatory driven risk management system used by banks, Basel 2.  The system was so wrong headed that the two largest banks that were stricken by the crisis, Bear Stearns and Lehman both were in fine health according to the Basel measures of risk taking capacity, right up until the time that they failed (or were taken over).

In the June 24, 2010 WSJ, an article entitled BP Relied on Faulty U.S. Data, it says that the regulators REQUIRED the oil drillers to use a specified model of risk of oil spill damage.  According to the article, the model set the risk very close to zero, making it not sensible to spend any money on safety of the rigs or on preparation for a spill.  So that was the way that the drillers leveraged up their risk.  By taking fewer and fewer precautions against a problem, until one did occur.  And the wrong model from the regulators resulted in the situation where none of the firms were prepared for a spill, and furthermore, it probably led to much of the complacency the immediately followed the rig exploding.

So if you find yourself in a business where the regulators are specifying the risk management floor, beware.  It is quite likely that sooner or later that floor will collapse from under all who are standing on it.

Risk Adjusted Performance Measures

June 20, 2010

By Jean-Pierre Berliet

Design weaknesses are an important source of resistance to ERM implementation. Some are subtle and thus often remain unrecognized. Seasoned business executives recognize readily, however, that decision signals from ERM can be misleading in particular situations in which these design weaknesses can have a significant impact. This generates much organizational heat and can create a highly dysfunctional decision environment.

Discussions with senior executives have suggested that decision signals from ERM would be more credible and that ERM would be a more effective management process if ERM frameworks were shown to produce credible and useful risk adjusted performance measures

Risk adjusted performance measures (RAPM) such as RAROC (Risk Adjusted Return On Capital), first developed in banking institutions, or Risk Adjusted Economic Value Added (RAEVA) have been heralded as significant breakthroughs in performance measurement for insurance companies. They were seen as offering a way for risk bearing enterprises to relate financial performance to capital consumption in relation to risks assumed and thus to value creation.

Many insurance companies have attempted to establish RAROC/RAEVA performance measurement frameworks to assess their economic performance and develop value enhancing business and risk management strategies. A number of leading companies, mostly in Europe where regulators are demanding it, have continued to invest in refining and using these frameworks. Even those that have persevered, however, understand that framework weaknesses create management challenges that cannot be ignored.

Experienced executives recognize that the attribution of capital to business units or lines provides a necessary foundation for aligning the perspectives of policyholders and shareholders.

Many company executives recognize, however, that i) risk adjusted performance measures can be highly sensitive to methodologies that determine the attribution of income and capital and ii) earnings reported for a period do not adequately represent changes in the value of insurance businesses. As a result, these senior executives believe that decision signals provided by risk adjusted performance measures need to be evaluated with great caution, lest they might mislead. Except for Return on Embedded Value measures that are comparatively more challenging to develop and validate than RAROC/RAEVA measures, risk adjusted performance measures are not typically capable of relating financial performance to return on value considerations that are of critical importance to shareholders.

To provide information that is credible and useful to management and shareholders, insurance companies need to establish risk adjusted performance measures based on:

  • A ( paid up or economic) capital attribution method, with explicit allowance for deviations in special situations, that is approved by Directors
  • Period income measures aligned with pricing and expense decisions, with explicit separation of in-force/run-off, renewals, and new business
  • Supplemental statements relating period or projected economic performance/ changes in value to the value of the underlying business.
  • Reconciliation of risk adjusted performance metrics to reported financial results under accounting principles used in their jurisdictions (GAAP, IFRS, etc.)
  • Establishment and maintenance of appropriate controls, formally certified by management, reviewed and approved by the Audit Committee of the Board of Directors.

In many instances, limitations and weaknesses in performance measures create serious differences of view between a company’s central ERM staff and business executives.

Capital attribution

(more…)

Biased Risk Decisions

June 18, 2010

The information is all there.  We have just wrapped it in so many technical terms that perhaps we forget what it is referring to.

Behavioral Finance explains exactly how people tend to make decisions without models.  They call them Biases and Heuristics.

This link is to one of my absolute favorite pages on the entire internet.  LIST OF COGNITIVE BIASES Take a look.  See if you can find the ways that you made your last 10 major business decisions there.

Now models are the quants ways to overcome these biases.  Quants believe that they can build a model that keeps the user from falling into some of the more emotional cognitive biases, such as the anchoring effect.  With a model, for example, anchoring is avoided because the modeler very carefully gives equal weight to many data points instead of more weight to the most recent data point.

But what the quants fail to recognize is that models strengthen some of the biases.  For example, models and modelers often fall under the Clustering illusion, finding patterns and attributing statistical distributions to data recording phenomena that has just finished one phase and is about to move on to another.

Models promote the hindsight bias.  No matter how surprising an event is at the time, within a few years, the data recording the impact of the event is incorporated into the data sets and the modelers henceforth give the impression that the model is now calibrated to consider just such an event.

And in the end, the model is often no more than a complicated version of the biases of the modeler, an example of the Confirmation Bias where the modeler has constructed a model that confirms their going in world view, rather than representing the actual world.

So that is the trade-off, between biased decisions with a model and biased decisions without a model.  What is a non-modeling manager to do?

I would suggest that they should go to that wikipedia page on biases and learn about their own biases and also sit down with that list with their modeler and get the modeler to reveal their biases as well.

Fortunately or unfortunately, things in most financial firms are very complicated.  It is almost impossible to get it right balancing all of the moving parts that make up the entirety of most firms without the help of a model.  But if the decision maker understands their own biases as well as the biases of the model, perhaps they can avoid more of them.

Finally, Jos Berkemeijer asks what must a modeler know if they are also the decision maker.  I would suggest that such a person needs desperately to understand their own biases.  They can get a little insight into this from traditional peer review.  But I would suggest even more than that they need to review the wiki list of biases with their peer reviewer and hope that the peer reviewer feels secure enough to be honest with them.

Risk Velocity

June 17, 2010

By Chris Mandel

Understand the probability of loss, adjusted for the severity of its impact, and you have a sure-fire method for measuring risk.

Sounds familiar and seems on point; but is it? This actuarial construct is useful and adds to our understanding of many types of risk. But if we had these estimates down pat, then how do we explain the financial crisis and its devastating results? The consequences of this failure have been overwhelming.

Enter “risk velocity,” or how quickly risks create loss events. Another way to think about the concept is in terms of “time to impact” a military phrase, a perspective that implies proactively assessing when the objective will be achieved. While relatively new in the risk expert forums I read, I would suggest this is a valuable concept to understand and more so to apply.

It is well and good to know how likely it is that a risk will manifest into a loss. Better yet to understand what the loss will be if it manifests. But perhaps the best way to generate a more comprehensive assessment of risk is to estimate how much time there may be to prepare a response or make some other risk treatment decision about an exposure. This allows you to prioritize more rapidly, developing exposures for action. Dynamic action is at the heart of robust risk management.

After all, expending all of your limited resources on identification and assessment really doesn’t buy you much but awareness. In fact awareness, from a legal perspective, creates another element of risk, one that can be quite costly if reasonable action is not taken in a timely manner. Not every exposure will result in this incremental risk, but a surprising number do.

Right now, there’s a substantial number of actors in the financial services sector who wish they’d understood risk velocity and taken some form of prudent action that could have perhaps altered the course of loss events as they came home to roost; if only.

More at Risk and Insurance

Winners and Losers

June 14, 2010

Sometimes quants who get involved with building new economic capital models have the opinion that their work will reveal the truth about the risks of the group and that the best approach is to just let the truth be told and let the chips fall where they may.

Then they are completely surprised that their project has enemies within management.  And that those enemies are actively at work undermining the credibility of the model.  Eventually, the modelers are faced with a choice of adjusting the model assumptions to suit those enemies or having the entire project discarded because it has failed to get the confidence of management.

But that situation is actually totally predictable.

That is because it is almost a sure thing that the first comprehensive and consistent look at the group’s risks will reveal winners and losers.  And if this really is a new way of approaching things, one or more of the losers will come as a complete surprise to many.

The easiest path for the managers of the new loser business is to undermine the model.  And it is completely natural to find that they will usually be completely skeptical of this new model that makes their business look bad.  It is quite likely that they do not think that their business takes too much risk or has too little profits in comparison to their risk.

In the most primitive basis, I saw this first in the late 1970’s when the life insurer where I worked shifted from a risk approach that allocated all capital in proportion to reserves to one that recognized the insurance risk as well as the investment risk as two separate factors.  The term insurance products suddenly were found to be drastically underpriced.  Of course, the product manager of that product was an instant enemy of the new approach and was able to find many reasons why capital shouldn’t be allocated to insurance risk.

The same sorts of issues had been experienced by firms when they first adopted nat cat models and shifted from a volatility risk focus to a ruin risk focus.

What needs to be done to diffuse these sorts of issues, is that steps must be taken to separate the message from the messenger.  There are 2 main ways to accomplish this:

  1. The message about the new level of risks needs to be delivered long before the model is completed.  This cannot wait until the model is available and the exact values are completely known.  Management should be exposed to broad approximations of the findings of the model at the earliest possible date.  And the rationale for the levels of the risk needs to be revealed and discussed and agreed long before the model is completed.
  2. Once the broad levels of the risk  are accepted and the problem areas are known, a realistic period of time should be identified for resolving these newly identified problems.   And appropriate resources allocated to developing the solution.  Too often the reaction is to keep doing business and avoid attempting a solution.

That way, the model can take its rightful place as a bringer of light to the risk situation, rather than the enemy of one or more businesses.

Managing Operational Risk

June 13, 2010

By Jean-Pierre Berliet

Discussions with senior executives have suggested that decision signals from ERM would be more credible and that ERM would be a more effective management process if ERM were shown to support management of operational risk

Operational risk comprises two different types of risks: execution risk and strategic risk.

These two categories of operational risk are important to policyholders and shareholders because they can reduce both the insurance strength and the value of insurance companies.

Strategic risk stems from external changes that can undermine the profitability and growth expectations of a company’s business model and strategy, and therefore have a significant impact on its value. Execution risk originates in internal failures to manage the operations of a company competently, with the needed level of foresight, prudence, risk awareness, and preparedness. Execution and strategic risks impact insurance companies differently and, as a result, call for distinct mitigation strategies.

Execution risks

Although financial risks are the primary determinant of the volatility of financial results of insurance companies, execution risks can also cause material adverse deviations from expected financial results

Execution risks include, for example,   economic losses resulting from i) delays in alleviating adverse consequences of changes in the volume of activity (mismanagement), ii) events that can interrupt business operations whether man made or natural (lack of preparedness), and iii) failures in controls that cause economic losses, create liabilities or damage the company’s reputation (market conduct, regulatory compliance, bad faith in claim management, fraud, IT security, etc..).

Execution risks reduce current financial performance and company valuation. Company valuation is reduced because i) investors often view negative earnings  deviations as predictors of future decline in profitability and ii) performance volatility can derail the execution of a company’s growth strategy

Execution risks are relatively easy to identify, if not to mitigate for company management. Although stochastic modeling tools and event databases could be used to simulate the impact of execution risks on financial performance, and fine tune mitigation strategies, undertaking such modeling is very costly, and may be of limited value. Company management has fiduciary obligations to set in place processes designed to avoid executions risks, establish post event recovery procedures, and to ensure compliance.

Both policyholders and shareholders need to note that

  • Execution risks can impact financial performance significantly in the year or period of occurrence but may have a more or less pronounced impact on performance in subsequent periods and company valuation, depending on the availability of recovery strategies and the preparedness of a company.
  • The impact of execution risks on a company’s market value can be derived from estimated adjustments to free cash flow projections.  This is particularly significant in connection with risk events that erode a company’s competitive advantage or damage its reputation. Such events can reduce the market value of a company significantly by reducing its volume of business or its pricing flexibility.

Management processes and management action, not capital, are the natural remedy for execution risks. Board of Directors or Audit Committees of such boards have become increasingly involved in exercising oversight of execution risks and their management by operating executives.

Strategic Risks

Strategic risks can undermine the economic viability of the business model and future financial performance of insurance companies. They can have a significant adverse effect on i) a company’s insurance ratings and the credit worthiness of its debt and ii) its market capitalization. Strategic risks can cause otherwise solvent companies to lose a substantial share of their market value in a short time, provoke legal action by disgruntled shareholders, inflict serious economic losses to Directors, senior executives and other employees, and induce potential raiders to attempt a take over.

Strategic risks are also very important to policyholders, (especially those who have bought protection against slowly emerging liabilities or policies that provide indemnification benefits in the form of annuity payments), because strategic risks that undermine the ability of companies to earn formerly expected returns also reduce the credit worthiness of these companies. Strategic risks stem from external changes in the regulations, institutional arrangements, competition, technology or demand that can erode the competitive advantage of an insurance company and its ability to operate credibly and profitably as a going concern in the future.

Strategic risks do not receive as much attention as they should because they are difficult to identify and assess, and are often viewed as “uncontrollable”. At any point in time, it can be very difficult to assess whether a quantum change in any element of strategic risks is close to happening. When such a change occurs, however, its impact on future performance can cause a swift decline in the market values of a company.

To identify and manage strategic risks, companies need to:

  • Conduct and challenge a periodic defensibility analysis of their business model and competitive advantage
  • Monitor market developments for emerging trends with potential adverse effects (loss of business to competitors, emergence of new risk transfer technologies or product innovations, regulatory developments, etc.)
  • Develop appropriate responses to adverse developments through adjustment in capabilities, redeployment of capacity, change in composition and level of service provided, industry level lobbying of lawmakers and regulators, sponsorship of and participation in industry associations, etc…
  • Communicate reasons for and objectives of needed changes to both customers and shareholders.
  • Integrate the planned strategic response into action plans, budgets and objectives of business units

Insurance companies need to include in ERM a process that provides consistent and updateable insights into strategic risks to which they are exposed. Because the insurance industry has been highly regulated, many insurance companies have not developed deep strategy development and assessment skills. It will be a challenge at first for such companies to establish strategic risk assessment frameworks powerful enough to yield robust insights but simple enough to be user friendly.

A number of companies that have already implemented comprehensive  frameworks to manage financial risks have begun addressing operational risks more formally. They believe that the introduction in operations management of specific risk management control components will create value by:

  • Enhancing the level and the stability of their financial results
  • Reducing the probability of serious value losses caused execution risks and strategic risks.

The establishment of operational effective risk management frameworks and processes within ERM is of critical importance to all constituents of insurance companies.

©Jean-Pierre Berliet

Berliet Associates, LLP

(203) 247 6448

jpberliet@att.net

May 22, 2010

ERM Books

June 11, 2010

There is a web resource for people looking for books and articles and papers to read (or assign to their students to read) about ERM.

ERMbooks@wordpress.com

There you will find information regarding over 30 sources for ERM reading and learning along with several lists of additional books and articles that were borrowed from several sources.

Please feel free to leave your comments about how helpful you found any of these books and papers.  Also, if there is a good resource missing, please leave information in a comment and it will soon be added.

Any volunteers who are willing to add to the posts to include all of the ERM sources that are being used for ERM education would be welcomed.

Not Complex Enough

June 10, 2010

Things changed and the models did not adapt.  But I am saying that is mostly because the models had no place to put the information.

With 20-20 hindsight, perhaps the models would have been better if instead of boiling everyone in one pot, you separated out folks into 5 or 10 pots.  Put the flippers into a separate pot.  Put the doctors into another pot.  (Did folks really believe that the no doc mortgages represented 10 times as many doctors than previously).  What about the no doc loans to contractors?  Wasn’t there a double risk there?  Put the people with LTV>100% in another pot.  Then model your 20% drop in prices.

And there was also no model of what the real estate market would do if there were 500,000 more houses than buyers.  Or any attempt to understand whether there were too many houses or not.

And the whole financial modeling framework has never had the ability to reflect the spirals that happen.

The models are just not complex enough for the world we live in.

Many are taught to look at a picture like the view above of the situation in Afghanistan and immediately demand that the picture be simplified.  To immediately conclude that if we draw a picture that complicated then it MUST be because we do not really understand the situation.  However, complexity like the above may be a sign that the situation is really being understood and that the model might just be complex enough to work as things change.

The idea that we will change the world so that the models work is tragically wrong headed.   But that is exactly the thinking that is behind most of the attempts at “reforming” the financial markets.  The thinking is that our models accurately describe the world when it is “normal” and that when our models are wrong it is because the world is “abnormal”.  So the conclusion is that we should be trying to keep the world in the normal range.

But the way that our models always fail is when the world makes a change, a non-linearity in the terminology of modelers.  The oft used analogy is the non-linearity that ruined the businesses of the buggy whip manufacturers.  They had a great model of demand for their product that showed how there was more demand every spring so that they put on extra shifts in the winter and rolled out the new models every April.

Then one April, the bottom fell out of their market.  That was because not only did those pesky horseless carriages cut into their businesses, but the very folks who bought the cars were the people who were always sure sales for new buggy whips each and every year.  That early adopter set who just had to have the latest model of buggy whip.

So we must recognize that these troubling times when the models do not work are frequently because the world is fundamentally changing and the models were simply not complex enough to capture the non-linearities.

Radical Collaboration

June 8, 2010

There are situations that require collaboration if they are going to be resolved in a manner that produces the largest combined benefit or the smallest combined loss.  This is not the “greatest good for the greatest number” objective of socialism – it is simple efficiency.  Collaborative results can be greater than competitive results.  It is the reason that a sports team where everyone is playing the same strategy does better than the team where each individual seeks to do their personal best regardless of what everyone else is doing.

There are also situations where the application of individual and separate and uncoordinated actions will result in a sub optimal conclusion and where the famous Invisible Hand points in the wrong direction.

You see, the reason why the Invisible Hand ever works is because by the creative destruction of wrong turns, the individual actions find a good way to proceed and eventually all resources are marshaled in following that optimal way of proceeding.  But for the Invisible Hand to be efficient, the destruction part of creative destruction needs to be small relative to the creative part.  For the Collaborative effort to be efficient, the collaboration needs to result in selection of an efficient approach without the need for destruction through a collaborative decision making process.  For the Collaborative effort to be necessary, the total cost of the risk management effort needs to exceed the amount that single firms could afford.

Remember the story of the Iliad. It is the story of armies that worked entirely on the Invisible Hand principle. Each warrior decided on his own what he would do, how and when he would fight.  It was the age of Heroes.

The stories of the success of Alexander and later the Roman armies was the success of an army that was collaborative.  The age of Heroes was over.   The efficiencies of the individual Heroes each finding their own best strategy and tactics was found to be inferior to the collaborative efforts of a group of soldiers who were all using the same strategy and tactics in coordination.

There are many situations in risk management were some sort of collaboration needs to be considered.

The Gulf Oil leak situation seems like it might be one of those.  BP is now admitting that it did not have the resources available or even the expertise to do what needs to be done.  And perhaps, this leak is a situation where the collective cost of their failure is much higher than society’s tolerance for this sort of loss.  But the frequency of this sort of problem has to date been so very low that having BP provide those capabilities may not have made economic sense.

However, there are hundreds of wells in the Gulf.  With clear hindsight, the cost of developing and maintaining the capacity to deal with this sort of emergency could have been borne jointly by all of the drillers in the Gulf.

There are many situations in risk management where collaboration would produce much better results than separate actions.  Mostly in cases where a common threat faces many where to overcome the threat would take more resources than any one could muster.

Remember the situation with LTCM?  No one bank could have helped LTCM alone, they would have gone down with LTCM.  But by the forced collaborative action, a large group of banks were able to keep the situation from generating large losses.  Now this action rankles many free marketeers, but it is exactly the sort of Radical Collaboration that I am talking about.  It did not involve any direct government funding.  It used the balance sheets of the group of banks to stabilize the situation and allow for an orderly disposition of LTCMs positions.  In the end, I beleive that it was reported that the banks did not end up taking a loss either.  (That was mostly an artifact of depressed market prices at the time of the rescue, I would guess.)

The exact same sort of thinking does NOT seem to have been tried with Lehman.  If Paulson could not find a single firm to rescue Lehman, he was not going to do anything.  But looking back and remembering LTCM, Paulson could have arranged an LTCM style rescue for Lehman.  In hindsight, that, even with government guarantees to sweeten the pot would have been better then the financial carnage that ensued.

Perhaps Paulson was one of the free marketeers that hated the LTCM “bailout”.  But in the end, he trampled the free market much worse than his predecessors did with LTCM when he bailed out AIG without even giving any thought to terms of the bailout.

Collaboration might have seemed radical to Paulson.  But it is sometimes needed for risk management.

Uncertain Decisions

June 7, 2010

There have been many definitions of ERM.  Most suffer from the “too many words” syndrome.  They are too long, making it likely that a casual reader will suffer reading fatigue before completing and therefore will decide that the topic is too complicated to be useful.

Here is a try at a very crisp definition:

ERM is a system for enhancing decision making under uncertainty that requires consideration of ALL of the risks of the enterprise.

And also for plain “Risk Management”

Risk Management is a system for enhancing decision making under uncertainty that focuses on risks as well as returns.

Fundamentally linking ERM and Risk Management to decision making is important, vitally important.  Otherwise funders of ERM programs will be quickly disenchanted with the expensive staffs and systems needed to support a Risk Management Entertainment System.

All ERM and Risk Management activities should be judged in terms of how well they support important decisions.

The important decisions that can be supported by ERM and Risk Management are many. Primary among them are:

  1. How much risk should the company take?
  2. How best to transition from the risk level that the company is taking to the risk level that the company should be taking?
  3. How to assure that the company takes no more risk than it should take?
  4. Which Risks should the company take?
  5. How best to transition from the risks that the company is taking to the risks that the company should be taking?
  6. How to manage the likelihood that the company will fall short of its earnings targets?

If a firm already has complete processes in place to make all of those decisions, then it already has ERM.  With the rising calls for ERM from regulators, rating agencies and boards, those firms will need to make sure that they can fully articulate the processes that they use to make those decisions.

If, on the other hand, a firm generally makes one or several of those decisions by default, as a fallout from other decisions or on a totally flexible basis as it happens in response to various market forces or on a purely momentum based process that ultimately relies upon some past decisions that may or may not have been made with any concern for risk; then future development of ERM could be vitally important.

The support that ERM provides to all of these decisions is of the nature of an eyes open approach to risk.  This general theme is perhaps the reason why ERM often seems to be a massive management information exercize.

But management information about risk is the means to supporting risk focused decision making, not the ends.

Reconciling Risk Concerns

June 6, 2010

From Jean-Pierre Berliet

Discussions with senior executives have suggested that decision signals from ERM would be more credible and that ERM would be a more effective management process if ERM were shown to reconcile the risk concerns of policyholders and shareholders.

Creditors, including policyholders, and rating agencies or regulators whose mission it is to protect creditors, and shareholders are all interested in the financial health of an insurer, but in different ways. Creditors want to be assured that an insurance company will be able to honor its obligations fully and in a timely manner. For creditors, the main risk question is: what is the risk of the business? This is another way to ask whether the company will remain solvent.

Shareholders, however, are interested in the value of the business as a going concern, in how much this value might increase and by how much it might decline. For shareholders, the main risk question is: what is the risk to the business? Shareholders are interested in what ERM can do to increase and protect the value of their investment in a company. While both creditors and shareholders are interested in the tail of the distribution of financial results, as an indicator of solvency risk, shareholders are also very interested in the mean of these financial results and their volatility, which could have an adverse impact on the value of their investment.

Policyholders and shareholders’ views are different but not incompatible: a company could not stay in business if it were not able to persuade regulators that it will remain solvent and should be allowed to keep its license, or obtain from rating agencies a rating suitable for the business it writes.  Its value to investors would be significantly impaired..

Insurers recognize that the main drivers of their risk profile are financial risks, including insurance risk accumulations and concentrations, and the related market risk associated with their investment activities. They understand that resulting risks are best controlled at the point of origination through appropriate controls on underwriting and pricing and through reinsurance and asset allocation strategies that limit the volatility of financial outcomes. Stochastic modeling is being used more broadly by companies to understand how such risks accumulate, interact and develop over time and to evaluate strategies that enhance the stability of outcomes. Capital adequacy is the ultimate defense against severe risk “surprises” from insurance and investment activities. It is of interest to policyholders who want to be certain to collect on their claims, but also to shareholders who want assurance that a company can be viewed as a going concern that will write profitable business in the future.

Methodologies used by rating agencies on behalf of creditors describe in detail how the rating process deals with the three main drivers of a company’s financial position and of the volatility (risk) of this position. In response to rating agency concerns, insurance companies focus on determining how much “economic capital” they need to remain solvent, as a first step toward demonstrating the adequacy of their capital. Analyses they perform involve calculation of the losses they can suffer under scenarios that combine the impact of all the risks to which they are exposed. This “total risk” approach and the related focus on extreme loss scenarios (“high severity/low frequency” scenarios) are central to addressing creditors’ concerns.

To address the solvency concerns of creditors, rating agencies and regulators and the value risk of shareholders, insurance companies need to know their complete risk profile and to develop separate risk metrics for each group of constituents. Knowledge of this risk profile enables them to identify the distinct risk management strategies that they need to maintain high ratings while also protecting the value of their shareholders’ investment. Leading ERM companies have become well aware of this requirement and no longer focus solely on tail scenarios to develop their risk management strategies.

(more…)

The Most Successful Financial System the World has Ever Known

June 2, 2010

Chris Whalen in his June 1 Commentary for RiskCenter reproduces an excerpt from a piece by Peter Wallison.  In that, Peter makes the statement that

“the United States is well on its way to taking down the most innovative and successful financial system the world has ever known.”

And I want to react to the conclusion that he starts with that the financial system is “the most successful”. 

There are two issues that I have with that conclusion. 

  1. The main evidence of success of the financial system is that it has been successful in collecting a major share of the US economy’s profits.  In 1980, the share of the financial sector of total US corporate profits was under 10%.  In the 30 years before that time, the sector had averaged about 12% of profits.  From 1980 to 2006, the financial sector was extremely succesful.  Its share of total US profits grew to over 40%.  A more than four fold leap in share. 
  2. The destruction of value in 2008 in both the financial sector and in the “real economy” was enormous.  In the financial sector, that destruction amounted to over 10 years of profits. 

So first I would question whether the “success” of the financial sector is first of all real?  Shouldn’t we take into account both the losses and the gains when determining success? 

And second, I would question whether even just looking at the “up side” experiences prior to the financial crisis, whether the financial sector success was of any benefit to the economy as a whole, or just to the bankers.  (and many have commented that the bankers did much better than the owners of banks, since the owners had both upside and downside exposures, while the bankers had mostly upside exposures.)

When we decide what sort of regulations that should be applied to the banks, we have concentrated upon the second item above.  The bankers have been concentrating on the first item.  They want to make sure that a system is maintained where their ability to take profits is not constrained by our attempts to limit the possibilities of the second situation reoccurring. 

But I would suggest that in the regulatory discussion, we ought to be thinking about the first situation as well.  Is it possible to run a healthy economy while the bankers are taking over 40% of the profits?  Unless we know the answer to that, we do not know whether we ought to be encouraging the bankers to shoot for 60% of profits or limiting them somehow to under 20% (the pre-1990 maximum level). 

This question is the elephant in the room that is motivating the bankers and that is funding their enormous contributions to politicians.  And the recent Supreme Court decision that allows unlimited political contributions from corporations makes that a much more important question to the politicians than ever before.

The Elephant in the Room

Common Terms for Severity

June 1, 2010

In the US, firms are required to disclose their risks.  This has led to an exercize that is particularly useless.  Firms obviously spend very little time on what they publish under this part of their financial statement.  Most firms seem to be using boilerplate language and a list of risks that is as long as possible.  It is clearly a totally compliance based CYA activity.  The only way that a firm could “lose” under this system is if they fail to disclose something that later creates a major loss.  So best to mention everything under the sun.  But when you look across a sector at these lists, you find a startling degree to which the risks actually differ.  That is because there is absolutely no standard that is applied to tell what is a risk and if something is a risk, how significant is it.  The idea of risk severity is totally missing.  

Bread Box

 

What would help would be a common set of terms for Severity of losses from risks.  Here is a suggestion of a scale for discussing loss severity for an individual firm: 

  1. A Loss that is a threat to earnings.  This level of risk could result in a loss that would seriously impair or eliminate earnings. 
  2. A Loss that could result in a significant reduction to capital.  This level of risk would result in a loss that would eliminate earnings and in addition eat into capital, reducing it by 10% to 20%
  3. A Loss that could result in severe reduction of business activity.  For insurers, this would be called “Going into Run-off”.  It means that the firm is not insolvent, but it is unable to continue doing new business.  This state often lasts for several years as old liabilities of the insurer are slowly paid of as they become due.  Usually the firm in this state has some capital, but not enough to make any customers comfortable trusting them for future risks. 
  4. A Loss that would result in the insolvency of the firm. 

Then in addition, for an entire sector or sub sector of firms: 

  1. Losses that significantly reduce earnings of the sector.  A few firms might have capital reductions.
  2. Losses that significantly impair capital for the sector.  A few firms might be run out of business from these losses.
  3. Losses that could cause a significant number of firms in the sector to be run out of business.  The remainder of the sector still has capacity to pick up the business of the firms that go into run-off.  A few firms might be insolvent. 
  4. Losses that are large enough that the sector no longer has the capacity to do the business that it had been doing.  There is a forced reduction in activity in the sector until capacity can be replaced, either internally or from outside funds.  A large number of firms are either insolvent or will need to go into run-off. 

These can be referred to as Class 1, Class 2, Class 3, Class 4 risks for a firm or for a sector.  

Class 3 and Class 4 Sector risks are Systemic Risks.  

Care should be taken to make sure that everyone understands that risk drivers such as equity markets, or CDS can possibly produce Class 1, Class 2, Class 3 or Class 4 losses for a firm or for a sector in a severe enough scenario.  There is no such thing as classifying a risk as always falling into one Class.  However, it is possible that at a point in time, a risk may be small enough that it cannot produce a loss that is more than a Class 1 event.  

For example, at a point in time (perhaps 2001), US sub prime mortgages were not a large enough class to rise above a Class 1 loss for any firms except those whose sole business was in that area.  By 2007, Sub Prime mortgage exposure was large enough that Class 4 losses were created for the banking sector.  

Looking at Sub Prime mortgage exposure in 2006, a bank should have been able to determine that sub primes could create a Class 1, Class 2, Class 3 or even Class 4 loss in the future.  The banks could have determined the situations that would have led to losses in each Class for their firm and determined the likelihood of each situation, as well as the degree of preparation needed for the situation.  This activity would have shown the startling growth of the sub prime mortgage exposure from a Class 1 to a Class 2 through Class 3 to Class 4 in a very short time period.  

Similarly, the prudential regulators could theoretically have done the same activity at the sector level.  Only in theory, because the banking regulators do not at this time collect the information needed to do such an exercize.  There is a proposal that is part of the financial regulation legislation to collect such information.  See CE_NIF.


%d bloggers like this: