Archive for September 2010

A Posteriori Creation

September 29, 2010

The hunters had come back to the village empty handed after a particularly difficult day. They talked through the evening around the fire about what had happened. They needed to make sense out of their experience, so that they could go back out tomorrow and feel that they knew how the world worked well enough to risk another hunt. This day, they were able to convince themselves that what had happened was similar to another day many years ago and that it was an unusually bad day, but driven by natural forces that they could expect and plan for in the future.

Other days, they could not reconcile an unusually bad day and they attributed their experience to the wrath of one or another of their gods.

Risk managers still do the same thing.  They have given this process a fancy name, Bayesian inference.  The very bad days, we now call Black Swans instead of an act of the gods.

Where we have truly advanced is in our ability to claim that we can reverse this process.  We claim that we can create the stories in advance of the experience and thereby provide better protection.

But we fail to realize that underneath, we are still those hunters.  We tell the stories to make ourselves feel better, to feel safe enough to go back out the next day.  Once we have gone through the process of a posteriori creation of the framework, the past events fit neatly into a framework that did not really exist when those same events were in the future.

If you do not believe that, think about how many risk models have had to be significantly recalibrated in the last 10 years.

To correct for this, we need to go against 10,000 or more years of human experience.  The correction can be summed up with the line from the movie The Fly,

Be afraid.  Be very afraid.

There is another answer.  That answer is

Be smart.  Be very smart.

That is because it is not always the best or even a very good strategy to be very afraid.  Only sometimes.  So you need to become smart enough to:

  1. Know when it is really important to mistrust the models and to be very afraid
  2. Have built up the credibility and trust so that you are not ignored.

While you are doing that,be careful with the a posteriori creations.  The better people get with explaining away the bad days, the harder it will be for you to convince them that a really bad day is at hand.

Advertisements

Why Successful Forecasts are not an indicator of good Risk Management

September 24, 2010
from Adventures in probability, market forecasting edition

Read the post at http://blogs.reuters.com/felix-salmon/2010/09/20/adventures-in-probability-market-forecasting-edition/

Thanks to Evan.

Changing Your Attitude

September 23, 2010

Discipline has been touted as one of the most important things that is needed for risk management to be effective.

But in fact the world keeps changing.  The definition of Discipline needs to change with the world.  Otherwise, you will find your risk management discipline  insufficient or too restrictive.

On a recent PRMIA web seminar, I asked the approximately 100 listeners…

How many times has your firm’s risk attitude changed between 2006 and now?

And got these answers:

    • 0 – 20%
    • 1 – 31%
    • 2 – 34%
    • 3 or more – 16%

So 80% of the firms changed their view of the level of riskiness in the world.

Hopefully for the career success of the CROs of those firms, they did not maintain a steady discipline during those years.

It is not poor discipline, it is good realism to change your risk management program as times change.

Increasing the Valuation of P/C Insurance Companies

September 19, 2010

From JP Berliet

The financial crisis demonstrated that risk management had not been working effectively in many insurance companies. As a result, investors lost confidence and reduced their exposure to the industry, thereby causing valuations of companies to decline more than market averages and their cost of capital to increase.

In addition, continuing weakness in the economic environment have been exacerbating pressures on premium rates and competition in most lines. These factors are leading investors to expect that the financial performance of many companies is unlikely to improve in the short term or might even decline, thereby generating additional pressures on valuations. At present, insurance companies thus face a double challenge to:

  • Identify and pursue opportunities to enhance their intrinsic value by increasing profitability and growth
  • Restore the confidence of investors, to reduce their cost of capital and convert financial results into higher company valuations.

The “Risk Management and Business Strategy in P/C Insurance Companies” briefing paper outlines an approach that insurance companies can use to meet this double challenge.

To enhance their intrinsic values, insurance companies need to develop sharper risk insights that they can use to:

  • Achieve loss costs and earnings volatility advantages relative to their competitors
  • Reduce both the amount and the cost of the capital they require
  • Identify and pursue opportunities to grow profitably.

Success in these areas is unlikely to be sufficient, however, to restore investors’ confidence in companies in which governance and management process weaknesses cause investors to discount expected financial results more heavily. The briefing paper implies that the crisis caused the valuation of many companies to suffer from such discounts, including:

  • Governance discounts reflecting imbalance in addressing solvency risk concerns of customers, creditors and regulators relative to value risk concerns of shareholders
  • Credibility discounts resulting from misalignment of companies’ risk management and business management processes and strategies
  • Resilience discounts due to the opaqueness of financial statements and business strategies, which prevent investors to assess a company’s risk of financial distress.

To reduce governance, credibility and resilience discounts imposed by investors, insurance companies need to restore investors’ confidence by remedying underlying weaknesses in their risk and value management frameworks.

The following sections suggest how insurance companies should go about this as well as enhancing their intrinsic value, thereby creating for shareholders value enhancements that compound each other.

Increasing intrinsic value

Insurance companies can use data about risk exposures and analytics to develop and implement underwriting, pricing, claim settlement and renewal strategies that provide an economic advantage relative to competitors and increase their intrinsic value by:

  • Achieving favorable risk selection, i.e. building portfolios with lower expected losses and lower loss volatility
  • Reducing the capital required to support risk assumption activities
  • Lowering their cost of capital.

Since risk insights are not directly observable, they cannot be easily duplicated by competitors and can provide a more sustainable competitive advantage than improvements in products or service that can be readily emulated. Risk insights can help companies achieve margin increases that increase their intrinsic value. However, strategies that increase financial performance and intrinsic value will not necessarily increase company valuations and realized returns for shareholders. For valuations and realized returns to increase, intrinsic value enhancements need to be seen by investors as consistent with their investment objectives and risk tolerance.

Establishment and maintenance of the risk data infrastructure, analytical tools, decisions rules and reporting mechanisms required for companies to compete on analytics is arduous, slow and costly, but can lead to value creation breakthrough and opportunities for continuing growth. Conversely, companies that do not set out on this path should expect to be trapped in strategic stalemates and to experience declining financial performance. There are few less stark choices for Management and Board of Directors to contemplate.

Reducing governance discounts

Shareholders of insurance companies lost billions of dollars in value as a result of the financial crisis. They doubt that risk management fixes and tightening of prudential regulations can address their concerns about risks to the value of their investment in insurance companies. From their point of view, these fixes and tighter regulations appear to be designed to address risks of insurance businesses that can cause insolvency and are of primary concerns to customers, other creditors and regulators.

Investors believe that many of the weaknesses in risk governance frameworks and risk management revealed by the crisis result from:

  • Failure effectively to manage differences in risk concerns of shareholders and other stakeholders
  • Misalignment of risk tolerances, risk policies, risk limits and risk management strategies
  • Management By Objectives frameworks, policies and processes that rest on aggressive, but inappropriate, performance targets and generate moral hazard.

Investors readily conclude that these weaknesses are likely to continue to hamper the financial performance of many insurance companies and that they need to impose a “risk governance” penalty on companies’ results and prospects when assessing their value.

Even though the existence and magnitude of this risk governance discount have not been formally confirmed by research, observations of investors’ response to the crisis suggest that this discount has been contributing significantly to the relative decline in the valuation of insurance companies. The associated valuation penalty should not be expected to decrease until risk management becomes demonstrably more central to strategy development and execution and is seen to address value risk concerns of shareholders more effectively.

In companies where risk management has been a peripheral, compliance driven activity, the needed change in perspective and management processes will be challenging.

Reducing credibility discounts

The crisis demonstrated that there were significant disconnects between insurance companies’ risk assessment capabilities and their business decisions. It revealed that, in many if not even most companies, risk management frameworks:

  • Focus predominantly on financial risks and the resulting solvency risk concerns of customers, rating agencies and regulators, customarily over a one year horizon
  • Are designed to assess and ensure a company’s capital adequacy but not to help manage its cost of capital
  • Are not capable of integrating the impact of operational risks and strategic risks that can expose shareholders to significant losses in the value of their holdings
  • Assume that companies can raise funds in the capital market as needed to support their ratings and continue writing business on competitive terms
  • Understate the amount of capital required to support a company’s value as a going concern
  • Ignore systemic risk.

Investors understand that these weaknesses of risk and management frameworks prevent insurance companies to meet the risk tolerance concerns of their stakeholders, especially shareholders. They have lost confidence and have been adding a significant penalty, in the form of an implicit “credibility discount” to the terms on which they now make capital available to companies.

Insurance companies need to address each of the weaknesses identified above. It will take some time, probably years, for companies to demonstrate that the required framework and process enhancements improve risk and business management decisions, consistently. Insurance companies that do will benefit from a reduction of their credibility discount that will enhance their valuation.

Reducing resilience discounts

Companies that need to raise capital during a financial crisis can suffer crippling losses in value through dilution of shareholders interests and can become vulnerable as acquisition targets. Companies can rapidly lose their ability to control their destiny, especially if and when investors lose confidence and impose a “resilience discount” on their valuations. Companies are not defenseless, however, because they can bolster their inherent resilience in anticipation of potential crises by:

  • Maintaining enough capital to remain solvent and protect their ratings under conceivable stress scenarios, at a high confidence level. Ideally, they should ensure that their capital is large enough to provide i) a buffer against the incidence of risks that are difficult to measure or unknown and ii) a strategic reserve to take advantage of unforeseen opportunities (e.g. acquisitions)
  • Achieving a high valuation and a sustained record of meeting shareholders’ return expectations. This creates a virtuous circle in which a higher valuation earned as a reward for good financial performance mitigates the resilience discount, thereby increasing valuation further. Companies with a sustained record of good performance have the credibility needed to raise capital on acceptable terms when markets recover. Meanwhile, companies without such a record and credibility may not be able to do so or may have to accept more onerous terms.

It is thus important for an insurance company to:

  • Demonstrate that it can be relied on to achieve shareholders’ earnings expectations, while also meeting their earnings volatility constraint
  • Increase the transparency of its risk, capital and strategy decisions.

Doing so will help an insurance company persuade investors that it is resilient and, over time, reduce its resilience discount.

Conclusion

Although risk is the primary driver of value creation in insurance businesses, risk can also destroy value. Ideally, management must balance these opposing effects of risk.

The “Risk Management and Business Strategy” briefing lays out how a company should accomplish a desirable balance between risk and return by:

  • Focusing its risk governance framework and risk management processes on meeting both the solvency risk concerns of customers, creditors, rating agencies and regulators as well as the critical value risk concerns of shareholders
  • Using analytics to develop tools that lead to sharper risk insights, tighter alignment of risk and business decisions and strategies that increase its financial performance and valuation.

In the aftermath of the crisis, however, insurance companies are facing skeptical investors, many of whom have lost confidence in the industry. To overcome this skepticism and get the full valuation benefit from strategies that increase their intrinsic value, insurance companies need to:

  • Meet shareholders’ return expectations and risk tolerance constraints consistently, by utilizing risk insights from well developed risk management frameworks and processes that can integrate Enterprise Risk Management and Value Based Management more tightly
  • Correct weaknesses in governance frameworks, management processes and capabilities that are perceived as creating risks for investors.

Insurance companies can regain investors’ confidence, and might shorten the time needed to do so by using the framework presented in the briefing to develop their priorities and action plan. Once progress is demonstrated, reductions in investors’ discounts will increase the companies’ valuation multiples and compound returns from enhancements in intrinsic value for shareholders.

Jean-Pierre Berliet

(203) 247-6448

jpberliet@att.net

Risk Managers do not know the Future any Better than Anyone Else

September 17, 2010

Criticisms of risk managers for not anticipating some emerging future are overdone.  When a major unexpected loss happens, everyone missed it.

Risk managers do not have any special magic ball.  The future is just as dim to us as to everyone else.

Sometimes we forget that.  Our methods seem to be peering into the future.

But that is not really correct.  We are not looking into the future.  Not only do we not know the future, we do not even know the likelihood of various future possibilities, the probability distribution of the future.

That does not make our work a waste of time.  However.

What we should be doing with our models is to write down clearly that view of the future that we use to base our decisions upon.

You see, everyone who makes a decision must have a picture of the future possibilities that they are using to weigh the possibilities and make that decision.  Most people cannot necessarily articulate that picture with any specificity.  Management teams try to make sure that they are all working with similar visions of the future so that the sum of all their decisions makes sense together.

But one of the innovations of the new risk management discipline is to provide a very detailed exposition of that picture of the future.

Unfortunately, many risk managers are caught up in the mechanics of creating the model and they fail to recognize the extreme importance of this aspect of their work.  Risk Managers need to make sure that the future that is in their model IS the future that management wants to use to base their decisions upon.  The Risk Manager needs to understand whether he/she is the leader or the follower in the process of identifying that future vision.

If the leader, then there needs to be an explicit discussion where the other top managers affirm that they agree with the future suggested by the Risk Manager.

If the follower, then the risk manager will first need to say back to the rest of management what they are hearing to make sure that they are all on the same page.  They might still want to present alternate futures, but they need to be prepared to have those visions heavily discounted in decision making.

The Risk Managers who do not understand this process go forward developing their models based upon their best vision of the future and are frustrated when management does not find their models to be very helpful.  Sometimes, the risk manager presents their models as if they DO have some special insight into the future.

My vision of the future is that path will not succeed.

Simplicity Fails

September 16, 2010

Usually the maxim KISS (Keep it Simple Stupid) is the way to go.

But in Risk Management, just the opposite is true. If you keep it simple, you will end up being eaten alive.

That is because risk is constantly changing. At any time, your competitors will try to change the game trying to take the better risks and if you keep it simple and stand still, leaving you with the worst risks.

If you keep it simple and focused and identify the ONE MOST IMPORTANT RISK METRIC and focus all of your risk management systems around controlling risk as defined by that one metric, you will eventually end up accumulating more and more of some risk that fails to register under that metric.  See Risk and Light.

The solution is not to get better at being Simple, but to get good at managing complexity.

That means looking at risk through many lenses, and then focusing on the most important aspects of risk for each situation.  That may mean that you will need to have different risk measures for different risks.  Something that is actually the opposite of the thrust of the ERM movement towards the homogenization of risk measurement.  There are clearly benefits of having one common measure of risk that can be applied across all risks, but some folks went too far and abandoned their risk specific metrics in the process.

And there needs to be a process of regularly going back to what your had decided were the most important risk measures and making sure that there had not been some sort of regime change that meant that you should be adding some new risk measure.

So, you should try Simple at your own risk.

It’s simple.  Just pick the important strand.

Your Risks will Find you if you do not find them first

September 15, 2010

Latent Risks are those risks that you have that you are not aware of.
When you start out with a risk management program, you may find that you have many Latent Risks. One of the most important outcomes of the early stages of an ERM program is to drastically reduce the number of important Latent Risks. The “Enterprise” part of ERM means that you are making an effort to find and manage your previously Latent Risks no matter where they are in your organization.

Reality is that your Latent Risks will find you if you do not find them first.

The market is sometimes forgiving, especially if everyone misses some risk.  So avoiding risk management is, in effect, taking a bet  a bet that your competitors are not finding and dealing with their Latent Risks either.

The idea of Latent Risks is also important for existing ERM programs.  That is because the world keeps changing and firms will develop new risks and risks that they did identify earlier but dismissed as insignificant have now grown.  And those Latent Risks are the risks that are most likely to grow.  (see Risk & Light)

So it would be a good practice for firms with a well developed ERM program to regularly conduct a review of their Latent Risks to determine whether there are any that should be included more prominently in their ERM program.


%d bloggers like this: