Archive for January 2011

Momentum Risk

January 31, 2011

How many times have you heard this

If it isn’t broken don’t fix it.

As a risk manager, momentum risk is one of the most difficult risk to overcome.  (I wonder how many times on these posts I have claimed this?)

But this is the aspect of the Horizon disaster that led to millions and millions of barrels of oil spilling into the Gulf.  Before that the oil companies claimed that there had never been a failure of an oil rig in the Gulf.  So that was the Momentum assumption.  It had never failed so it never would fail.

Standing against that is the seemly endlessly negative point of view of the risk manager:

If anything can go wrong, it will.

Murphy‘s Law is usually taken as the ultimate statement of negative pessimism.  But instead you the risk manager need to use Murphy’s law as he did.  As a mantra to keep repeating to yourself as you look for ways to stress test a system.

Looking to engineering (Murphy was an engineer you know) for some thinking about stress to failure, we find this post:

When a component is subject to increasing loads it eventually fails.   It is comparatively easy to determine the point of failure of a component subject to a single tensile force. The strength data on the material identifies this strength.   However when the material is subject to a number of loads in different directions some of which are tensile and some of which are shear, then the determination of the point of failure is more complicated…

Some of your stress to failure tests will have to be tensile, some compressive, some shear, in different directions and in different combinations.  You should do this sort of testing to know the weakest points of your system.

But there is no guarantee that the system will fail at the weakest points either.  In fact, you may put in place methods to reduce stresses to those weakest points.  Remember that now elevates other points to be the new stresses.

And do not let Momentum thinking define your approach to likelihood of these stresses.  In physical systems, the engineer knows how the system is supposed to be used and can plan for the stresses of those uses.  But in many cases, the systems designed and tested by engineers are not used in the conditions planned for or even for the exact uses that the engineer anticipated.

Sound familiar?

Human systems are not so fixed as physical systems.  Humans react to the system that they are experiencing and adjust their actions according to the feedback that they are receiving from the system.  So human systems will almost always change as they are used.

Human systems will almost always change as they are used.

That is what makes it so much more difficult to be a risk manager for a financial firm than for a firm that deals mainly with physical risks.  As noted above the humans that interface with the physical risks system do change and adapt, but there are usually a larger portion of possibilities that are fixed by the constraints of the physical systems.

With financial risks, the idea of adapting and using a type of transaction or financial structure for alternate purposes has become the occupation of a large number of folks who command a large amount of resources.

So if, for example, you are using a particular type of derivative to accomplish a fairly straightforward risk management purpose, it is quite possible that the market for that instrument will suddenly be taken over by folks with lots and lots of money, fast computers and turnover averages in the thousands per week.  Their entry into a market will change pricing and the speed of changes in pricing and then one day, suddenly, they will decide, perhaps little by little, but possibly all at once, to abandon that trade and the market will snap to being something different still.

The same sort of thing happens in insurance, but at a different speed.  Lawyers are always out there looking to “perfect” an argument to create a new class of claimants against different businesses and their insurers. THis results in a sudden jump in claims costs.

Interestingly, the strategies for those two examples might be the exact opposite.  It might be best to move on from the market that is suddenly overtaken by high speed hedge fund traders.  But the only way to recover extra losses from a newly discovered and “perfected” cause of tort is to stay with the coverage.

But in all cases, the risk manager is faced with the problem of overcoming Momentum Risk.  Convincing others that something that is not broken needs attention and possibly even fixing.


January 30, 2011

I do want to confess that I am a heretic.

That is because I do not believe that there is one single best ERM approach.

And I do not believe that a scientific, advanced, disciplined adherence to any single ERM system will produce best or even good results.

In fact, I think that a scientific, advanced, disciplined adherence to a single ERM system is also dangerous as a career strategy and as a strategy for the profession of risk managers.

The details of this heresy have been put forward here at Riskviews in over 20 postings and in a number of published articles and presentations that have been mentioned on the Plural Rationalities page of this blog.

One of the key underpinnings of these ideas is that our businesses will operate under  one of four different risk perspectives.  The conclusion about risk management from these ideas is that two things are needed to have a successful risk management program:

  1. At the heart of the risk management program must be a set of practices and processes and systems that are supportive of the predominant risk perspective of the firm.
  2. Some capability to see the other risk perspectives and to be able to adapt the risk management program of the firm as the predominant risk perspective of the firm changes.  None of the four risk perspectives or the risk management programs that are consistent with those perspectives will work all of the time.

Some of the most advanced firms in the risk management area will say that they are operating under all four styles of risk management all of the time and are prepared to shift emphasis at any time to the aspect of risk management that is the most effective.

That style of risk management has been titled Rational Adaptability.

The four styles of risk management are called:

Global Convergence of ERM Requirements in the Insurance Industry

January 27, 2011

Role of Own Risk and Solvency Assessment in Enterprise Risk Management

Insurance companies tend to look backwards to see if there was enough capital for the risks that were present then. It is important for insurance companies to be forward looking and assess whether enough capital is in place to take care risks in the future. Though it is mandatory for insurance firms to comply with solvency standards set by regulatory authorities, what is even more important is the need for top management to be responsible for certifying solvency. Performing Own Risk and Solvency Assessment (ORSA) is the key for the insurance industry.

  • Global Convergence of ERM Regulatory requirements with NAIC adoption of ORSA regulations
  • Importance of evaluating Enterprise Risk Management for ORSA
  • When to do an ORSA and what goes in an ORSA report?
  • Basic and Advanced ERM Practices
  • ORSA Plan for Insurers
  • Role of Technology in Risk Management

Join this MetricStream webinar

Date: Wednesday February 16, 2011
Time: 10 am EST | 4 pm CET | 3pm GMT
Duration: 1 hour

ERM Fundamentals

January 21, 2011

You have to start somewhere.

My suggestion it that rather than starting with someone else’s idea of ERM, you start with what YOUR COMPANY is already doing.

In that spirit, I offer up these eight Fundamental ERM Practices.  So to follow my suggestion, you would start in each of these eight areas with a self assessment.  Identify what you already have in these eight areas.  THEN start to think about what to build.  If there are gaping holes, plan to fill those in with new practices.  If there are areas where your company already has a rich vein of existing practice build gently on that foundation.  Much better to use ERM to enhance existing good practice than to tear down existing systems that are already working.  Making significant improvement to existing good practices should be one of your lowest priorities.

  1. Risk Identification: Systematic identification of principal risks – Identify and classify risks to which the firm is exposed and understand the important characteristics of the key risks

  2. Risk Language: Explicit firm-wide words for risk – A risk definition that can be applied to all exposures, that helps to clarify the range of size of potential loss that is of concern to management and that identifies the likelihood range of potential losses that is of concern. Common definitions of the usual terms used to describe risk management roles and activities.

  3. Risk Measurement: What gets measured gets managed – Includes: Gathering data, risk models, multiple views of risk and standards for data and models.

  4. Policies and Standards: Clear and comprehensive documentation – Clearly documented the firm’s policies and standards regarding how the firm will take risks and how and when the firm will look to offset, transfer or retain risks. Definitions of risk-taking authorities; definitions of risks to be always avoided; underlying approach to risk management; measurement of risk; validation of risk models; approach to best practice standards.

  5. Risk Organization: Roles & responsibilities – Coordination of ERM through: High-level risk committees; risk owners; Chief Risk Officer; corporate risk department; business unit management; business unit staff; internal audit. Assignment of responsibility, authority and expectations.

  6. Risk Limits and Controlling: Set, track, enforce – Comprehensively clarifying expectations and limits regarding authority, concentration, size, quality; a distribution of risk targets

    and limits, as well as plans for resolution of limit breaches and consequences of those breaches.

  7. Risk Management Culture: ERM & the staff – ERM can be much more effective if there is risk awareness throughout the firm. This is accomplished via a multi-stage training program, targeting universal understanding of how the firm is addressing risk management best practices.

  8. Risk Learning: Commitment to constant improvement – A learning and improvement environment that encourages staff to make improvements to company practices based on unfavorable and favorable experiences with risk management and losses, both within the firm and from outside the firm.


January 20, 2011

At first glance, the Own Risk and Solvency Assessment (ORSA) seems like an unnecessary redundancy.  For some firms, they will have looked at the Standard formula for capital adequacy and then looked again at the Internal Model and the Economic Capital.  And on all of those views, the firm has sufficient solvency margin.

But the problem that ORSA solves is a problem that is so very fundamental that we have almost completely forgotten that it exists.  That problem is that all of the traditional ways of looking at capital adequacy look at the wrong thing.  Yes, you heard that right, we have always and will continue to focus on the wrong thing when we assess capital adequacy.

The basis for capital assessment is the wrong view because it looks backwards.  We already know that the firm survived the past year.  What we really need to know is whether the firm can survive the next year and probably the one after that.

The traditional backwards looking solvency assessment tradition started when there was no viable alternative.  It is a good basis for looking at solvency under only a few possible futures.  Fortunately, many firms broadly operate within the range of futures.

For the backwards looking approach to solvency to have any validity, the future of the firm needs to be very much like the past of the firm.  Firms need capital more for the future than for the past and the balance sheet is more about the past of the firm than the future.  So a capital regime that is tied to the balance sheet is useful only to the firms whose future does not materially change their balance sheet.

But wait, the only time when that capital is needed is when the balance sheet DOES change materially.

So ORSA shifts the question of solvency from the past to the future.

The second thing that ORSA does is to shift the burden of determining adequacy of capital from the regulator to the board and management.  With the ORSA, the board and management will never again have the excuse that they thought everything was fine because they met the standards of the regulators.  The ORSA requires the board and management to assert, IN THEIR OWN OPINION, that the firm has sufficient capital for its own risks AND its own risk management systems.  Prior regimes allowed management to pass a test set by the regulator and thereby show adequacy of capital.  Even if the test did not pick up on some new risk that management was totally aware of but which was not at all recognized by the regulatory formula.

Now that is a game changer.

Risk Learning

January 18, 2011

ERM is a new and developing field.

However, it is wrong headed to ever expect that it will fall into a simple set of repeatable practices.

That is because of the nature of RISK.

Risk has a way of changing and adapting to your risk management strategies.  Risk is like water looking for the weak seam to flow through and produce a leak.  Water is not being an evil conscious entity, that is just the nature of water.  And that is the nature of risk as well.  It will adapt and change and will find the cracks in your risk management system.

But there is a solution for risk managers.  They must manage their system so that it is flexible and adaptable.  To do that they must be on a constant learning path.  Learning about how risk has adapted, learning about how others have adapted their risk management systems and learning about how others failed to successfully adapt while also learning from their own successes and failures.

This is the exact same sort of process that a firm must undertake if it is to be successful with marketing in the long run.  But in many cases, management expects that some sort of limited FIXED defense will work for risk management.  The sort of defensive thinking that produced the famous Maginot Line.  And we all know how well that worked.

Risk learning sometimes needs a mantra to make sure that it keeps happening.  Riskviews suggests the risk learning mantra:

Inside, Outside, Backwards, Forwards

Inside means looking to learn from your own successes and failures.

Outside means looking at others experiences.

Backwards means looking at past experiences.

Forwards means looking into the future for what might be needed.

Risk Learning is another of Riskview’s favorite topics.  There are already 35 posts that have been tagged as relating to Risk Learning.

Five Macro Risks

January 17, 2011

The World Economic Forum has recently released their sixth edition of the Global Risks Report.  When they started issuing this report in 2006,  many of the largest economies in the world were sailing along.  To imagine world class risks took a vivid imagination.  After the Global Financial Crisis, they now suggest “The world is in no position to face major, new shocks. The financial crisis has reduced global economic resilience, while increasing geopolitical tension and heightened social concerns suggest that both governments and societies are less able than ever to cope with global challenges.”

They highlight five risks:

  • Cyber-security issues ranging from the growing prevalence of cyber theft to the little-understood possibility of all-out cyber warfare
  • Demographic challenges adding to fiscal pressures in advanced economies and creating severe risks to social stability in emerging economies
  • Resource security issues causing extreme volatility and sustained increases over the long run in energy and commodity prices, if supply is no longer able to keep up with demand
  • Retrenchment from globalization through populist responses to economic disparities, if emerging economies do not take up a leadership role
  • Weapons of mass destruction, especially the possibility of renewed nuclear proliferation between states

The following graph that they draw from the IMF provides some startling perspective on the looming demographic/fiscal crisis in the developed countries, all with shrinking and rapidly aging populations:

This chart suggests that the unfunded old age pension liability for the advanced nations is on the average 8 times as large as the debt incurred fighting the financial crisis!  This was called The World’s Largest Risk on that post.

According to the “experts” that the WEF polls as a part of their research, these are the most significant risks of the near future (frequency x severity):

1 Climate change
2 Fiscal crises
3 Economic disparity
4 Global governance failures
5 Extreme weather events
6 Extreme energy price volatility
7 Geopolitical conflict
8 Corruption
9 Flooding
10 Water security

Get your own copy of the report here.

%d bloggers like this: