Archive for July 2011

Cascading Failures

July 27, 2011

Most of the risks that concern us exist in systems. In massively complex systems.

However, our approach to risk assessment is often to isolate certain risk/loss events and treat them totally marginally.  That works fine when the events are actually marginal to the system but it may put us in a worse situation if the event triggers a cascading failure.

Within a system cycles are found.  Cycles that can ebb and flow over a long time.  And cycles that are self dampening or cycles that are self reinforcing.

The classic epidemiological disease model is an example of a self dampening system.  The dampening is caused by the fact that disease spread is self limiting.  Any person will have so many contacts with other people that might be sufficient to spread a disease were they infected.  In most disease situations, the spread of the disease starts to wane when enough people have already been exposed to the disease and developed immunity so that a significant fraction of the contacts that a newly infected and contagious person might have are already immune.  This produces the “S” curve of a disease. See  The Dynamics of SARS: Plotting the Risk of Epidemic Disasters.

The behavior of a financial markets in a large loss situation is a self reinforcing cycle.  Losses cause institutional investors to lose capital and because of their gearing the loss of capital triggers the need to reduce exposures which means selling into a falling market resulting in more losses.  Often the only cure is to close the market and hope that some exogenous event changes something.

These cascading situations are why the “tail” events are so terribly large compared to the ordinary events.

Each system has its own tipping point.  Your risk appetite should reflect how much you know about the tipping point of the system that each of your risks exists in.

And if you do not know the tipping point…

Trimming Risk Positions – 10 ERM Questions from Investors – The Answer Key (6)

July 25, 2011

Riskviews was once asked by an insurance sector equity analyst for 10 questions that they could ask company CEOs and CFOs about ERM.  Riskviews gave them 10 but they were trick questions.  Each one would take an hour to answer properly.  Not really what the analyst wanted.

Here they are:

  1. What is the firm’s risk profile?
  2. How much time does the board spend discussing risk with management each quarter?
  3. Who is responsible for risk management for the risk that has shown the largest percentage rise over the past year?
  4. What outside the box risks are of concern to management?
  5. What is driving the results that you are getting in the area with the highest risk adjusted returns?
  6. Describe a recent action taken to trim a risk position?
  7. How does management know that old risk management programs are still being followed?
  8. What were the largest positions held by company in excess of risk the limits in the last year?
  9. Where have your risk experts disagreed with your risk models in the past year?
  10. What are the areas where you see the firm being able to achieve better risk adjusted returns over the near term and long term?

They never come back and asked for the answer key.  Here it is:

There are a number of issues relating to this question.  First of all, does the insurer ever trim a risk position?  Some insurers are pure buy and hold.  They never think to trim a position, on either side of their balance sheet.  But it is quite possible that the CEO might know that terminology, but the CFO should.  And if the insurer actually has an ERM program then they should have considered trimming positions at some point in time.  If not, then they may just have so much excess capital that they never have felt that they had too much risk.

Another issue is whether the CEO and CFO are aware of risk position trimming.  If they are not, that might indicate that their system works well and there are never situations that need to get brought to their attention about excess risks.  Again, that is not such a good sign.  It either means that their staff never takes and significant risks that might need trimming or else there is not a good communication system as a part of their ERM system.

Risks might need trimming if either by accident or on purpose, someone directly entered into a transaction, on either side of the balance sheet, that moved the company past a risk limit.  That would never happen if there were no limits, if there is no system to check on limits or if the limits are so far above the actual expected level of activity that they are not operationally effective limits.

In addition, risk positions might need trimming for several other reasons.  A risk position that was within the limit might have changed because of a changing environment or a recalibration of a risk model.  Firms that operate hedging or ALM programs could be taking trimming actions at any time.  Firms that use cat models to assess their risk might find their positions in excess of limits when the cat models get re-calibrated as they were in the first half of 2011.

And risk positions may need to be trimmed if new opportunities come along that have better returns than existing positions on the same risk.  A firm that is expecting to operate near its limits might want to trim existing positions so that the new opportunity can be fit within the limits.

SO a firm with a good ERM program might be telling any of those stories in answer to the question.

Playground Risk

July 23, 2011

Some of us are old enough to remember going to a playground without an adult trailing along to make sure that we played safely. Oh, there were always a few parents there, but they were with the pre-k aged kids. Anyone old enough to go to school was generally thought to be old enough to be able to play.

Well, thanks to the immense safety movement that has caused everything to be swathed in bubble wrap and foam padding, all of the risk is now gone from playgrounds. AND if you did go to a playground (and almost no one ever does anymore – they are no fun at all) you find that there is usually at least one and probably two adults supervising each child.


Thanks to Claire Wilkinson at the Terms and Conditions Blog of the III, we find that a new study of childhood risk taking suggests that risk taking is a necessary part of growing up to face the world as an adult. Children’s Risky Play from an Evolutionary Perspective: The Anti-Phobic Effects of Thrilling Experiences is the article.  The article says

we may observe an increased neuroticism or psychopathology in society if children are hindered from partaking in age adequate risky play

Roll the experiences of the last generation of kids forward twenty years, when they start to run the world.  They have been deprived of any chance at risk taking as kids.  Not safe enough.  They will also be living in a world dominated by the aged baby boomers.

Apply that picture to future risk appetites.  Any discussion of risk appetite talks about the amount of risk that someone is comfortable taking.

The lesson that we have taught our kids is that ZERO risk is the only level that they should be comfortable with.

I imagine that it would be a good thing to invest in a company that makes that rubber stuff that lines the floor of the playground.  That is much safer than concrete for sidewalks. It will be everywhere.

And business risk taking – forget about it.  Your business may fall and skin its knee.

Kids and adults and businesses and current and future business leaders need to experience risks and get comfortable with the losses that sometimes come from risk taking.  They need to learn that it is not the end of the world if they skin their knee.  Or even break a leg.  Maybe when that happens, we learn something new about ourselves and our ability to take risks in the world. 

Because if someone believes that they are not taking any risks then the only risks that they have are risks that they are not aware of.

High Risk Adjusted Returns and Risk Management – 10 Key ERM Questions from an Investor – The Answer Key (5)

July 20, 2011

Riskviews was once asked by an insurance sector equity analyst for 10 questions that they could ask company CEOs and CFOs about ERM.  Riskviews gave them 10 but they were trick questions.  Each one would take an hour to answer properly.  Not really what the analyst wanted.

Here they are:

  1. What is the firm’s risk profile?
  2. How much time does the board spend discussing risk with management each quarter?
  3. Who is responsible for risk management for the risk that has shown the largest percentage rise over the past year?
  4. What outside the box risks are of concern to management?
  5. What is driving the results that you are getting in the area with the highest risk adjusted returns?
  6. Describe a recent action taken to trim a risk position?
  7. How does management know that old risk management programs are still being followed?
  8. What were the largest positions held by company in excess of risk the limits in the last year?
  9. Where have your risk experts disagreed with your risk models in the past year?
  10. What are the areas where you see the firm being able to achieve better risk adjusted returns over the near term and long term?

They never come back and asked for the answer key.  Here it is:

5.  In the sub prime market prior to the crisis, investors were buying AAA securities but getting a little more yield.  Since they were AAA rated, the capital required was minimal.  So the return on equity could be attractive.  Unless you held that story up to the light and freely admitted that your bank profits were bolstered by exploiting the fact that the market and the regulators had different opinions of the creditworthiness of the sub prime securities.

So, if the banks had answered honestly, they would have been saying that their profits were coming from regulatory arbitrage.  There are only three possible outcomes from this situation.  First, the market could wise up and the excess profits would disappear.  Second, the regulators could wise up and suddenly the banks would find themselves needing lots more capital, and third, the market persists in its opinion of higher risk and it turns out the market is correct.  But since under this third option, the bank is playing the regulators for the fools, as the risks stay the same or grow ever larger, the banks take more and more advantage of the stupid regulators.  They pretend to their board that the bank is safe because they are holding the capital that the regulators require.  The banks takes more and more risk – the compulsion to grow and grow earnings in the face of the shrinking spreads for everything with “normal” risk is an immutable imperative that requires banks to multiply their risk.

So one of the possible reasons that Risk Adjusted Return is high is that the risk adjustment is based upon regulatory requirements – not on an actual assessment of risk.  And there are three possible outcomes of playing the regulatory arb game that are unfavorable.

Another reason for higher risk adjusted returns is a competitive advantage.  Investors should be happy to hear about a competitive advantage.  They should also do their own assessment about how permanent that advantage might be.

From the point of view of assessing an ERM system, the answer to this question should reveal how seriously that management takes the idea of risk management.  High and unexpected returns are as good a signal as any of higher risk.  In fact, in the financial markets, high returns are almost always a symptom of higher risk.

Prop Trading – Do Not Try This at Home

July 19, 2011

The GAO last week released a report on Proprietary Trading of banks. The headlines feature a conclusion from the report that the six largest US banks did not make any money our of Prop Trading over the 4.5 years of the study period.

The analysis looks pretty straightforward.  But it is difficult to see if the conclusions are quite so obvious.

First and most important for a risk manager to notice is that this is a post facto analysis of a risky decision.  Risk Managers should all know that such analysis is really tricky.  Results should be compared to expectations.  And expectations need to be robust enough to allow proper post facto analysis.  That means that expectations need to be of a probability distribution of possible results from the decision.

Most investments had performance that was vaguely similar to the pattern shown above during that time.  Is the conclusion really anything more than a 20-20 hindsight that they should have stayed in cash?  That is true everytime that there is a downturn.   Above is a graph of a steady long position in the S&P.

On the other hand, traders in such situations seem to generally get paid a significant portion of the upside and share in very little, if any of the downside.  In this case, the downside cancelled out all of the upside.  The good years had gains of over $15.6 B.  If the traders were getting the usual hedge fund 20% of the gains, then they were paid 3.9 B for their good work.  In the bad years, banks lost $15.8 B.  That means that the gains before bonus were $3.7B.  Incentives were over 100% of profits.

The one other question is why investors need banks aas intermediaries to do prop trading?  Why can’t investors do their own prop trading?  Why can’t investors go directly to the hedge funds or mutual funds or private equity funds?

Ultimately, the report says that prop trading was not really significant to bank earnings and not a real diversifier of bank volatility.  So in the end, is there any reason for banks to be doing prop trading?

It seems that the banks are reaching that conclusion and exiting the activity.

Tranching Expectations

July 18, 2011

Stochastic Monte Carlo simulations (SMCS) of insurer activities have been used to create nearly continuous distribution curves of expected gains and losses.  Economic Capital models are often aggregations of these separate SMCS models to create a similar distribution of total group gains and losses.  There are several primary characteristics of the results of these models:

  • They produce a nearly infinite number of numerical results giving an incredibly rich vision of the possibilities for the results of the activities of the firm.
  • That tidal wave of numeric results is very difficult to digest and make sense of.
  • While the modelers may have developed methods for validating the models, it is extremely difficult for general management who are supposed to be the primary users to “validate” the models and therefore, very difficult for them to trust the models

What would validation mean for the general managers?  It would mean that they would have confidence that the experiences that they have of the company’s risks and their expectations of future experience would be consistent with the model.

Ultimately, managers should have the same sort of reliance on the model that they have on the speedometer in their car or the clock on their wall.  The same sort of confidence that a cook might have on the thermometer on the oven.  They get that confidence not by having an expert show them a report, they get that confidence by experience.  The speedometer tells them that they are driving within the speed limit and they go past a police speed trap and they are not stopped for speeding.  They leave for work with enough time to get there and they arrive on time.  The cook puts the cake in the oven and it does not burn and it does cook appropriately in the time expected.  Not just once, but over and over again.

The problem is trickier for the SMCS model.  The output is really a set of likelihoods.  But when that output is presented as the infinite stream of numbers, there is no intuitive way to validate it naturally against experience.  And also, when the output is presented as a single remote number, like a 1 in 200 loss, it is also nearly impossible to validate naturally, by experience.

Tranching a security means splitting up the cashflows in some particular, predetermined way.  The idea of tranching can be used to help with promoting the natural validation process for a SMCS model.  The future possibilities can be tranched into 6 or 8 natural stories.  Then the model results can be sorted into the scenarios that match up with the stories.  The model output can be characterized as predictions of likelihood for the stories.  Here are some possible stories:

  • Highly favorable results – Bonuses are maximized
  • Favorable results – Bonuses are above expected/average
  • Somewhat unfavorable results – Bonuses are paid but below average/expected
  • Unfavorable results – no bonuses are paid
  • Highly unfavorable results – Layoffs and/or executive firings
  • Critical Loss – Company has to drastically change activity – may go into runoff
  • Disaster – company insolvent – seised by regulator

Management can participate in defining the range of results that frame each story there.  Then the model can provide its prediction of likelihood of each tranche.  Management can also provide their prediction of the likelihood of each tranche.  The stories do not have to be compensation related.  Riskviews has found that if the bonus program of a company was thoughtfully constructed, there are likely to be other stories that can be told of company experience to define the same ranges of results.

A seriously valuable and interesting discussion might result.

Riskviews was once an executive manager for a business unit within an insurer.  The insurer’s risk model was used to produce a projection of what might happen to that business in an adverse market.  Riskviews response was to ask on which day of that crisis the modeler was predicting that Riskviews was going into a coma, because the business decisions that are predicted would never happen if Riskviews was conscious.

These stories can be used to promote the validation process by the managers.  At the conclusion of each period, the modelers and the managers can review the actual experience in terms of the stories.  Then they can all decide if the experience validated the model or if it provided experience that suggests recalibrating the model.

Now if this process happens once per year, then it will take a very long time for that natural validation to take place.  Probably longer than the tenure of any single management team.  And as the management team turns over, the validation process is likely going to need more time.  Therefore, it is highly recommended that this process be repeated quarterly.  And perhaps repeated for each of the sub models of the economic capital model.

The way that the cook or the driver or the commuter got to rely on their tools was by repeated experiences.  The same sort of repeated experience is needed to validate the SMCS model in the minds of the management users.

How Not to Handle a Crisis

July 17, 2011

News International has been the news for several days now.  ABC News says that they are an example of How not to Handle a Phone Hacking Crisis.  It seems that nearly every year hands us another example of how a company should NOT handle a crisis.  The ideas of how TO handle one are pretty simple:

  1. Get all the news out.  Don’t withhold.  The constant drip, drip of additional revelations makes many people skeptical about whether they ever hear the whole story.
  2. Don’t just take advice from your lawyer.  It is quite possible to be totally safe in a legal sense and totally ruined in the court of public opinion.
  3. Have a plan and practice.  Most company CEO’s that are faced with a crisis do not give the impression that they have ever given a minute of thought to what they might say in a crisis up until the very minute that they open their mouths.  They also seem to be totally surprised by the questions that they get.  There is no upside to knowing how to handle a crisis, but the downside to not knowing is a large fraction of the total net worth of the company.  If the CEO cannot be bothered to prepare, then they must assign a very senior person to be prepared to be the spokesperson in a crisis.  And also be prepared to hand over the top job to that person if there is a crisis and they handle things well.
  4. Speed of response is Key.  And once you have a crisis, every new item needs a response.  In normal times, most items will blow over.  Ignoring them is the best policy.  In a crisis, the opposite is true.  Everything, no matter how trivial or inaccurate, needs a response.  You need to target getting as much airplay as your detractors.
  5. Crisis management is not just talking.  The actions that you take need to be as clear and decisive as your words.  In many problem situations, early mitigation can be much more effective than a late mitigation, and less costly, and less troublesome to talk about.  Imagine someone trying to make a big deal of a problem that you have already solved.  Being ready to fix lots of things is not cheap, however.  But imagine how much money BP would have saved if ANYONE would have had the equipment right there in the Gulf that was needed to fix that leak.

What in the end it takes is to focus some time and attention and money to being prepared for your worst nightmare.

60,000 Hits and Counting

July 14, 2011

Sometime in April, Riskviews experienced its 50,000th hit.   In July, the 60,000th hit.

Many thanks to all who have looked at our efforts.

There have been almost 400 posts as well as more than 20 pages.  That is an average of almost 4 posts per week for the past two years.  Besides Riskviews, there have been posts from about 10 others, including the three “regulars”.  Riskviews is always open to others to write posts.  Especially if they express a different opinion from Riskviews.  (Riskviews finds the current practice whereby everyone only attends to opinions that they agree with to be totally intellectually stupefying.  Riskview would much prefer someone to disagree in a well reasoned discussion than to hear ideas repeated over and over.)

One of the most interesting things about the blog is that people keep reading older posts.  Only a few are time sensitive.  For example, here is the traffic for the 2nd Quarter 2011.  Almost 10,000 hits in that time.  Some of these posts are two years old now.  The “Home Page” indicates that people hit the front page of the blog, rather than on a particular post.  They were greeted there by the most recent post.

Home page 1,673 hits

Risk Management Quotes 1,299

Lightning or Lightning Bug 1,101

Best Risk Management Quotes 1,000

Risk Management Failures 446

Risk Adjusted Performance Measures 284

Timeline of the Global Financial Crisis 192

Liquidity Risk Management for a Bank 145

Lucas Fayne Highly Recommends this Blog 113

COSO & ISO 31000 & ERM for Insurers 105

GFC 2008 94

Beware the Risk Management Entertainment Systems 84

The Cost of Risk Management 83

Imminent Risk – Employee Turnover 82

Risk Management Success 80

Chief Risk Officers in the News 77

Plural Rationalities and ERM 77

Integrating Risk Capacity and Business Strategy 73

When your Parachute Doesn’t Open 68

GFC 2007 67

Identifying Risks 66

Actuarial Risk Management Volunteer Opportunities 66

Why the valuation of RMBS holdings needed changing 54

Thanks so much for your time and attention!

RISKVIEWS

The Risk Embedded in Competitive Advantage

July 13, 2011

The term Competitive Advantage is popular with management gurus.  On the website, QuickMBA, they describe Michael Porter’s ideas on the topic as:

A Competitive Advantage exists when a firm is able to deliver the same benefits as competitors but at a lower cost (cost advantage) or deliver benefits that exceed those of competing products (differentiation advantage).  Thus a competitive advantage enables the firm to create superior value for its customers and superior profits for itself.

This is a major objective of most firms in a capitalist system, an objective far more desirable than risk and reward.  Going into the competitive marketplace and taking risks to get profits is a commodity approach to business.  That is why Market Consistent accounting regimes seek to show this activity as less desirable by recognizing those profits later.  Profits created by competitive advantage are reported immediately.

Once a firm has found a competitive advantage, they will seek to make it a sustainable advantage.  If the advantage is significant enough, they will also seek to eliminate all risk; turning it into a pure rent seeking activity.  In many cases, the managers of the business start to think of this as a PERMANENT RISK FREE BUSINESS.  

And that is risk that is embedded in Competitive Advantage.  It is a risk that comes with long experience with a favorable outcome.  Every day that goes by collecting those rents makes it harder and harder for employees and management to even imagine that there is any risk that the gravy train will stop.

Henry Ford had that sort of position until Sloan’s General Motors took advantage of Ford’s inability to imagine a different way of doing business than his “any color you want as long as it is black” approach.  IBM had that permanent risk free look 30+ years ago when everyone said that “no one ever got fired for recommending that the company buy IBM” for its computer needs.  Microsoft looked that way 10 years ago as well.  At the time that Microsoft was losing suits about their monopolistic behaviors, Gates was predicting Microsoft’s competition.  And he was right.

A business is not safe from this just because it is not a world dominating franchise.  Companies with small niches where they dominate have the exact same situation.

this does not mean that such competitive advantages are not a good goal for a business.  But it does mean that once you find one and you do the natural thing of eliminating risk to turn that business in a pure rent collection, there is always that one risk that you cannot eliminate.

Outside the Box – 10 ERM Questions from an Investor – The Answer Key (4)

July 11, 2011

Riskviews was once asked by an insurance sector equity analyst for 10 questions that they could ask company CEOs and CFOs about ERM.  Riskviews gave them 10 but they were trick questions.  Each one would take an hour to answer properly.  Not really what the analyst wanted.

Here they are:

  1. What is the firm’s risk profile?
  2. How much time does the board spend discussing risk with management each quarter?
  3. Who is responsible for risk management for the risk that has shown the largest percentage rise over the past year?
  4. What outside the box risks are of concern to management?
  5. What is driving the results that you are getting in the area with the highest risk adjusted returns?
  6. Describe a recent action taken to trim a risk position?
  7. How does management know that old risk management programs are still being followed?
  8. What were the largest positions held by company in excess of risk the limits in the last year?
  9. Where have your risk experts disagreed with your risk models in the past year?
  10. What are the areas where you see the firm being able to achieve better risk adjusted returns over the near term and long term?

They never come back and asked for the answer key.  Here it is:

4.  The outside the box risks, also called emerging risks, are the things that will ultimately cause the largest losses.

Once a health insurer CEO who was belligerently opposed to thinking about the world changing in any material way said that they did not think that a pandemic would be a concern for their business.  Find out why at the bottom of this post.

They are the new competitors, new laws, wars, financial market flops, government defaults, hurricanes, earthquakes, volcanoes and so on that could throw your business for a loop.  In the past three years, it is hard to imagine a firm that has not been negatively impacted by one or more likely several of the mostly unforeseen calamities from that list or otherwise.  It is also hard to imagine a board that is happy with a management team that does not have a few emerging risks in their sights.  When this question is answered, however, the trick is to notice whether management thinks of themselves as hapless victims of these sorts of things or as masters of their own fate who will take the steps needed to anticipate and prepare for such things.  Generally the market gives a pass to the firms who suffer losses from such major events, but investors should prefer the firms who will not need that pass.

This is usually a very easy question for management to answer – but the answer will be very telling about how seriously that they take the idea of seeking to manage emerging risks.  The most common answer will usually be the emerging risk that was last on the cover of Time or some other popular magazine.  So when you get that sort of answer, you know that management cannot think outside the box.  Then you need to listen to hear if they have done anything other than read the Time article to prepare.  One CRO once went so far as to say that the CEO worried about emerging risks almost every day while he drove to and from the office.

But while those answers are easy, they are not good answers.  An emerging risks program is probably better if it involves some staff time, in the office, if they have taken the trouble to determine how badly some of the possible emerging risks might hurt them, and figured out what that they might do. A good answer indicates that management’s plan is not to settle for that pass that the market gives to the unprepareds.

Back to that health insurer CEO, his excuse for not worrying about a pandemic, even though his business was directly effected by fluctuations in health care costs, was to suggest that the scenario in the case of a pandemic would be that the hospital beds, that were already at over 90% utilization in his area, would fill up fast – and then no one else could get treated by the hospitals – so there was a cap on the amount that hospitals could possibly bill!  His plan was a variation on Marie Antoinette – let them die at home (untreated).  He hadn’t checked with any of the hospitals in his coverage area to find out what their plans were or even what they thought that their maximum capacity actually was in the event of a pandemic.  He didn’t check to see if there were public health plans that would have converted schools and firehouses into clinics.  Not did he imagine what the reputational risks were to going into a pandemic with no plan whatsoever.

Those firms whose emerging risks thinking comes from the cover of Time magazine are doubtless going to be followers as far as response to the emerging risks goes.  They will wait and see what different other similar businesses are doing and follow someone whose response that they think that they can at look like they are doing.  They will be unable to follow the prepared firms.  They will find that the best responses may have become much more expensive in the event of a broad emergency.  And they will be looking around for that pass from investors.

The health insurers who were actually preparing for a pandemic decided to become a proactive part of the solution.  They send information about pandemics to their insureds, they participated in public health preparedness in their area, they planned for how to keep their business going with 25% of their employees sick and many of the rest afraid to come to work.

Even in the case of the front cover of the magazine emerging risks, there is a huge difference between the answers of a prepared firm and an unprepared firm.  A difference that you can easily discern if you ask this question.

You may say he’s a dreamer, but he was really a CRO

July 9, 2011

You have probably heard this story before.  The head guy as a dream, some lowly schmuck tells him what the dream means and gets a big promotion.  You might have seen it in the theater, or read it in the Torah or in Genesis.

Well, that story is really about risk management.  It just got twisted in retelling and they lost the point.

That Joseph fella, he was the Chief Risk Officer for Egypt.  It was a pretty lowly position.  Then he suggested to Pharaoh that there was some famine risk.  He suggested a counter cyclical grain reserve policy.  His suggestion was that each good year, Egypt should put aside 20% of the harvest as economic capital.

Joseph knew that no one would do this on just his say so, so he concocted this story of the dream of Pharaoh’s.  If it was Pharaoh’s dream then people would listen to the poor CRO.

It was a tough go.  After three years of good harvests people were screaming about the 20% cost of capital charge.  They said that there was no need for a reserve.  Then the fourth and fifth year of the good weather, they were going to Pharaoh with their complaints.

But Joseph pulled out his clay tablets of the rise and fall of the Nile over 2000 years and showed the Pharaoh how this was no more than a 1 in 200 reserve.  They had 10 such periods on record and the data told a pretty clear story.  They really needed such a reserve.  And Joseph could also bring in the court historian who could tell about what happened to the Pharaoh’s who were the rulers when those 1 in 200 year droughts occurred.  Most of them had to flee to Switzerland and Switzerland had not at that time invented indoor plumbing.  Not so good in the winter in the mountains.

Then Joseph brought in 10,000 slaves who each had a different clay tablet.  They were told to run around the room for a minute then to fall in line.  Joseph called this a Monte Carlo simulation, and indeed, they did run around like that in Monte Carlo in those days.

So somehow, Joseph held on to his job and his counter cyclical economic capital formula on the condition that he never did any monte carlo modeling in the palace again.  But after seven years, even the Pharaoh was running out of patience with Joseph.

Then it happened.  Joseph had never actually predicted a famine on the seventh year, but that is how the story got twisted afterwards.  But he did get credit for saving the day and the Pharaoh when the famine kept going for seven more years.

That is because Joseph pulled out more clay tablets and more historians and pointed out the likelihood of a long, long famine.  He was just about to prove his point with a “modeling” exercise when Pharaoh relented and allowed him to release the economic capital slowly.  Joseph wanted to base the release on a 99 cte calculation, but Pharaoh told him that the high priest would never understand that so just use PaR (Pyramid at Risk).

Joseph was named a hero and given a promotion to chief of staff or something, like the other CROs who survived the Great Famine Crisis (GFC).  Since the Pharaoh’s chief publicist could not understand a word Joseph said when he interviewed him about the economic capital so he remembered that old story about the dream.

So Joseph, the first risk manager on record went down as a dream interpreter instead.

And Risk Managers have had trouble getting their stories across ever since.

Inspired by The Ecoomics of Good and Evil, by Thomas Sedlecek

10 ERM Questions from an Investor – The Answer Key (3)

July 8, 2011

Riskviews was once asked by an insurance sector equity analyst for 10 questions that they could ask company CEOs and CFOs about ERM.  Riskviews gave them 10 but they were trick questions.  Each one would take an hour to answer properly.  Not really what the analyst wanted.

Here they are:

  1. What is the firm’s risk profile?
  2. How much time does the board spend discussing risk with management each quarter?
  3. Who is responsible for risk management for the risk that has shown the largest percentage rise over the past year?
  4. What outside the box risks are of concern to management?
  5. What is driving the results that you are getting in the area with the highest risk adjusted returns?
  6. Describe a recent action taken to trim a risk position?
  7. How does management know that old risk management programs are still being followed?
  8. What were the largest positions held by company in excess of risk the limits in the last year?
  9. Where have your risk experts disagreed with your risk models in the past year?
  10. What are the areas where you see the firm being able to achieve better risk adjusted returns over the near term and long term?

They never come back and asked for the answer key.  Here it is:

3.  The answer to this question requires several parts of risk management to be right.  First of all, the answerer needs to know which risk position grew the most.  Second of all, in a good risk management program, the position that grew the most should have had by far the most scruitny.  High growth does not always spark big blow ups, but big blow ups are always preceded by high growth.  A firm that is not paying lots and lots of attention to its fastest growing risk is not going to end up with good results.  The highest growth positions require a disproportionate large amount of attention, but most often they get a disproportionately smaller share of attention.  Risk management budgets are determined based upon the business at the start of the year.  Finally, to answer the question, the firm needs to have someone who they can immediately identify who is responsible for that risk.  Best practice is to have a senior person responsible for each major risk.  That should be a business person, not the CRO or CFO.  If it is not the same person who is responsible for sales and profits, then management has set up a fight.  On one side is the person responsible for bringing in the business and for achieving profits.  On the other side is the person responsible for preventing losses.  Not a fair fight in most firms.

In the end, the best practice firms recognize that in situations of great change, there needs to be a special ERM process that exceeds the regular ERM process.

10 ERM Questions from an Investor – The Answer Key (2)

July 6, 2011

Riskviews was once asked by an insurance sector equity analyst for 10 questions that they could ask company CEOs and CFOs about ERM.  Riskviews gave them 10 but they were trick questions.  Each one would take an hour to answer properly.  Not really what the analyst wanted.

Here they are:

  1. What is the firm’s risk profile?
  2. How much time does the board spend discussing risk with management each quarter?
  3. Who is responsible for risk management for the risk that has shown the largest percentage rise over the past year?
  4. What outside the box risks are of concern to management?
  5. What is driving the results that you are getting in the area with the highest risk adjusted returns?
  6. Describe a recent action taken to trim a risk position?
  7. How does management know that old risk management programs are still being followed?
  8. What were the largest positions held by company in excess of risk the limits in the last year?
  9. Where have your risk experts disagreed with your risk models in the past year?
  10. What are the areas where you see the firm being able to achieve better risk adjusted returns over the near term and long term?

They never come back and asked for the answer key.  Here it is:

2.  One of the large banks that is no longer with us had, on paper, a complete ERM system with a board risk committee that they reviewed their risk reports with every quarter.  But in 2007, when the financial markets were starting to crack up, their board risk committee had not met for more than six months.  The answer to this question is the difference between a pretend ERM system and a real risk system.  The time spent should be proportionate to the complexity of the risk positions of the firm.  For the banks with risk positions that are so complex that they feel that they cannot possibly find enough paper to disclose them, there needs to be much more board time spent, since investors are relying on board oversight rather than market discipline to police the risk taking.  Ask Bernie what you can get away with if there is no disclosure and no oversight.

Many CEOs will tell you that the board has always spent plenty of time talking about risk.  This might be true.  But the standard now is for boards to have a formal risk committee.  Boards that have simply added risk to the Audit committee’s agenda ends up short changing either audit or risk or both.  The Audit Committee had a full plate before the Risk responsibility was added.

And for a larger complex firm, a single annual risk briefing on risk is definitely not sufficient.  For a firm with an ERM program, the board needs to review the risk profile, both actual and planned for each year, approve the risk appetite, approve the ERM Framework and policies of the firm, review the risk limits and be informed of each breach of the limits or policies of the firm.  If the firm has an economic capital model, the model results need to be presented to the board risk committee each year and updated quarterly. Risks associated with anything new that the company is doing would be presented as well.

Does that sound like anything other than a full committee?  So your follow up question, if the CEO gives a vague answer is to ask about whether the board reviewed each of the items listed in the preceding paragraph in the past year.

Back to that former bank.  Their risk reports showed a massive build up in risk in violation of board approved limits.

And the board risk committee saved time by not meeting during the period of that run up in risk.

10 ERM Questions from an Investor – The Answer Key (1)

July 4, 2011

Riskviews was once asked by an insurance sector equity analyst for 10 questions that they could ask company CEOs and CFOs about ERM.  Riskviews gave them 10 but they were trick questions.  Each one would take an hour to answer properly.  Not really what the analyst wanted.

Here they are:

  1. What is the firm’s risk profile?
  2. How much time does the board spend discussing risk with management each quarter?
  3. Who is responsible for risk management for the risk that has shown the largest percentage rise over the past year?
  4. What outside the box risks are of concern to management?
  5. What is driving the results that you are getting in the area with the highest risk adjusted returns?
  6. Describe a recent action taken to trim a risk position?
  7. How does management know that old risk management programs are still being followed?
  8. What were the largest positions held by company in excess of risk the limits in the last year?
  9. Where have your risk experts disagreed with your risk models in the past year?
  10. What are the areas where you see the firm being able to achieve better risk adjusted returns over the near term and long term?

They never come back and asked for the answer key.  Here it is:

1.  The first step in real risk management is to be able to think of the firm from a risk point of view.  Any CEO can do that from a sales point of view and from a profits point of view.  They know that 40% of the revenues come from the pumpkin business in South Florida and 25% of the profits from the Frozen Beet Juice Pops product line.  Those statistics are a part of the sales profile and the profits profile.  A first step to having a real ERM system is for the CEO to have an equal command of the Risk Profile.  Any firm where the CEO does not have an equal command of risk as they do for sales does not have ERM yet.  So this question is first and most important.  The CEOs who are most likely to be unable to answer this question are the leaders of larger more complex companies.  The investor need to make sure that top management of those firms has actual command of all of the key issues regarding the firm and its business.  Risk really is a key issue.  A vague or slow answer to this question indicates that Risk has not really been an issue that the CEO has attended to.  That may work out fine for the company and the investors.  If they are lucky.

Systemic Risk Metrics for Insurers

July 2, 2011

The US and Global banking regulators have been tasked with regulating systemic risk.  One area where they admit that they are unprepared is with the insurance sector.  In the recent Global Financial Crisis, several insurance companies played a pivotal role, specifically AIG and the US Financial Guarantee insurers.  Most insurers do not consider their activities that helped to build up the bubble and precipitate the crisis to be insurance activities and therefore persist in saying to regulators that insurance is not a systemically important sector.  However, the political facts are that AIG and the Financial Guarantors are/were insurers and the idea of leaving insurance completely out of the efforts to prevent a future systemic crisis is simply not a possible.

Last week, the American Academy of Actuaries provided a letter to the US Financial Stability Council titled, “Metrics to Enable FSOC to Monitor Insurance Industry Systemic Risk”.  That letter provides a good starting point for discussion of the issues involved in bringing the insurance sector into the discussion. For example, the letter provides the following list of ways that an insurer might have systemically significant risks:

  1. Risk assumption services provided to the insurance companies through reinsurers, foreign and domestic (e.g. mortality risk in excess of a company’s risk management limit).
  2. Risk assumption services provided by the non-insurance financial services companies to the insurance industry, (e.g. hedging of financial risk, catastrophe bonds).
  3. The interconnectedness of the insurance industry when part of a financial services group.
  4. The interconnectedness of a U.S. insurance company that is owned by a foreign financial services company.
  5. The insurance industry as a lender to the US economy (e.g. through its purchase of corporate bonds).
  6. The interconnectedness of risk assumption services external to the insurance industry when part of a financial services group.

Riskviews cautions the participants in this discussion to realize that it is most likely that the next systemic crisis will take a different form than the past crises.  So setting up measures and regulatory structures that will prevent a recurrence of past crises is no guarantee of preventing a future crisis.

This letter, with its emphasis on setting down broad principles for Systemic Risk in the insurance industry is a good step in the right direction.  Much broad based discussion is needed to take this further to produce a truly dynamic, principles based monitoring and regulating structure that will be imaginative and flexible enough to actually be of future good, not just short term political cover.


%d bloggers like this: