Decision Fatigue and Crisis Risk Management

In a recent New York TImes Magazine article, the problem of decision making fatigue is described.  The article says that people will generally tire of making decisions.  It sites studies of judges rulings on parole hearings.  Parolees who have the bad luck to have their case heard later in the day have much less chance of success was one example cited.

Another interesting aspect of decision fatigue was that once fatigued of decisions, people tended to narrow their decision making criteria.  Tired decision makers would eventually get down to a single factor driving their decisions.

The idea given of how to avoid decision fatigue is generally to avoid making too many decisions.

There are interesting implications for risk management.  RISKVIEWS has said many times that risk management means that sometimes the company will do something different then before they had risk management.  But since the company is not doing something different all of the time, each different situation requires a decision.  But all decisions are not of the same economic impact.

So a strategy for getting it right – or at least avoiding decision fatigue for the most important decisions is to make sure that a fresh decision maker is involved in the decisions of higher importance.

This idea may not mean making any change in the procedures of many companies.  It is not uncommon for decisions that involve larger amounts of money to require approval by a more senior person than the person who makes the lesser decisions.  It appears that is a good idea from a decision fatigue point of view.  Firms who seek to empower their employees by avoiding that sort of system may be playing russian roulette with their most important risk management decisions.

In a crisis, many decisions are needed in a short time.  That is perhaps one way of defining a crisis.  Things must be done differently.  The likelihood of decision fatigue in a crisis seems to be immense.

A solution to this is to reduce the number of decisions.  This can be accomplished by anticipating the decisions that may be needed and making the most likely decisions in advance.  It may well be that an advance decision made with an approximation of the situation may be better than a fatigued decision.  There still remains the decision of whether the advance decision is still applicable.  But if done right, the stress of decisions can be greatly reduced.

In addition, the narrowing of decision making criteria for fatigued decision makers is an interesting finding.  Many management information people report that they need to refine the information that they provide to single indicators, in some cases to red light/green light on/off indicators.

This seems to be clear indication of decision fatigue of senior managers.  While MI professionals will not usually be empowered to have an opinion on this, it seems that what is in order is for the top managers to make fewer decisions until they get to the point where they are no longer too fatigued to recognize the actual complexity of the decisions that they are making.

Advertisement

Be Honest about the Cost of Risk Management

The cost of risk management is not primarily salaries and other expenses for the risk management staff.

It is not even the cost of top management time that might be diverted to risk management from other topics.

The real cost of risk management is the cost of the activities that the firm undertakes to prevent or reduce losses.

That was brought home with Hurricane Irene this weekend.  To reduce possible losses, Riskviews spent several hours bringing inside personal things that might have been blown into the house, bringing the kayak in from the marina and filling up containers with extra water.  It will take another half day to put things back after the storm.

Almost all risk management activities have such costs.  Or else they have the opportunity costs that we also experienced this past weekend.  Most people on the eastern seaboard missed out on one opportunity or another because of the storm.

These are the costs of risk management because doing risk management means doing something different than you would have done without risk management.

This past weekend, at least in the New York area, Hurricane Irene was not as dangerous as the hurricane that we were all advised to prepare for.

Risk management is about changing future probabilities.  So that means that these costs will sometimes be incurred when the hurricane weakens before getting to you, or veers off into the ocean and does not even trouble the city.

Some managers are taught to make business decisions based upon cost benefit analysis.  With a cost benefit approach, many risk management actions will fall short.  That is because they will usually look at the actual cost and the experienced benefit.  Many risk management actions, such as hedging or reinsurance may have an expected cost – that means that your projection is that you will reduce profits by taking the risk management actions.

But the real benefit of risk management is the reduction of the likelihood that an adverse event will create unacceptable losses.  Whether that event happens or not and whether or not it is as adverse as expected, is not a primary consideration.  That information is a matter for calibration of the model used to project the likelihood of the adverse event.

So the sooner you have the conversation about the true cost of risk management the better.

And when you have that conversation, be honest.

Maybe it is not as obvious as you think…

Do you have any bad instructions risk?

The Risk Managers Desk Reference

If you are a risk manager, you probably already have this book on your desk.  Ready for the next time that someone say that some disaster your are asking them to prepare for will never happen.  You then can pull out this resource and show them that something much worse has happened several times before.  This invaluable resource is

The Pessimist’s Guide to History 3e: An Irresistible Compendium of Catastrophes, Barbarities, Massacres, and Mayhem – from 14 Billion Years Ago to 2007 by Flexner and Flexner.

With this book, the alert risk manager can perform a comprehensive study of disasters that occured in the 1500’s, for example.  The PGTH (as fans affectionately call it) tells of the following:

• 1502 – 30 Spanish treasure ships destroyed by hurricane
• 1514 – Hungarian Peasants Revolt
• 1520 – Sad Night at Tenochtitlan
• 1521 – Smallpox and Spanish conquer Aztecs
• 1524 – Peasants revolt in Germany
• 1527 – Sack of Rome
• 1528 – Spanish explorers ships wrecked by hurricane near Florida
• 1531 – Earthquake hits Lisbon
• 1545 – Sinking of Mary Rose
• 1546 – Massacre of Waldenses
• 1556 – Chinese earthquake kills over 800,000
• 1559 – Spanish ships sink in hurricane near Tampa
• 1562 – Massacre near Vassy, France
• 1570 – Massacre at Novogorod
• 1572 – Massacre of St. Bartholomew
• 1574 – Floods in Netherlands kill 20,000 Spanish soldiers
• 1587 – English colonists at Roanoke disappear
• 1588 – Spanish Armada defeated
• 1589 – Assassination of Henry III
• 1591 – Philippines volcano erupts
• 1591 – Storms destroy 29 Spanish ships near Florida

Other events include the extinction of the dinosaurs 65 million years ago.  If you are using that piece of data to help to calibrate your loss models, you can think of that as a total loss once in the past 65 million years.

So the next question from your management may be whether if the total loss scenario is a one in 65 million year event and it has not happened in 65 million years, are we due?

And from this data, it looks like hurricanes happen near Florida.  Especially dangerous to Spanish ships.  Tell that to your underwriters.

But they probably have their own copy of the book.

And one very sure sign of a dangerous situation for your company is if you find one of your underwriters with an different book by the Flexner’s, The Optimists Guide to History.

Something important to check for.

ERM Disclosure (2)

In a post last week, it was noted that US insurers are starting to admit to managing their risks in their public disclosures.  The 671 word discussion of the ERM process of Travelers was reproduced.  (Notice that over 100 of those words talk about the unreliability of the ERM system. )

But disclosure of ERM processes has been much more widespread and much more extensive in other parts of the world for more than 5 years.

For Example, Munich Re’s 2010 annual report has a 20 page section titled Risk Report.  That section has sub headings such as:

Risk governance and risk management system

Risk management organisation, roles and responsibilities

Control and monitoring systems

Risk reporting

Significant risks

Underwriting risk: Property-casualty insurance

Underwriting risk: Life and health insurance

Market risk

Credit Risk

Operational risk

Liquidity risk

Strategic risk

Reputation Risk

Economic Capital

Available Financial Resources

Selected Risk Complexes

It is not just Munich Re.  Manulife’s Risk Management disclosure is 22 pages of their annual report.  Below is the introduction to that section:

Manulife Financial is a financial institution offering insurance, wealth and asset management products and services, which subjects the Company to a broad range of risks. We manage these risks within an enterprise-wide risk management framework. Our goal in managing risk is to strategically optimize risk taking and risk management to support long-term revenue, earnings and capital growth.
We seek to achieve this by capitalizing on business opportunities that are aligned with the Company’s risk taking philosophy, risk appetite and return expectations; by identifying, measuring and monitoring key risks taken; and by executing risk control and mitigation programs.
We employ an enterprise-wide approach to all risk taking and risk management activities globally. The enterprise risk management (“ERM”) framework sets out policies and standards of practice related to risk governance, risk identification, risk measurement, risk monitoring, and risk control and mitigation. With an overall goal of effectively executing risk management activities, we continuously invest to attract and retain qualified risk professionals, and to build, acquire and maintain the necessary processes, tools and systems.
We manage risk taking activities against an overall risk appetite, which defines the amount and type of risks we are willing to assume. Our risk appetite reflects the Company’s financial condition, risk tolerance and business strategies. The quantitative component of our risk appetite establishes total Company targets defined in relation to economic capital, regulatory capital required, and earnings sensitivity.
We have further established targets for each of our principal risks to assist us in maintaining appropriate levels of exposures and a risk profile that is well diversified across risk categories. In 2010, we cascaded the targets for the majority of our principal risks down to the business level, to facilitate the alignment of business strategies and plans with the Company’s overall risk management objectives.
Individual risk management programs are in place for each of our broad risk categories: strategic, market, liquidity, credit, insurance and operational. To ensure consistency, these programs incorporate policies and standards of practice that are aligned with those within the enterprise risk management framework, covering:

■ Assignment of risk management accountabilities across the organization;
■ Delegation of authorities related to risk taking activities;
■ Philosophy and appetite related to assuming risks;
■ Establishment of specific risk targets or limits;
■ Identification, measurement, assessment, monitoring, and reporting of risks; and
■ Activities related to risk control and mitigation.

Such frank discussion of risk and risk management may be seen by some US insurers’ management to be dangerous.  In the rest of the world, it is moving towards a situation where NOT discussing risk and risk management frankly and openly is a risk to management.

Which would you prefer?

Solar Risk

At least 75% of the US has experienced some Solar Risk this summer. Temperatures were into triple digits.

(in Fahrenheit. Fahrenheit is a part of the ancient measuring system that only America uses. 100F is 37.7C. Not so magical stated that way.  But it is still exceptional.)

But very different solar risk is thought to be on the way.  Solar Storms are thought to entering a busy season and to have the capability of wrecking havoc on various electromagnetic broadcast and receiving systems.  GPS systems are thought to be particularly vulnerable.

The last major storm to hit earth reportedly caused the emerging telegraph systems in the US and Europe to encounter problems.  We now depend upon many, many complex electronic systems.

But see what happens if you try to get your firm to prepare for violent solar storms.  The best that may happen is that you would be laughed out of the room.

So do your own preparation.  Carry a map.

ERM Discosure

Here is a tip from the IRMI about how to get started with a new ERM program:

✓ If  you  are  a  public  company,  begin  by asking  the  person  or  group  that  identifies  risks  for  SEC  reports  to  also  identify
the top three corrective actions for the next quarter. Update the list quarterly.

That sounds like a great suggestion.  RISKVIEWS has always been amazed that the standard for disclosure in the US has been to disclose risks but not to say anything about what the firm is doing about those risks.  Based upon the standard disclosures, it is almost impossible to tell the difference between a firm with state of the art risk management and a firm with almost none.

But recently, companies, even in the US, are increasingly including a mention of their risk management activities along with the required laundry list of risks.

Just picking a public firm at random, here is an excerpt from Allstate’s risk disclosure:

As a property and casualty insurer, we may face significant losses from catastrophes and severe weather events

Because of the exposure of our property and casualty business to catastrophic events, our operating results and financial condition may vary significantly from one period to the next. Catastrophes can be caused by various natural and man-made disasters, including earthquakes, volcanoes, wildfires, tornadoes, hurricanes, tropical storms and certain types of terrorism. We may incur catastrophe losses in our auto and property business in excess of: (1) those experienced in prior years, (2) those that we project would be incurred based on hurricane and earthquake losses which have a one percent probability of occurring on an annual aggregate countrywide basis, (3) those that external modeling firms estimate would be incurred based on other levels of probability, (4) the average expected level used in pricing or (5) our current reinsurance coverage limits.Despite our catastrophe management programs, we are exposed to catastrophes that could have a material adverse effect on operating results and financial condition. For example, our historical catastrophe experience includes losses relating to Hurricane Katrina in 2005 totaling $3.6 billion, the Northridge earthquake of 1994 totaling $2.1 billion and Hurricane Andrew in 1992 totaling $2.3 billion. We are also exposed to assessments from the California Earthquake Authority and various state-created catastrophe insurance facilities, and to losses that could surpass the capitalization of these facilities. Our liquidity could be constrained by a catastrophe, or multiple catastrophes, which result in extraordinary losses or a downgrade of our debt or financial strength ratings.

In addition, we are subject to claims arising from weather events such as winter storms, rain, hail and high winds. The incidence and severity of weather conditions are largely unpredictable. There is generally an increase in the frequency and severity of auto and property claims when severe weather conditions occur.

Green text coloring added by RISKVIEWS to highlight mention of risk management activities.

Another example from Travelers:

Catastrophe losses could materially and adversely affect our results of operations, our financial position and/or liquidity, and could adversely impact our ratings, our ability to raise capital and the availability and cost of reinsurance. Our property and casualty insurance operations expose us to claims arising out of catastrophes. Catastrophes can be caused by various natural events, including, among others, hurricanes and other windstorms, earthquakes, hail, wildfires, severe winter weather, floods and volcanic eruptions. Catastrophes can also be man-made, such as a terrorist attack (including those involving nuclear, biological, chemical or radiological events), explosions, infrastructure failures or a consequence of political instability. The geographic distribution of our business subjects us to catastrophe exposures in the United States, which include, but are not limited to: hurricanes from Maine through Texas; tornadoes throughout the Central and Southeast United States; earthquakes in California, the New Madrid region and the Pacific Northwest region of the United States; wildfires, particularly in the Southwest; and terrorism in major cities in the United States. In addition, our international operations subject us to catastrophe exposures in the United Kingdom, Canada and the Republic of Ireland, as well as to a variety of world-wide catastrophe exposures through our Lloyd’s operations. The incidence and severity of catastrophes are inherently unpredictable, and it is possible that both the frequency and severity of natural and man-made catastrophic events could increase. Some scientists believe that in recent years changing climate conditions have added to the unpredictability and frequency of natural disasters (including, but not limited to, hurricanes, tornadoes, other storms and fires) in certain parts of the world and created additional uncertainty as to future trends and exposures. For example, in recent years hurricane activity has impacted areas further inland than previously experienced, thus expanding our overall hurricane exposure. The catastrophe modeling tools that we use, or that we rely on from outside parties, to help manage certain of our catastrophe exposures are based on assumptions and judgments that are subject to error and mis-estimation and may produce estimates that are materially different than actual results. In addition, our increased presence in certain geographic areas, such as in the Midwest and Western regions of the United States, and any changes in climate conditions could cause our data to be more limited and our catastrophe models to be even less predictive, thus limiting our ability to effectively evaluate and manage such exposures. See ‘‘Item 7— Management’s Discussion and Analysis of Financial Condition and Results of Operations—Catastrophe Modeling’’ and ‘‘—Changing Climate Conditions.’’ The extent of losses from a catastrophe is a function of both the total amount of insured exposure in the area affected by the event and the severity of the event. Increases in the value and geographic concentration of insured property and the effects of inflation could increase the severity of claims from catastrophic events in the future. In addition, states have from time to time passed legislation, and regulators have taken action, that has the effect of limiting the ability of insurers to manage catastrophe risk, such as legislation prohibiting insurers from reducing exposures or withdrawing from catastrophe-prone areas or mandating that insurers participate in residual markets. Participation in residual market mechanisms has resulted in, and may continue to result in, significant losses or assessments to insurers, including us, and, in certain states, those losses or assessments may not be commensurate with our direct catastrophe exposure in those states. If our competitors leave those states having residual market mechanisms, remaining insurers, including us, may be subject to significant increases in losses or assessments following a catastrophe. In addition, following catastrophes, there are sometimes legislative initiatives and court decisions which seek to expand insurance coverage for catastrophe claims beyond the original intent of the policies. Also, our ability to increase pricing to the extent necessary to offset rising costs of catastrophes, particularly in the Personal Insurance segment, requires approval of regulatory authorities of certain states. Our ability or our willingness to manage our catastrophe exposure by raising prices, modifying underwriting terms or reducing exposure to certain geographies may be limited due to considerations of public policy, the evolving political environment, changes in the general economic climate and/or social responsibilities. We also may choose to write business in catastrophe-prone areas that we might not otherwise write for strategic purposes, such as improving our access to other underwriting activities. There are also risks that impact the estimation of ultimate costs for catastrophes. For example, the estimation of reserves related to hurricanes can be affected by the inability to access portions of the impacted areas, the complexity of factors contributing to the losses, the legal and regulatory uncertainties and the nature of the information available to establish the reserves. Complex factors include, but are not limited to: determining whether damage was caused by flooding versus wind; evaluating general liability and pollution exposures; estimating additional living expenses; the impact of demand surge; infrastructure disruption; fraud; the effect of mold damage; business interruption costs; and reinsurance collectability. The timing of a catastrophe’s occurrence, such as at or near the end of a reporting period, can also affect the information available to us in estimating reserves for that reporting period. The estimates related to catastrophes are adjusted as actual claims emerge and additional information becomes available. Exposure to catastrophe losses or actual losses following a catastrophe could adversely affect our financial strength and claims-paying ratings and could impair our ability to raise capital on acceptable terms or at all. Also, as a result of our exposure to catastrophe losses or actual losses following a catastrophe, rating agencies may further increase capital requirements, which may require us to raise capital to maintain our ratings or adversely affect our ratings. A ratings downgrade could hurt our ability to compete effectively or attract new business. In addition, catastrophic events could cause us to exhaust our available reinsurance limits and could adversely impact the cost and availability of reinsurance. Such events can also impact the credit of our reinsurers. For a discussion of our catastrophe reinsurance coverage, see ‘‘Item 1—Business—Reinsurance—Catastrophe Reinsurance.’’ Catastrophic events could also adversely impact the credit of the issuers of securities, such as states or municipalities, in whom we have invested. In addition, coverage in our reinsurance program for terrorism is limited. Although the Terrorism Risk Insurance Program Reauthorization Act of 2007 (the Act) provides benefits in the event of certain acts of terrorism, those benefits are subject to a deductible and other limitations. Under this law, once our losses exceed 20% of our commercial property and casualty insurance premium for the preceding calendar year, the federal government will reimburse us for 85% of our losses attributable to certain acts of terrorism which exceed this deductible up to a total industry program cap of $100 billion. Our estimated deductible under the program is $2.08 billion for 2011. In addition, because the interpretation of this law is untested, there is substantial uncertainty as to how it will be applied to specific circumstances. It is also possible that future legislative action could change the Act. Because of the risks set forth above, catastrophes such as those caused by various natural events or man-made events such as a terrorist attack, including ‘‘unconventional’’ acts of terrorism involving nuclear, biological, chemical or radiological events, could materially and adversely affect our results of operations, financial position and/or liquidity. Further, while we seek to manage our exposure to man-made catastrophic events involving conventional means, there can be no assurance that we would have sufficient resources to respond to claims arising out of one or more man-made catastrophic events involving so-called weapons of mass destruction, including nuclear, biological, chemical or radiological means.

Travelers actually has a section of the 10k devoted to Catastrophe modeling:

CATASTROPHE MODELING

The Company uses various analyses and methods, including computer modeling techniques, to analyze catastrophic events and the risks associated with them. The Company uses these analyses and methods to make underwriting and reinsurance decisions designed to manage its exposure to catastrophic events. In making underwriting and reinsurance decisions for hurricane and earthquake exposures, the Company uses third-party proprietary computer modeling in an attempt to estimate the likelihood that the loss from a single event occurring in a one-year timeframe will equal or exceed a particular amount. The tables below set forth the estimated probabilities that losses from a single event occurring in a one-year timeframe will equal or exceed the indicated loss amounts (expressed in dollars and as a percentage of the Company’s common equity). For example, on the basis described below the tables, the Company estimates that there is a one percent chance that the Company’s loss from a single U.S. hurricane occurring in a one-year timeframe would equal or exceed $1.1 billion, or 5% of the Company’s common equity at December 31, 2010. Dollars (in billions) Single U.S.

The last disclosure does provide good context for their risk level.  And their ability to even disclose this information suggests a likelihood that they may be actually using this information to manage the risk.

Travelers goes on to take the unusual step for a US insurer of actually directly addressing their ERM program in their 10k:

ENTERPRISE RISK MANAGEMENT

As a large property and casualty insurance enterprise, the Company is exposed to many risks. These risks are a function of the environments within which the Company operates. Since certain risks can be correlated with other risks, an event or a series of events can impact multiple areas of the Company simultaneously and have a material effect on the Company’s results of operations, financial position and/or liquidity. These exposures require an entity-wide view of risk and an understanding of the potential impact on all aspects of the Company. It also requires the Company to manage its risk-taking to be within its risk appetite in a prudent and balanced effort to create and preserve value for all of the Company’s stakeholders. This approach to Company-wide risk evaluation and management is commonly called Enterprise Risk Management (ERM). ERM activities involve both the identification and assessment of a broad range of risks and the execution of synchronized strategies to effectively manage such risks. Effective ERM also includes the determination of the Company’s risk capital needs, which takes into account regulatory requirements and credit rating considerations, in addition to economic and other factors. ERM at the Company is an integral part of business operations. All risk owners across all functions, all corporate leaders and the board of directors are engaged in ERM. ERM involves risk-based analytics, as well as reporting and feedback throughout the enterprise in support of the Company’s long-term financial strategies and objectives. The Company uses various methods, including sophisticated computer modeling techniques, to analyze catastrophic events and the risks associated with them. These analyses and methods are used in making underwriting and reinsurance decisions as part of managing the Company’s exposure to catastrophic events. In addition to catastrophe modeling and analysis, the Company also models and analyzes its exposure to other extreme events. These analytical techniques are an integral component of the Company’s ERM process and further support the Company’s long-term financial strategies and objectives. In addition to the day-to-day ERM activities within the Company’s business units, other key internal risk management functions include the Management Committee (comprised of the Company’s Chief Executive Officer and the other most senior members of management), the Enterprise and Underwriting Risk Committees of management, the Credit Committee, the Chief Compliance Officer, the Business Conduct Officer, the Corporate Actuarial group, the Corporate Audit group, the Accounting Policy group, the Enterprise Underwriting group and many others. A senior executive oversees the ERM process. The mission of this executive is to facilitate risk assessment and to collaborate in implementing effective risk management strategies throughout the Company. Another strategic ERM objective of this executive includes working across the Company to enhance effective and realistic risk modeling capabilities as part of the Company’s overall effort to understand and manage its portfolio of risks to be within its risk appetite. Board oversight of ERM is provided by the Risk Committee of the board of directors, which reviews the strategies, processes and controls pertaining to the Company’s insurance operations and oversees the implementation, execution and performance of the Company’s ERM program. The Company’s ERM efforts build upon the foundation of an effective internal control environment. ERM expands the internal control objectives of effective and efficient operations, reliable financial reporting and compliance with applicable laws and regulations, to fostering, leading and supporting an integrated, risk-based culture within the Company that focuses on value creation and preservation. However, the Company can provide only reasonable, not absolute, assurance that these objectives will be met. Further, the design of any risk management or control system must reflect the fact that there are resource constraints, and the benefits must be considered relative to their costs. As a result, the possibility of material financial loss remains in spite of the Company’s significant ERM efforts. An investor should carefully consider the risks and all of the other information set forth in this annual report, including the discussions included in ‘‘Item 1A—Risk Factors,’’ ‘‘Item 7A—Quantitative and Qualitative Disclosures About Market Risk,’’ and ‘‘Item 8—Financial Statements and Supplementary Data.’’

And finally, Travelers does disclose in the list of management that there are two senior executives, out of about 50 listed, with the words “Enterprise Risk Management” as a part of their title.

Charging into the Valley of Death

Half a league, half a league,
Half a league onward,
All in the valley of Death
Rode the six hundred.
“Forward, the Light Brigade!
“Charge for the guns!” he said:
Into the valley of Death
Rode the six hundred.

From Charge of the Light Brigade, by Alfred, Lord Tennyson

 In about 30 minutes, over 2/3 of the British Light Brigade were slaughtered in 1854.  Horsemen with swords charged cannon and rifles and grapeshot.   Tennyson made it sound grand and brave and somehow an admirable thing.  But Tennyson points out the the fact that it made no sense to do what they were doing – that the soldiers knew it.

“Forward, the Light Brigade!”
Was there a man dismay’d?
Not tho’ the soldier knew
Someone had blunder’d:
Theirs not to make reply,
Theirs not to reason why,
Theirs but to do and die:
Into the valley of Death
Rode the six hundred.

Military schools have used the story of the charge as an example of what can go wrong when intelligence is weak at the command center and when orders are ambiguous.

The Earl of Cardigan who was in command, reported to Parliament:

But what, my Lord, was the feeling and what the bearing of those brave men who returned to the position. Of each of these regiments there returned but a small detachment, two-thirds of the men engaged having been destroyed? I think that every man who was engaged in that disastrous affair at Balaklava, and who was fortunate enough to come out of it alive, must feel that it was only by a merciful decree of Almighty Providence that he escaped from the greatest apparent certainty of death which could possibly be conceived.

You might ask what this might have to do with Risk Management?

While the willingness to follow orders might have appealed to the Victorian English, those are not the sort of folks that you want handling risk.  Following orders that are that far wrong is not what you want someone doing with the  risks to your firm’s existence.

You want people in both your risk management area and in the front line areas where there is the most risk taking to be the sorts who question authority when they do not understand why a new order makes sense.

Risk needs to be attended to at both the center and the fringes.  And thoughtfully attended to.  When the risk seems high to someone, that should be a signal to reconsider.

Reporting on an ERM Program

In a recent post, RISKVIEWS stated six key parts to ERM.  These six ideas can act as the outline for describing an ERM Program.  Here is how they could be used:

1.  Risks need to be diversified.  There is no risk management if a firm is just taking one big bet.

REPORT: Display the risk profile of the firm.  Discuss how the firm has increased or decreased diversification within each risk and between risks in the recent past.  Discuss how this is a result of deliberate risk and diversification related choices of the firm, rather than just a record of what happened as a result of other totally unrelated decisions. 

2.  Firm needs to be sure of the quality of the risks that they take.  This implies that multiple ways of evaluating risks are needed to maintain quality, or to be aware of changes in quality.  There is no single source of information about quality that is adequate.

REPORT:  Display the risk quality of the firm.  Discuss how the firm has increased or decreased risk quality in the recent past and the reasons for those changes.  Discuss how risk quality is changing in the marketplace and how the firm maintains the quality of the risks that are chosen.

3.  A control cycle is needed regarding the amount of risk taken.  This implies measurements, appetites, limits, treatment actions, reporting, feedback.

REPORT:  The control cycle will be described in terms of who is responsible for each step as well as the plans for remediation should limits be breached.  A record of breaches should also be shown.  (Note that a blemish-less record might be a sign of good control or it might simply mean that the limits are ineffectively large.)  Emerging risks should have their own control cycle and be reported as well.

4.  The pricing of the risks needs to be adequate.  At least if you are in the risk business like insurers, for risks that are traded.  For risks that are not traded, the benefit of the risk needs to exceed the cost in terms of potential losses.

REPORT:  For General Insurance, this means reporting combined ratio.  In addition, it is important to show how risk margins are similar to market risk margins.  Note that products with combined ratios over 100% may or may not be profitable if the reserves do not include a discount for interest.  This is accomplished by mark-to-market accounting for investment risks.  Some insurance products have negative value when marked to market (all-in assets and liabilities) because they are sold with insufficient risk margins.  This should be clearly reported, as well as the reasons for that activity.  

5.  The firm needs to manage its portfolio of risks so that it can take advantage of the opportunities that are often associated with its risks.  This involves risk reward management.

REPORT:  Risk reward management requires determining return on risk for all activities as well as a planning process that starts with projections of such and a conscious choice to construct a portfolio of risks.  This process has its own control cycle.  The reporting for this control cycle should be similar to the process described above.  This part of the report needs to explain how management is thinking about the diversification benefits that potentially exist from the range of diverse risks taken.  

6.   The firm needs to provision for its retained risks appropriately, in terms of set asides (reserves or technical provisions) for expected losses and capital for excess losses.

REPORT:  Losses can be shown in four layers, expected losses, losses that decrease total profits, losses that exceed gains from other sources but that are less than capital and losses that exceed capital.  The likelihood of losses in each of those four layers should be described as well as the reasons for material changes.  Some firms will choose to report their potential losses in two layers, expected losses, losses that reach a certain likelihood (usually 99.5% in a year or similar likelihood).  However, regulators should have a high interest in the nature and potential size of those losses in excess of capital.  The determination of the likelihood of losses in each of the four layers needs to reflect the other five aspects of ERM and when reporting on this aspect of ERM, discussion of how they are reflected would be in order.  

Reading about ERM

Have you read any good books or papers about ERM?

Looking for a good book or paper about an ERM related topic?

Try  http://ermbooks.wordpress.com/

That blog has about 50 comments about specific books or articles about ERM as well as lists from various places that give dozens more possible readings.

Suggestions of additional books and articles to add to the blog would be highly appreciated.

 

How Much Debt is Too Much?

It seems limitless.  The amount of debt that a AAA firm can guarantee.  But it really isn’t.  It seemed limitless to AIG.  So limitless that they were willing to hire a bunch of traders to trade off the AAA of AIG to make an extra $25 or $50 million a year.  Eventually, AIGFP became a major part of the firm’s profits.  But to keep contributing to the growth of the earnings of AIG, they had to take on more and more.  To put the AAA more and more at risk.  Until, one day, it was too much.

So it seemed for a AAA country.  There seems to be no evidence that anyone thought that there was any limit to the amount of debt that the US could take on or guarantee.  At least not since Rubin was in charge at Treasury.  Wars and Tax cuts and Prescription Drugs and bank bailouts and auto bailouts and stimulus spending and taking on the debts of Fannie and Freddie.  No end, and seemingly no consideration that there was any limit.

Source: IMF World Economic Outlook

People also operated as if debt does not matter.  They were living high off of the “house as ATM” thinking.  Without thinking that they were adding debt.  Few people realized that if you have a $1 million house and a $1 million mortgage that you were not the same as someone without a house and without a mortgage.  The 100% leveraged house had tremendous percentage upside for the homeowner, but also tremendous downside.  Again, few realized that they were $1 million exposed to housing price fluctuation and that they were also exposed to a huge amount of earnings risk.  If their earnings went down, they were still liable for the mortgage.

It was all what Minsky called Ponzi thinking.  During the Ponzi phase to the economy, many people would make choices to expand their debt with the presumption that they would take out future loans to pay off the debt.  During this phase, some or if the phase lasts long enough, most of the investments are not at all self supporting.  New debt can only be sustained by future borrowing that is needed for both the payment of principle and interest.  Sounds crazy, but a significant amount of the mortgage debt that has given so much trouble was written on exactly that basis.

Minsky had two more phases.  The speculative phase is where normal investment activity in the economy could support the interest payments on the debt that financed it, but the loans would need to be rolled over to provide support for the principle.  Commercial real estate is usually financed on this basis, in good times and bad.

The hedge phase in where the business investments are able to support repayment of both principle and interest.

Minsky described the economy as shifting between the three phases.  He thought that the Fed had enough control over the banks to keep the economy from staying in the Ponzi phase for too long.  The Ponzi phase would often be accompanied by inflation so the Fed, even if they did not buy into Minsky’s theories, would move to put a stop to the extreme overleveraging of the Ponzi phase.  (But if you remember, they did not this time.)

So how much debt is too much?  Certainly when the amount of debt gets into the Ponzi stage, it is too much.  Personally, I like to keep my personal debt in the Hedge range.  But businesses and countries that are more eternal than RISKVIEWS may think it best to maintain a Speculative level of debt.

RISKVIEWS would suggest that businesses and countries need to look at their debt levels over a cycle.  So that they should avoid the excesses of Ponzi borrowing in good times and in fact stay closer to the Hedge end of Specultative borrowing in the best of times so that the borrowing increases in the worst of times does not push things into the Ponzi phase.

That is really the underlying issue that is facing the US and EU about sovereign debt levels.  They ran up too much debt in the good times, towards the Ponzi end of Speculative and the extra spending and lower income of the bad times have run them into Ponzi levels.  And at the bottom of the cycle, it is difficult to envision getting back to a lower speculative level.

‘This time may seem different, but all too often a deeper look shows it is not. Encouragingly, history does point to warning signs that policy makers can look at to assess risk—if only they do not become too drunk with their credit bubble–fueled success and say, as their predecessors have for centuries, “This time is different.”  from This Time is Different: Eight Centuries of Financial Folly, by Ken Rogoff and Carmen Reinhart

The Tea Party as a Conservator Group

The Tea Party movement in the US is well known for its lack of formal leadership and its insistence on absolute purity of ideas.

The Tea Party is an excellent example of a Conservator group in the updated terminology of Plural Rationalities.

The Conservators have the view that the world is an extremely risky place.  That deviation from the norm will cause disaster.  In fact, this Conservator group believes that the deviation has already taken place and that it is extremely important to put things back in place.

To Conservator groups it is extremely important to maintain agreement by everyone in the group to the group ideas.  They are much more likely to expel a member of the group than to allow for diversity of thought. In addition, these groups tend to an egalitarian group structure.  There is very low hierarchy in these groups.  Individual groups tend to be small.  Slight diversity of ideas tend to result in the creation of splinter groups.

The Conservator type group is actually called Egalitarians by the Anthropologists.  Their group ideas are inspired by the perception that the world is experiencing very adverse times.  In this perception they are linked to reality when such times actually exist.  Their group will gain adherents in such times as others notice the adversity and some to believe as well.

The Conservator group strategy is to seek to pull back and control risk taking so that they can keep (or in this case return to) safety.

Ironically, the Environmental movement is another contemporary example of a Conservator group.  Their approach to the world is very similar to the Tea Party in their belief that things are out of kilter and that a major pulling back is needed to get things to be safe.  They also have the same leanings toward purity of thinking and splinter groups.

The Theory of Plural Rationalities suggests that people and groups of people will always exist who have the Conservator point of view.  But when the environment aligns better with their dire view, they will attract more adherents and possibly even dominance.

When they dominate a society, there will be relatively little growth and investment.  They tend to want to keep things the same.  New ideas are not favored.  During the reign of the Conservators, excess capacity will doubtless build up which will eventually be put to use and create relative prosperity undermining the message of the Conservators.
Eventually, people will notice that some other group that is not as fixed in its approach will be doing better.  People will drift away from the Conservators to the other groups and it will lose influence.  Those other groups will be taking one of three approaches:

• Some will be making smaller investments like the Conservators, but will be widely diversified in their approach, unlike the tightly focused Conservators.  Eventually one of their many investments will take off.  These are the Pragmatists and they are best suited for the Uncertain environment.
• Some will be the entrepreneurs who will charge ahead with new ideas and new ventures anyway.  They are most likely to put the excess capacity to use and create the prosperity.  They are the Maximizers.  Their approach is best suited for Boom times.
• Some will be looking for the large organizations, the governments and the large corporations to save the economy.  They favor a guided approach to innovation and growth and investments.  They are the Managers.  Their approach is best suited to Moderate times.  They hope to extend those moderate times forever through careful management of the economy.

The Tea Party is not a purely Conservator group.  Some of their main ideas are Maximizer ideas.  They are directly opposed to both the Conservator and Manager strands of the Democratic party.  The Conservator strands of the Democrats are the people who are very much in favor of helping the needy and the labor movement.  The Manager strands of the party are the big government folks who believe that the world can be made a better place by government actions.  The Republican party also has had Manager strands with its historical support of big business and the military who are both strongly Manager groups.

Actuarial Risk Management Volunteer Opportunity

Actuarial Review of Enterprise Risk Management Practices –

A Working Group formed by The Enterprise and Financial Risks Committee of the IAA has started working on a white paper to be titled: “Actuarial Review of Enterprise Risk Management Practices”.  We are seeking volunteers to assist with writing, editing and research.

This project would set out a systematic process for actuaries to use when evaluating risk management practices.  Actuaries in Australia are now called to certify risk management practices of insurers and that the initial reaction of some actuaries was that they were somewhat unprepared to do that.  This project would produce a document that could be used by actuaries and could be the basis for actuaries to propose to take on a similar role in other parts of the world.  Recent events have shown that otherwise comparable businesses can differ greatly in the effectiveness of their risk management practices. Many of these differences appear to be qualitative in character and centered on management processes. Actuaries can take a role to offer opinion on process quality and on possible avenues for improvement. More specifically, recent events seem likely to increase emphasis on what the supervisory community calls Pillar 2 of prudential supervision – the review of risk and solvency governance. In Solvency II in Europe, a hot topic is the envisaged requirement for an ‘Own Risk and Solvency Assessment’ by firms and many are keen to see actuaries have a significant role in advising on this. The International Association of Insurance Supervisors has taken up the ORSA requirement as an Insurance Core Principle and encourages all regulators to adopt as part of their regulatory structure.  It seems an opportune time to pool knowledge.

The plan is to write the paper over the next six months and to spend another six months on comment & exposure prior to finalization.  If we get enough volunteers the workload for each will be small.   This project is being performed on a wiki which allows many people to contribute from all over the world.  Each volunteer can make as large or as small a contribution as their experience and energy allows.  People with low experience but high energy are welcome as well as people with high experience.

A similar working group recently completed a white paper titled the CARE report.  http://www.actuaries.org/CTTEES_FINRISKS/Documents/CARE_EN.pdf  You can see what the product of this sort of effort looks like.

Further information is available from Mei Dong, or David Ingram

==============================================================

David Ingram, CERA, FRM, PRM
+1 212 915 8039
(daveingram@optonline.net )

FROM 2009

ERM BOOKS – Ongoing Project – Volunteers still needed

A small amount of development work was been done to create the framework for a global resource for ERM Readings and References.

http://ermbooks.wordpress.com

Volunteers are needed to help to make this into a real resource.  Over 200 books, articles and papers have been identified as possible resources ( http://ermbooks.wordpress.com/lists-of-books/ )

Posts to this website give a one paragraph summary of a resource and identify it within several classification categories.  15 examples of posts with descriptions and categorizations can be found on the site.

Volunteers are needed to (a) identify additional resources and (b) write 1 paragraph descriptions and identify classifications.

If possible, we are hoping that this site will ultimately contain information on the reading materials for all of the global CERA educational programs.  So help from students and/or people who are developing CERA reading lists is solicited.

Participants will be given author access to the ermbooks site.  Registration with wordpress at www.wordpress.com is needed prior to getting that access.

Please contact Dave Ingram if you are interested in helping with this project.

(more…)

Is there a “Normal” Level for Volatility?

Much of modern Financial Economics is built upon a series of assumptions about the markets. One of those assumptions is that the markets are equilibrium seeking. If that was the case, it would seem that it would be possible to determine the equilibrium level, because things would be constantly be tugging towards that level.
But look at Volatility as represented by the VIX…

The above graph shows the VIX for 30 years.  It is difficult to see an equilibrium level in this graph.

What is Volatility?  It is actually a mixture of two main things as well as anything else that the model forgets.  It is a forced value that balances prices for equity options and risk free rates using the Black Scholes formula.

The two main items that are cooked into the volatility number are market expectations of the future variability of returns on the stock market and the second is the risk premium or margin of error that the market wants to be paid for taking on the uncertainty of future transactions.

Looking an the decidedly smoother plot of annual values…

There does not seem to be any evidence that the actual variability of prices is unsteady.  It has been in the range of 20% since it drifted up from the range of 10%.  If there was going to be an equilibrium, this chart seems to show where it might be.  But the chart above shows that the market trades all over the place on volatility, not even necessarily around the level of the experienced volatility.

And much of that is doubtless the uncertainty, or risk premium.  The second graph does show that experienced volatility has drifted to twice the level that it was in the early 1990’s.  There is no guarantee that it will not double again.  The markets keep changing.  There is no reason to rely on these historical analyses.  Stories that the majority of trades today are computer driven very short term positions taken by hedge funds suggest that there is no reason whatsoever to think that the market of the next quarter will be in any way like the market of ten or twenty years ago.  If anything, you would guess that it will be much more volatile.  Those trading schemes make their money off of price movements, not stability.

So is there a normal level for volatility?  Doubtless not.   At least not in this imperfect world.  

Seven Issues from 18 Crises

AIRMIC has recently published a study “Roads to Ruin” performed for them by the Cass Business School (CBS). They had asked CBS to identify lessons that could be learned from 18 high profile corporate crises of the last decade.  CBS found seven main causes for the 18 crises:

1. Inadequate board skills and inability of board members to exercise control
2. Blindness to inherent risks, such as risks to the business model or reputation
3. Inadequate leadership on ethics and culture
4. Defective internal communication and information flow
5. Organizational complexity and change
6. Inappropriate incentives, both implicit and explicit
7. ‘Glass Ceiling’ effects that prevent risk managers from addressing risks emanating from top echelons

The full report goes through the 18 crises in detail.

Of the 18, 7 were finance related:

• Enron
• Arthur Anderson
• Independent Insurance
• HSBC / Nationwide / Zurich Insurance
• Northern Rock
• Société Générale
• American International Group

All 18 occurred between 1999 and 2008.

In that time period, there were quite a few other firms that had major crises.  Such as:

• Yamaichi Securities
• The Equitable
• HIH
• Parmalat
• WorldCom
• The Accident Group
• Terra Securities
• Lehman Bros
• Wachovia Bank
• Bear Sterns
• Merrill Lynch
• Countrywide

These firms were also challenged by the same 8 problems.   The first of those 8 is key.   Board skills and ability of the board to effect change.

The centrality of this issue is troubling to risk managers because the board skills and authority are almost always outside the risk manager’s control.

Just as troubling for the sponsors of the study, AIRMIC, an organization largely of insurance brokers, was that insurable risks payed a very small part in any of the 18 crises.  This is a problem for their ideas of expanding from their current roles managing insurance programs to managing ERM programs.

ERM in most firms has not embraced the idea of managing Strategic Business Risk.  That is natural because CEO’s usually see that as their personal jobs.  Not likely to be delegated to a risk manager.

So ERM will usually be defined as managing ALL of the risks of the firm except the Strategic Risks.

Keeping up with Old ERM Programs – 10 Investor Questions (7)

Riskviews was once asked by an insurance sector equity analyst for 10 questions that they could ask company CEOs and CFOs about ERM.  Riskviews gave them 10 but they were trick questions.  Each one would take an hour to answer properly.  Not really what the analyst wanted.

Here they are:

1. What is the firm’s risk profile?
2. How much time does the board spend discussing risk with management each quarter?
3. Who is responsible for risk management for the risk that has shown the largest percentage rise over the past year?
4. What outside the box risks are of concern to management?
5. What is driving the results that you are getting in the area with the highest risk adjusted returns?
6. Describe a recent action taken to trim a risk position?
7. How does management know that old risk management programs are still being followed?
8. What were the largest positions held by company in excess of risk the limits in the last year?
9. Where have your risk experts disagreed with your risk models in the past year?
10. What are the areas where you see the firm being able to achieve better risk adjusted returns over the near term and long term?

They never come back and asked for the answer key.  Here it is:

One of the most difficult things to accomplish in any organization is continuing to do well the things that were well developed in the past but that are not longer on the “front burner”.

Top management needs to limit attention to the most pressing problems.  So an existing program that is working well is just not likely to get much, if any, top management attention.  Continuing to get it right for the old tried and true parts of the organization is however of vital importance to the success of the organization.

Therefore Middle Management needs to be the keeper of these programs.  In some organization, this actually puts them at odds with top management priorities. Some Middle Managers, the lifers who are more loyal to the organization than to the current top management, will manage to do this under almost all circumstances, risking even their own positions to keep these vital programs going.  Other Middle Managers will feel that they are more loyal to the current management who put them in their positions.  They will reduce resources and even Middle Management attention to these old programs.

So far, this discussion could be about anything.  It does apply to risk management along with many other programs.  Old risk management programs are the base that new Enterprise Risk Management programs are built upon.  The old risk management programs are usually what creates the actual risk level of the firm that ERM then tries to manipulate.  However, if the firm brings in too many new risk managers who do not understand the importance of the old risk management programs, then they are likely to let them wither.

This is a major factor that causes the presumptions of the ERM program to be untrue or unstable.

The trick to this question is that the answer will tell you whether the CEO  is aware of any of this dynamic.  CEOs can be temporarily very successful by shifting all management attention to new products, or markets or programs, such as ERM.  For some period of time, the old risk management programs will continue to operate without any management attention, giving the firm a short free ride.  Eventually, those programs will wither away and the company will start to be hurt because the failure of these old programs that had an unrecognized, but bery real benefit.

A clear example of this is the area of Credit Risk underwriting.  Ten to fifteen years ago, every major financial institution had large credit underwriting staffs and a very carefully administered system for reviewing and coming to an agreement on credit quality of each opportunity for a loan or other extension of credit.  But with the development of trading desks, credit underwriting lost the attention of management.  Eventually, it simply stopped happening in many institutions,  Credit shifted to the trading paradigm.  However, the credit underwriting had a purpose and when it stopped happening, the presumption that credit positions had certain characteristics slowly had less and less meaning.  Until at the height of the credit crisis, a large number of institutions all believed and acted on that belief that very low credit quality positions in sub prime mortgages were actually of the very highest quality.  A small amount of work by an experienced credit underwriting team would have shown that presumption to be totally untrue.  (One firm who didn’t do credit underwriting, but did believe in reality checks sent their traders to spend some time each quarter applying for mortgages in the hottest markets.  Those traders wouldn’t touch any mortgage related exposure.)

So the best answer to this question would be for the CEO to understand the old risk management programs that create the presumptions that their visions for the future are based upon.  And to hear that the CEO values those programs.  As to how the firm keeps those programs going, the fact that the CEO can say the above two statements is probably enough in most firms.  As long as they do not undermine their words by cutting off funding to those old programs.

For extra credit, see if the CEO can actually list these old programs.

Soverign Default Risk

Perspective is very important for a risk manager. That is because lack of perspective leads to many of the largest mistakes.in thinking about the cause and likelihood of loss events.

Regarding the US debt ceiling manufactured crisis, there is very interesting perspective on the issue of the US Federal Debt in an article in the NY Times.  The story links the current Tea Party movement all the way back to Jefferson and Madison.  It seems that the US has always had a major faction strongly opposed to big government and government debt.

However, Riskviews would suggest that some have taken a valid disagreement about the size of government and the level of debt and used that to manufacture a crisis that has the potential to create a second major global recession of the size and scope of the one we have not yet recovered from.

But if you have read the story of the 1930’s history, you will see that is exactly what happened then.  Government policy and actions during the 1930’s took several major turns as the economy staggered up and down.  To this day, there is no agreement of whether one set of government actions or the movements in the opposite direction were the cause or the solution to the problem.

We seem destined to repeat the same sort of lurching process to find our way out.

In fact, we will never know which really works – spending or austerity – to help with a bad part of the business cycle.

Another great source of perspective on Sovereign Default is the Reinhart, Rogoff book This Time is Different.  The book goes through hundreds of years of history and dozens of sovereign defaults.  One of their main conclusions is that sovereign default is usually a politically driven event, rather than a financially driven event.  The drama in Greece follows the historical patterns described in the book.  The involvement of the rest of the EU in the Greece situation is unusual, but not at all unique.

Reinhart and Rogoff make the case that sovereign defaults are mostly political, rather than economic.  That is the thinking that seems to motivate S&P in their downgrade decision on the US debt.  S&P says that

we have changed our view of the difficulties in bridging the gulf between the political parties over fiscal policy, which makes us pessimistic about the capacity of Congress and the Administration to be able to leverage their agreement this week into a broader fiscal consolidation plan that stabilizes the government’s debt dynamics any time soon.

But it is unclear to RISKVIEWS whether there is not also a major long term economic problem for most of the G20 economies.  The demographic imbalances may prove the downfall of one or several of the major economic powerhouses of the past 50 years.

You Must Abandon All Presumptions

If you really want to have Enterprise Risk Management, then you must at all times abandon all presumptions. You must make sure that all of the things to successfully manage risks are being done, and done now, not sometime in the distant past.

A pilot of an aircraft will spend over an hour checking things directly and reviewing other people’s checks.  The pilot will review:

• the route of flight
• weather at the origin, destination, and enroute.
• the mechanical status of the airplane
• mechanical issues that may have been improperly logged.
• the items that may have been fixed just prior to the flight to make certain that system works
• the flight computer
• the outside of the airplane for obvious defects that may have been overlooked
• the paperwork
• the fuel load
• the takeoff and landing weights to make sure that they are within limits for the flight

Most of us do not do anything like this when we get into our cars to drive.  Is this overkill?  You decide.

When you are expecting to fly somewhere and there is a last minute delay because of something that seems like it should have really been taken care of, that is likely because the pilot finds something that someone might normally PRESUME was ok that was not.

Personally, as someone who takes lots and lots of flights, RISKVIEWS thinks that this is a good process.  One that RISKVIEWS would recommend to be used by risk managers.

THE NO PRESUMPTION APPROACH TO RISK MANAGEMENT

Here are the things that the Pilot of the ERM program needs to check before taking off on each flight.

1.  Risks need to be diversified.  There is no risk management if a firm is just taking one big bet.

2.  Firm needs to be sure of the quality of the risks that they take.  This implies that multiple ways of evaluating risks are needed to maintain quality, or to be aware of changes in quality.  There is no single source of information about quality that is adequate.

3.  A control cycle is needed regarding the amount of risk taken.  This implies measurements, appetites, limits, treatment actions, reporting, feedback

4.  The pricing of the risks needs to be adequate.  At least if you are in the risk business like insurers, for risks that are traded.  For risks that are not traded, the benefit of the risk needs to exceed the cost in terms of potential losses.

5.  The firm needs to manage its portfolio of risks so that it can take advantage of the opportunities that are often associated with its risks.  This involves risk reward management.

6.   The firm needs to provision for its retained risks appropriately, in terms of set asides (reserves) for expected losses and capital for excess losses.

A firm ultimately needs all six of these things.  Things like a CRO, or risk committees or board involvement are not on this list because those are ways to get these six things.

The Risk Manager needs to take a NO PRESUMPTIONS approach to checking these things.  Many of the problems of the financial crisis can be traced back to presumptions that one or more of these six things were true without any attempt to verify.

Another Point of View

Good Risk Management requires people who can see things from another point of view.

The various tasks that are required for good risk management actually require different people with different points of view.

• Loss Controlling requires people who are going to be willing to painstakingly review everything that the firm does to make sure that there are not any unintended accumulations of risk (or any risk accumulations that are being deliberately hidden).  These people need to have a point of view that focuses on the details.
• Risk Steering requires people with almost the opposite point of view, the big picture people.  To do good risk steering one must look past all of the details of risk and concentrate on the broad themes of risk that the firm is taking.
• Risk Trading requires people who are very outward focused, who are able to pay attention in the subtle and not so subtle changes in attitudes towards towards different risks in the marketplace.  They also need to be able to discern when changes in the company’s offerings or changes in the risk of the environment.  Their task is to make sure that the price that the company is getting for the risks it assumes is sufficient to pay for both the expected losses as well as appropriate compensation for the possibility of excess losses.
• Emerging Risks management requires people who are able to think outside the box, sometimes totally outside of the box to notice the faint signals that something is changing or something totally new is starting to happen and to imagine what might be needed to cope in the new situation.

Those are just not the same people.  So a smaller firm that has assigned their risk management to one person will be disappointed if that one person is not able to tap the skills of others who actually are readily able to think in these totally different ways.

That is one of the ways that risk management disappoints top management and frustrates the people asked to do it.  Even when an assigned risk manager is allowed or even encouraged to tap into these various other skills and points of view, it is very difficult for one person to even recognize the value of each of these different approaches.  More often the assigned risk manager will plow ahead building the risk management program that fits with their own point of view.

So no matter who you are and how good you are at risk management, remember to look for those people with the point of view that is very different from yours.  And pay attention to that they say about risk.