Archive for September 2011

How to do Risk Management in Lean Times

September 30, 2011

The good news for risk managers is that times have been tough, so that company management is listening more and more to your message.

The bad news for risk managers is that times have been tough, so there is not much budget for anyone, let alone an area where there is no hope of new revenue generation.

So risk managers are being asked to do more and more with less and less.

Here are some tips for how to manage to meet expectations without crashing the budget:

  1. Identify the area or activity that now has the most expensive risk oversight process.  Identify the reason for that expense and make sure that a) there really is a need for that much oversight, b) if so, that the profit margins of the activity support the expense of the oversight and c) if there is a way that the riskiest 20% of that activity produces a high proportion of the profits.  Can a shift in the risk acceptance criteria or the risk limits make a drastic change in oversight needs without a drastic change in profitability?
  2. Get more people involved in risk management.  This seems counter to the idea of decreasing costs of risk management, but in fact it can work well.  Study the things that the risk management staff is spending time on and determine which of those activities can be transfered to the business unit staff who can do the oversight on a very part time basis.  Your risk management staff can then shift to periodic review of their activities instead.  This should be promoted as a natural evolution of risk management.  Ultimately, the business units should be managing their own risk anyway.
  3. Find out which risk reports are not being used and eliminate them.  Constructing management information reports can be a very time consuming part of your staff’s time.  Some of those reports are hopefully being relied upon for major decisions, but there may be some that just sit unread in the in boxes.
  4. Reduce staff support for risk management in areas where activity levels are falling.  It is very important that risk management be ramped up with volumes and just as important that it be seen to ramp down with volumes.
  5. Leverage outside resources.  In fat times, you may be declining free support from vendors and other business partners.  In lean times, they may be even more happy to provide their support.  Just make sure that the help that they give supports your needs.
  6. Reduce frequency of time consuming model runs for risks that just do not change that much from run to run or that change proportionately with volumes of business.  See recent post on model accuracy.
  7. Expand your own personal capacity by delegating more of the matters that have become more routine.  There is a natural tendency for the leader to be involved in everything that is new and important.  Sometimes, you forget to transfer those responsibilities to someone on your staff or even someone outside your staff once you are sure that it is up and going smoothly.  Let go.  Make sure that you have the time that will be needed to take up the next new thing.  Lean times will not last forever and you need to be available to pay attention to the thing that will pull your firm forward into the next stage of robust growth.
These are all the sorts of things that every manager in your firm should be thinking about.  Risk managers should be doing the same sorts of thinking.  You and your function are another natural part of the business environment of the firm.  You will not be immune from the pressures of business, nor should you expect to be.
Advertisements

How many significant digits on your car’s speedometer?

September 29, 2011

Mine only shows the numbers every 20 and has markers for gradations of 5. So the people who make cars think that it is sufficient accuracy to drive a car that the driver know the speed of the car within 5.
And for the sorts of things that one usually needs to do while driving, that seems fine to me. I do not recall ever even wondering what my speed is to the nearest .0001.


That is because I never need to make any decisions that require the more precise value.
What about your economic capital model? Do you make decisions that require an answer to the nearest million? Or nearest thousand, or nearest 1?  How much time and effort goes into getting the accuracy that you do not use?

What causes the answer to vary from one time you run your model to another?  Riskviews tries to think of the drivers of changes as volume variances and rate variances.

The volume variances are the changes you experience because the volume of risk changes.  You wrote more or less business.  Your asset base grew or shrunk.

Rate variances are the changes that you experience because the amount of risk per unit of activity has changed.  Riskviews likes to call this the QUALITY of the risk.  For many firms, one of the primary objectives of the risk management system is to control the QUANTITY of risk.

QUANTITY of risk = QUALITY of risk times VOLUME of risk.

Some of those firms seek to control quantity of risk solely by managing VOLUME.  They only look at QUALITY of risk after the fact.  Some firms only look at QUALITY of risk when they do their economic capital calculation.  They try to manage QUALITY of risk from the modeling group.  That approach to managing QUALITY of risk is doomed to failure.

That is because QUALITY of risk is a micro phenomena and needs to be managed operationally at the stage of risk acceptance.  Trying to manage it as a macro phenomena results in the development of a process to counter the risks taken at the risk acceptance area with a macro risk offsetting activity.  This adds a layer of unnecessary cost and also adds a considerable amount of operational risk.

Some firms have processes for managing both QUANTITY and QUALITY of risk at the micro level.  At the risk acceptance stage.  The firm might have tight QUALITY criteria for risk acceptance or if the firm has a broad range of acceptable risk QUALITY it might have QUANTITY of risk criteria that have been articulated as the accumulation of quantity and quality.  (In fact, if they do their homework, the firms with the broad QUALITY acceptance will find that some ranges of QUALITY are much preferable to others and they can improve their return for risk taking by narrowing their QUALITY acceptance criteria.)

Once the firm has undertaken one or the other of these methods for controlling quality, then the need for detailed and complex modeling of their risks decreases drastically.  They have controlled their accumulation of risks and they already know what their risk is before they do their model.

Ten Commandments for a Crash

September 26, 2011

Joshua Brown wrote “Ten Commandments for a Crash”  – his advice for stock traders in a stock market crash.  Most of his ideas can be generalized to refer to any situation where large losses or even the threat of large losses occurs.

1.  Acknowledge that its a crash.

This is first and most difficult.  The natural impulse of humans when things look worse than they ever imagined is to close your eyes and hope that it was a dream.  To wait for things to come back to normal.  But sometimes the only survivors are the people who stopped imagining a return to normal first and accepted the bad news as reality.

2.  Pencils Down! 

This means abandoning your research based upon the previous paradigm.  Do not run the model one more time to see what it says.  All of the model parameters are now suspect.  You do not usually know enough to say which ones are still true.

3.  Don’t listen to “stockpickers” or sell-side equity analysts.

Get your head out of the nits.  Your usual business may require that you are a master of the details of your markets.  You are looking to build your year’s result up over 52 weeks, looking to create 1/52 of your target return each week.  But when the crisis hits, the right macro decisions can change your results by half a year’s worth of normal business.

4.  Ignore the asset-gatherers and the brokerage firm strategists,

Know the bias of the people you are getting advice from.  They may be saying what is necessary for THEIR firm to make it through the crash, no matter what their advice would do to you.

5.  Make sacrifices

You are going to need to let go of one or several of the things that you were patiently nursing along in hopes of a big payoff later on when they came around.  Make these decisions sooner rather than later.  Otherwise, they will be dragging you down along with everything else.  Think of it as a scale change.  The old long term opportunities mostly become losers while some of the marginally profitable situations become your new opportunities.  Choose fast.

6.  Make two lists.

Those are the lists of things that you might now want to start doing if the terms suddenly get sweeter and the things where you plan to dump unless you can tighten the terms.  Keep updating the list every day as you get new information.  Act on the list as opportunities change.

7.  Watch sentiment more closely

This is the flip side to #1 above.  The analysis may no longer be of help, but a good handle on the sentiment of your market will be invaluable.  It will tell you when it is time to press for the stricter terms from your list #6.

8.  Abandon any hope or intention of catching the bottom.

This may be an excuse for not making decisions when things are unclear.  Guess what?  THe bottom is only ever clear afterwards.

9.  Suspend disbelief.

Any opinions that you have that some aspect of your business environment will never get “that” bad will often be trashed by reality.  In case you have been asleep for the last decade, each crisis results in new bigger losses than ever before.  The sooner you get off the illusion that you know exactly how bad it can get, the sooner you will be making the right decisions and avoiding totally wrongly timed moves.

10.  Stop being a know-it-all and shut up.

Everyone out there seems to know a small part of what is happening that no one else knows and is totally ignorant of most of what is going on from their own internal sources.  If you talk all of the time, you will never learn those other pieces of the puzzle.

A good list.  Some things to think about.  A challenge to work these ideas into your planning for emerging risks.  Need to practice adopting this point of view.

Read more: http://www.thereformedbroker.com/2011/09/22/the-ten-crash-commandments/#ixzz1YsTTo7ky

Climbing the Risk Management Mountain

September 24, 2011

The pursuit of risk management is in some respects like climbing a mountain.

Your choice of the risks that you will plan to manage (rather than avoiding or eliminating) is like your choice of mountain. Some mountains will be more difficult to climb than others. Some have well worn paths to the top. And sometimes there is a shift in the weather than makes even the most traveled path unusually dangerous.

Some folks have been living on the side of their mountain for generations. They considered that they are the experts of that particular mountain. But then one day, a band of outlanders shows up with new equipment and takes a new route that takes them higher up the mountain than any of the locals have ever gone.  Sometimes, however, those outsiders only look like they are going straight to the top.  Sometimes they are stopped short by perils that the locals knew well.  With risk management, there have been firms managing some risks for a long time who have been brushed aside by competitors with rocket scientists.  Some of those rockets took the firms right to the top, others flamed out along the way.

There are many ways to approach climbing a mountain.  Some choose the southern route, others the northern.  And many different places to stop the climb and declare success.  For some risk managers, the climb may stop when the largest one or two risks of the firm are separately under control.  Others will seek to reach the spot on the mountain where the capital model can be found.  They undertook climbing risk management mountain to get a handle on managing their capital.  A third group will stay unswervingly on the path that is laid out with the railings and signs put there by the regulators.  They seek only to achieve the point on the mountain of regulatory compliance.  They do not seem to care that standing for too long on that spot may not be safe in all weather either.  The final group is looking to get to the top of the mountain, to stand on the highest pinnacle.  They feel that mastering risk management can only be done if they are standing on top of all of their risks at once.  They feel that any other spot on the risk management mountain is not for them.

Having spotted the place where they want to end up, many people stand transfixed by the immense task ahead of them and fail to start.  They do not see any way that they can get from where they are to that remote point up the mountain that is partially obscured by the clouds.  They see some others already at those points and cannot figure out how to jump right up to join them.

They sometimes do not realize that those who are already far up the path got there most often by focusing instead on the next step, rather than on the endpoint.  Some of those who are far up the mountain may in fact have started out to reach a different point and made corrections to their ascent path as the realized the conditions as well as their own capabilities.

Others who already live part way up the mountain are confused.  They are looking at the instruction manual for climbing this mountain.  The book always starts at the bottom of the mountain.  And it assumes that you are someone who does not already own some (possibly most) of the equipment needed for climbing.   The whole thing seems impossible to make sense out of for you.  You are not even going to consider going to the bottom of the mountain and leaving all of your equipment and expertise behind.

Most insurers are in the position of the villagers living on the side of the mountain.  They are getting instructions to start at the bottom of the south side of Risk Management Mountain, while they live on the north.  What they need is not generic instructions.  What they need is instructions that start with what they know and with the equipment and experience that they have.  They need to know the best path to get to the place where they want to go from where they are.

Diversity and Resilience

September 19, 2011

Can’t we all just learn to “Get it Right”?

Just picture a ship with a large flat deck and thousands of passengers on the deck. The boat lists to one side and the passengers scurry to the other side to avoid going over the edge in the side that is dipping. Guess what happens? The boat now lists to the other side. Stabilizing the boat requires that everyone is spread about the entire deck. But since we do not necessarily know the exact spots where everyone needs to stand, some moving around makes sense. Just as long as everyone does not start moving together.

The world we live in is a much more complex and dynamic system than a ship at sea. We definitely do not know what is the safest course of action for everyone to take. We do know what hasn’t worked. We suspect that some of the things that we thought did work in the past were actually not good ideas. We do not know how to get the world to go backwards in time to when things were working best. In fact, they weren’t working best for someone then anyway.

Diversity is the most sensible approach when we do not know what will work. With a diversified approach it is quite possible that some will be doing the exact wrong thing, but at the same time, some will be doing the best thing for what comes next.

Only if we are certain of what will come next can we be sure to pick the best course. When too many people pick any single course of action, however, there often are unintended consequences.
Never before had mortgage loans in the US all gone down together, but when everyone started to increase the amount of leverage in the mortgage system, the leverage itself became the cause of massive correlation.

Ecological systems that are more diverse are more resilient. Human systems are the same.

You need to know how much risk you’ve been taking first

September 15, 2011

Everyone struggles with choosing a risk appetite.  But that is the first mistake.  Risk appetite will not be singular.  Risk Appetite is plural.  It refers to any aspect of risk that goes beyond what you will comfortably accept.

In the paper Risk and Light, it mentions a number of aspects of risk:

  • Type A Risk – Short Term Volatility of cash flows in 1 year
  • Type B Risk – Short Term Tail Risk of cash flows in 1 year
  • Type C Risk – Uncertainty Risk (also known as parameter risk)
  • Type D Risk – Inexperience Risk relative to full multiple market cycles
  • Type E Risk – Correlation to a top 10
  • Type F Risk – Market value volatility in 1 year
  • Type G Risk – Execution Risk regarding difficulty of controlling operational losses
  • Type H Risk – Long Term Volatility of cash flows over 5 or more years
  • Type J Risk – Long Term Tail Risk of cash flows over 5 years or more
  • Type K Risk – Pricing Risk (cycle risk)
  • Type L Risk – Market Liquidity Risk
  • Type M Risk – Instability Risk regarding the degree that the risk parameters are stable

It is quite possible that a full risk appetite would could address each of these aspects of risk and more.

But a more difficult hurdle is the fact that in many cases risk exposure is not consciously known.  In some cases, that is because of a confusion between RISK and LOSS.  Some of that is because of the overuse of the word risk.  In many situations, risk is used to mean an expected loss.

But for risk appetite, it is never the expected loss or even the actual losses that is of concern for a risk appetite.  The risk that matters is the potential for future loss.

But to have any idea of how much risk that a person or a firm might be comfortable with, they need to have experience with risk.  To have an  articulate risk appetite, that experience must have been quantified.

How much was the risk exposure last year?  How much was it the previous year?

And when we try to think of how much risk, we need to recognize that risk has many aspects that may need to be quantified.  Risk is complicated.  It does not reside in a single number.

Why would we think that it did?  Try to name anything important that can be represented with a single number.  Can you represent your car with a single number?  Can you represent your brother with a single number?  Can you represent a book with a single number?  Risk is a potential for future loss, that potential has many more possibilities than an existing physical object.  The object needs to represented by many different numbers.

But not all of the aspects of risk are ultimately important in most situations.

But before anyone or any business can form a risk appetite, they need to identify the characteristics of risk that are most important to them and then they need to build an experience base.  They need to know how much risk that they have taken in the past.  They need to know how much they can get paid for taking the risk.  They need to know when they were at risk of having their lights put out.

Better to have this experience in real time.  But second best is to work backwards into the past.

Faced with real information, matched up to real experience, then the stories of how to create a risk attitude will then start to make sense.

But up til then, it just won’t mean anything.

Who are we kidding?

September 14, 2011

When we say that we are “measuring” the 1/200 risk of loss of our activities?
For most risks, we do not even have one observation of a 200 year period.
What we have instead is an extrapolation based upon an assumption that there is a mathematical formula that relates the 1/200 year loss to something that we do have confidence in.

Let’s look at some numbers.  I am testing the idea that we might be able to know what the 1/10 loss would be if we have 50 years of observations.  Our process is to rank the 50 years and look at the 45th worst loss.  We find that loss is $10 million.

Now if we build a model where our probability of losing $10 million or more is 10% and we run that model 100 times, we get a histogram like this:

So in this test, with an underlying probability of 10%, the frequency of 50 year periods with 5 observations of losses of $10 million or larger is only 22%!

When I repeat the test with a frequency assumption of 15% or of 6.67%, I get exactly 5 observations with a frequency of about 10% in each case.

So given 50 years of observations and 5 occurrences, it seems that it is quite possible that the underlying likelihood might be 50% higher or 1/3 lower.

Try to imagine the math of getting a 1/200 loss pick correct.  What might the confidence interval be around that number?

Who are we kidding?


%d bloggers like this: