On Thin Ice

Most people who know that they are walking on thin ice will proceed very slowly and carefully.

That is also the effect that we get when we fail to recognize losses. Everyone HOPES that things will turn out ok and either the losses will eventually emerge at a lower value (i.e. less loss) than expected or that while we defer recognition, other earnings will make up for the losses.

Loss recognition is an important step in getting off of the thin ice.  Firms need to have a disciplined loss recognition process so that they can avoid getting into the thin ice situation. 

One important concept in risk management was stated by Nassim Taleb in his “Black Swan Free World” piece – that failures should be frequent and small.  That principles applies to losses as well.  A good risk management program should encourage small and frequent losses. 

A firm that rarely recognizes losses is either (a) not taking any real amount of risk or (b) failing to recognize the losses that it has.

Advertisement

Not a moment too soon

“At first glance, Homo sapiens is an unlikely contestant for taking over the world.”  Gerd Gigerenzer

Evolutionary biologists have identified that one of H. sapiens original competitive strengths was the ability to run for very long periods of time, chasing their prey to exhaustion.  Not a particularly powerful weapon.  For my money, in the primitive world, I would have choosen large teeth and blinding speed any day.

But that was not mankind’s only advantage.  Humans eventually found that we could use tools.  And best of all, man was one of the best on the planet (among larger life forms at least) in adapting.  In “Rationality for Mortals”, Gigerenzer calls the approach that humans used the “fast and frugal heuristic”.  With that approach, humans developed ways to best use both man’s limited natural and constantly growing artificial toolset adapting to the environment.  A heuristic is an approach to problem solving with partial information.

Gigenzer gives an example of a heuristic used by a baseball outfielder catching a fly ball.  You will see that in most cases that outfielder will catch the ball on the run.  That is because the natural heuristic is for the outfielder to keep moving and to make small adjustments to their position until they and the ball are in the same location.  Binocular vision does not necessarily give enough information soon enough to position properly.  But successive observations provided by moving approximates a much wider set of eyes.  The heuristic uses a skill that the human brain already has – the ability to process multiple images of the same object to develop a three dimensional view of the world.

Flash forward 10,000 years.  Zoom down into the world of insurance and pensions and you will find a conflict for the role of key decision maker.  On the one hand is the management (or in general insurance the underwriter), who is the product of tens of thousands of years of advances in the “fast and frugal heuristic” regarding the financial risks that insurers and pension plans have been running more or less profitably for a few hundred years.  Their ability to make judgments in this arena is honed by decades of experience avoiding the necessity to run down their prey for days until it dies of exhaustion.  Some of these heuristics can be readily explained to colleagues in the business decision making process, but some can not be put into words any better than a baseball player can explain exactly how they are able to hit a 95 mile per hour fastball.  Those heuristics are called “Gut instinct”.

In the other corner of this conflict are the actuaries.  Actuaries represent one of the most highly evolved specimens of scientific man.  Actuaries are trained to build sometimes excruciatingly complex models of small bits of the world to inform their decision making.  These actuarial models are fundamentally statistical in nature.  They rely upon a number of statistical laws for their power, such as the lay of large numbers and Bayes law.

There is a constant push and pull between the actuarial model builders and the heuristic weilders for the major decisions of the firm.  And since actuaries do not always win, there is a feeling of oppression.  There are jokes about the actuarial approach by the followers of the heuristic approach.

But in fact, the two approaches are closer than one might think from first (or even repeated) exposure to the issue.  Both approaches have at their core a Baysean view of how to get to the right decision.  That approach is to constantly update your decision making engine with new experiences.

The heuristic decision makers may cast a wider net for the information that they bring into their heuristic.  The modelers are usually limited to specifically quantifiable information that can be put into the model.  Since the heuristic group does not have a quantitative model, they do not have that constraint.  However, they have the disadvantage that they do not necessarily have a systematic way to incorporate new information.  The heruistic forming process is not necessarily a fully conscious process.  In fact, explanations of heuristics are usually post hoc, not really a part of the development process.

That flaw does not make heuristics something to sneer at.  Humans came to take over the world primarily because of this ability to create and update powerful heuristics.

The actuarial, statistical, quant approach to risk management and decision making is a development out of the scientific revolution.

Part of the scientific revolution was an effort to drive heuristics out of the position that they held in the area of major human decision making.  They did such a good job that it is often difficult for us modern people to even understand the pre-scientific revolution thinking processes and discussions.

We now favor evidence based logical reasoning.  Heuristics are often formed without any clear reasoning.  They just work.  But that heuristic thinking is also what we now call “judgment” that we are now trying to leven our quant approach to models with.   We say that without even noticing that this is a movement against the grain of several hundred years of scientific progress.

And not a moment too soon.

The Danger of Optimization

RISKVIEWS was recently asked “How do insurers Optimize Risk and Reward?”

The response was “That is dangerous. Why do you want to know that?” You see, a guru must always answer a question with a question. And in this case, RISKVIEWS was being treated as a guru.

Optimizing risk and reward is dangerous because it is done with a model.  Not all things that use a model are dangerous.  But Optimizing is definitely dangerous.

One definition of optimizing is

“to make as perfect as possible.”

Most often, optimization means taking maximum possible advantage of the diversification effect.  You will often hear someone talking about the ability to add risk without adding capital.  Getting a free ride on risk.

There are two reasons that optimizing ends up being dangerous…

1. The idea of adding risk without adding capital is a misunderstanding.  Adding risk always adds risk.  It may well not add to a specific measure of risk because of either size or correlation or both, but the risk is there.  The idea that adding a risk that is low correlation with the firm’s predominant risk is a free ride will sooner or later seep into the minds of the people who ultimately set the prices.  They will start to think that it is just fine to give away some or all of the risk premium and eventually to give up most of the risk margin because there is thought to be no added risk.  This free risk idea will also lead to possibly taking on too much of that uncorrelated risk.  More than one insurer has looked at an acquisition of a large amount of the uncorrelated risk where the price for the acquisition only makes sense with a diminished risk charge.  But with the acquisition, the risk becomes a major concentration of loss potential and suddenly, the risk charge is substantial.
2. In almost all cases, the best looking opportunities, based on the information that you are getting out of the model are the places where the model is in error, where the model is missing one or more of the real risks.  Those opportunities will look to have unusually fat risk premiums. To the insurer with the incorrect model, those look like extra margin.  This is exactly what happened with the super senior tranches of sub prime mortgage securities.  If you believed the standard assumption that house prices would never go down, there was no risk in the super senior, but they paid 5 – 10 bps more than a risk free bond.

The reliance on a model for optimization is dangerous.

That does not mean that the model is always dangerous.  The model only becomes dangerous when there is undue reliance is placed upon the exact accuracy of the model, without regard for model error and/or parameter uncertainty.

The proper use of the model is Risk Steering.  The model helps to determine the risks that should be held steady, which risks would be good to grow (as long as the environment stays the same as what the model assumes) and which risk to reduce.

Are you Risk Competent?

Find out by taking the Risk Competency Quiz.

Then come back here and let RISKVIEWS know what questions you would put onto a Risk Competency Quiz for people in Banks?  In Insurance Companies?

How Much Strategic ERM is Enough?

Strategic Risk Management is the name given by S&P to the enterprise level activities that seek to improve risk adjusted returns by a strategic capital allocation process.  It is also considered by S&P to the the “Use Test” for economic Capital models.  Strategic Risk Management includes

• Capital Budgeting and Allocation
• Strategic Trade-offs among insurance coverages AND investments
• based on long term view of risk adjusted return
• Recognizing significance of investment risk to total risk profile
• Recognizing ceded reinsurance credit risk
• Selecting which risks to write and which to retain over the long term
• Strategic Asset Allocation
• Risk Reward Optimization

Meanwhile Solvency II had created standards for its internal model Use Test.

The foundation principle of the Solvency II Use Test states that

internal model use should be sufficiently material to result in pressure to increase the quality of the model 

This strongly self referential idea is then supported by 9 Basic Principles.

Principle 1. Senior management and the administrative, management or supervisory body, shall be able to demonstrate understanding of the internal model

Principle 2. The internal model shall fit the business model

Principle 3. The internal model shall be used to support and verify decision-making in the undertaking

Principle 4. The internal model shall cover sufficient risks to make it useful for risk management and decision-making

Principle 5. Undertakings shall design the internal model in such a way that it facilitates analysis of business decisions.

Principle 6. The internal model shall be widely integrated with the risk-management system

Principle 7. The internal model shall be used to improve the undertaking’s risk-management system.

Principle 8. The integration into the risk-management system shall be on a consistent basis for all uses

Principle 9. The Solvency Capital Requirement shall be calculated at least annually from a full run of the internal model

 

From these two descriptions of a Use Test, one should be forgiven for picturing a group of priests in long robes prowling the halls of an insurer in procession carrying a two foot thick book of the internal model.  Their primary religious duty is to make sure that no one at the insurer ever have an independent thought without first thinking about the great internal model.  Every year, the internal model book is reprinted and the priests restart their procession.  

 

But take heart.  A quick look at the website of the European CRO Forum reveals that those firms do not revere their internal models quite so highly.  

 

The above chart suggests that in most groups the internal model is just one consideration for making most strategic decisions of the insurer.  

 

The excerpt below from the Tokio Marine Holdings puts these things into perspective.  

The Group carries out a relative evaluation of each business and prioritizes the allocation of management resources (business portfolio management).  It is achieved by using risk/return indicators for each business and applying a scoring indicator covering market growth potential and profitability, competitive advantages and expected effects of strategies.  Allocated management resources include funds, human resources and risk capital. By allocating these resources to business units and new businesses with even higher profitability and growth potential, we aim to improve the profitability and growth potential of our business portfolio.

You see from that statement that risk return is not the only input nor is capital the only factor under consideration.  Describing Strategic Risk Management as its own separate management process is incorrect.  

 

Strategic Risk Management is one set of inputs and outputs to/from the Strategic Decision Making Process.  

 

And if read carefully, that will satisfy both S&P as well as Solvency II Use Tests.

 

Let’s get Real

Talk to CROs and all the nice theories about risk management get put in their place.  In real companies, the loudest and most influential voice is usually the people who want to add risks.

A real CRO is not often struggling with issues of risk theory.  They are totally immersed in the reality of corporate power politics.

• In some firms, the CEO will set up the CRO in a position where risk concerns will trump all else.  The CRO will have authority to stop or curtail any activity that s/he feels is excessively risky.
• In other firms, the CEO will set up the CRO to be one of many voices that are clamoring for attention and for their point of view to be heard.
• And a third set of firms has the CRO as purely a reporting function, not directly involved in the actual decision making of the firm.

The first case sounds ideal, until the CRO and the CEO go head to head on a major decision.  The battle is not usually long.  The CEO’s view will will.  In these firms, it is usually true that the CRO and the CEO see eye to eye on most things.  The CEO in these firms has the opinion that the business units would take enough risk to imperil the firm if left alone.  But the CEO is still responsible to make sure that the firm is able to grow profitably.  And a CRO who gets used to power over risk decisions, sometimes forgets that power comes solely from the CEO.  But for the most part, the CRO in this firm gets to implement the risk management system that works the way that they thinks is best.

The second case sounds much more common.  The CEO is not saying exactly how much s/he supports ERM.  The CEO will decide in each situation whether to support the CRO or a business unit head on any risk related major decision.  The risk management system in this firm exists in a grey area.  It might look like the risk management system of the first firm, but it does not always have the same amount of authority.  Managers will find out quickly enough that it is usually better to ask for forgiveness rather than follow the rules in the times when they see an important opportunity.  The CRO in this firm will be seeking to make a difference but has to define their goals as all relative.  Are they able to make a noticeable shift in the way that the firm takes risk.  That shift may not go all the way to an optimal risk taking approach, but it will be a shift towards that situation.  Over time they can hope to educate the business unit management to the risk aware point of view with the expectation that they will gradually shift to more and more comfort with the risk management system.

In some of these firms, the risk management system will look more like the system of the third case below – a Risk Information system.  The approach is to keep all of the negotiation and confrontation that is involved with managing risk limits and standards to be verbal rather than on paper.

In third case, the risk management system exists to placate some outside audience.  The CEO has no intention of letting this process dictate or even change any of the decisions that s/he intends to make.  The most evident part of an ERM system is the reports, so the risk management system in these firms will consist almost entirely of reporting.  These firms will be deliberately creating an ERM Entertainment system.  The best hope in these firms is that eventually, the information itself will lead management to better decisions.

What is working against the CRO in the second and third cases are the risk attitudes of the different members of management.   If the CRO is targeting the ERM system and/or reports to the Manager risk attitude then it might be a long time before the executives with other risk attitudes see any value in ERM.