Self Perpetuating Pessimism – Just the Opposite in Insurance

Things have been bad.  The results have run against your strategy for some time now.  So you pull back.  Derisk.  Leave the game.

That may be the most prudent decision, or it may be simply self perpetuating pessimism.

Others may not share that pessimism.  Others may see opportunities in the chaos that has caused your losses.  Others are doubling down.

But how to know?  How to tell whether it makes more sense to move on or to stay in?

Sometimes, you cannot tell.  There is no indications whether the next day or the next year will be even worse than the last or whether it will be a big step on the road back to prosperity.  The most important element to determining that may not be something neutral in the environment.  It may be the mood of the people.

“The only thing to fear is fear itself”

The actions of the crowd to pull back all together cause or at least accentuate the very poor environment that the actions were meant to protect against.  It is a classical negative feedback look.  The poor results cause people to pull back that causes more poor results.

That is the way that an investment market works.  But an insurance market works just the opposite.  Optimism makes more people to rush into a market.  It causes the rates charged for a risk to go down because of competition.  It causes underwriting standards to deteriorate.  It encourages more and more of the underpriced misunderwritten business.  Pessimism causes insurers to withdraw from an insurance market.  Less competition allows rates to rise.  Pessimism makes insurers set the minimum rate at which they might write some insurance higher.

In insurance when the crowd deserts a market, the few who remain are suddenly able to raise rates to sustainable levels and beyond.

So why does it take so long for insurers to react to soft rates and leave markets?   They all know the game and all want to be the ones who are left when the rates get hard. So insurers are playing a few moves ahead.

For some reason, investors, who consider themselves to be much more sophisticated, only seem to be looking one step ahead.  Or at least the crowd does.  Maybe the real sophisticated investors ARE playing several steps ahead.  They will never let you know that.

Five Buckets of Risk

Forget about risk registers and risk models.

What you really need is a good Risk Bucket system.

To manage your risks, you then need to know

• which bucket each risk goes into;
• How much is already in each bucket;
• How much you want to have in each bucket.

Each bucket will have different rules for how it is monitored and managed.  About who must pay attention to the new risks going into the bucket.  And who makes sure that what was put in the buckets still belongs in that bucket.

One way to define the five buckets would be to say that

Bucket 5 – these risks must be approved by the Board.  The Board must monitor all of the risks in this bucket very regularly.  Strategic Risks belong in this bucket.  Especially large concentrations of risks should go into this bucket.  Risks that are of a size that an adverse experience might endanger the company’s survival must go into this bucket.  Once the Board has agreed on what it wants in this bucket, then they should require management to assert that they are getting regular reports on all of the exposures that the companies has or are considering that should go into this bucket.
Bucket 4 – there risks must be approved and are monitored by the CEO and top management.
Bucket 3 – these risks must be approved and are monitored by a business unit head.
Bucket 2 – these are risks that must be approved and are monitored by supervisors or middle managers.
Bucket 1 – these are risks that do not need approvals.

The criteria for assigning risks to buckets will vary from company to company.  One criteria may be size, another familiarity with the risk.  Volatility or extreme losses per unit of activity that is mugh higher than normal for the company should mean a higher number bucket.

The funny thing about this system is that absolutely everyone already uses the bucket system.  But few have written down the definitions of what goes into each bucket.  Few monitor the risks systematically.

To go from an unconscious five bucket risk management system to a Five Bucket ERM System all that is needed is to formalize the assignments, monitor that risks in each bucket regularly, produce reports that show how much risk that is in all of the buckets at regular intervals.

The final step in shifting to an a Five Bucket ERM System  is to shift from using the buckets to monitor risk to using them to manage risk.  That means shifting from activity metrics to risk metrics.  It also means identifying the profits that are coming from each bucket.   It leads to conscious decisions of how muck risk that can be accepted in each bucket.

The first step in this transition for everyone is to start to notice the buckets that are already right there in your office.

What is Risk?

from Max Rudolph

As I deal with a variety of industries, professionals, investors and even risk managers, it has become obvious that the first issue that needs to be addressed from a risk management context is to define the term “risk”. I generally get pushback on this, but what I find is that everyone has a strong definition in their own mind that varies from person to person. How you define risk drives both risk appetite and risk culture. One of the keys in many of the management classes I have attended over the years has been to recognize that others tend to not think like I do. This is important here too. Before reading further, how do you define risk? Let me know if you don’t see your personal high level definition below.

Knightian Risk

Probably the most interesting risk definition I have seen, and the one I had never considered in its extreme, was put forth by Frank Knight in his 1921 book Risk, Uncertainty and Profit. Risk is defined as uncertainty. It is best explained by an example. If you were to launch yourself into space with no protection against the cold and lack of oxygen that defines space, you know you would die. By this definition there is no risk. If there is no uncertainty, in any direction, there is no risk. Sure to fail, no risk. Sure to win, no risk. Most people consider this definition in moderation when managing risk, although most would override it with one of the definitions we will consider next.

Downside Risk

When managing a business or portfolio, many managers consider risk only with respect to something bad that could happen. Outcomes can be defined numerically as more of something is either good or bad, and less of something is the opposite. An additional nuance is needed, and it has been mentioned by others. I like to look at “good” outcomes and “bad” outcomes. To follow an example earlier in this thread, higher sales might initially be called a good outcome, but often it eventually becomes a bad outcome as it outstrips capital availability or flags a pricing issue. Keep in mind that what is important is the overall impact on the entity, so a good overall outcome should be encouraged even if some lines of business would call it a bad outcome for their silo. High mortality is an example of this, with a life insurance line saying it is a bad outcome and a payout annuity considering it a good outcome. This is an example of a natural hedge, provided by two lines with offsetting risks in their portfolio.

Most companies today are looking at risk from a one sided perspective to meet their regulatory compliance needs. Risk management is viewed as a fixed cost under this paradigm. This approach is useful and helps the company avoid bankruptcy. It also provides a base from which you can leverage your ERM efforts.

Volatility Risk

I often think of traders when considering a volatility driven definition of risk. Opportunities abound if prices move, no matter which direction. Those who look at risk from a two sided perspective, and are good at it, can provide an organization with a competitive advantage as enterprise risk management becomes a major part of the strategic planning process. Everything is on the table. This helps an organization grow and prosper, in addition to lowering the probability of ruin. Incorporating risk into decision making provides a competitive advantage in all environments. The downside of this approach is that many who think of volatility as risk also believe that risk can be modeled accurately. They are more prone to model risk.

Not everyone is capable of the two sided risk approach. Risk culture can get in the way, but you also need the right people in place to drive risk management opportunities to senior team members. A risk manager should try to nudge their firm in this direction, but trying to leap there all at once is not likely to work.

Which risk definition is the best one?

It will depend on firm culture and risk appetite to know which definition is most consistent within an entity, and employing people with each definition can help a firm avoid overfocusing on one of the definitions. This will allow the firm to make better decisions. Risk is Opportunity!

©2011 Rudolph Financial Consulting, LLC

Warning: The information provided in this post is the opinion of Max Rudolph and is provided for general information only. It should not be considered investment advice. Information from a variety of sources should be reviewed and considered before decisions are made by the individual investor. My opinions may have already changed, so you don’t want to rely on them. Good luck!

ERM Mission Statements

From the Annual Reports:

A.     Risk management is a key part of our corporate management. Its task is not only to safeguard the Group’s financial strength in order to satisfy our obligations to clients and create sustained value for our shareholders, but also to protect Munich Re’s reputation. We achieve these objectives through global risk management encompassing all areas of our operations. (Munich Re)

B.     The financial crisis has demonstrated the importance of a strong and independent risk management function, as well as the need for an  integrated approach to  assessing and controlling  risks. To this end, we further enhanced our risk management by establishing a more robust governance process, intensifying our risk oversight and strengthening our  liquidity management. (Swiss Re)

C.     We employ an enterprise-wide approach to all risk taking and risk management activities globally. The enterprise risk management framework sets out policies and standards of practice related to risk governance, risk identification and monitoring, risk measurement, and risk control and mitigation. In order to ensure that we can effectively execute our risk management we continuously invest to attract and retain qualified risk professionals, and to build and maintain the necessary processes, tools and systems. (Manulife Financial)

D.    Management believes that effective risk management is of primary importance to the success of Goldman Sachs. Accordingly, we have a comprehensive risk management process to monitor, evaluate and manage the principal risks we assume in conducting our activities.

E.     AEGON’s risk management and control systems are designed to ensure that these risks are managed as effectively and efficiently as possible. For AEGON, risk management involves:
·      Understanding which risks the company is able to underwrite;
·      Assessing the risk-return trade-off associated with these risks;
·      Establishing limits for the level of exposure to a particular risk or combination of risks; and Measuring and monitoring risk exposures and actively managing the company’s overall risk and solvency positions.

F.     The mission of Zurich’s Enterprise Risk Management is to promptly identify, measure, manage, report and monitor risks that affect the achievement of our strategic, operational and financial objectives. This includes adjusting the risk profile in line with the Group’s stated risk tolerance to respond to new threats and opportunities in order to optimize returns.

G.     QBE’s risk management strategy is underpinned by a number of robust processes which are aimed at reducing uncertainty and volatility and avoiding unwelcome surprises. Risks are subject to rigorous identification and evaluation throughout the business management cycle.

H.    The management of risk is a core skill supporting the Group’s ability to offer both sustainable risk transfer solutions to its clients and attractive returns to shareholders. The management and identification of risk is the day to day responsibility of many of our staff and is a feature of all our business activities. (Amlin)

I.      Diversification is used as a tool to reduce the Group’s overall insurance risk profile by spreading exposures, thereby reducing the volatility of results. QBE’s approach is to diversify insurance risk, both by product and geographically.

J.      The Group employs a comprehensive risk management framework to identify, assess, manage and monitor the risks arising as a result of operating the business. The framework includes a comprehensive suite of risk policies, procedures, measurement, reporting and monitoring techniques and a series of stress tests and scenario analyses to ensure that the Group’s risk exposures are managed appropriately. (RSA)

The Practice Effect – How to Minimize Overconfidence

All you need in this life is ignorance and confidence then success is sure.  Mark Twain

Overconfidence is one of the favorite biases of Behavioral Finance folks.  It goes a long way to help support their Irrational Market paradigm.

“People are overconfident. Psychologists have determined that overconfidence causes people to overestimate their knowledge, underestimate risks, and exaggerate their ability to control events. Does overconfidence occur in investment decision making? Security selection is a difficult task. It is precisely this type of task at which people exhibit the greatest overconfidence.”
Nofsinger (2001)

Overconfidence means that we generally tend to view the future prospects to be more favorable than they turn out to be and it also means that we tend to overestimate the likelihood of our predictions about the future being accurate.

Overconfidence is one of the most powerful forces that works against appropriate risk management.  The most overconfident feel that risk management is a total waste of time and money.  Why waste time and resources preparing for failure when you can spend that time and resources assuring success? they ask.

One way to reduce the power of overconfidence is Practice.  What you need to practice is estimating likelihoods.  And then tabulating the  results.  Regularly perform what actuaries call an actual to expected analysis.

The Practice Effect is what psychologists want to avoid when they are doing experiments.  They usually do not want folks getting better and better with repeated trials.  So they are always looking to introduce fresh folks.

But in business and especially risk management we need the Practice Effect.

Risk Management works with estimated distributions of likelihood of adverse events.  One simple way to practice is to look at each period’s experience in terms of the prior year’s estimated distribution.  Was last year a 99th percentile year or a 78th percentile year?  Each you everyone should be informed of that and everyone can form an opinion about how good that prior estimate of likelihood was.

Of course, the firms that look at each risk as a single frequency severity pair cannot do that.  One more reason why the single pair approach to risk assessment falls short of real usability.