CEO is still the Real CRO

It was just a couple of weeks ago Riskviews posted…

It’s the job of a CEO to be the Chief Risk Officer

A week later, Reuters ran a story about JP Morgan…

Analysis: JPMorgan repeats basic mistakes managing traders

In that article Rachel Wolcott suggests that the CRO needs to be powerful enough to buck the most powerful traders.

What she fails to recognize is that the CRO and the trader are both acting out the orders of the CEO.  If the CEO is telling the CRO to enforce a risk limit and also telling the trader that he is free to break the limit, then it is not the power of the CRO that is the problem.

It is a CEO that wants the appearance of risk management and the profits from excessive risk both at the same time.

CEOs will often allow underlings to “fight it out” rather than making all of the decisions in the company.  In this case, however, everyone must realize that when it appears the CRO is too weak to do their job, that means that the CEO is not standing behind them and is completely responsible for the risk that is being taken by the overaggressive traders.

Advertisement

Why isn’t Strategic Risk included in ERM?

Many ERM systems exclude Strategic Risk.   The ERM systems usually include Market, Credit, Insurance and Operational Risk.  But not Strategic Risk.

Perhaps the assumption is that the ERM systems are about managing capital for the fluctuations and extreme losses of the business.

More likely, strategic risk is left out for two reasons.  First of all, the CEO and senior officers probably do not want to delegate this work.  Concerns about strategic risk are quite high in the priorities of a senior management team.  It is also a major concern of boards.

The second reason is that ERM has been highly focused on “measurable” risks and few feel that they can measure things like reputation risk and strategic risk.  So it may well be that risk managers are not asking to be given responsibility for helping with strategic risk.

But CROs need to remember that strategic risk is real, is very large and is not on their list of risks.  Because when they go to the board and top management with their “holistic” risk presentations, they will have a difficult time if the fail to ever even mention strategic risks.

In a the average company, their risk of failure averages between 2% for the largest and most secure firms and 5% for all other firms.  (Based upon studies of corporate longevity.  Fortune 500 firms have an average lifespan of about 40 years and an average firm only14.5 years.)

When other studies look at cause of major problems for firms, strategic risk make up about 70% of the events that result in a stock drop of 20% or more and operational risks, 20% and financial risks only 10%.

While those statistics are not widely known, it seems likely that a risk presentation that totally ignores strategic risk will strike board members who are generally aware of what causes problems for firms to wrinkle their brows with disbelief.

Now insurers, for example, have a different risk profile.  Their Financial and insurance risks are thought to be about 4 times as large as their operational risk.  Making a rough just ice adjustment to the figures above, one migh estimate that Insurance and Financial Risks are perhaps 55% of the total risk profile, Operational risk about 12% and Strategic risk about 33%.

So there is a range for thinking about strategic risk for insurers – between 33% and 70% of total risk.

Think about that before the next time you talk to your board about the firm’s risk profile.

Where is the Metric for Diversity?

“What gets measured, gets managed.” – Peter Drucker

By gaetanlee, via Wikimedia Commons

It seems that while diversification is widely touted as the fundamental principle behind insurance and behind risk management in general, there is no general measure of diversity. So based upon Drucker’s rule of thumb RISKVIEWS would say that we all fail to manage diversity.

A measure of diversity would tell us when we take more similar risks and when we are taking more distinct risks.  But we do not even look.

This may well be another part of good financial management that has been stolen by the presumptions of financial economics.  Financial economics PRESUMES that we all have full diversification.  It tells us that we cannot get paid for our lack of diversification.

But those presumptions are untested and untestable, at least as long as we fail to even measure diversity.

Correlation is the best measure that we have and it is barely used.  For the most part, correlation is used mainly to look at macro portfolio effects on Economic Capital Models.  And it is not a particularly good measure of diversity anyway.  It actually only measures a certain type of statistical comovement of data.  For example, below is a chart that shows that equity market comovement is increasing.

But have the activities of the largest companies in those markets been converging?  Or is this picture just an artifact of the continuing Euro crisis? In either case, if we were looking at a measure of diversity, rather than just comovement, we might have an idea whether this chart makes any sense or not.

Many believe that they are protected by indexing.  That an index is automatically diverse.  But there is little guarantee of that.  Particularly for a market-value weighted index.  In fact, a market-values weighted index is almost guaranteed to have less diversity just when it is needed most.

For a clear indication of that look at the TSX index during the internet bubble Nortel represented 35% of the index!  Concentration increases risk.  In this case, the results were disastrous for any indexers. While Nortel stock rose in the Dot Com mania, buyers of the TSX index were holding a larger and larger fraction of their investment in a single stock.

We badly need a metric for diversity.

 

One Banker’s Frank Commentary on the Financial Crisis and the Way Forward

Excerpted from the 2011 annual report of  M&T Bank’s and written by the CEO, Robert Wilmers:

Indeed, it is difficult, for one who has spent more than a generation in the field, to recall a time when banking as a profession has been publicly held in such persistently low esteem. A 2011 Gallup survey found that only a quarter of the American public expressed confidence in the integrity of bankers. We have reached a point at which not only do public demonstrations specifically target
the financial industry but when a leading national newspaper would opine that regulation which might lower bank profits would be “a boon to the broader economy.” What’s worse is that such a view is far from entirely illogical, even if it fails to distinguish between Wall Street banks who, in my view, were central to the financial crisis and continue to distort our economy, and Main Street banks who were often victims of the crisis and are eager, under the right conditions, to extend credit to businesses that need it.

It is no consolation, moreover, to observe that banks and the financial services industry generally were far from alone in sparking the crisis. Nonetheless, it is true, and very much worth keeping in mind, that major institutions in other sectors of the American system – public and private – must be considered complicit, some in ways we are only beginning to learn fully about. As understandable as a search for particular causes, or villains, might be, the truth is that the economic crisis that began in the fall of 2007 implicated a wide range of institutions – not only bankers but their regulators, not only investors but those paid to advise them, not only private finance but its government-sponsored kin. The wide spectrum of the culpable has left the U.S. and the world with a problem which, although related to the financial crisis, transcends it and must be confronted: the decimation of public trust in once-respected institutions and their leaders. This has created a fear among those responsible for forming the rules and standards that shape the American financial services industry. And the outcome of this fear-driven rulemaking is likely to burden the efficiency of the American financial system for years to come and will potentially have broader implications for the overall economy.

Nor can one say with any confidence that we have seen a fundamental change in the big bank business approach which helped lead us into crisis and scandal. The Wall Street banks continue to fight against regulation that would limit their capacity to trade for their own accounts – while enjoying the backing of deposit insurance – and thus seek to keep in place a system which puts taxpayers at high risk. In 2011, the six largest banks spent $31.5 million on lobbying activities. All told, the six firms employed 234 registered lobbyists. Because the Wall Street juggernaut has tarnished the reputation of banking as a whole, it is difficult if not impossible for bankers – who once were viewed as thoughtful stewards of the overall economy – to plausibly play a leadership role today. Inevitably, their ideas and proposals to help right our financial system will be viewed as self-interested, not high-minded.

As noted before, however, the major banks were not the only ones implicated in and tainted by the financial crisis. One can, sadly, go on in this vein to discuss a great many other institutions which have disappointed the American public in similar ways, in the process compromising their own leadership status. They have in common a relationship to the crisis associated with the nation’s housing policies, which were themselves shaped over the course of several generations by many parts of the government and both political parties. Those policies marshaled some of the leading government agencies and enterprises, as well as private financial institutions, in the quest to broaden home ownership. Even apart from the collateral damage this pursuit has caused the financial system, it is worth keeping in mind that it was not remarkably successful on its own terms – particularly when today one finds a higher rate of home ownership in countries such as Hungary, Poland and Portugal, where the per capita GDP on average is 56% lower than that of the United States.

So it is that the crisis was orchestrated by so many who should have, instead, been sounding the alarm – not only bankers but also regulators, rating firms, government agencies, private enterprises and investors. That a former U.S. Senator, Governor and CEO of a big six financial institution was at the helm of MF Global on the eve of its demise due to trading losses, or that the largest-ever Ponzi scheme  was run by the former chairman of a major stock exchange will long be remembered by the public. The repercussions have stretched beyond banking, creating an atmosphere of fear affecting and inhibiting those who should be leading us toward a better post-crisis economy.

Fear-Driven Rulemaking and Its Burden:
In this vacuum of credible leadership, not just in the banking industry but all around it, it is entirely understandable that regulators believe they must proceed with an abundance –perhaps over-abundance – of caution. Inevitably, they feel pressure to eliminate, in its entirety, risk that had been rising for far too long. This tension – based in their understanding that steps aimed at ensuring the safety and soundness of the financial system can stifle its vitality and dynamism – naturally weighs on rulemakers and slows the pace of promulgation. They know too, that, in designing regulations, the sort of informal conversations with private institutions and individuals, which were once routine, might now be viewed as suspect, leaving regulators to operate in isolation, without thoughtful guidance as to the overall impact of their actions. When all are suspect, no conversation can be viewed as benign. Ultimately, however, this is neither a recipe to improve public confidence nor a situation likely to facilitate the expeditious design of a regulatory structure which will not hobble the extension of credit. One must be concerned that a lack of leadership and trust, and an overreliance, instead, on the development of policies, procedures and protocols, has created a level of complexity that will decrease the efficiency of the U.S. financial system for years to come – and hamper the flow of trade and commerce for the foreseeable future.

Nor is there any apparent end in sight to the imposition of new directives and rules. The Dodd-Frank Act contains, by one estimate, 400 new rulemaking requirements, only 86 of which were finalized by the start of 2012. It is impossible, of course, to assess our full cost to comply with these rules until they are promulgated. By virtue of having more than $50 billion in assets, a measure of size, with no consideration given to the activities in which we engage nor the merits of our actions, M&T has been deemed to be a “systemically important” financial institution and will be subject to higher capital standards as well as costly new liquidity requirements.

A common feature of many of these new directives is a higher order of complexity than had heretofore been typical, particularly for Main Street banks like M&T which do not engage in excessive risk-taking and rely on fundamental banking services as their primary source of income. Utilization of these opaque and intricate methods as a means to prevent a crisis is at best questionable.

It is no small irony – it is, dare I say, a bitter one – that these costly requirements have been visited on a company such as ours and hundreds, if not thousands, like us who did little or nothing to cause the financial crisis – and were, in fact, in many ways victims of it. And, of course, the higher costs along with higher capital and liquidity requirements will inevitably diminish the availability and increase the cost of credit to business owners, entrepreneurs and innovators of our community. Indeed, one has the sense that little or no thought has been given to the cumulative effect of new directives, both on costs and operations. One wishes, thus far in vain, for a clear, complete, simple and straightforward regulatory regime in which both consumers and banks know what to expect and could proceed accordingly, at reasonable expense.

Broader Impacts and Unintended Consequences:
In this context, one has to be concerned about the accumulated effects of new mandates beyond the narrow terms of how they affect banks. More broadly, there is reason to believe that regulation may provide incentives that distort the allocation of capital in ways that could be harmful to economic recovery. Specifically, there are incentives for commercial banks to divert from their traditional roles – the same sort of activities which helped spark the housing bubble. The proposed Basel III liquidity rules, for instance, call for banks to significantly increase their investments in government securities, leaving less capital for community-based loans which hold the most promise for potential economic progress.

New formulae from the FDIC are likely to have similar inadvertent consequences for the economy. Last spring, the FDIC began assessing insurance premiums based on assets rather than deposits, which it had done since its inception in 1933. As a result, a loan to finance the construction of a company’s new building, an activity that produces jobs, carries insurance premiums that are three to four times as high as for commercial loans extended for unspecified purposes with no need for employment creation – arguably the greatest necessity of the current economy. Even more troubling is the fact that, under this formula, the mere association with real estate deems construction lending more risky regardless of how sturdy one’s underwriting or how much “skin in the game” the entrepreneur is willing to commit.

Nor is the damage from new mandates and regulation merely projected or prospective. Many are already proving to be counterproductive for businesses and consumers alike. The Durbin Amendment, for instance, was supposed to reduce costs for merchants. Instead it has resulted in higher transaction processing fees for some small business owners. According to The Wall Street Journal, many business owners who sell low priced goods like coffee and candy bars are now paying higher rates, when customers use their debit card for transactions that are less than $10. These small merchants now are left with some hard choices, such as raising prices, encouraging customers to pay in cash or dropping card payments altogether.

The breathtakingly rapid pace of changing regulations makes it challenging for banks and regulators alike to understand the changes, let alone react to them in an efficient manner. The fact that there are so many masters to whom banks today report makes it difficult for one hand to know what the other is doing, whether it relates to coordination among the various regulatory bodies or even among the various divisions within a single agency.

Finding a New Way
So it is that the effects of crisis, combined with a void of leadership, weigh on banks such as ours – and encumber the economy. We find ourselves at a point at which, we face not only the question of what approaches are right but how, in light of a leadership vacuum, can we restore our capacity to work together constructively and productively. It is no small task, given the number of agencies involved and the decibel level of politicians and the public at large. We will not, in my own view, be able to make progress absent two key ingredients: trust and leadership. We must again have the sense that leaders, both public and private, will do their best to propose and consider ideas that will serve the general interest, not their own agendas.

To help recognize and preempt emerging new threats, it is crucial that there be an ongoing, at times informal, dialogue among bankers and regulators. Such exchanges would plausibly put focus on rising issues like cyber-crime that has already cost the American banking industry some $15 billion over the last five years. More importantly, these discussions should be premised not on confrontation nor framed by fear but, rather, based on the understanding that a safe and secure financial services system is a prerequisite for a healthy economy –arguably our most important, shared national goal. I know that we would be eager to share our own collective learning with the Federal Reserve and other regulators in order to allow them to understand the extent to which regulatory changes are likely to affect the general well-being of our economy. I am sure other Main Street banks would be eager to do the same. Our goal is not to seek favors or special dispensation – but rather to have the chance to do our part in helping to craft a regulatory regime that does not impede, but rather enables sustainable economic growth.

In reflecting on my years in banking and the situation we confront today, I am mindful of the fact that banks have traditionally played a clear, if limited, role in the economy: to gather savings and to finance industry and commerce. Trading and speculation were nowhere included – nor should they be. Historically, bankers, moreover, were viewed as among the more responsible and ethical members of their communities. In my view, the vast majority still are and have been ill-served by those whose non-traditional approach have caused banks to be the targets of public opprobrium. Such is the case of the British banker who was recently stripped of his knighthood in the wake of his role in the financial crisis. It is time for regulators and, yes, protestors, to understand that all banks have not been equally culpable for the problems we face today. In other words, give us back our good name – and we will do our best to deserve it.

Works if Small, Fails if Large

by David Merkel, The Aleph Blog

The Wall Street Journal had an article on risk control that had the attitude of “here are some silver bullets.” Ugh. When will journalists learn that there are no simple solutions to portfolio management?

“Risk-allocation turns 50 years of portfolio theory on its head.”

Ain’t true. Modern Portfolio Theory is garbage, but so is this. So volatility is more stable than returns. Volatility can be up or down, and you want to buy volatile asset classes that have gotten trashed. You won’t do it because you are scared, but that is part of why you aren’t a good investor. Good investors make the “pain trades.”

Here’s the question to ask: What would happen if everybody did this? Unlike share-weighted indexing, not all strategies can be applied by everyone at the same time. I have written about risk parity before:

Against Risk Parity
Against Risk Parity, Redux

So long as there are few using the strategy, it may work well, but it will not scale because volatility does not match the proportion of assets available to be purchased. The same is true of “risk control” and “risk budgeting” strategies. They will be “flashes in the pan;” there is no necessary reason why they will work. There is no such thing as risk, but there are risks.

Avoid faddish ideas as described in the WSJ article. Far better to focus on what risks you face in the investment markets, and choose assets that will not be affected by those risks,or, might even benefit from them.

Using volatility as a guide to investing will fail if it gets large enough, and during bull markets, it will be forgotten. Non-scalable strategies work if there is a barrier to entry, and there is no barrier here. Thus I see no long term value in the strategies proposed.

Quantity, Quality and Variety

Another way to think of ERM is to focus on just three things:

• Quantity of Risk – is the usual focus on what can be measured.
• Quality of Risk –  is something that is often left out – it relates to how well you are controlling that what you have is what you think that you have.  Lowest quality risk might well be anything.
• Variety of Risk – is what you need for resilience.  No matter how well you control the quantity and quality of risk, if you are not making sure that you have variety, then you have a mono culture.  Monocultures look great – until they die out all at the same time.

What’s Your Risk Attitude?

The HBR Blog has picked up a piece by Ingram and Thompson on the dynamics of Risk Attitudes and Risk Environment.

Check it out HERE.

 RISKVIEWS has featured these ideas many times. 

See https://riskviews.wordpress.com/plural-rationalities/

Align Risk Management with Strategic Goals

The Project Management Institute says that projects are 20% more successful if they seek to support company strategic goals rather than project specific goals as their primary focus.

That sounds like something that may be an extremely important idea to bring into risk management.

Risk Management should focus primarily upon company strategic goals rather than specific risk goals.

How does that sound to you?  Riskviews imagines that at least some readers are immediately reacting that this idea will not work because the company does not have a strategic goal that would support their function.

And that sounds like a major insight about organizational engagement in and support for risk management.  If risk management does not directly support one or more of the strategic goals of the firm, that speaks volumes about what will happen when there is a conflict between something that IS aligned with the strategic goals and risk management.

The story of MF Global is an extreme example of this conflict.  The management (read CEO) actions of MF Global were totally outside of the agreed upon risk appetite.  The CRO brought that to the board attention and the board decided that those actions supported the goals of the organization, while adherence to the risk appetite was of lesser importance.  The CRO left and the actions eventually led to the destruction of the firm.

Here is an example of the Mission and Vision Statements of an insurer

Mission Statement Providing financial security by keeping our promises.

Vision Statement To build a thriving financial services organization that stands the test of time.

Risk management definitely has plenty of room in that firm to align with the mission and vision of the firm.  “keeping our promises” and “standing the test of time” are both clearly statements about how the organization intends to handle risk.  The mission and vision of that firm cannot be met without risk management.

Here is the mission and vision statements of JP Morgan Chase

“At JPMorgan Chase, we want to be the best financial services company in the world. Because of our great heritage and excellent platform, we believe this is within our reach.”

“To provide unparalleled service to our clients by empowering them with strong analytical insights that enable them to more effectively manage their human assets.

It is not clear to Riskviews whether or not risk management activities are called for at all with that mission and vision statement.

So if you are wondering what might happen when there is a conflict between risk management and a business activity look to your firm’s mission, vision and strategic objectives.  If you do not see risk management there, you have your answer well in advance of any future conflict.

A Simple Alternative to the Volker Rule

There are several broad ways to regulate risky behavior. One is to limit or entirely prohibit certain behavior. Another is to require the risk takers to hold capital for the risks.

For some strange and unknown reason, banking regulators have not considered asking banks to hold appropriate capital for trading losses. The evidence is extremely clear that banks can lose much more than the VaR measure suggests.

There is a very simple way to correct this matter. Banks have reasonable capital requirements for credit operations. These requirements are based upon observations over multiple credit cycles, not small parts of a cycle as is VaR.

All bank capital requirements need to be based upon multiple cycle observations.

But some would say that most derivatives have not existed for multiple market cycles.

There is a simple solution for that. One of the primary rules of modern finance is the law of one price. Regulators should insist that law be applied to capital requirements as well.

Right now, a bank that borrows money to buy a bond of a company would hold capital based upon the probability of default of the bond and the expected loss given default. If the trading desk buys a CDS with the exact same expected net cash flow, they hold capital based upon the recent short term fluctuations in market price of the CDS. In some cases, as little as 10% the capital of the replicating assets.

That means that with the same amount of capital, the trading desk can take 10x the risk.

The VaR calculation used for derivative positions rarely captures the same amount of risk as a replication of the position.

The alternative to the Volker Rule would be to require capital that is:

Based upon volatility over several market cycles and

Consistent with the law of one price.