Embedded Assumptions are Blind Spots

Embedded assumptions are dangerous. That is because we are usually unaware and almost always not concerned about whether those embedded assumptions are still true or not.

One embedded assumption is that looking backwards, at the last year end, will get us to a conclusion about the financial strength of a financial firm.

We have always done that.  Solvency assessments are always about the past year end.

But the last year end is over.  We already know that the firm has survived that time period.  What we really need to know is whether the firm will have the resources to withstand the next period. We assess the risks that the firm had at the last year end.  Without regard to whether the firm actually is still exposed to those risks.  When what we really need to know is whether the firm will survive the risks that it is going to be exposed to in the future.

We also apply standards for assessing solvency that are constant.  However, the ability of a firm to take on additional risk quickly varies significantly in different markets.  In 2006, financial firms were easily able to grow their risks at a high rate.  Credit and capital were readily available and standards for the amount of actual cash or capital that a counterparty would expect a financial firm to have were particularly low.

Another embedded assumption is that we can look at risk based upon the holding period of a security or an insurance contract.  What we fail to recognize is that even if every insurance contract lasts for only a short time, an insurer who regularly renews those contracts is exposed to risk over time in almost exactly the same way as someone who writes very long term contracts.  The same holds for securities.  A firm that typically holds positions for less than 30 days seems to have very limited exposure to losses that emerge over much longer periods.  But if that firm tends to trade among similar positions and maintains a similar level of risk in a particular class of risk, then they are likely to be all in for any systematic losses from that class of risks.  They are likely to find that exiting a position once those systematic losses start is costly, difficult and maybe impossible.

There are embedded assumptions all over the place.  Banks have the embedded assumptions that they have zero risk from their liabilities.  That works until some clever bank figures out how to make some risk there.

Insurers had the embedded assumption that variable products had no asset related risk.  That embedded assumption led insurers to load up with highly risky guarantees for those products.  Even after the 2001 dot com crash drove major losses and a couple of failures, companies still had the embedded assumption that there was no risk in the M&E fees.  The hedged away their guarantee risk and kept all of their fee risk because they had an embedded assumption that there was no risk there.  In fact, variable annuity writers faced massive DAC write-offs when the stock markets tanked.  There was a blind spot that kept them from seeing this risk.

Many commentators have mentioned the embedded assumption that real estate always rose in value.   In fact, the actual embedded assumption was that there would not be a nationwide drop in real estate values.  This was backed up by over 20 years of experience.  In fact, everyone started keeping detailed electronic records right after…… The last time when there was an across the board drop in home prices.

The blind spot caused it to take longer than it should have for many to notice that prices actually were falling nationally.  Each piece of evidence was fit in and around the blind spots.

So a very important job for the risk manager is to be able to identify all of the embedded assumptions / blind spots that prevail in the firm and set up processes to continually assess whether there is a danger lurking right there – hiding in a blind spot.

Advertisement

Emerging Risk Survey

TAKE PART IN THE ANNUAL EMERGING RISKS SURVEY

Posted by Max Rudolph

The Joint Risk Management Section, sponsored by the Casualty Actuarial Society, Canadian Institute of Actuaries, and the Society of Actuaries, is interested in better understanding how risk managers deal with emerging risks. The objective of this effort is to examine and ultimately give guidance to risk managers on how to deal with these unknown and developing risks.

To achieve this, we have designed an online survey to gather information about emerging risks and related issues. This survey is a follow-up to earlier surveys on emerging risks and will help to provide insight to changes and trends in this evolving field.

We would greatly appreciate you taking the time to complete the survey by October 26. It should take less than 10 minutes to complete the basic survey, but we hope you will share your thoughts in comment boxes, as well. Please share this survey link with other risk managers (internal and external) who might be interested in sharing their thoughts. We hope to gather a wide variety of perspectives from the survey.

It is our hope that the results of this survey will help risk managers deal with information that exists outside historical data sets. We assure you that results will be reported anonymously and that your specific responses will be held under the strictest confidence.

If you have questions about the survey, please contact Barbara Scott.

Thanks very much for your consideration! We expect to report results in December.

Follow this link to the Survey:
Take the Survey

Or copy and paste the URL below into your internet browser:
http://soa.qualtrics.com/WRQualtricsSurveyEngine/?SID=SV_5upsMMiVNJE1pBj&RID=MLRP_6zJ0LSMyi4Qysux&_=1

***** REMINDER ***** DEADLINE IS FRIDAY, OCTOBER 26 ***** REMINDER *****

Many thanks to those of you who have already participated in this survey!

Risk Evaluation by Actuaries

The US Actuarial Standards Board has promulgated a new Actuarial Standard of Practice number 46 Risk Evaluation in Enterprise Risk Management.

ASB Adopts New ASOP No. 46

At its September meeting, the ASB adopted ASOP No. 46, Risk Evaluation in Enterprise Risk Management. The ASOP provides guidance to actuaries when performing professional services with respect to risk evaluation systems used for the purposes of enterprise risk management, including designing, developing, implementing, using, maintaining, and reviewing those systems. An ASOP providing guidance for activities related to risk treatment is being addressed in a proposed ASOP titled, Risk Treatment in Enterprise Risk Management, which will be released in late 2012. The topics of these two standards were chosen because they cover the most common actuarial services performed within risk management systems of organizations. ASOP No. 46 will be effective May 1, 2013 and can be viewed under the tab, “Current Actuarial Standards of Practice.”

 

The End of ERM

In essence, if ERM is to be implemented in a way which helps an entity get to where it wants to go, it needs to have a bias toward action which many applications currently lack.   “The End of Enterprise Risk Management”  David Martin and Michael Power

In 2007, Martin and Power argued that the regulatory based Enterprise Risk Management programs that were COSO based provided the illusion of control, without actually achieving anything.  Now if you are an executive of a firm and you believe that things are being done just fine, thank you very much, then an ineffective ERM program is just what you want.  But if you really want ERM, the something else is needed.  Martin and Power suggest that the activities of ERM are focused much too much on activities that do not reault in actions to actually change the risks of the firm.  This is a favorite topic of RISKVIEWS as well.  See Beware the Risk Management Entertainment System. 

RISKVIEWS always tells managers who are interested in developing ERM systems that if some part of an ERM program cannot be clearly linked to decisions to take actions that would not have been taken without ERM, then they are better off without that part of ERM. 

Martin and Power go on to suggest that ERM that uses just one risk measure (usually VAR) is difficult to get right because of limitations of VAR.  RISKVIEWS would add that an ERM program that uses only one risk measure, no matter what that measure is, will be prone to problems.  See Law of Risk and Light. 

It is very nice to find someone who says the same things that you say.  Affirming.  But even better to read something that you haven’t said.  And Martin and Power provide that. 

Finally, there is a call for risk management that is Reflexive.  That reacts to the environment.  Most ERM systems do not have this Reflexive element.  Risk limits are set and risk positions are monitored most often assuming a static environment.  The static environment presumption in a risk management system works if you are operating in an environment that changes fairly infrequently.  In fact, it works best if the frequency of change to your environment is less then the frequency of your update to the risk factors that you use.  That is, if your update includes studying the environment and majing environment driven changes. 

RISKVIEWS has worked in ERM systems that were based upon risk assessment based upon “eternal” risk factors.  Eternal Risk factors are assumed to be good “for all time”.  The US RBC factors are such.  Those factors are changed only when there is a belief that the prior factors were inadequate in representing the full range of risk “for all time”. 

But firms would be better off looking at their risks in the light of a changing risk environment.  Plural Rationality theory suggests that there are four different risk environments.  If a company adopts this idea, then they need to look for signs that the environment is shifting and when it seems to be likely to be shifting, to consider how to change their risk acceptance and risk mitigation in the light of the expected new risk environment.  The idea of repeatedly catching this wave and correctly shifting course is called Rational Adaptability. 

So RISKVIEWS also strongly agrees with Martin and Powers that a risk management system needs to be reflexive. 

In “The End of ERM” Martin and Powers really mean the end of static ERM that is not action oriented and not reflexive with the environment.  With that RISKVIEWS can heartily agree.

New Riskviews Wiki – Actuarial Applications of Plural Rationality

For several years now, I have been working with a small group of people to explore and write about the ideas of Plural Rationality and how it can be used in the field of risk management.  We have presented these ideas at multiple actuarial meetings around the world and published articles in a number of places.  You may be aware of this.

Recently, I recruited two new actuaries to this work and their reaction has been very favorable as they work on this and thereby learn more.  The theory of plural rationality has fairly strong explanatory powers.  They are helping to find new insights in a field that I know little about.

That experience has inspired me to invite all of you to join this effort.

To that end, I have created a wiki for development of actuarial discussions of plural rationality.

https://riskviewswiki-actuarialapplicatifpluralrationality.pbworks.com

The list below are the pages/discussion topics that have been created so far.  The Background page includes links to most of the places where you can find the work that has been done to date on this by Michael, Thompson, Alice Underwood and I.  The others are blank pages that are example of possible discussion topics.  Other discussion topics are of course possible.

(This is all free, but to access, you will need to set up a pbworks account. I am not selling pbworks.  I just happen to like how it works. And it seems to let me do this for free.)

I believe that I need to send you a personal invitation to join the Riskviews network on pbworks so that you can set up the account.  So if you are interested, please send an email to  daveingram@optonline.net.  Feel free to forward this to anyone that you feel might have an interest.  This discussion is not necessarily restricted to actuaries.

• Background on Plural Rationality
• Implications for Risk Management
• Implications for Risk Measurement
• Implications for Catastrophe Risk measurement and management
• Implications for Pensions
• Implications for Equity Linked Life Insurance and Annuities
• Implications for Mutual Insurance
• Implications for Solvency II

If you are someone who has no idea what I am talking about and want to look at the Plural Rationality background materials without joining pbworks, you can see it at Plural Rationality and ERM page here on the Riskviews blog.

Dave Ingram

Driver of a Statement of Risk Tolerance

Many, many firms struggle with developing good statements of Risk Tolerance.  This is startling because a regulators and rating agencies alike say that good risk management requires a statement of Risk Tolerance.

For this post, Risk Tolerance will be used to mean the amount of risk that an organization might choose to retain after risk mitigation.  The term Risk Appetite, which is often used interchangably will be used to mean the amount of risk that and organization plans to take, usually an amount less than the Risk Tolerance.

An analogy might be to the speed of a car.  A particular driver in a particular car might be able to tolerate going 80 miles per hour on a highway that is well lit and that has little traffic.  But tonight,  they only plan to go 70 miles per hour on this trip.

Others use these terms to mean something else.  Riskviews does not have an opinion about the value of these other definitions.

To form a good risk tolerance statement, the management of a company needs just two things – (1) to identify what adverse event they will base their tolerance upon and (2) the likelihood of that adverse event at their tolerance level.

Alternately, a risk tolerance statement can be built upon something that is itself tied directly to some likelihood, like a risk capital value at a 1/200 loss or the top speed of a car that is implicitly tied to an (unstated) level of likelihood of an accident.

But that unstated likelihood for the car speed is really the key to understanding why risk tolerance is so difficult for many, many managers.

You see, most people who drive a car will develop a tolerance for speed over time as they get experience with driving.  They each have an internal mechanism that tells them that they have reached a speed that “feels” too dangerous.  It is that roller coaster flip in the gut when the car barely holds the road on a tight turn.  That adrenaline rush that comes right after the near accident.  They are not calculating probabilities there, but their resulting tolerance could be seen to be calibrated to some safety margin that varies by individual.

But the problem is that some company managers are trying to form a risk tolerance for their company before they have any experience driving with a speedometer, in effect.  That is because risks that a company takes are not always obvious to the management.  And even when individual risks are well known, their aggregation usually is not, to any degree of precision.

So the thing that is missing for most managers is the experiential feel for their risk.  Before setting a risk tolerance, they need to drive around with one eye on the speedometer of their company.  That is with continual awareness of the amount of risk that the company is taking.  They will need to do this for a multi year period so that they will see when their knuckles go white.

Waiting for this experience may not be the be the best approach, it would probably be better to look backwards at the risk level for the past 5 to 10 years of company history.  For managers who have been there long enough, they have a good feel for when the company had much worse results than desired.  The risk tolerance can be set by working from that worst year and figuring out how close to that situation that the company management is comfortable getting in the future.

Now to do this, it is much easier to simply pick a likelihood number.  The number then defines the risk calculation.  The risk would be the amount of loss that is expected at that likelihood value given the company plans for risk taking as well as the actual risks taken.

Then to build up that experience, managers need to look at the comparison between the risk and the capital or between the risk and the earnings of the company over their recent past and immediate future.

One thing to look for is how the actual risk taken to the plan.  In some companies, a goal is set in terms of premium dollars written.  But in some years, the premium goal is met, but the business written is actually much riskier than the plan.  This may be the reason behind the bad experiences that the company has experienced.  If that is the case, then the company needs to look to strengthen risk control practices before worrying about risk tolerance. 

In the example above, the company risk number was smaller than the surplus number in all years except year 4.  Company management agrees that they were too exposed to a major loss that year.  So they have set their risk tolerance to their risk measure at 90% of surplus.  With tolerance set at that level, every other year was within tolerance.

This is the best way for management to set a risk tolerance.  Based upon experience, just like a person’s driving speed tolerance is based upon their driving experiences.

Unintended Consequences – Distortion of Decisions

Central bankers have tools to help the economy, but for the most part, those tools all have the effect of lowering interest rates.

But there are consequences of overriding the market to change the price of something.  The consequences are that every decision that uses the information from the affected market prices will be distorted.

Interest rates are a price for deferral of receiving cash.  Low interest rates signal that there is very little risk to deferral of receiving cash.  So one only has to pay a little extra to pay later rather than now.

This is helpful in stimulating consumption.  People without the money right now can promise to pay later with low penalty for the deferral.

But is the risk from the deferral really lower?  The interest rates are very low because the central bank is overwhelming the market demand.  Not because anyone really believes that deferral of receipt of cash is low risk.

But anyone who simply uses the market interest rates is having their decision distorted.  They are open to taking deferral risk without expecting to be reasonably compensated for that risk.

To purists who believe that the only usable value is the market price, this is the only real information.

But if you want to make good decisions about transactions that stretch out over a long time, you might want to consider making your own adjustment for the risk of deferral.