Archive for January 2014

How many significant digits on your car’s speedometer?

January 31, 2014

Regulatory regimes require companies to waste huge amounts of money on useless precision of risk evaluation.

Riskviews

Mine only shows the numbers every 20 and has markers for gradations of 5. So the people who make cars think that it is sufficient accuracy to drive a car that the driver know the speed of the car within 5.
And for the sorts of things that one usually needs to do while driving, that seems fine to me. I do not recall ever even wondering what my speed is to the nearest .0001.


That is because I never need to make any decisions that require the more precise value.
What about your economic capital model? Do you make decisions that require an answer to the nearest million? Or nearest thousand, or nearest 1?  How much time and effort goes into getting the accuracy that you do not use?

What causes the answer to vary from one time you run your model to another?  Riskviews tries to think of…

View original post 372 more words

Advertisements

Whose Job is it to do ERM?

January 28, 2014

“We are not big enough to need ERM.” says the smaller company CEO.  “So we all do it together.”

But what is everyone’s job, is no one’s responsibility.  No one is held accountable for how or even whether ERM functions actually happen.

If a company wants to have ERM, then they must make assignments – assignments to individuals.

This process, these assignments, are what RISKVIEWS calls Risk Organization.  Everyone does not need the same Risk Organization, but everyone who is serious about ERM needs to clearly assigning responsibility for the risk identification, measurement and management of risks.

This week’s post on the WillisWire series on ERM Practices is about Risk Organization:

This is Part 4 of a 14 part series on the ERM practices that support an ORSA. The other pieces in that series so far are:

Risk Measurement

RISKVIEWS has also posted discussions of Risk Organization.  Here are a few examples:

Doing ERM is the Control Cycle

January 27, 2014

RISKVIEWS has commented many times that Risk MANAGEMENT is not a spectator sport.  It is all about DOING.

If Risk Management never results in the firm DOING something different than what would have been done before Risk Management  – then STOP IMMEDIATELY.  You are wasting your time and money.

The DOING part of Risk Management is not particularly tricky or difficult.  Doing ERM is accomplished with a Control Cycle.

In fact Doing ERM is accomplished with one control cycle for each major risk and one control cycle over all risks in total.

WillisWire has recently featured a piece on risk limits and the risk control cycle that would apply to each major risk.

Which is from the 14 part ERM Practices for Insurance Company ORSA series.  The other pieces in that series so far are:
RISKVIEWS has often posted about Control Cycles as well.  Here are two examples:
Controlling with a Cycle about the control cycles for each risks and
ERM Control Cycle about the overall ERM control of total risk

You need good Risk Sense to run an insurance company

January 16, 2014

It seems to happen all too frequently.

A company experiences a bad loss and the response of management is that they were not aware that the company had such a risk exposure.

For an insurance company, that response just isn’t good enough.  And most of the companies where management has given that sort of answer were not insurers.

At an insurance company, managers all need to have a good Risk Sense.

Risk Sense is a good first order estimate of the riskiness of all of their activities. 

Some of the companies who have resisted spending the time, effort and money to build good risk models are the companies whose management already has an excellent Risk Sense.  Management does not see the return for spending all that is required to get what is usually just the second digit.

By the way, if you think that your risk model provides reliable information beyond that second digit, you need to spend more time on model validation.

To have a reliable Risk Sense, you need to have reliable risk selection and risk mitigation processes.  You need to have some fundamental understanding of the risks that are out there in the areas in which you do business.  You also need to  be constantly vigilant about changes to the risk environment that will require you to adjust your perception of risk as well as your risk selection and mitigation practices.

Risk Sense is not at all a “gut feel” for the risk.  It is instead more of a refined heuristic.  (See Evolution of Thinking.)  The person with Risk Sense has the experience and knowledge to fairly accurately assess risk based upon the few really important facts about the risks that they need to get to a conclusion.

The company that needs a model to do basic risk assessment, i.e. that does not have executives who have a Risk Sense, can be highly fragile.  That is because risk models can be highly fragile.  Good model building actually requires plenty of risk sense.

The JP Morgan Chase experiences with the “London Whale” were a case of little Risk Sense and staff who exploited that weakness to try to get away with excessive risk taking.  They relied completely on a model to tell them how much risk that they were taking.  No one looked at the volume of activity and had a usual way to create a good first order estimate of the risk.  The model that they were using was either inaccurate for the actual situation that they were faced with or else it was itself gamed.

A risk management system does not need to work quite so hard when executives have a reliable Risk Sense.  If an executive can look at an activity report and apply their well honed risk heuristics, they can be immediately informed of whether there is an inappropriate risk build up or not.  They need control processes that will make sure that the risk per unit of activity is within regular bounds.  If they start to have approved activities that involve situations with much higher levels of risk per unit of activity, then their activity reports need to separate out the more risky activities.

Models are too fragile to be the primary guide to the level of risk.  Risk taking organizations like insurers need Risk Sense.

Can’t skip measuring Risk and still call it ERM

January 15, 2014

Many insurers are pushing ahead with ERM at the urging of new executives, boards, rating agencies and regulators.  Few of those firms who have resisted ERM for many years have a history of measuring most of their risks.

But ERM is not one of those liberal arts like the study of English Literature.  In Eng Lit, you may set up literature classification schemes, read materials, organize discussion groups and write papers.  ERM can have those elements, but the heart of ERM is Risk Measurement.  Comparing those risk measures to expectations and to prior period measures.  If a company does not have Risk Measurement, then they do not have ERM.

That is the tough side of this discussion, the other side is that there are many ways to measure risks and most companies can implement several of them for each risk without the need for massive projects.

Here are a few of those measures, listed in order of increasing sophistication:

1. Risk Guesses (AKA Qualitative Risk Assessment)
– Guesses, feelings
– Behavioral Economics Biases
2. Key Risk Indicators (KRI)
– Risk is likely to be similar to …
3. Standard Factors
– AM Best,  S&P, RBC
4. Historical Analysis
– Worst Loss in past 10 years as pct of base (premiums,assets).
5. Stress Tests
– Potential loss from historical or hypothetical scenario
6. Risk Models
– If the future is like the past …
– Or if the future is different from the past in this way …

More discussion of Risk Measurement on WillisWire:

     Part 2 of a 14 part series
And on RISKVIEWS:
Risk Assessment –  55 other posts relating to risk measurement and risk assessment.

Reviewing the Risk Environment

January 14, 2014

The new US Actuarial Standards of Practice 46 and 47 suggest that the actuary needs to assess the risk environment as a part of risk evaluation and risk treatment professional services. The result of that evaluation should be considered in that work.

And assessment of the risk environment would probably be a good idea, even if the risk manager is not a US actuary.
But what does it mean to assess the risk environment?  One example of a risk environment assessment can be found on the OCC website.  They prepare a report titled “Semi Annual Risk Perspective“.

This report could be a major source of information, especially for Life Insurers, about the risk environment.  And for Non-Life carriers, the outline can be a good road map of the sorts of things to review regarding their risk environment.

Part I: Operating Environment

  • Slow U.S. Economic Growth Weighs on Labor Market
  • Sluggish European Growth Also Likely to Weigh on U.S. Economic Growth in Near Term
  • Treasury Yields Remain Historically Low
  • Housing Metrics Improved
  • Commercial Real Estate Vacancy Recovery Uneven Across Property Types

Part II: Condition and Performance of Banks.

A. Profitability and Revenues: Improving Slowly..

  • Profitability Increasing .
  • Return on Equity Improving, Led by Larger Banks .
  • Fewer Banks Report Losses
  • Noninterest Income Improving for Large and Small Banks.
  • Trading Revenues Return to Pre-Crisis Levels
  • Counterparty Credit Exposure on Derivatives Continues to Decline ………….
  • Low Market Volatility May Understate Risk
  • Net Interest Margin Compression Continues..

B. Loan Growth Challenges

  • Total Loan Growth: C&I Driven at Large Banks; Regionally Uneven for Small Banks….
  • Commercial Loan Growth Led by Finance and Insurance, Real Estate, and Energy …
  • Residential Mortgage Runoff Continues, Offsetting Rising Demand for Auto and Student Loans………….

C. Credit Quality: Continued Improvement, Although Residential Real Estate Lags

  • Charge-Off Rates for Most Loan Types Drop Below Long-Term Averages
  • Shared National Credit Review: Adversely Rated Credits Still Above Average Levels .
  • Significant Leveraged Loan Issuance Accompanied by Weaker Underwriting.
  • New Issuance Covenant-Lite Leveraged Loan Volume Surges .
  • Commercial Loan Underwriting Standards Easing .
  • Mortgage Delinquencies Declining, but Remain Elevated.
  • Auto Lending Terms Extending ..

Part III: Funding, Liquidity, and Interest Rate Risk

  • Retention Rate of Post-Crisis Core Deposit Growth Remains Uncertain
  • Small Banks’ Investment Portfolios Concentrated in Mortgage Securities
  • Commercial Banks Increasing Economic Value of Equity Risk

Part IV: Elevated Risk Metrics

  • VIX Index Signals Low Volatility…
  • Bond Volatility Rising but Near Long-Term Average
  • Financials’ Share of the S&P 500 Rising but Remains Below Average
  • Home Prices Rising .
  • Commercial Loan Delinquencies and Losses Decline to Near or Below Average ..
  • Credit Card Delinquencies and Losses Near Cyclical Lows .

Part V: Regulatory Actions

  • Banks Rated 4 or 5 Continue to Decline
  • Matters Requiring Attention Gradually Decline
  • Enforcement Actions Against Banks Slow in 2013

For those who need a broader perspective, the IMF regularly publishes a report called World Economic Output.  That report is much longer but more specifically focused on the general level of economic activity.  Here are the main chapter headings:

Chapter 1. Global Prospects and Policies

Chapter 2. Country and Regional Perspectives

Chapter 3. Dancing Together? Spillovers, Common Shocks, and the Role of Financial and Trade Linkages

Chapter 4. The Yin and Yang of Capital Flow Management: Balancing Capital Inflows with Capital outflows

The IMF report also includes forecasts, such as the following:

IMF

 

Building Risk Culture is a two legged beast

January 13, 2014

RISKVIEWS is reading about Business Organizational Culture – particularly the Corporate Culture Survival Guide by Edgar Shein.

Shein suggests that culture has three aspects:  Artifacts, Espoused Values and Underlying Assumptions.  Artifacts are what you can easily see happening. Espoused Values are public statements about what is wanted, things like policies and mission statements. Underlying Assumptions are the part of culture that is difficult (not impossible) to discern and very time consuming to change.  These are the things that really determine the choices and decisions of the firm.

Shein suggests that culture is formed as a new company has the successes that cause it to survive and thrive.  The initial culture is a combination of the vision and rules of the founder along with the learned values from those early experiences.

He says that culture change comes about when the Underlying Assumptions no longer seem to work and people can feel motivated to learn new approaches that if they succeed, become the new Underlying Assumptions.

To me, RISK seems particularly difficult for this process.  Most new ventures are founded with a willful disregard for RISK.  So it is relatively rare for a newer firm to have a healthy respect for risk.

In addition, the result of good risk management is a reduction in the likelihood of the experience of undesirable adverse events (UAEs).  That is also the outcome from LUCK.  In both cases, the indication of good results is a LACK of bad experience.

The Risk Culture develops as the firm experiences adverse outcomes and then only if they learn that a risk management process can reduce the likelihood that they will experience UAEs.  Otherwise, the Underlying Assumption will be that whatever the firm is doing is just right to avoid those UAEs.  Sort of like the sports star who failed to shave before the game where they scored 2 goals, so they forever after deliberately do not shave on the day of a game.

Building or Changing a Risk Culture, in my opinion, involves teaching the idea that a deliberate and comprehensive risk management process can accomplish the reduction in likelihood of UAEs.

The students may be very responsive after a major adverse experience.  Otherwise, the Risk Culture Builder needs to depend on stories of other companies that succeed and fail to avoid the major adverse experiences.

The Risk Culture Builder must be prepared to turn every experience of the organization and of other organizations into stories that support the formation of a positive Risk Culture. But it takes an extremely good story teller to create motivation to adopt a healthy Risk Culture from stories of other companies.

Risk Management is actually more about managing tendencies than actual management of UAEs.  Which is one of the things that makes Risk Culture Building particularly difficult.  Most people will judge the Risk Culture successes in terms of the actual losses experienced.  Meaning, if there are losses, then risk management is not worth the trouble.

Risk Management will only result in near zero losses if the risk tolerance is near zero.  And then only if the risk manager is given the nearly unlimited budget that it takes to actually eliminate most risk.

Instead, what can be expected from Risk Management, that is from a tendency to reduce frequency and/or severity of UAEs is loss experience that is better than those who do not practice risk management on the average, over time, when adjusted for differences in the inherent risk profile of the different organizations.

In building and reinforcing the risk culture, the Risk Culture Builder needs to be ready to explain how well (or poorly) that the company is succeeding with that.

Because ultimately, those stories, the stories of how the risk management program is succeeding or how the lack of risk management has failed are an extremely important leg of the risk culture building process.

The other leg (risk management culture is a two legged beast), is the story of how the risk management program needs to work to support achievement of the risk appetite.  That story needs to be told, not in terms of explaining the parts of a risk management framework, but instead that story is about the outcomes to be expected.

So for both legs, or both stories, the Risk Culture Builder needs to have a clear idea in mind of how the results of risk management will be demonstrable.

And that is another story.


%d bloggers like this: