Who should do ERM?

How much Capital Do you Really Need?

Insurers all hold capital as a cushion against losses. But how much capital is enough?

There are three criteria that management use to determine how much capital needs to be held:

• Level of Risk
• Regulatory Requirements
• Market Expectations

In a perfect world, those three criteria would all be the same.  But in this world, they are not.  The answer to the “How Much Capital?” question gets a different answer from each of those criteria.  And it varies for different risks, which is the most restrictive.

RISKVIEWS has always been of the opinion that management needs to juggle the three points of view so that the capital is adequate in total to meet all three, but they may well have an opinion about one or several risks that it has a much less lower level of risk and therefore lower need for capital than may be indicated by either the regulators or the market.  That kind of view is a natural consequence of the fact that management has more expertise and insight into some of its risks than either outside view.

The WillisWire series on ERM practices continues with a discussion of Risk Capital.

Guide to ERM: Risk Capital

RISKVIEWS has of course posted often about Risk Capital as well.  Over 40 posts can be found at:

Economic Capital Posts

Crisis Pre-Nuptial

This idea came to me when my son was planning a month long camping trip into the wilds of Alaska with several friends. They were sending hours and hours planning what they would take and how they would survive. It seemed to me that one major risk that they were not considering was how they would deal with the possibility that some problem might cause them to disagree about whether to cut the trip short.

Riskviews

What is the reaction of your firm going to be in the event of a large loss or other crisis? 

If you are responsible for risk management, it is very much in your interest to enter into a Crisis Pre-Nuptial. 

The Crisis Pre-Nuptial has two important components. 

1. A protocol for management actions in the event of the crisis.  There is likely a need for there to be a number of these protocols.   These protocols can be extremely valuable, their value will most likely far exceed the entire cost of a risk management function.  Their value comes because they eliminate two major problems that firms face in the event of a crisis or large loss.  First is the deer in the headlights problem – the delay when no one is sure what to do and who is to do it.  That delay can mean that corrective actions are much less effective…

View original post 198 more words

Stress to reduce Distress

Distress lurks. Just out of sight. Perhaps around a corner, perhaps down the road just past your view.
For some their rule is “out of sight, out of mind”. For them, worry and preparation can start when, and if, distress comes into sight.

But risk managers see it as our jobs to look for and prepare for distress. Whether it is in sight or not. Especially because some sorts of distress come on so very quickly and some methods of mitigation take effect so slowly.
Stress testing is one of the most effective tools, both for imagining the potential magnitude of distresses, but almost more importantly, in developing compelling stories to communicate about that distress potential.

This week, Willis Wire is featuring a piece about Stress Testing in the “ERM Practices” series;

ERM Practices:  Stress Testing

RISKVIEWS has features many posts related to Stress Testing:

RISKVIEWS Archive of Posts related to Stress Testing

Irrational means you don’t agree with me

The term “Rational” is used in economics to mean using the decision process that results in the best economic outcome.

And the best economic outcome is often defined as the one that results in the highest amount of money for the decision maker.  That at least is the theory.  There is an entire body of analysis under the title “Game Theory” that shows how such Rational Decision making would apply to many situations.

Herbert Simon actually showed a fundamental flaw in approaches like Game Theory and other forms of economic rationalism.

The flaw is that to really satisfy the rules of rationality, the decision maker would need to have infinite time to make the decision and would also need access to all knowledge, all of which must be reviewed to see if it pertains to the problem.

So Simon proposed that what was really meant by economists when they used the idea of rational decision making was something that he called “Bounded Rationality”.  The boundaries to rationality were necessary to get to a decision before tea time next spring.

Rational decision makers needed to apply heuristics to determine the actual amount of time and the pertinent information that would be needed for making any decision.  Heuristics are seen as the opposite of rationality.  They are the “gut feel” way to decide something.  So Simon showed that Rational Decision Makers must be using gut feel.

Just think if physicists considered anyone who did not solve physical problems using the best equations that physicists have to offer as “irrational”.  Everyone who drives a car, or catches a ball, would be found to be totally irrational, because those activities always rely upon heuristics, rather than physics equations.  Instead, physicists would readily admit that the person who can run across Center Field and arrive at just the right time to catch the baseball is actually properly applying physics, instead of the opposite.

And RISKVIEWS would extend Simon’s arguments to suggest that the heuristics used are not neutral to the decision.  “Rational” decision makers will all apply their own heuristics to decide what needs to go into a decision.  Some of those heuristics will be based not on a “rational” evaluation of the value of information not included or analysis not performed, but it will be biased to leave out the information and analysis that leads away from their preferred solution.

What Simon deduced is that there is no purely rational decision making process.

And RISKVIEWS is saying that anyone who proposes that their decision is made rationally should be suspect.  Are they using the term rational to persuade?  Or do they not even know about the limitations of their own analysis?

Good analysis should include information about the way that the analyst decided on the boundaries for that analysis.  Someone who simply states the assumptions underlying their analysis is not giving you a solution, they are giving you a puzzle to solve.  The solution to the puzzle is the knowledge of when the analysis may be true and when it may be untrue.  Solving that puzzle involves understanding the bounded rationality of the analyst and the degree to which reality may or may not be outside of those bounds.

Getting Started with a Risk Management Program

Every year companies look at their list of things that they plan to do “someday” and decide that this is the year to tackle implementing Enterprise Risk Management (ERM).

But many of them fail to get very far with that goal.

They start out with hopes to build an ERM program but never see the light at the end of the ERM tunnel.  They never get to the point of having a valuable process.

WillisWire has featured five ERM posts in 2014 that, if followed, can lead to a tangible and useful first level ERM process.  There are two primary objectives of ERM:

• To make sure that the company has a consistent level of risk management for all of the major risks of the organization.
• To use the information from the processes that are built up to accomplish the above to make strategic decisions about the risk profile that enhance the ability to achieve its objectives.

Excerpt from the IAA report in Enterprise Risk Management:

The terms “risk” and “risk management” are commonly viewed through a lens of avoiding “bad” things happening and limiting the downside. Whilst understandable, the more enlightened view emerging is one of connecting risk to value maintenance and creation. This includes, for example, the empowerment of people to exploit opportunities. Indeed, market watchers view the ability to anticipate and react to a market opportunity to be as important as readiness for a potentially significant business disruption.

Moreover, the importance of the risk management culture is naturally being linked with effective ERM practices.

The five risk management practices are needed to create a complete risk control cycle (the first ERM objective above) for all of the major risks of the firm.

1. Risk Identification
2. Risk Measurement
3. Risk Limits and Controlling
4. Risk Organization
5. Risk Policies and Standards

RISKVIEWS has posted a number of times on ERM Systems.  Several times there have been classes for ERM beginners, in Seoul, South Korea; Nairobi, Kenya;  Almaty, Kazakhstan; Mexico City, Mexico and Lausane, Switzerland.  See Introduction to ERM where slide decks and suggested readings are posted.

 

No Thanks, I have enough “New”

Many call for businesses to adopt an innovation culture, but there are good reasons to limit the firm’s exposure to the risks of new endeavors.

Riskviews

It seems sad when 75 year old businesses go bust.  They had something that worked for several generations of managers, employees and investors.  And now they are gone.  How could that be?

There are two ways that old businesses can come to their demise.  They can do it because they stick to what they know and their product or service  (usually) slowly goes out of fashion.  Usually slowly, because all but the most ossified large successful companies can adapt enough to keep going for quite some time, even when faced by competition with a better business model/product or service.  Think of the US auto industry slowly declining for 40 years.

The second way is a quick demise. This usually happens after the old company chooses to completely embrace something completely new.  If their historic business is in decline, many large old firms are on the look out for that new…

View original post 872 more words