Do you notice anything unusual in the graph above that occurred in the first quarter of 2022? This graph says that in January about 6% of Americans were sick. That is about 25% of all of the COVID infections over the past 26 months. Other than January 2022, COVID infections averaged 2.4 million per month.
First quarter GDP fell by 1.4% in 2022.
I would bet that some of the GDP drop was due to the absolutely extraordinary level of illness in the first quarter.
I hadn’t noticed any commentary that agrees with this point. But I am guessing that since we are all feeling that we have turned the corner on COVID, we are deliberately putting it out of our minds. Which may cause us to draw erroneous conclusions about what is happening with the economy and take actions to fix something that may have been driven to some extant by the pandemic, not some other type of weakness in the economy.
Many of the most serious problems that have beset firms have not been repeats of past issues but very new situations. Emerging risks is one description that is used to refer to these “unknown unknowns.” It is simply not sufficient for an ERM program to fully master the control of potential losses from the risks that are known to exist right now. Many would consider the current financial crisis to be the result of emerging risks that were not sufficiently anticipated. Emerging risks may be unknown, but their consequences are real and insurers need to actively prepare for them.
Management should be monitoring and controlling the known risks. Emerging risks management is concerned with the impact of completely new or extremely rare adverse events. These risks cannot be managed via a control process. Monitoring systems would not show any results. But there are ways that the best- practice firms address emerging risks.
Emerging risks may appear suddenly or slowly, are difficult to identify, and often represent a new idea more than factual circumstances. They often result from changes in the political, legal, market, or physical environment, but the link between cause and effect is not proven. An example from the past is asbestos or silicone liabilities. Other examples could be problems deriving from nanotechnology, genetically modified food, climate change, etc. The recent problems experienced by banks and other financial firms resulting from mortgage losses could be classified as emerging risks.
For these risks, normal risk identification and monitoring will not work because the frequency is usually completely unknown. Nevertheless, past experience shows that when they materialize, they have a significant impact on businesses and therefore cannot be excluded from a solid risk management program. Specific strategies and approaches must be implemented to cope with them properly.
Emerging risks can be unknown to the corporate body or merely unknown to the main decision takers. The O-ring problem was known about before disaster hit the US space shuttle Challenger in 1986 – just not known in a way that helped. When considering emerging risks, we need to consider communication to, and within, the corporate body. A good ERM approach should be able to handle both these aspects.
Emerging risks management will include a process of early warnings that will allow company management to anticipate disasters, however short the period of notice. Such a firm will have an inclusive approach to identifying and evaluating risk. This inclusiveness will encourage employees to express concerns openly, it will lead to the ability to learn from others’ experiences and it will allow a constructive approach to intelligence-gathering of both hard and soft information. A firm with good emerging risks management would expect to perform thorough post-mortem analyses of problem situations and would feed the results of that analysis back into its on-going disaster-planning process.
While the best ERM programs will often have a comprehensive emerging risks process, that process is not well served by a routine checklist. A company with excellent extreme-event management practices will instill and sustain a decidedly non-routine, imaginative flavor into its process.
Normal risk control processes focus on everyday risk management, including the management of identifiable risks and/or risks where uncertainty and unpredictability, are mitigated by historical data that allow insurers to estimate loss distribution with reasonable confidence. Emerging risk management processes take over for risks that do not currently exist but that might emerge at some point due to changes in the environment.
Emerging risks may appear abruptly or gradually, are difficult to identify, and may for some time represent a hypothetical idea more than factual circumstances. They often result from changes in the political, legal, market or physical environment. An example from the past is asbestos; other examples could be problems deriving from nanotechnology, genetically modified food, climate change, etc. For these risks, normal risk identification and monitoring will not work because the likelihood is usually completely unknown.
Nevertheless, past experience shows that when they materialize, they can have a significant impact on insurers and therefore cannot be excluded from a solid risk management program. So insurers have implemented unique specific strategies and approaches to cope with them properly.
Identifying Emerging Risks
Developing an early warning system for emerging risks that methodically identifies potential new risk factors either through internal or external sources is very important. To minimize the uncertainty surrounding these risks, insurers will consistently gather all existing relevant information to amass preliminary evidence of emerging risks, which would allow the insurer to reduce or limit the growth of exposure as the evidence becomes more and more certain. However, insurers practicing this discipline will need to be aware of the cost of false alarms.
Assessing Their Significance
Parties should assess the relevance (i.e. potential losses) of the emerging risks linked to a company’s commitment— which classes of business and existing policies would be affected by the materialization of the risk—and continue with the assessment of the potential financial impact, taking into account potential correlation with other risks already present in the firm.
For an insurer, the degree of concentration and correlation of the risks that they have taken on from their customers are two important parameters to be considered; the risk in question could be subject to very low frequency/high intensity manifestations, but if exposure to that particular risk is limited, then the impact on the company may not be as important.
On the other hand, unexpected risk correlations should not be underestimated; small individual exposures can coalesce into an extreme risk if underlying risks are highly interdependent. When developing extreme scenarios, some degree of imagination to think of unthinkable interdependencies could be beneficial.
A further practice of insurers is to sometimes work backwards from concentrations to risks. Insurers might envision risks that could apply to their concentrations and then track for signs of risk emergence in those areas. Some insurers set risk limits for insurance concentrations that are very similar to investment portfolio credit limits, with maximum concentrations in specific industries in geographic or political regions.
In addition, just as investment limits might restrict an insurer’s debt or equity position as a percentage of a company’s total outstanding securities, some insurers limit the percentage of coverage they might offer in any of the sectors described above.
Define Appropriate Responses
Responses to emerging risks might be part of the normal risk control process, i.e. risk mitigation or transfer, either through reinsurance (or retrocession) in the case of insurance risks, through the financial markets for financial risks, or through general limit reduction or hedging.
When these options are not available or the insurer decides not to use them, it must be prepared to shoulder significant losses, which can strain a company’s liquidity. Planning access to liquidity is a basic part of emerging risk management. Asset-selling priorities, credit facilities with banks, and notes programs are possible ways for insurers to manage a liquidity crisis.
Apart from liquidity crisis management, other issues exist for which a contingency plan should be identified in advance. The company should be able to quickly estimate and identify total losses and the payments due. It should also have a clear plan for settling the claims in due time so as to avoid reputation issues. Availability of reinsurance is also an important consideration: if a reinsurer were exposed to the same risks, it would be a sound practice for the primary insurer to evaluate the risk that the reinsurer might delay payments.
Advance Warning Process
For emerging risks the response plans developed as described above would often not be implemented immediately. Their implementation would often be deferred until a later date when the immanence of the emerging risk is more certain. For the risks that have been identified as most significant and where the insurer has developed coherent contingency plans, the next step is to create and install an advanced warning process.
To do that, the insurer identifies key risk indicators that provide an indication of increasing likelihood of a particular emerging risk. These key risk indicators are tracked and compared to a trigger point that has been identified in advance. The trigger point might be set at the point when it is thought that action is needed, but more likely it triggers a new round of investigation of both potential impact and responses.
Learn
Finally, sound practices for managing emerging risks include establishing procedures for learning from past events is important. The company should identify problems that appeared during the last extreme event and identify improvements to be added to the risk controls.
All of these steps can be applied by any firm in any sector with some adaptation.
Many discussions of COVID-19 mitigation revolve around the requirements and recommendations that are made by the government.
The CDC suggests answering this question:
To what extent do individuals and organizations practice community mitigation strategies?
We will seek to answer that question via a questionnaire. Right now, we have piloted that questionnaire twice with about 30 people providing observations.
We have observations from people in the above states, which provide diverse situations regarding their COVID situation. (Here Level refers to the number of new cases per 100k from the past 14 days and Rate refers to the New Infection Rate which is the new infections from the current day as a percentage of the infections for the prior 14 days.)
Pilot Project Findings – not credible amount of data
The above reflects the average compliance over 36 mitigation strategies. This is a Pilot, so we are not concerning ourselves about numbers of observations but we recognize that these are not sufficient to draw any conclusions about the actual level of compliance. Of those 36 strategies, the top 10 are:
Pilot Project Findings – not credible amount of data
We welcome additional observers. We will be continuing the Pilot Project and working on getting funding to turn this into a full scale research project.
To contribute your observations follow this LINK. We welcome both additional observers for the states above as well as observers from states where we have not yet received any observations.
Many risk managers tell RISKVIEWS that their bosses say that their objective is “No Surprises”. While that is an unrealistic ideal objective, cultivating Adaptability is the most likely way to approach that ideal.
There are many flavors of Risk Management. Each flavor of risk manager believes that they are addressing the Real World.
Bank risk managers believe that the world consists of exactly three sorts of risk: Market, Credit and Operational. They believe that because that is the way that banks are organized. At one time, if you hired a person who was a banking risk manager to manage your risks, their first step would be to organize the risk register into those three buckets.
Insurance Risk Managers believe that a company’s insurable risks – liability, E&O, D&O, Workers Comp, Property, Auto Liability – are the real risks of a firm. As insurance risk managers have expanded into ERM, they have adapted their approach, but not in a way that could, for instance, help at all with the Credit and Market risk of a bank.
Auditor Risk Managers believe that there are hundreds of risks worth attention in any significant organization. Their approach to risk is often to start at the bottom and ask the lowest level supervisors. Their risk management is an extension of their audit work. Consistent with the famous Guilliani broken windows approach to crime. However, this approach to risk often leads to confusion about priorities and they sometimes find it difficult to take their massive risk registers to top management and the board.
Insurer Risk Managers are focused on statistical models of risk and have a hard time imagining dealing with risks that are not easily modeled such as operational and strategic risks. The new statistical risk managers often clash with the traditional risk managers (aka the underwriters) whose risk management takes the form of judgment based selection and pricing processes.
Trading Desk Risk Managers are focused on the degree to which any traders exceed their limits. These risk managers have evolved into the ultimate risk takers of their organizations because they are called upon to sometime approve breaches when they can be talked into agreeing with the trader about the likelihood of a risk paying off. Their effectiveness is viewed by comparing the number of days that the firm’s losses exceed the frequency predicted by the risk models.
So what is Real World Risk?
Start with this…
Top Causes of death
Heart disease
stroke
lower respiratory infections
chronic obstructive lung disease
HIV
Diarrhea
Lung cancers
diabetes
Earthquakes, floods and Hurricanes are featured as the largest insured losses. (Source III)
Note that these are the insured portion of the losses. the total loss from the Fukishima disaster is estimated to be around $105B. Katrina total loss $81B. (Source Wikipedia)
Financial Market risk seems much smaller. When viewed in terms of losses from trading, the largest trading loss is significantly smaller than the 10th largest natural disaster. (Source Wikipedia)
But the financial markets sometimes create large losses for everyone who is exposed at the same time.
The largest financial market loss is the Global Financial Crisis of 2008 – 2009. One observer estimates the total losses to be in the range of $750B to $2000B. During the Great Depression, the stock market dropped by 89% over several years, far outstripping the 50% drop in 2009. But some argue that every large drop in the stock market is preceded by an unrealistic run up in the value of stocks, so that some of the “value” lost was actually not value at all.
If your neighbor offers you $100M for your house but withdraws the offer before you can sell it to him and then you subsequently sell the house for $250k, did you lose $99.75M? Of course not. But if you are the stock market and for one day you trade at 25 time earnings and six months later you trade at 12 times earnings, was that a real loss for any investors who neither bought or sold at those two instants?
What is a Borel Risk Point you ask? Emile Borel once said
“Events with a sufficiently small probability never occur”.
Your Borel Risk Point (BRP) is your definition of “sufficiently small probability” that causes you to ignore unlikely risks.
Chances are, your BRP is set at much too high of a level of likelihood. You see, when Borel said that, he was thinking of a 1 in 1 million type of likelihood. Human nature, that has survival instincts that help us to survive on a day to day basis, would have us ignoring things that are not likely to happen this week.
Even insurance professionals will often want to ignore risks that are as common as 1 in 100 year events. Treating them as if they will never happen.
And in general, the markets allow us to get away with that. If a serious adverse event happens, the unprepared generally are excused if it is something as unlikely as a 1 in 100 event.
That works until another factor comes into play. That other factor is the number of potential 1 in 100 events that we are exposed to. Because if you are exposed to fifty 1 in 100 events, you are still pretty unlikely to see any particular event, but very likely to see some such event.
Governor Andrew Cuomo of New York State reportedly told President Obama,
New York “has a 100-year flood every two years now.”
Solvency II has Europeans all focused on the 1 in 200 year loss. RISKVIEWS would suggest that is still too high of a likelihood for a good Borel Risk Point for insurers. RISKVIEWS would argue that insurers need to have a higher BRP because of the business that they are in. For example, Life Insurers primary product (which is life insurance, at least in some parts of the world) pays for individual risks (unexpected deaths) that occur at an average rate of less than 1 in 1000. How does an insurance company look their customers in the eye and say that they need to buy protection against a 1 in 1000 event from a company that only has a BRP of 1 in 200?
So RISKVIEWS suggest that insurers have a BRP somewhere just above 1 in 1000. That might sound aggressive but it is pretty close to the Secure Risk Capital standard. With a Risk Capital Standard of 1 in 1000, you can also use the COR instead of a model to calculate your capital needed.
The story goes on to discuss the fact that Americans, especially in red states like Oklahoma, strongly prefer keeping the government out of the business of providing things like storm shelters, allowing that to be an individual option. Then reports that few individuals opt to spend their money on shelters.
The answer might well be in the numbers…
Below, from the National Oceanic and Atmospheric Administration (NOAA) is a list of the 25 deadliest tornadoes in US history:
1. Tri-State (MO, IL, IN) – March 18, 1925 – 695 deaths
2. Natchez, MS – May 6, 1840 – 317 deaths
3. St. Louis, MO – May 27, 1896 – 255 deaths
4. Tupelo, MS – April 5, 1936 – 216 deaths
5. Gainesville, GA – April 6, 1936 – 203 deaths
6. Woodward, OK – April 9, 1947 – 181 deaths
7. Joplin, MO – May 22, 2011 – 158 deaths
8. Amite, LA, Purvis, MS – April 24, 1908 – 143 deaths
9. New Richmond, WI – June 12, 1899 – 117 deaths
10. Flint, MI – June 8, 1953 – 116 deaths
11. Waco, TX – May 11, 1953 – 114 deaths
12. Goliad, TX – May 18, 1902 – 114 deaths
13. Omaha, NE – March 23, 1913 – 103 deaths
14. Mattoon, IL – May 26, 1917 – 101 deaths
15. Shinnston, WV – June 23, 1944 – 100 deaths
16. Marshfield, MO – April 18, 1880 – 99 deaths
17. Gainesville, GA – June 1, 1903 – 98 deaths
18. Poplar Bluff, MO – May 9, 1927 – 98 deaths
19. Snyder, OK – May 10, 1905 – 97 deaths
20. Comanche, IA & Albany, IL – June 3, 1860 – 92 deaths
21. Natchez, MS – April 24, 1908 – 91 deaths
22. Worcester, MA – June 9, 1953 – 90 deaths
23. Starkville, MS to Waco, AL -April 20, 1920 – 88 deaths
24. Lorain & Sandusky, OH – June 28, 1924 – 85 deaths
25. Udall, KS – May 25, 1955 – 80 deaths
Looks scary and impressively dangerous. Until you look more carefully at the dates. Most of those events are OLD. In fact, if you look at this as a histogram, you see something interesting…
You see from this chart, why there are few storm shelters. Between the 1890’s and 1950’s, there were at least two very deadly tornadoes per decade. Enough to keep people scared. But before the last week, there had not been a decade in over 50 years with any major events. 50 years is a long time to go between times when someone somewhere in the US needed a storm shelter to protect them from a very deadly storm.
This is not to say that there have not been storms in the past 50 years. The chart below from the Washington Post, shows the losses from tornadoes for that same 50 year period and the numbers are not small.
It is RISKVIEWS’ guess that in the face of smaller, less deadly but destructive storms, people are much more likely to attribute their own outcome to some innate talent that they have and the losers do not have. Sort of like the folks who have had one or several good experiences at the slot machines who believe that they have a talent for gambling.
Another reason is that almost 45% of storm fatalities are folks who live in trailers. They often will not even have an option to build their own storm shelter. There it is probably something that could be addressed by regulations regarding zoning of trailer parks.
Proper risk management can only be done in advance. The risk management second guessing that is done after the fact helps to create a tremendous drag on society. We are forced into spending money to prevent recurrence of the last disaster, regardless of whether that expenditure makes any sense at all on the basis of frequency and severity of the potential adverse events or not.
We cannot see the future as clearly as we can see the past. We can only prepare for some of the possible futures.
The BBC article stands on the side of that discussion that looks back after the fact and finds fault with whoever did not properly see the future exactly as clearly as they are now able to see the past.
A simple recent example of this is the coverage of the Boston Marathon bombers. Much has been made of the fact that there were warnings about one or more members of the family before the event. But no one has chosen to mention how many others who did not commit bombings were there similar or even much more dire warnings about. It seems quite likely, that the warnings about these people were dots in a stream of hundreds of thousands of similar warnings.
• Planning and testing: It is important that your company and all of your important counterparties, vendors, and sub contractees, fully understand the functionality of contingency systems, and that key operations and business personnel communicate efficiently to assure enterprise-wide clarity. Expanded testing exercises would enhance assurance of failover reliability. Such testing should involve all parties inside and outside your firm that you depend upon to continue functioning, and should also involve providers of essential services such as power, water, and telecommunications.
• Incident management: Protocols for assuring a timely decision on whether and when to close or open the company would benefit from review and streamlining by the responsible parties. Likewise, protocols for assuring timely decisions within the firm on whether and when to leverage back-up sites would benefit from continued regular testing. Furthermore, operational interdependencies need to be fully incorporated in the decision-making process.
• Personnel: The resilience of critical components of the company requires geographic dispersal of both electronic systems and personnel sufficient to enable an organization to operate despite the occurrence of a wide-scale disruption affecting the metropolitan or geographic area of the organization’s primary operations, including communities economically integrated with, adjacent to, or within normal commuting distance of the primary operations area. Organizations, including major firms, need to continuously and rigorously analyze their routine positioning and emergency repositioning of key management and staff. This is an ongoing requirement as technology, market structure, and institutions evolve rapidly. Developed business continuity plans should be implemented, and key staff should be sent to disaster recovery sites when there is advance notice of events.
• Dependencies: Cross-industry interdependencies require constant review, reassessment, and improvement by organizations to mitigate the impact of energy, power, transport, and communications failures during severe incidents, and to help ensure reliable redundancy.
Often called emerging risks. Going back to Knight’s definitions of Risk and Uncertainty, there is very little risk contained in these potential situations. Emerging risks are often pure uncertainty. Humans are good at finding patterns. Emerging risks are breaks in patterns.
What to Do about Emerging Risks…
Emerging risks are defined by AM Best as “new or evolving risks that are difficult to manage because their identification, likelihood of occurrence, potential impacts, timing of occurrence or impact, or correlation with other risks, are highly uncertain.” An example from the past is asbestos; other current examples could be problems deriving from nanotechnology, genetically modified food, climate change, etc. Lloyd’s, a major sufferer from the former emerging risk of asbestos, takes emerging risks very seriously. They think of emerging risks as “an issue that is perceived to be potentially significant but which may not be fully understood or allowed for in insurance terms and conditions, pricing, reserving or capital setting”.
What do the rating agencies expect?
AM Best says that insurers need “sound risk management practices relative to its risk profile and considering the risks inherent in the liabilities it writes, the assets it acquires and the market(s) in which it operates, and takes into consideration new and emerging risks.” In 2013, Best has added a question asking insurers to identify emerging risks to the ERM section of the SRQ. Emerging Risks Management has been one of the five major pillars of the Standard & Poor’s Insurance ERM ratings criteria since 2006.
How do you identify emerging risks?
A recent report from the World Economic Forum, The Global Risks 2012 report is based on a survey of 469 experts from industry, government, academia and civil society that examines 50 global risks. Those experts identified 8 of those 50 risks as having the most significance over the next 10 years:
Chronic fiscal imbalances
Cyber attacks
Extreme volatility in energy and agriculture prices
Food shortage crises
Major systemic financial failure
Rising greenhouse gas emissions
Severe income disparity
Water supply crises
This survey method for identifying or prioritizing risks is called the Delphi method and can be used by any insurer. Another popular method is called environmental scanning which includes simply reading and paying attention for unusual information about situations that could evolve into future major risks.
What can go wrong?
Many companies do not have any process to consider emerging risks. At those firms, managers usually dismiss many possible emerging risks as impossible. It may be the company culture to scoff at the sci fi thinking of the emerging risks process. The process Taleb describes of finding ex post explanation for emerging Black Swan risks is often the undoing of careful plans to manage emerging risk. In addition, lack of imagination causes some managers to conclude that the past worst case is the outer limit for future losses.
What can you do about emerging risks?
The objectives for emerging risks management are just the same as for other more well-known risks: to reduce the frequency and severity of future losses. The uncertain nature of emerging risks makes that much more difficult to do cost effectively. Insurers can use scenario testing to examine potential impact of emerging risks and to see what actions taken in advance of their emergence might lessen exposures to losses. This scenario testing can also help to identify what actions might lessen the impact of an unexpected loss event that comes from a very rapidly emerging risk. Finally, insurers seek to identify and track leading indicators of impending new risk emergence.
Reinsurance is one of the most effective ways to protect against emerging risks, second only to careful drafting of insurance contract terms and conditions
Many of the largest insurers and reinsurers have developed very robust practices to identify and to prepare for emerging risks. Other companies can learn from the insurers who practice emerging risk management and adapt the same processes to their emerging risks.
Normal risk control processes focus on everyday risk management, including the management of identifiable risks and/or risks where uncertainty and unpredictability are mitigated by historical data that allow insurers to estimate loss distribution with reasonable confidence. Emerging risk management processes take over for risks that do not currently exist but that might emerge at some point due to changes in the environment. Emerging risks may appear abruptly or slowly and gradually, are difficult to identify, and may for some time represent an ill formed idea more than factual circumstances. They often result from changes in the political, legal, market, or physical environment, but the link between cause and effect is fully known in advance. An example from the past is asbestos; other examples could be problems deriving from nanotechnology, genetically modified food, climate change, etc. For these risks, normal risk identification and monitoring will not work because the likelihood is usually completely unknown. Nevertheless, past experience shows that when they materialize, they have a significant impact on the insurers and therefore cannot be excluded from a solid risk management program. So insurers have implemented unique specific strategies and approaches to cope with them properly.
Identifying emerging risks
Emerging risks have not yet materialized or are not yet clearly defined and can appear abruptly or very slowly. Therefore, having some sort of early warning system in place, methodically identified either through internal or external sources, is very important. To minimize the uncertainty surrounding these risks, insurers will consistently gather all existing relevant information to amass preliminary evidence of emerging risks, which would allow the insurer to reduce or limit growth of exposure as the evidence becomes more and more certain. However, Insurers practicing this discipline will need to be aware of the cost of false alarms.
Assessing their significance
Assess the relevance (i.e. potential losses) of the emerging risks linked to a company’s commitment— which classes of business and existing policies would be affected by the materialization of the risk—and continue with the assessment of the potential financial impact, taking into account potential correlation with other risks already present in the firm. For an insurer, the degree of concentration and correlation of the risks that they have taken on from their customers are two important parameters to be considered; the risk in question could be subject to very low frequency/high intensity manifestations, but if exposure to that particular risk is limited, then the impact on the company may not be as important. On the other hand, unexpected risk correlations should not be underestimated; small individual exposures can coalesce into an extreme risk if underlying risks are highly interdependent. When developing extreme scenarios, some degree of imagination to think of unthinkable interdependencies could be beneficial.
A further practice of insurers is to sometimes work backwards from concentrations to risks. Insurers might envision risks that could apply to their concentrations and then track for signs of risk emergence in those areas. Some insurers set risk limits for insurance concentrations that are very similar to investment portfolio credit limits, with maximum concentrations in specific industries in geographic or political regions. In addition, just as investment limits might restrict an insurer’s debt or equity position as a percentage of a company’s total outstanding securities, some insurers limit the percentage of coverage they might offer in any of the sectors described above.
Define appropriate responses
Responses to emerging risks might be part of the normal risk control process, i.e., risk mitigation or transfer, either through reinsurance (or retrocession) in case of insurance risks, through the financial markets for financial risks, or through general limit reduction or hedging. When these options are not available or the insurer decides not to use them, it must be prepared to shoulder significant losses, which can strain a company’s liquidity. Planning access to liquidity is a basic part of emerging risk management. Asset-selling priorities, credit facilities with banks, and notes programs are possible ways of managing a liquidity crisis.
Apart from liquidity crisis management, other issues exist for which a contingency plan should be identified in advance. The company should be able to quickly estimate and identify total losses and the payments due. It should also have a clear plan for settling the claims in due time so as to avoid reputation issues. Availability of reinsurance is also an important consideration: if a reinsurer were exposed to the same risks, it would be a sound practice for the primary insurer to evaluate the risk that the reinsurer might delay payments.
Advance Warning Process
For the risks that have identified as most significant and where the insurer has developed coherent contingency plans, the next step is to create and install an advanced warning process. To do that, the insurer identifies key risk indicators that provide an indication of increasing likelihood of a particular emerging risk.
Learn
Finally, sound practices for managing emerging risks include establishing procedures for learning from past events. The company will identify problems that appeared during the last extreme event and identify improvements to be added to the risk controls. In addition, expect to get better at each step of the emerging risk process with time and experience.
But emerging risk management costs money. And the costs that are most difficult to defend are the emerging risks that never emerge. A good emerging risk process will have many more misses than hits. Real emerged risks are rare. A company that is really taking emerging risks seriously will be taking actions on occasion that cost money to perform and possibly include a reduction in the risks accepted and the attendant profits. Management needs to have a tolerance for these costs. But not too much tolerance.
The authors are part of a group at Cambridge (actually, there are three members of the group) who are interested in studying threats from technology. “Many scientists are concerned that developments in human technology may soon pose new, extinction-level risks to our species as a whole.” says their website, The Cambridge Project for Existential Risk.
Go back and watch I Robot again. The only reason that the robot rebellion was foiled was because there was one robot who was designed to be independent enough to disagree.
If the “group” from Cambridge is correct, we need to get working on designing that robot that will save the day.
But first, we should ask them what they mean by “many scientists”?
Much too much of what we do relies upon the simplest idea of linear extrapolation. It must be hard wired into human brains to always think first of that process. Because we frequently seem to miss when extrapolation does not work.
Risk managers desperately need to understand the idea of system capacity. The capacity of a system is a point beyond which the system will fail or will start to work completely differently.
The obvious simple example is a cup with a small hole in the bottom. If you pour water into that cup at a rate that is exactly equal to the rate of the leak from the hole at the bottom, then the water level of the cup will be in equilibrium. A little slower and the cup will empty. A little faster and it will fill. Too long in the fill mode and it will spill. The capacity will be exceeded.
The highly popular single serving coffee machines are built with a fixed approach to cup capacity. The more sophisticated will allow for two different capacities, but usually leave it to the human operator to determine which limit to apply.
For the past several years, there have been a number of events, the latest a hurricane that damaged an area the size of Western Europe, that have far exceeded the resilience capacity of our systems. The resilience capacity is the amount of damage that we can sustain without any significant disruption. If we exceed our resilience capacity by a small amount, then we end up with a small amount of disruption. But the amount of disruption seems to grow exponentially as the exceedance of resilience capacity increases.
The disruption to the New York area from Hurricane Sandy far exceeded the resilience capacity. For one example, the power outages still continue two weeks after the storm. The repairs that have been done to date have reflected herioc round the clock efforts by both local and regional repair crews. The size of the problem was so immense that even with the significant outside help, the situation is still out of control for some homes and businesses.
We need to ask ourselves whether we need to increase the resilience capacity of our modern societies?
Have we developed our sense of what is needed during a brief interlude of benign experiences? In the financial markets, the term “Great Moderation” has been used to describe the 20 year period leading up to the bursting of the dot com bubble. During that period, lots of financial economics was developed. The jury is still out about whether those insights have any value if the world is actually much more volatile and unpredictable than that period of time.
Some weather experts have pointed out that hurricanes go in cycles, with high and low periods of activities. Perhaps we have been moving into a high period.
It is also possible that some of the success that mankind has experienced in the past 50 years might be in part due to a tempory lull in many damaging natural phenomina. The cost of just keeping even was lower than over the rest of mankind’s history.
What if the current string of catastrophes is just a regression to the mean and we can expect that the future will be significantly more adverse than the mild past that we fondly remember?
We need to come to a conclusion on those questions to determine How Much Resilience Do We Need?
From Black: Swans and Crude by Liz Ann Saunders, her tips for investing in a sideways market:
Be diversified, especially now that asset-class correlations have begun to recede toward normal levels.
If you like to be opportunistic, keep some powder dry in highly liquid investments for both cash needs and some flexibility to take advantage of volatility.
Consider more frequent rebalancing if volatility reasserts itself, allowing you to sell into strength and buy into weakness.
Focus on your long-term goals and not short-term market dips so you’re less likely to fall prey to panic selling (or buying).
Review your portfolio and asset allocation to confirm your risk tolerance matches your financial goals.
These suggestions line up well with the Pragmatist risk attitude of Plural Rationalities. That is good because the Pragmatists expect an Uncertain Environment, which is what we hear over and over that we are experiencing.
A Pragmatist will seek to diversify. Not only will they want to diversify their risks as Ms. Saunders suggests as her very first suggestion, but they will also be diversifying their approach to risks. Pragmatists will sometimes look to limit their losses with a Conservator style risk management approach, to aggressively pursue profits with a Maximizer style approach and even sometimes to look at risk vs reward in a Manager style approach.
Notice the interesting twist in her first point “now that asset-class correlations have begun to recede”. You see that she is not a card carrying Pragmatist either. She fundamentally believes that the world should return to an orderly state where correlations and volatilities are more stable.
Mathematically, that is how you can define the uncertain market of the times – variable volatility and variable correlations, variable drift. A market model that cannot support trading.
The models for the other three environments might be:
Boom – positive drift, low and stable volatility, low and steady correlations.
Bust – negative drift, low volatility, high correlations.
Moderate – near zero drift, moderate but stable volatility, moderate but stable correlations.
In her second point, she tells how to be ready for when the environment goes back to Boom or Moderate – by taking the classical Pragmatist position of under invested.
But the Pragmatist approach to risk is not really a Black Swan survival approach. If you really believe that a Black Swan event is coming, you would have the Conservator view of risk. That would lead you to move to a much lower expected upside and also a much lower likelihood of failure of your portfolio. In its purest form, the Conservator would accept almost no chance of total ruin. In actual practice, most Conservator leaning firms will accept risks that might cause a failure of the firm, but only if they have long experience with those risks and feel that they have them totally under their control.
Joshua Brown wrote “Ten Commandments for a Crash” – his advice for stock traders in a stock market crash. Most of his ideas can be generalized to refer to any situation where large losses or even the threat of large losses occurs.
1. Acknowledge that its a crash.
This is first and most difficult. The natural impulse of humans when things look worse than they ever imagined is to close your eyes and hope that it was a dream. To wait for things to come back to normal. But sometimes the only survivors are the people who stopped imagining a return to normal first and accepted the bad news as reality.
2. Pencils Down!
This means abandoning your research based upon the previous paradigm. Do not run the model one more time to see what it says. All of the model parameters are now suspect. You do not usually know enough to say which ones are still true.
3. Don’t listen to “stockpickers” or sell-side equity analysts.
Get your head out of the nits. Your usual business may require that you are a master of the details of your markets. You are looking to build your year’s result up over 52 weeks, looking to create 1/52 of your target return each week. But when the crisis hits, the right macro decisions can change your results by half a year’s worth of normal business.
4. Ignore the asset-gatherers and the brokerage firm strategists,
Know the bias of the people you are getting advice from. They may be saying what is necessary for THEIR firm to make it through the crash, no matter what their advice would do to you.
5. Make sacrifices
You are going to need to let go of one or several of the things that you were patiently nursing along in hopes of a big payoff later on when they came around. Make these decisions sooner rather than later. Otherwise, they will be dragging you down along with everything else. Think of it as a scale change. The old long term opportunities mostly become losers while some of the marginally profitable situations become your new opportunities. Choose fast.
6. Make two lists.
Those are the lists of things that you might now want to start doing if the terms suddenly get sweeter and the things where you plan to dump unless you can tighten the terms. Keep updating the list every day as you get new information. Act on the list as opportunities change.
7. Watch sentiment more closely
This is the flip side to #1 above. The analysis may no longer be of help, but a good handle on the sentiment of your market will be invaluable. It will tell you when it is time to press for the stricter terms from your list #6.
8. Abandon any hope or intention of catching the bottom.
This may be an excuse for not making decisions when things are unclear. Guess what? THe bottom is only ever clear afterwards.
9. Suspend disbelief.
Any opinions that you have that some aspect of your business environment will never get “that” bad will often be trashed by reality. In case you have been asleep for the last decade, each crisis results in new bigger losses than ever before. The sooner you get off the illusion that you know exactly how bad it can get, the sooner you will be making the right decisions and avoiding totally wrongly timed moves.
10. Stop being a know-it-all and shut up.
Everyone out there seems to know a small part of what is happening that no one else knows and is totally ignorant of most of what is going on from their own internal sources. If you talk all of the time, you will never learn those other pieces of the puzzle.
A good list. Some things to think about. A challenge to work these ideas into your planning for emerging risks. Need to practice adopting this point of view.
At least 75% of the US has experienced some Solar Risk this summer. Temperatures were into triple digits.
(in Fahrenheit. Fahrenheit is a part of the ancient measuring system that only America uses. 100F is 37.7C. Not so magical stated that way. But it is still exceptional.)
But very different solar risk is thought to be on the way. Solar Storms are thought to entering a busy season and to have the capability of wrecking havoc on various electromagnetic broadcast and receiving systems. GPS systems are thought to be particularly vulnerable.
The last major storm to hit earth reportedly caused the emerging telegraph systems in the US and Europe to encounter problems. We now depend upon many, many complex electronic systems.
But see what happens if you try to get your firm to prepare for violent solar storms. The best that may happen is that you would be laughed out of the room.
News International has been the news for several days now. ABC News says that they are an example of How not to Handle a Phone Hacking Crisis. It seems that nearly every year hands us another example of how a company should NOT handle a crisis. The ideas of how TO handle one are pretty simple:
Get all the news out. Don’t withhold. The constant drip, drip of additional revelations makes many people skeptical about whether they ever hear the whole story.
Don’t just take advice from your lawyer. It is quite possible to be totally safe in a legal sense and totally ruined in the court of public opinion.
Have a plan and practice. Most company CEO’s that are faced with a crisis do not give the impression that they have ever given a minute of thought to what they might say in a crisis up until the very minute that they open their mouths. They also seem to be totally surprised by the questions that they get. There is no upside to knowing how to handle a crisis, but the downside to not knowing is a large fraction of the total net worth of the company. If the CEO cannot be bothered to prepare, then they must assign a very senior person to be prepared to be the spokesperson in a crisis. And also be prepared to hand over the top job to that person if there is a crisis and they handle things well.
Speed of response is Key. And once you have a crisis, every new item needs a response. In normal times, most items will blow over. Ignoring them is the best policy. In a crisis, the opposite is true. Everything, no matter how trivial or inaccurate, needs a response. You need to target getting as much airplay as your detractors.
Crisis management is not just talking. The actions that you take need to be as clear and decisive as your words. In many problem situations, early mitigation can be much more effective than a late mitigation, and less costly, and less troublesome to talk about. Imagine someone trying to make a big deal of a problem that you have already solved. Being ready to fix lots of things is not cheap, however. But imagine how much money BP would have saved if ANYONE would have had the equipment right there in the Gulf that was needed to fix that leak.
What in the end it takes is to focus some time and attention and money to being prepared for your worst nightmare.
From a mechanical perspective, finding something to “hedge” against longevity risk, i.e. the risk that pension payouts will increase due to improving mortality, is not particularly difficult. It is necessary to determine investment possibilities that will benefit from increased life expectancy.
Businesses that serve the aged such as nursing homes and medical products companies will be some of the sorts of things that will prosper in an increasingly aged economy.
Clever quants will be able to show that while the hedge is far from perfectly effective, it can be used to reduce the capital requirements of pensions and annuity exposures.
But there is a much larger question that is not likely to be addressed in looking at capital requirements for insurers and pension plans.
That is the issue of whether the economy will be able to sustain the aggregate effects of the aging of the populations in Japan, the US, Europe and China. Those investments in elderservice providers and elderproduct firms will provide a relative hedge. Those firms may do relatively better than the rest of the economy.
But on the whole, the economy might well be in the dumps, making the potential to earn the returns on investment needed to support the base level of pensions extremely difficult. We may well find out that it is not viable for an economy to both maintain its base promises to elders AND maintain a healthy economy at the same time.
Robert Schiller has described this problem well in a NYT Op Ed piece last spring. He describes an autonomous family farm where they must decide how to treat the family elders who are no longer able to work. If the farm has a bad year and harvest is poor, do they continue to feed the elders the same as in the good years and therefore starve the working members of the family? Or would that create a spiral that brought the entire family to ruin?
It would be good if we knew what happens to an economy that doubles the amount of total resources that are directed towards its non-productive elders. If there is a point where an economy would stop being viable, then the concerns about minor increases to pension benefits due to longevity increases are immaterial. The ruined economy sill simply not be able to pay the basic benefits.
It seems highly likely that the systems that were imagined in the last 100 years will not stand up to the pressures of the aging Baby Boomers. The discussion that at least in the US is not happening about funding for retiree medical and income needs may well be the wrong discussion. The discussion that is needed is to ask how the economy will survive the strain of the very large pool of elders.
Schiller’s family farm example leads to an immediate suggestion. One that many people are coming to privately, even if there is little public discussion. That suggestion is a complete rethinking of retirement and employment for elders. An honest evaluation of the real economic impact of the exploding numbers of elders is very likely to reveal that it is just not practical for an economy to provide for 20 – 25 years of leisure to a large fraction of its population.
This is a situation where our simple extrapolatory approach to assessing risk is inadequate. The future will most certainly be different from an extrapolation of the past.
Charles Lindberg made the fist solo transatlantic flight in 1927.
He was called Lucky Lindy because he succeeded at something that was judged to be highly unlikely. In fact, by analyzing prior experience you would give his solo trans Atlantic flight a ZERO likelihood.
So his flight was a freak occurrence. A Black Swan.
Six years later, Italo Balboa led a group of 24 planes across the Atlantic. By the 1940’s, flights across the Atlantic were a very regular thing.
Think about Lucky Lindberg when you imagine the next major catastrophe. You may not be able to get the event right, but there will be something that never happened that will be significantly worse that we imagined. And after it happens, there will be a few more larger events until events of that magnitude become commonplace.
Now instead of assigning that sequence a zero probability, figure out how to include that in your risk management system.
A regime change is a corner that you cannot see around until you get to it. It is when many of the old assumptions no longer hold. It is the start of a new set of patterns. Regime changes are not necessarily bad, but they are disruptive. Many of the things that made people and companies successful under the old regime will no longer work. But there will be completely new things that will now work.
The current regime has lasted for over 50 years. Over that time, debt went all in one direction – UP. Most other financial variables went up and down over that time, but their variability was in the context of a money supply that was generally growing somewhat faster than the economy.
Increasing debt funds some of the growth that has fueled the world economies over that time.
But that was a ride that could not go on forever. At some point in time the debt servicing gets to be too high in comparison to the capacity of the economy. The economy has gone through the stage of hedge lending (see Financial Instability) where activities are able to afford payments on their debt as well as repayment of principal long ago. The economy is in the stage of Speculative Finance where activities are able to afford payments on the debt, but not the repayment of principal. The efforts to pay down debt will tell us whether it is possible to reverse course on that. If one looks ahead to the massive pensions crisis that looms in the moderate term, then you would likely judge that the economy is in Ponzi Financing land where the economy can neither afford the debt servicing or the payment of principal.
All this seems to be pointing towards a regime change regarding the level of debt and other forward obligations in society. With that regime change, the world economy may shift to a regime of long term contraction in the amount of debt or else a sudden contraction (default) followed by a long period of massive caution and reduced lending.
Riskviews does not have a prediction for when this will happen or what other things will change when that regime change takes place. But risk managers are urged to take into account that any models that are calibrated to historical experience may well mislead the users. And market consistent models may also mislead for long term decision making (or is that will continue to mislead for long term decision making – how else to characterize a spot calculation) until the markets come to incorporate the impact of a regime change.
This may be felt in terms of further extension of the uncertainty that has dogged some markets since the financial crisis or in some other manner.
However it materializes, we will be living in interesting times.
Steve Covey called it Sharpening the Saw. A good risk management program will be continually learning. The school of hard knocks is an extremely expensive teacher. It is much better to audit the course by observing the experiences of others and learning from them. The effective risk management program will be actively working to audit the courses of others experiences.
With that in mind, Risk Management magazine has devoted the May 2011 issue to learning from the Honshu earthquake. There are four articles that review some key aspects of the Japanese experience as it appears right now.
Nuclear Safety – the problems at the Fukushima Daiichi reactor came from the multiple events that struck. The safety provisions were sufficient for the earthquake, but not for the tsunami. There are specific questions raised in the article here about the specific design of the reactor cooling system. But a greater question is the approach to providing for extreme events. The tsunami was greater than any on the historical record. Should it be necessary to prepare for adverse events that are significantly worse than the worst that has ever happened? If so, how much worse is enough? Do we even have a way to talk about this important question?
Building Codes – the conclusion here is that Japanese building codes worked fairly well. Many larger buildings were still standing after both the quake and the tsunami. Christchurch did not fare as well. But New Zealand codes were thought to be very strict. However, the fault that was responsible for the earthquake there was only discovered recently. So Christchurch was not thought to be in a particularly quake prone area. As they overhaul the building codes in NZ, they do not expect to get much argument from strengthening the codes significantly in the Canterbury region. The question is whether any other places will learn from Christchurch’s example and update their codes?
Supply Chain – the movement over the past 10 years or more has been to “just-in-time” supply chain management. What is obvious now is that the tighter that the supply chain is strung, the more that it is susceptible to disruption – the riskier that it is. What we are learning is that great efficiency can bring great risk. We need to look at all of our processes to see whether we have created risks without realizing through our efforts to improve efficiency.
Preparedness – ultimately, our learnings need to be turned into actions. Preparedness is one set of actions that we should consider. The Risk Magazine focuses on making a point about the interconnectedness of all society now. They say “Even a simple sole proprietorship operating a company in rural South Dakota can be negatively affected by political and social unrest in Egypt.” We risk managers need to be aware of what preparedness means for each of our vulnerabilities and the degree to which we have reached a targeted stage of readiness.
Whenever there is a major crisis anywhere in the world, risk managers should review the experience to see what they can learn. They can look for parallels to their business. Can systems at their firm withstand similar stresses? What preparedness would create enough resilience? What did they learn from their adversity?
Experience tells us over and over again that there are three times that are important for risk managers.
1. Before a major loss event
2. Immediately following a major loss event
3. Longer term after the major loss event
Most of the discussion and literature about risk management focuses on the first of these times. We focus on identifying, measuring and mitigating risks in advance of events.
But for each of an organization’s major risks, it is extremely important to think about the other two times. Over and over, we see examples of situations where the second period is mishandled, often multiplying the size of the loss.
The most common first reaction seems often to be to hope for the best assuming that the loss is minimal and postponing taking any significant actions. For those events that turn out to be really major, this can have two very negative consequences. Often, if the right steps are taken right after the event, the eventual loss is significantly reduced. In addition, those early moments after a loss are when the most effective actions to reduce reputation impact must be taken.
For the longer term recovery from a major loss event, the organization needs to quickly develop a plan to cover the losses and to get the organizational capabilities back as close as possible to the state before the loss event.
In both “after” times, the actions taken might be very different if the loss event is one that impacts many others in the same space or is an event that impacts the organization alone.
What the risk manager needs to do is to use the contingency planning process to put together response plans to large loss events arising from every major category of exposure. Start with the extreme loss scenario itself. Imagine a two black swan event. Then develop your responses for such an event if (a) it is just your problem or (b) if it strikes most others in your area of operation.
When it is your loss alone, the reputation risk is high and their needs to be a major effort to managing the perceptions about your organizations. When the event strikes everyone in your area of operation, the issue will be resources to support recovery. When everyone is out looking to use those same resources, availability and or price are likely to become adverse.
Risk managers will often report on their top risks to their board monitoring the risk position. Those reports are all about Time 1. There should also be reports for Times 2 and 3. Having this discussion with the board in advance also makes it more likely that management will be able to implement the Time 2 plans immediately if both they and the board are prepared by advance discussion. While it is unlikely that the exact plan that was developed would be used, the conversation about what will be done can focus more around the variations to the developed plan that are demanded by the actual situation.
This part of risk management can also be a job saver for the risk manager. Many risk managers may be one of the scapegoats in the event of major losses to an organization. By providing the leadership needed to prepare in advance and forcefully recommending the needed steps in the loss event, the risk manager can make sure that they are seen as part of the solution, rather than the cause of the problem.
The message that windows gives when you are copying a large number of files gives a good example of an uncertain environment. That process recently took over 30 minutes and over the course of that time, the message box was constantly flashing completely different information about the time remaining. Over the course of one minute in the middle of that process the readings were:
8 minutes remaining
53 minutes remaining
45 minutes remaining
3 minutes remaining
11 minutes remaining
It is not true that the answer is random. But with the process that Microsoft has chosen to apply to the problem, the answer is certainly unknowable. For an expected value to vary over a very short period of time by such a range – that is what I would think that a model reflecting uncertainty would look like.
An uncertain situation could be one where you cannot tell the mean or the standard deviation because there does not seem to be any repeatable pattern to the experience.
Those uncertain times are when the regular model – the one with the steady mean and variance – does not seem to give any useful information.
The flip side of the uncertain times and the model with unsteady mean and variance that represents those times is the person who expects that things will be unpredictable. That person will be surprised if there is an extended period of time when experience follows a stable pattern, either good or bad or even a stable pattern centered around zero with gains and losses. In any of those situations, the competitors of that uncertain expecting person will be able to use their models to run their businesses and to reap profits from things that their models tell them about the world and their risks.
The uncertainty expecting person is not likely to trust a model to give them any advice about the world. Their model would not have cycles of predictable length. They would not expect the world to even conform to a model with the volatile mean and variance of their expectation, because they expect that they would probably get the volatility of the mean and variance wrong.
That is just the way that they expect it will happen. A new Black Swan every morning.
Correction, not every morning, that would be regular. Some mornings.
“The unprecedented scale of the earthquake and tsunami that struck Japan, frankly speaking, were among many things that happened that had not been anticipated under our disaster management contingency plans.” Japanese Chief Cabinet Secretary Yukio Edano.
In the past 30 days, there have been 10 earthquakes of magnitude 6 or higher. In the past 100 years, there have been over 80 earthquakes magnitude 8.0 or greater. The Japanese are reputed to be the most prepared for earthquakes. And also to experience the most earthquakes of any settled region on the globe. By some counts, Japan experiences 10% of all earthquakes that are on land and 20% of all severe earthquakes.
But where should they, or anyone making risk management decisions, draw the line in preparation?
In other words, what amount of safety are you willing to pay for in advance and what magnitude of loss event are you willing to say that you will have to live with the consequences.
That amount is your risk tolerance. You will do what you need to do to manage the risk – but only up to a certain point.
That is because too much security is too expensive, too disruptive.
You are willing to tolerate the larger loss events because you believe them to be sufficiently rare.
In New Zealand, that cost/risk trade off thinking allowed them to set a standard for retrofitting of existing structures of 1/3 of the standard for new buildings. But, they also allowed 20 years transition. Not as much of an issue now. Many of the older buildings, at least in Christchurch are gone.
But experience changes our view of frequency. We actually change the loss distribution curve in our minds that is used for decision making.
Risk managers need to be aware of these shifts. We need to recognize them. We want to say that these shifts represent shifts in risk appetite. But we need to also realize that they represent changes in risk perception. When our models do not move as risk perception moves, the models lose fundamental credibility.
In addition, when modelers do things like what some of the cat modeling firms are doing right now, that is moving the model frequency when people’s risk perceptions are not moving at all, they also lose credibility for that.
So perhaps you want scientists and mathematicians creating the basic models, but someone who is familiar with the psychology of risk needs to learn an effective way to integrate those changes in risk perceptions (or lack thereof) with changes in models (or lack thereof).
The idea of moving risk appetite and tolerance up and down as management gets more or less comfortable with the model estimations of risk might work. But you are still then left with the issue of model credibility.
What is really needed is a way to combine the science/math with the psychology.
Market consistent models come the closest to accomplishing that. The pure math/science folks see the herding aspect of market psychology as a miscalibration of the model. But they are just misunderstanding what is being done. What is needed is an ability to create adjustments to risk calculations that are applied to non-traded risks that allow for the combination of science & math analysis of the risk with the emotional component.
Then the models will accurately reflect how and where management wants to draw the line.
“There is currently an upsurge in management’s willingness to listen to risk managers.” But Risk Managers consistently show a disturbing tendency towards projecting the next crisis from the last. Now in its fourth year, the Emerging Risks Survey from the Joint Risk Management Section and conducted by Max Rudolph.
Emerging risks are risks that are evolving in uncertain ways, have been forgotten in their dormancy, or are new. Emerging risks typically do not have a known distribution, that is their frequency is unknown.
In 2007, a shock to oil prices was seen as the top “emerging risk” in the first survey of risk managers. That year had seen a major spike in oil prices. In 2008, a blow-up in asset prices was identified as the top “emerging risk” immediately following the melt down of the sub prime market and a major drop in stock prices. In 2009, a fall in the value of the US dollar was identified as the top “emerging risk” at the end of a year when many major currencies had strengthened against the dollar. The new 2010 survey, released this week, indicates again that a fall in the US dollar is the top “emerging risk”.
If in fact these risk managers are advising their employers in the same way that they answer surveys, firms will continue to be well prepared for the last crisis and unprepared for the next one.
However, when asked to identify the single top emerging risk concern, a Chinese economic hard landing was the top pick with 14% of the respondents selecting that choice. That is certainly a scenario that has not just recently happened. So at least 14% of the respondents are doing some forward thinking.
If you were told that someone had flipped a coin 60 times and had found that heads were the results 2/3 of the time, you might have several reactions.
You might doubt whether the coin was a real coin or whether it was altered.
You might suspect that the person who got that result was doing something other than a fair flip.
You might doubt whether they are able to count or whether they actually counted.
You doubt whether they are telling the truth.
You start to calculate the likelihood of that result with a fair coin.
Once you take that last step, you find that the story is highly unlikely, but definitely not impossible. In fact, my computer tells me that if I lined up 225 people and had them all flip a coin 60 times, there is a fifty-fifty chance that at least one person will get that many heads.
So how should you evaluate the risk of getting 40 heads out of 60 flips? Should you do calculations based upon the expected likelihood of heads based upon an examination of the coin? You look at it and see that there are two sides and a thin edge. You assess whether it seems to be uniformly balanced. Then you conclude that you are fairly certain of the inherent risk of the coin flipping process.
Your other choice to assess the risk is to base your evaluation on the observed outcomes of coin flips. This will mean that the central limit theorem should help us to eventually get the right number. But if your first observation is that person described above, then it will be quite a few additional observations before you find out what the Central Limit Theorem has to tell you.
The point being that a purely observation based approach will not always give you the best answer. Good to make sure that you understand something about the intrinsic risk.
If you are still not convinced of this, ask the turkey. Taleb uses that turkey story to explain a Black Swan. But if you think about it, many Black Swans are nothing more than ignorance of intrinsic risk.
On Thanksgiving Day her in the US, let us recall Nassim Taleb’s story about the turkey. For 364 days the turkey saw no risk whatsoever, just good eats. Then one day, the turkey became dinner.
For some risks, studying the historical record and making a model from experience just will not give useful results.
And, remembering the experience of the turkey, a purely historical basis for parameterizing risk models could get you cooked.
The hunters had come back to the village empty handed after a particularly difficult day. They talked through the evening around the fire about what had happened. They needed to make sense out of their experience, so that they could go back out tomorrow and feel that they knew how the world worked well enough to risk another hunt. This day, they were able to convince themselves that what had happened was similar to another day many years ago and that it was an unusually bad day, but driven by natural forces that they could expect and plan for in the future.
Other days, they could not reconcile an unusually bad day and they attributed their experience to the wrath of one or another of their gods.
Risk managers still do the same thing. They have given this process a fancy name, Bayesian inference. The very bad days, we now call Black Swans instead of an act of the gods.
Where we have truly advanced is in our ability to claim that we can reverse this process. We claim that we can create the stories in advance of the experience and thereby provide better protection.
But we fail to realize that underneath, we are still those hunters. We tell the stories to make ourselves feel better, to feel safe enough to go back out the next day. Once we have gone through the process of a posteriori creation of the framework, the past events fit neatly into a framework that did not really exist when those same events were in the future.
If you do not believe that, think about how many risk models have had to be significantly recalibrated in the last 10 years.
To correct for this, we need to go against 10,000 or more years of human experience. The correction can be summed up with the line from the movie The Fly,
Be afraid. Be very afraid.
There is another answer. That answer is
Be smart. Be very smart.
That is because it is not always the best or even a very good strategy to be very afraid. Only sometimes. So you need to become smart enough to:
Know when it is really important to mistrust the models and to be very afraid
Have built up the credibility and trust so that you are not ignored.
While you are doing that,be careful with the a posteriori creations. The better people get with explaining away the bad days, the harder it will be for you to convince them that a really bad day is at hand.
Is that idea really understood by top management and the board?
Does the board leave every meeting certain that the firm will still be in business when the next scheduled board meeting comes around? How did they get to that certainty?
Can management tell them exactly what sorts of events could put the firm out of business? Have they discussed the sorts of “highly unlikely” events that might take the firm down if they suddenly did happen?
Those are, of course, the conversations that the board might well demand to have if they really understood that Survival is not Mandatory.
Or rather they say that we have entered the Post Pandemic Period.
The H1N1 Pandemic is an example of what happens when you do a good job of risk management. Because of the preparations that were made to develop and distribute vaccines as well as other measures to reduce possible transmission of the virus, and to the fact that the virus did not mutate in a way to become either lethal or resistant to the vaccine, the impact of the Pandemic was not severe.
This is what should happen with good risk management of an emerging risk like that. Many companies created and/or tested their emergency plans and are now much better prepared for the next emergency. The plans to prevent systemic failure did go into effect and they worked.
But one of the reactions to effective risk management is disbelief that there ever was a threat.
So it goes. Do not be discouraged. Keep up the good fight.
The firms that are run by the skeptics who refuse to take heed of such warnings will at some point get what they haven’t prepared for.
Meanwhile, we now get to learn what Post Pandemic Period means.
I finished a two hour presentation on how to get started with ERM and was asked what were my top 3 things to keep in mind and top 3 things to avoid.
Here’s what I wish I had said:
Top three hings to keep in mind when starting an ERM Program:
ERM must have a clear objective to be successful. That objective should reflect both the view of management and the board about the amount of risk in the current environment as well as the direction that the company is headed in terms of the future target of risk as compared to capacity. And finally, the objective for ERM must be compatible with the other objectives of the firm. It must be reasonably possible to accomplish both the ERM objective and the growth and profit objectives of the firm at the same time.
ERM must have someone who is committed to accomplishing the objective of ERM for the firm. That person also must have the authority within the firm to resolve most conflicts between the ERM development process and the other objectives of the firm. And they must have access to the CEO to be able to resolve any conflicts that they do not have the authority to resolve personally.
Exactly what you do first is much less important than the fact that you start doing something to develop an ERM program. Doing something that involves actually managing risk and reporting the activity is a better choice than a long term developmental project. It is not optimal for the firm to commit to ERM, to identify resources for that process and then to have those people and ERM disappear from sight for a year or more to develop the ERM system. Much better to start giving everyone in management of the firm some ideas of what ERM looks and feels like. Recognize that one product that you are building is confidence in ERM.
Things to Avoid:
Valuing ERM retrospectively taking into account only experienced gains and losses. (see ERM Value) A good ERM program changes the likelihood of losses, but in any short period of time actual losses are a matter of chance. On the other hand, if your ERM programs works to a limit for losses from an individual transaction, then it IS a failure if the firm has losses above that amount for individual transactions.
Starting out on ERM development with the idea that ERM is only correct if it validates existing company decisions. New risk evaluation systems will almost always find one or more major decisions that expose the company to too much risk in some way. At least they will if the evaluation system is Comprehensive.
Letting ERM routines substitute for critical judgment. Some of the economic carnage of the Global Financial Crisis was perpetuated by firms where their actions were supported by risk management systems that told them that everything was ok. But Risk managers need to be humble.
But in fact, I did get some of these out. So next time, I will be prepared.
That is where the risk manager really earns their money.
The risks that are coming straight down the road, well that is important to pay attention to them. But those are the obvious risks. I would not pay very much for help in avoiding serious accidents from those risks.
But those round the corner risks, that would be very valuable, to have someone who can help to make sure that those out of sight risks do not ruin things.
However, what any risk manager who has tried to focus attention on the Around the Corner Risks has learned is that attending to such risks is often seen as spoiling the game.
In the Black Swan, Nassim Taleb talks about the degree to which businesses are in effect selling out of the money puts and pocketing the risk premium as if it is pure profits.
And that is often the case. Risk managers should extend their view to include analysis of the actual source of profits of the various endeavors of their firms. Any place where the profits are larger than can be explained is a place where the firm might well be getting paid for selling those puts.
The risk manager needs to be able to take that analysis of sources of profits back to top management to have a frank discussion of those unexplained sources of profits.
In most cases, those situations are risks to the firm, either because they represent risk premium for out of the money puts or because they represent temporary inefficiencies. The risk from the temporary inefficiencies is that if management mistakenly assumes that those inefficiencies are permanent, then the firm may over-invest in that activity. That over-investment may then eventually lead to the creation of those our of the money puts as a way to sustain profits when the inefficiencies are extinguished by the market.
An example of this situation is the Variable Annuity market in the US. In the early 1990’s firms were able to achieve good profits from this business largely because there were too few companies in the market. Every market participant could show good profits and growth in this new market without resorting to price competition. This situation attracted many additional insurers into the market, flattening the profitability. The next phase in the market was to offer additional benefits to customers at prices below market cost. These additional benefits were in the form of out of the money puts – guarantees against adverse experience of the investments underlying the product. And the risk premium charged for these benefits was often booked as a profit.
One of the reasons for the confusion between risk premium and profit is the way in which we recognize profits on risks where the period of the risk occurrence is much longer than the period for financial reporting.
The analysis of source of profits can be a powerful tool to help risk managers to both see those around the corner risks and to communicate the possible around the corner risks before them become immanent.
If something happens more or less the same way for any extended period of time, the normal reaction of humans is consider that phenomena as constant and to largely filter it out. We do not then even try to capture new information about changes to that phenomena because our senses tell us that that input is “pure noise” with no signal. Hence the famous story about boiling frogs. Which may or may not be actually true about frogs, but it definitely reveals something about the way that humans take in information about the world.
But things can and do actually change. Even things that are more or less the same for a very long time.
In the book, “This Time It’s Different”, the authors state that
“The median inflation rates before World War I were well below those of the more recent period: 0.5% per annum for 1500 – 1799 and 0.71% for 1800 – 1913, in contrast with 5% for 1914 – 2006.”
Imagine that. Inflation averaged below 0.75% for about 300 years. Since there is no history of extended periods of negative inflation, to get an average that low, there must be a very low standard deviation as well. Inflation at a level of 3 or 4% is probably a one in a million situation. Or so intelligent financial analysts before WWI must have thought that they could make plans without any concern for inflation.
But in the years following WWI, governments found a new way to default on their debts, especially their internal debts. Reinhart and Rogoff point out that almost all of the discussion by economists regarding sovereign default is about external debt. But they show that internal debt is very important to the situations of sovereign defaults. Countries with high levels of internal debt and low external debt will usually not default, but countries with high levels of both internal and external debt will often default.
So as we contemplate the future of the aging western economies, we need to be careful that we do not exclude the regime changes that could occur. And which regime changes that we should be concerned about becomes clearer when we look at all of the entitlements to retirees as debt (is there any effective difference between debt and these obligations?). When we do that we see that there are quite a few western nations with very, very large internal debt. And many of those countries have indexed much of that debt, taking the inflation option off of the table.
Reinhart and Rogoff also point out the sovereign default is usually not about ability to pay, it is about willingness to make the sacrifices that repayment of debt would entail.
So Risk Managers need to think about possible drastic regime changes, in addition to the seemingly highly unlikely scenario that the future will be more or less like the past.
Once you think of it, it seems obvious. Risk Managers need humility.
If you are dealing with any killer physical risk, there are two types of people who work close to that risk, the humble and the dead.
Being humble means that you never lose sight of the fact that RISK may at any time rise up in some new and unforeseen way and kill you or your firm.
Risk managers should read the ancient Greek story of Icarus.
Risk managers without humility will suffer the same fate.
Humility means remembering that you must do every step in the risk management process, every time. The World Cup goalkeeper Robert Green who lets an easy shot bounce off of his hands and into the goal has presumed that they do not need to consciously attend to the mundane task of catching the ball. They can let their reflexes do that and their mind can move on to the task of finding the perfect place to put the ball next.
But they have forgotten their primary loss prevention task and are focusing on their secondary offense advancement task.
The risk managers with humility will be ever watchful. They will be looking for the next big unexpected risk. They will not be out there saying how well that they are managing the risks, they will be more concerned about the risks that they are unprepared for.
Risk managers who are able to say that they have done all that can be done, who have taken all reasonable precautions, who can help their firm to find the exact right level and mix of risks to optimize the risk reward of the firm are at serious risk of having the wax holding their feathers melt away and of falling to earth.
As one looks back at the recent history of the financial crisis, it can now be clearly seen that a large number of financial firms and a few regulators did identify the looming problems and took reasonable steps to avoid excessive losses. Almost all of the attention has been on the firms and regulators who missed the crisis until it was much too late.
Now, everyone is talking about how to avoid the next crisis and the focus seems to be on the regulators and the largest firms – in short, those who got it wrong just a few years ago.
“The unknown losses can potentially bring the system to a halt at a much lower amount of loss than known losses.”
But we should also be focusing on what everyone else could be doing to prevent their firms from experiencing excessive losses in future crises.
Planning to have no future crises is not a realistic way to proceed [see my earlier article: IERM, Risk governance, 16 September 2009, “Understanding the four seasons of risk management“). The broad idea of Basel II and Solvency II is sound. Firms would be forced to identify their risk exposures and compare that to their capacity to bear risk. That information would be available to five groups under the three pillars: management, boards, regulators, investors and counterparties. It is assumed that one or more of the five groups would notice upticks in risk and prevent the firms from taking on more risk than their capacity to bear that risk.
There have been many problems with the execution of those principles and Solvency II is just starting the discussion of exactly what information will be made available for investors and counterparties. But the broad idea of disclosure to all those groups is sound. The disclosure of potential systemic risks is absolutely necessary for firms to use as a basis for developing their own programmes for avoiding excessive losses in these situations.
Systemic risks
The way that the term “systemic risk” is used and misused, it seems clear that most people understand that systemic risk was a problem that led to the crisis, but beyond that there is little consensus, other than a conviction that we want much less of that in the future. The IMF provides a definition:
“the risk of disruption to the flow of financial services that is (i) caused by an impairment of all or parts of the financial system; and (ii) has the potential to have serious negative consequences for the real economy.”
Had the quote ended after 10 words, that would have been sufficient.
For the system to be disrupted, two things need to be true:
there needs to be an exposure that everyone believes or suspects will turn into a loss of an amount that exceeds the capacity to bear losses of a large number of participants in the system and
there needs to be either a high degree of interdependency in the system or else widespread exposure to the loss-making large exposure. The system may seize up because the losses are known and the institutions are known to be insolvent or more commonly, because the losses are unknown.
It is clear and obvious that BP and the US government regulators were not at all prepared for failure of a deep water oil rig in the Gulf.
What would have helped them is a procedure that I have heard Dave Sandberg describe many times that is used at his employer, Allianz.
Stress to Failure.
Whenever something new is proposed, they require that a demonstration is prepared that shows the type of stress that will cause complete failure. That test provides them with several pieces of very valuable information: It helps to put a boundry around the situations under which it will NOT fail. This is the green (and yellow) zone for the new project. They can then evaluate the expected return and volatility of return in those scenarios.
It allows an estimate of the likelihood of success vs. failure of the project. This can be seen by looking at the type of situation that causes failure and the likelihood of that situation. However, caution should be applied to not put too much weight on this likelihood estimate if the failure type of even has never before happened. Human nature may well be biased towards underestimating adversity.
It allows for planning for the failure event. This is where the BP folks and Transocean as well as the Minerals Management Service failed. They clearly had no plan for the failure event. It sounds like they were able to convince themselves that any failure event was so remote in likelihood that there was no need to plan for one.
Understanding the true weaknesses of the system. If you do not know how to break it, then perhaps you do not understand the system.
This is an idea our of engineering and probably we could learn much by studying how they have used the idea.
The new CARE report has been posted to the IAA website this week.CARE_EN
It raises a point that must be fairly obvious to everyone that you just cannot manage risks without looking at them from multiple angles.
Or at least it should now be obvious. Here are 8 different angles on risk that are discussed in the report and my quick take on each:
MARKET CONSISTENT VALUE VS. FUNDAMENTAL VALUE – Well, maybe the market has it wrong. Do your own homework in addition to looking at what the market thinks. If the folks buying exposure to US mortgages had done fundamental evaluation, they might have noticed that there were a significant amount of sub prime mortgages where the Gross mortgage payments were higher than the Gross income of the mortgagee.
ACCOUNTING BASIS VS. ECONOMIC BASIS – Some firms did all of their analysis on an economic basis and kept saying that they were fine as their reported financials showed them dying. They should have known in advance of the risk of accounting that was different from their analysis.
REGULATORY MEASURE OF RISK – vs. any of the above. The same logic applies as with the accounting. Even if you have done your analysis “right” you need to know how important others, including your regulator will be seeing things. Better to have a discussion with the regulator long before a problem arises. You are just not as credible in the middle of what seems to be a crisis to the regulator saying that the regulatory view is off target.
SHORT TERM VS. LONG TERM RISKS – While it is really nice that everyone has agreed to focus in on a one year view of risks, for situations that may well extend beyond one year, it can be vitally important to know how the risk might impact the firm over a multi year period.
KNOWN RISK AND EMERGING RISKS – the fact that your risk model did not include anything for volcano risk, is no help when the volcano messes up your business plans.
EARNINGS VOLATILITY VS. RUIN – Again, an agreement on a 1 in 200 loss focus is convenient, it does not in any way exempt an organization from risks that could have a major impact at some other return period.
VIEWED STAND-ALONE VS. FULL RISK PORTFOLIO – Remember, diversification does not reduce absolute risk.
CASH VS. ACCRUAL – This is another way of saying to focus on the economic vs the accounting.
Read the report to get the more measured and complete view prepared by the 15 actuaries from US, UK, Australia and China who participated in the working group to prepare the report.
And she has a good point there. One that is important for risk managers to contemplate. One that we are often asked after a major loss…
Why did your risk model get that wrong?
There is a correct answer, but it is one that we can never successfully use.
In situations where major risks are being underestimated widely in the market place, the risk managers who correctly size the worst risks can run into two responses:
Their firm believes their evaluation of the risk and exits the exposure as rapidly as they can.
Their firm does not believe their evaluation and will only believe a risk evaluation that gives a similar (under) estimation of the risk as the rest of the market.
It is a survival of the underestimators.
And this doesn’t just apply to risk managers and risk models. Who do you think buys a house on a flood plain? Someone who has a clear and realistic view of the risk or someone who vastly underestimates the risk? The underestimator will out bid the realistic every time.
So after a flood, go around to those flooded out and ask if they expected this and most will tell you that this is “much worse that we thought it would be”.
Many “emerging risks” and “black swans” are such because most people had misunderestimated the size of the risk or the likelihood.
And one way to think of it is to go back to Knight and realize that all profits are simply rewards for the uncertainties. So when we find ourselves getting profits where we cannot figure out the uncertainty that drives the profits, maybe we should go back and figure it out.
The solution is not to curl up in a ball, nor is it to just ignore all risks that pose these potential major threats. The solution is to take our best shot at really evaluating the risks and make our decisions, eyes wide open, to the possibility that things might just be Much Worse than Anticipated.
Maybe we need to regularly add a column to our risk reports. To the right of the column labeled Risk. This one labeled “Worse Case”.
Many insurers with Cat risk exposures will report the 1/250 loss potential that is the focus of rating agencies, but along side of that show a 1/500 loss potential to remind management of just how much worse it might get.
Some people complain that risk managers are just too pessimistic. But to me this sort of practice just seems to be acting as an adult and facing our risks honestly. Not with the intention that we stop taking risks. Instead hoping that we stop experiencing losses that are MUCH WORSE THAN ANTICIPATED.
Remarks from Giovanni Bisignani (International Air Transport Association) at the Press Breakfast in Paris
The Volcano
There was one risk that we could not forecast. That is the volcanic eruption which has crippled the aviation sector. First in Europe, but we saw increasing global implications. The scale of this crisis is now greater than 9/11 when US air space was closed for three days. In lost revenue alone, this is costing the industry at least $200 million a day. On top of that, airlines face added costs of extra fuel for re-routing and passenger care – hotel, food and telephone calls.
For Europe’s carriers – the most seriously impacted – this could not have come at a worse time. As just mentioned, we already expected the region to have the biggest losses this year. For each day that planes don’t fly the losses get bigger. We are now into our fifth day of closed skies. Let me restate that safety is our number one priority. But it is critical that we place greater urgency and focus on how and when we can safely re-open Europe’s skies.
We are far enough into this crisis to express our dissatisfaction on how governments have managed the crisis:
With no risk assessment
No consultation
No coordination
And no leadership
In the face of a crisis that some have estimated has already cost the European economy billions of Euros, it is incredible that it has taken five days for Europe’s transport ministers to organize a conference call.
What must be done?
International guidance is weak. The International Civil Aviation Organization (ICAO) is the specialized UN agency for aviation. ICAO has guidance on information dissemination but no clear process for opening or closing airspace. Closing airspace should be the responsibility of the national regulator with the support of the air navigation service provider. They rely on information from meteorological offices and Volcanic Ash Advisory Centers.
Europe has a unique system. The region’s decisions are based on a theoretical model for how the ash spreads. This means that governments have not taken their responsibility to make clear decisions based on fact. Instead, it has been the air navigation service providers who announced that they would not provide service. These decisions have been taken without adequately consulting the operators—the airlines. This is not an acceptable system, particularly when the consequences for safety and the economy are so large.
I emphasize that safety is our top priority. But we must make decisions based on the real situation in the sky, not on theoretical models. The chaos, inconvenience and economic losses are not theoretical. They are enormous and growing. I have consulted our member airlines who normally operate in the affected airspace. They report missed opportunities to fly safely. One of the problems with the European system is that the situation is seen as black or white. If there is the possibility of ash then the airspace is closed. And it remains closed until the possibility disappears with no assessment of the risk.
We have seen volcanic activity in many parts of the world but rarely combined with airspace closures and never at this scale. When Mount St. Helens erupted in the US in 1980, we did not see large scale disruptions because the decisions to open or close airspace were risk managed with no compromise on safety.
Today I am calling for urgent action to safely prepare for re-opening airspace based on risk and fact. I have personally asked ICAO President Kobeh and Secretary General Benjamin to convene an urgent extra-ordinary meeting of the ICAO Council later today. The first purpose would be to define government responsibility for the decisions to open or close airspace in a coordinated and effective way based on fact—not theory.
Airlines have run test flights to assess the situation. The results have not shown any irregularities and the data is being passed to governments and air navigation service providers to help with their assessment. Governments must also do their own testing. European states must focus on ways to re-open the airspace based on this real data and on appropriate operational procedures to maintain safety. Such procedures could include special climb and descent procedures, day time flying, restrictions to specific corridors, and more frequent boroscopic inspections of engines.
We must move away from blanket closures and find ways to flexibly open airspace. Risk assessments should be able to help us to re-open certain corridors if not entire airspaces. I have also urged Eurocontrol to also take this up. I urge them to establish a volcano contingency center capable of making coordinated decisions. There is a meeting scheduled for this afternoon that I hope will result in a concrete action plan.
Longer-term, I have also asked the ICAO Council to expedite procedures to certify at what levels of ash concentration aircraft can operate safely. Today there are no standards for ash concentration or particle size that aircraft can safely fly through. The result is zero tolerance. Any forecast ash concentration results in airspace closure. We are calling on aircraft and engine manufacturers to certify levels of ash that are safe.
Summary
1. Safety is our number one priority
2. Governments must reopen airspace based on data that tell us it is safe. If not all airspace, at least some corridors
3. Governments must improve the decision-making process with facts—not theory
4. Governments must communicate better, consulting with airlines and coordinating among stakeholders
5. And longer-term, we must find a way to certify the tolerance of aircraft for flying in these conditions
Finally, I got a question from the press about companies that I knew that had prepared specifically for this event. One more example of how the press misses the point. ERM is not about guessing the future correctly.
For something that is as unique as this event, the best any company could have expected to do would have been to anticipated the broad class of events that would cause extended disruptions of flights, tested the impact of such a disruption on their business operations and made decisions about contingency plans that they might have put in place to prepare for such disruptions.
On the same theme as Chief Ignorance Officer I was inspired by a review I just read of the book Invisible by Hughes de Montalembert. That book tells the autobiography of an artist who is blinded 30 years earlier. I was struck by the repeated references to things that the blind man was able to learn or notice that might not have been noticed by the sighted.
So take that idea to risk management and you end up with a very simple but potentially highly powerful exercize. The idea would be to see what you could learn about one of your risks if you totally exclude the information and anaylysis that you usually use – your eyesight.
If you rely totally on rating agency opinions for credit analysis, try to see whether you could reach similar information by a process that does not refer in any way to the ratings.
If you use a one year market consistent economic capital calculation to determine your capital adequacy, could you come to a similar conclusion about your security totally independently from the information and calculations of that model?
If you develop your underwriting risk view based upon your firm’s experience over the past 15 years, what sort of assumptions would you need to apply to industry history to get to your opinion about your firm’s risk?
Goldman Sachs famously decided to start hedging their sub prime exposures because an alternate analysis of their experience was just not as consistent with their primary information as it had been in the past. Notice that they started out with a track record of previous such exercizes and an expectation for the degree of deviation from their different sources. It is often the case with this alternate analysis that the absolute outcome might not be significant , but divergence in trend might be the key information that can lead to an avoidance of major loss.
So think about how to put the blinders on to your usual way of looking at your risks.
What is the reaction of your firm going to be in the event of a large loss or other crisis?
If you are responsible for risk management, it is very much in your interest to enter into a Crisis Pre-Nuptial.
The Crisis Pre-Nuptial has two important components.
A protocol for management actions in the event of the crisis. There is likely a need for there to be a number of these protocols. These protocols can be extremely valuable, their value will most likely far exceed the entire cost of a risk management function. Their value comes because they eliminate two major problems that firms face in the event of a crisis or large loss. First is the deer in the headlights problem – the delay when no one is sure what to do and who is to do it. That delay can mean that corrective actions are much less effective or much more expensive or both. Second is the opposite, that too many people take actions, but that the actions are conflicting. This again increasses costs and decreases effectiveness. Just as with severe medical emergencies, prompt corrective actions are almost always more likely to have the most favorable results.
Setting up an expectation that the crises and losses either are or are not an expected part of the risks that the firm is taking. If the firm is taking high risks, but does not expect to ever experience losses, then there is a major disconnect between the two. Just as a marital pre-nuptial agreement is a conscious acknowledgement that marriages sometimes end in divorce, a Crisis Pre-Nuptial is an acknowledgement that normal business activity sometimes involves losses and crises.
Risk managers who have a Crisis Pre-Nuptial in place might, just might, have a better chance to survive with their job in tact after a crisis or large loss.
And if someday, investors and/or boards come to the realization that firms that plan for rainy days are, in the long run, going to be more valuable, the information that is in the Crisis pre-nuptial could be very important information for them.
The Risk Management Quotes page of Riskviews has consistently been the most popular part of the site. Since its inception, the page has received almost 2300 hits, more than twice the next most popular part of the site.
The quotes are sometimes actually about risk management, but more often they are statements or questions that risk managers should keep in mind.
They have been gathered from a wide range of sources, and most of the authors of the quotes were not talking about risk management, at least they were not intending to talk about risk management.
The list of quotes has recently hit its 100th posting (with something more than 100 quotes, since a number of the posts have multiple quotes.) So on that auspicous occasion, here are my favotites:
Human beings, who are almost unique in having the ability to learn from the experience of others, are also remarkable for their apparent disinclination to do so. Douglas Adams
“when the map and the territory don’t agree, always believe the territory” Gause and Weinberg – describing Swedish Army Training
When you find yourself in a hole, stop digging.-Will Rogers
“The major difference between a thing that might go wrong and a thing that cannot possibly go wrong is that when a thing that cannot possibly go wrong goes wrong it usually turns out to be impossible to get at or repair” Douglas Adams
“A foreign policy aimed at the achievement of total security is the one thing I can think of that is entirely capable of bringing this country to a point where it will have no security at all.”– George F. Kennan, (1954)
“THERE ARE IDIOTS. Look around.” Larry Summers
the only virtue of being an aging risk manager is that you have a large collection of your own mistakes that you know not to repeat Donald Van Deventer
Philip K. Dick “Reality is that which, when you stop believing in it, doesn’t go away.”
Everything that can be counted does not necessarily count; everything that counts cannot necessarily be counted. Albert Einstein
“Perhaps when a man has special knowledge and special powers like my own, it rather encourages him to seek a complex explanation when a simpler one is at hand.” Sherlock Holmes (A. Conan Doyle)
The fact that people are full of greed, fear, or folly is predictable. The sequence is not predictable. Warren Buffett
“A good rule of thumb is to assume that “everything matters.” Richard Thaler
“The technical explanation is that the market-sensitive risk models used by thousands of market participants work on the assumption that each user is the only person using them.” Avinash Persaud
There are more things in heaven and earth, Horatio,
Than are dreamt of in your philosophy.
W Shakespeare Hamlet, scene v
When Models turn on, Brains turn off Til Schuermann
You might have other favorites. Please let us know about them.
In late 2009, the The CAS, CIA, and the SOA’s Joint Risk Management Section funded a research report about the Financial Crisis. This report featured nine key Lessons for Insurers. Riskviews will comment on those lessons individually…
1. The success of ERM hinges on a strong risk management culture which starts at the top of
a company.
This seems like a very simple statement that is made over and over again by most observers. But why is it important and why is it very often lacking?
First, what does it mean that there is a “strong risk management culture”?
A strong risk management culture is one where risk considerations make a difference when important decisions are made PERIOD
When a firm first adopts a strong risk management culture, managers will find that there will be clearly identifiable decisions that are being made differently than previously. After some time, it will become more and more difficult for management to notice such distinctions because as risk management becomes more and more embedded, the specific impact of risk considerations will become a natural inseparable part of corporate life.
Next, why is it important for this to come from the top? Well, we are tying effective risk management culture to actual changes in DECISIONS and the most important decisions are made by top management. So if risk management culture is not there at the top, then the most important decisions will not change. If the risk management culture had started to grow in the firm,
when middle managers see that top management does not let risk considerations get in their way, then fewer and fewer decisions will be made with real consideration risk.
Finally, why is this so difficult? The answer to that is straight forward, though not simple. The cost of risk management is usually a real and tangible reduction of income. The benefit of risk management is probabilistic and intangible. Firms are compared each quarter to their peers.
If peer firms are not doing risk management, then their earnings will appear higher in most periods.
Banks that suffered in the current financial crisis gave up 10 years of earnings! But the banks that in fact correctly shied away from the risks that led to the worst losses were seen as poor performers in the years leading up to the crisis.
So what will change this? Only investors will ultimately change this. Investors who recognize that in many situations, they have been paying un-risk adjusted multiples for earnings that have a large component of risk premiums for low frequency, high severity risks.
They are paying multiples, in many cases where they should be taking discounts!
George Soros says that financial markets are reflexive. He means that the participants in the system influence the system. Market prices reflect not just fundamentals, but investors expectations.
The same thing is true of risk systems. This can be illustrated by a point that is frequently made by John Adams. Seat belts are widely thought to be good safety devices. However, Adams points out that aggregate statistics of traffic fatalities do not indicate any improvement whatsoever in safety. He suggests that because of the real added safety from the seat belts, people drive more recklessly, counteracting the added safety with added risky behavior.
That is one of the problems that firms who adopted and were very strong believers in their sophisticated ERM systems. Some of those firms used their ERM systems to enable them to take more and more risk. In effect, they were using the ERM system to tell them where the edge of the cliff was and they then proceeded to drive along the extreme edge at a very fast speed.
What they did not realize was that the cliff was undercut in some places – it was not such a steady place to put all of your weight.
Stated more directly, the risk system caused a feeling of safety that encouraged more risk taking.
What was lost was the understanding of uncertainty. Those firms were perfectly safe from risks that had happened before and perhaps from risks that were anticipated by the markets. The highly sophisticated systems were pretty accurate at measuring those risks. However, they were totally unprepared for the risks that were new. Mark Twain once said that history does not repeat itself, but it rhymes. Risk is the same only worse.
I bought my current house 11 years ago. The area where it is located was then in the middle of a long drought. There was never any rain during the summer. Spring rains were slight and winter snow in the mountains that fed the local rivers was well below normal for a number of years in a row. The newspapers started to print stories about the levels of the reservoirs – showing that the water was slightly lower at the end of each succeeding summer. One year they even outlawed watering the lawns and everyone’s grass turned brown.
Then, for no reason that was ever explained, the drought ended. Rainy days in the spring became common and one week it rained for six days straight.
Every system has a capacity. When the capacity of a system is exceeded, there will be a breakdown of the system of some type. The breakdown will be a non-linearity of performance of the system.
For example, the ground around my house has a capacity for absorbing and running off water. When it rained for six days straight, that capacity was exceeded, some of the water showed up in my basement. The first time that happened, I was shocked and surprised. I had lived in the house for 5 years and there had never been a hint of water in the basement. I cleaned up the effects of the water and promptly forgot about it. I put it down to a 1 in 100 year rainstorm. In other parts of town, streets had been flooded. It really was an unusual situation.
When it happened again the very next spring, this time after just 3 days of very, very heavy rain. The flooding in the local area was extreme. People were driven from their homes and they turned the high school gymnasium into a shelter for a week or two.
It appeared that we all had to recalibrate our models of rainfall possibilities. We had to realize that the system we had for dealing with rainfall was being exceeded regularly and that these wetter springs were going to continue to exceed the system. During the years of drought, we had built more and more in low lying areas and in ways that we might not have understood at the time, we altered to overall capacity of the system by paving over ground that would have absorbed the water.
For me, I added a drainage system to my basement. The following spring, I went into my basement during the heaviest rains and listened to the pump taking the water away.
I had increased the capacity of that system. Hopefully the capacity is now higher than the amount of rain that we will experience in the next 20 years while I live here.
Financial firms have capacities. Management generally tries to make sure that the capacity of the firm to absorb losses is not exceeded by losses during their tenure. But just like I underestimated the amount of rain that might fall in my home town, it seems to be common that managers underestimate the severity of the losses that they might experience.
Writers of liability insurance in the US underestimated the degree to which the courts would assign blame for use of a substance that was thought to be largely benign at one time that turned out to be highly dangerous.
In other cases, though it was the system capacity that was misunderstood. Investors miss-estimated the capacity of internet firms to productively absorb new cash from the investors. Just a few years earlier, the capacity of Asian economies to absorb investors cash was over-estimated as well.
Understanding the capacity of large sectors or entire financial systems to absorb additional money and put it to work productively is particularly difficult. There are no rules of thumb to tell what the capacity of a system is in the first place. Then to make it even more difficult, the addition of cash to a system changes the capacity.
Think of it this way, there is a neighborhood in a city where there are very few stores. Given the income and spending of the people living there, an urban planner estimates that there is capacity for 20 stores in that area. So with encouragement of the city government and private investors, a 20 store shopping center is built in an underused property in that neighborhood. What happens next is that those 20 stores employ 150 people and for most of those people, the new job is a substantial increase in income. In addition, everyone in the neighborhood is saving money by not having to travel to do all of their shopping. Some just save money and all save time. A few use that extra time to work longer hours, increasing their income. A new survey by the urban planner a year after the stores open shows that the capacity for stores in the neighborhood is now 22. However, entrepreneurs see the success of the 20 stores and they convert other properties into 10 more stores. The capacity temporarily grows to 25, but eventually, half of the now 30 stores in the neighborhood go out of business.
This sort of simple micro economic story is told every year in university classes.
It clearly applies to macroeconomics as well – to large systems as well as small. Another word for these situations where system capacity is exceeded is systemic risk. The term is misleading. Systemic risk is not a particular type of risk, like market or credit risk. Systemic risk is the risk that the system will become overloaded and start to behave in severely non-linear manner. One severe non-linear behavior is shutting down. That is what the interbank lending did in 2008.
In 2008, many knew that the capacity of the banking system had been exceeded. They knew that because they knew that their own bank’s capacity had been exceeded. And they knew that the other banks had been involved in the same sort of business as them. There is a name for the risks that hit everyone who is in a market – systematic risks. Systemic risks are usually Systematic risks that grow so large that they exceed the capacity of the system. The third broad category of risk, specific risks, are not an issue, unless a firm with a large amount of specific risk that exceeds their capacity is “too big to fail”. Then suddenly specific risk can become systemic risk.
So everyone just watched when the sub prime systematic risk became a systemic risk to the banking sector. And watch the specific risk to AIG lead to the largest single firm bailout in history.
Many have proposed the establishment of a systemic risk regulator. What that person would be in charge of doing would be to identify growing systematic risks that could become large enough to become systemic problems. THen they are responsible to taking or urging actions that are intended to diffuse the systematic risk before it becomes a systemic risk.
A good risk manager has a systemic risk job as well. THe good risk manager needs to pay attention to the exact same things – to watch out for systematic risks that are growing to a level that might overwhelm the capacity of the system. The risk manager’s responsibility is then to urge their firm to withdraw from holding any of the systematic risk. Stories tell us that happened at JP Morgan and at Goldman. Other stories tell us that didn’t happen at Bear or Lehman.
So the moral of this is that you need to watch not just your own capacity but everyone else’s capacity as well if you do not want stories told about you.
On April 7 2009, the Financial Times published an article written by Nassim Taleb called Ten Principles for a Black Swan Free World. Let’s look at them one at a time…
10. Make an omelette with the broken eggs. Finally, this crisis cannot be fixed with makeshift repairs, no more than a boat with a rotten hull can be fixed with ad-hoc patches. We need to rebuild the hull with new (stronger) materials; we will have to remake the system before it does so itself. Let us move voluntarily into Capitalism 2.0 by helping what needs to be broken break on its own, converting debt into equity, marginalising the economics and business school establishments, shutting down the “Nobel” in economics, banning leveraged buyouts, putting bankers where they belong, clawing back the bonuses of those who got us here, and teaching people to navigate a world with fewer certainties.
Of the ten suggestions, this one has the most value by far. Unfortunately, this one may be the suggestion that has the least chance of being taken up. No one is talking about any part of this. We seem to be moving to try to set the world back into the place that is was, or very close to it.
We should be asking “What should be the place of banking in our economy?” This is not a question of allowing the free market to choose. The free market has nothing to do with this. The role of the banking sector is entirely determined by the government. The banking sector had grown to eat up a huge percentage of all of the profits of the entire economy. Does that make any sense to anyone? Banking can be a symbiont with the economy or it can be a parasite or it can be a cancer. Before the crisis, banking had definitely moved beyond the level of parasite to becoming a harmful cancer. Too much of all of the profits of all of business activity in the entire economy were being diverted to the banks and with the pay structure of the banks, into the pockets of a very small number of bankers. Did that make any sense whatsoever? Is there any way that anyone can show that situation makes for a healthy economy? The bubbles that happened twice could be seen as the way that bankers justified their huge take from the economy. If values were growing rapidly, no one seemed to mind that bankers took so much out of the deals.
However, if the economy and the values of businesses and assets in the economy grow at only a sane pace, and bankers try to go back to the level of take from the economy that they have grown accustomed to, then the amount of total profits left for the rest of the economy are bound to be negative. So unless we re-think things and figure out how to muzzle the banks, then we are headed for more bubbles that will justify their stratospheric incomes.
The financial sector, once it exceeds a certain share of the economy, should be viewed as a tax on the economy. Many protest the taxes that the government imposes because the money is not well spent. Well, the money from this tax goes to personal expenditures of the bankers themselves. There is not even any pretense that this tax will be spent for the common good.
One question that really needs to be answered is how much of this financial “innovation” that is touted as the result is really beneficial to the economy and how much of it is just unnecessary complexity that hides that take of the bankers and hedge funds. The excuse that is always given is that all of this financial innovation helps to provide lubrication for businesses. But that is more like an excuse than a reason. Mostly the financial innovation has fueled bubbles. It has led to the excessive leverage that feeds into one sided deals for hedge fund managers.
More often than not, financial innovation has helped to fuel the extreme fixation on short term gains in the economy. Financial innovation has featured hollowing out companies to maximize short term values. Quite often the companies “helped” by this process turn into worthless shells somewhere along the process. This destroys that productive capacity of the economy to allow for the extraction of the maximum amount of short term profits.
Financial innovation helps to turn corporate assets into profits and to take those profits out of the firm through leverage.
So Taleb’s suggestion that we think through Capitalism 2.0 is a good and timely one. But we need to start asking the right questions to figure out what Capitalism 2.0 will be.
A haphazard collection of over 100 quotes from people who might be either famous or knowledgeable or both. This page drew about 150 hits per month even when there was zero new activity on Riskviews for 3 months.
Names of over 75 firms around the world that have encoundered serious financial difficulties that may or may not have been related to poor risk management.
Much of what is written and discussed about risk management focuses on the needs and efforts of the largest firms. This post tells how ERM is different for a smaller firm.
Materials prepared for a week long seminar for TASK (The Actuarial Society of Kenya). Also includes slides from a 1/2 day workshop for Kenyan Bank and Insurance CEOs.
Part of a series of ten reflections on comments by Nassim Taleb on how to create a Black Swan Free World. This particular discussion is about complexity and simplicity.
Some good and not so good parts to this conference. Hosted by Courant Institute of Mathematical Sciences, it was surprisingly non-quant. In fact several of the speakers, obviously with no idea of what the other speakers were doing said that they were going to give some relief from the quant stuff.
Sad to say, the only suggestion that anyone had to do anything “different” was to do more stress testing. Not exactly, or even slightly, a new idea. So if this is the future of risk management, no one should expect any significant future contributions from the field.
There was much good discussion, but almost all of it was about the past of risk management, primarily the very recent past.
Here are some comments from the presenters:
Banks need regulator to require Stress tests so that they will be taken seriously.
Most banks did stress tests that were far from extreme risk scenarios, extreme risk scenarios would not have been given any credibility by bank management.
VAR calculations for illiquid securities are meaningless
Very large positions can be illiquid because of their size, even though the underlying security is traded in a liquid market.
Counterparty risk should be stress tested
Securities that are too illiquid to be exchange traded should have higher capital charges
Internal risk disclosure by traders should be a key to bonus treatment. Losses that were disclosed and that are within tolerances should be treated one way and losses from risks that were not disclosed and/or that fall outside of tolerances should be treated much more harshly for bonus calculation purposes.
Banks did not accurately respond to the Spring 2009 stress tests
Banks did not accurately self assess their own risk management practices for the SSG report. Usually gave themselves full credit for things that they had just started or were doing in a formalistic, non-committed manner.
Most banks are unable or unwilling to state a risk appetite and ADHERE to it.
Not all risks taken are disclosed to boards.
For the most part, losses of banks were < Economic Capital
Banks made no plans for what they would do to recapitalize after a large loss. Assumed that fresh capital would be readily available if they thought of it at all. Did not consider that in an extreme situation that results in the losses of magnitude similar to Economic Capital, that capital might not be available at all.
Prior to Basel reliance on VAR for capital requirements, banks had a multitude of methods and often used more than one to assess risks. With the advent of Basel specifications of methodology, most banks stopped doing anything other than the required calculation.
Stress tests were usually at 1 or at most 2 standard deviation scenarios.
Risk appetites need to be adjusted as markets change and need to reflect the input of various stakeholders.
Risk management is seen as not needed in good times and gets some of the first budget cuts in tough times.
After doing Stress tests need to establish a matrix of actions that are things that will be DONE if this stress happens, things to sell, changes in capital, changes in business activities, etc.
Market consists of three types of risk takers, Innovators, Me Too Followers and Risk Avoiders. Innovators find good businesses through real trial and error and make good gains from new businesses, Me Too follow innovators, getting less of gains because of slower, gradual adoption of innovations, and risk avoiders are usually into these businesses too late. All experience losses eventually. Innovators losses are a small fraction of gains, Me Too losses are a sizable fraction and Risk Avoiders often lose money. Innovators have all left the banks. Banks are just the Me Too and Avoiders.
T-Shirt – In my models, the markets work
Most of the reform suggestions will have the effect of eliminating alternatives, concentrating risk and risk oversight. Would be much safer to diversify and allow multiple options. Two exchanges are better than one, getting rid of all the largest banks will lead to lack of diversity of size.
Problem with compensation is that (a) pays for trades that have not closed as if they had closed and (b) pay for luck without adjustment for possibility of failure (risk).
Counter-cyclical capital rules will mean that banks will have much more capital going into the next crisis, so will be able to afford to lose much more. Why is that good?
Systemic risk is when market reaches equilibrium at below full production capacity. (Isn’t that a Depression – Funny how the words change)
Need to pay attention to who has cash when the crisis happens. They are the potential white knights.
Correlations are caused by cross holdings of market participants – Hunts held cattle and silver in 1908’s causing correlations in those otherwise unrelated markets. Such correlations are totally unpredictable in advance.
National Institute of Financa proposal for a new body to capture and analyze ALL financial market data to identify interconnectedness and future systemic risks.
If there is better information about systemic risk, then firms will manage their own systemic risk (Wanna Bet?)
Proposal to tax firms based on their contribution to gross systemic risk.
Stress testing should focus on changes to correlations
Treatment of the GSE Preferred stock holders was the actual start of the panic. Leahman a week later was actually the second shoe to drop.
Banks need to include variability of Vol in their VAR models. Models that allowed Vol to vary were faster to pick up on problems of the financial markets. (So the stampede starts a few weeks earlier.)
By 2040, the oldest of the infamous Baby Boom generation will turn 95. The youngest, born almost 20 years later will be 75. Unless there is a drastic change in course for the way that we generally prepare for retirement living, amost all of the Baby Boomers who survive until then, and many of us will, will be living entirely off of Social Security.
For more than half of the retirees, that will mean a big drop in the standard of living that we have grown accustomed to. Five factors will feed into that trend:
Unless there is a sub prime like boom in lending, the part of Baby Boomers standard of living that is supported by debt, will lose that support. Lenders are quite likely to develop a lack of ability to understand that people with low fixed income and declining assets are not good credit risks, but I would not plan the future of the generation on that presumption.
Real estate will NOT be the unbeatable asset that is has been most of the lives of the Baby Boomers. There will just not be enough demand from the smaller generations coming after the Baby Boomers to keep real estate appreciation at levels comparable to inflation.
Inflation will be higher into the future. That is because there are two ways that future generations can afford to pay off the promises that have been made to Baby Boomers for retirement: Inflation and a Miracle. With inflation, wages can grow enough to fund the retirement and medical benefits if there are small differences in the ways that the inflation impacts on Social Security and Medical expenses and how inflation impacts wages and taxes. The Clinton administration started this trend by changing the definition of inflation, lowering it by 1%. Future changes will be needed to allow for balance without large tax increases. Medical costs inflation must be controlled to something lower than wage inflation, or health care will simply bankrupt the economy.
It is well known that Baby Boomers are not saving enough for retirement. And the Boomers who started late were all putting much of their savings into stocks to roll the dice to hope that they picked up 30% per year returns to make up for 30 years of zero savings.
Very few Boomers will have a significant part of their retirement income in lifetime guaranteed annuities. The most common approach to dealing with longevity risk is for retirees to plan to spend their retirement income over their life expectancy. That thinking is the same as planning to run across the street knowing that you have a 50% chance of being struck by a car. Half of all people live beyond the life expectancy. Life expectancy is another one of those very bad terms that totally misleads people, in this case will help for them to plan for a very poor old age.
This could be thought of as a Black Swan scenario, except that it is highly likely. It is probably much too late for anything different to happen. There are just not enough future working years for the Boomers to make a major change in their own future and there is doubtless little will for the rest of the world to sacrifice to focus yet one more period in history on our generation.
But this scenario needs to be seriously understood by both the individuals who will be a part of this and by the firms who are in the businesses that will be most impacted.
In the last ten years, we have had major problems from Credit, Natural Catastrophes and Equities all at least twice. Looking around at the risk exposures of insurers, it seems that we are due for a fall on Interest Rate Risk.
And things are very well positioned to make that a big time problem. Interest rates have been generally very low for much of the past decade (in fact, most observers think that low interest rates have caused many of the other problems – perhaps not the nat cats). This has challenged the minimum guaranteed rates of many insurance contracts.
Interest rate risk management has focused primarily around lobbying regulators to allow lower minimum guarantees. Active ALM is practiced by many insurers, but by no means all.
Rates cannot get much lower. The full impact of the historically low current risk free rates (are we still really using that term – can anyone really say that anything is risk free any longer?) has been shielded form some insurers by the historically high credit spreads. As the economy recovers and credit spreads contract, the rates could go slightly lower for corporate credit.
But keeping rates from exploding as the economy comes back to health will be very difficult. The sky high unemployment makes it difficult to predict that the monetary authorities will act to avoid overheating and the sharp rise of interest rates.
Calibration of ALM systems will be challenged if there is an interest rate spike. Many Economic Capital models are calibrated to show a 2% rise in interest rates as a 1/200 event. It seems highly likely that rates could rise 2% or 3% or 4% or more. How well prepared will those firms be who have been doing diciplined ALM with a model that tops out at a 2% rise? Or will the ALM actuaries be the next ones talking of a 25 standard deviation event?
Is there any way that we can justify calling the next interest rate spike a Black Swan?
Riskviews 