Archive for the ‘Change Risk’ category

Too Much Logic

March 13, 2018

Someone recently told RISKVIEWS that before a company could start a project to revitalize their risk governance structures they MUST update their Risk Appetite and Tolerance.  Because everything in an ERM program flows from Risk Appetite and Tolerance.  That suggestion is likely to be too much logic to succeed.

What many organizations have found is that if they are not ready to update their Risk Appetite and Tolerance, there are two likely outcomes of an update project:

  1. The update project will never be completed.
  2. The update project will be completed but the organization will ignore the updated Risk Appetite and Tolerance.

An organization will make a change when the pain of continuing on the existing course exceeds the pain of change.  (paraphrased from Edgar Shein)

So if an organization is not yet thoroughly dissatisfied with their current Risk Appetite and Tolerance, then they are not likely to change.

So you can think of the ERM program as the combination of several subsystems:

  • Governance – the people who have ERM responsibilities and their organizational positions – all the way up to the board.
  • Measurement – the models and other methods used to measure risk
  • Selection, Mitigation and Control – the processes that make up the every day activities of ERM
  • Capital Management – the processes that control aggregate risk including the ORSA.
  • Risk Reward Management – the processes that relate risk to prices and profits

When management of an organization is dissatisfied enough with any one of these sub systems, then they should undertake to revise/replace/improve those sub systems.

These sub systems are highly interconnected, so an improvement to one sub system is likely to increase dissatisfaction with another sub system.

For example, if the Governance sub system is not working.  People are not fulfilling their ERM related responsibilities which they may not really understand.  When this subsystem is set right,  people are aware of their ERM responsibilities and then they find out that some of the other sub systems do not provide sufficient support for them.  They get dissatisfied and urge an upgrade to another sub system.  And so on.

This might well result in a very different order for updating an ERM program than the logical order.

However, if the update follows the wave of dissatisfaction, the changes are much more likely to be fully adopted into ongoing company practice and to be effective.

WaveBy Malene Thyssen – Own work, CC BY-SA 3.0,https://commons.wikimedia.org/w/index.php?curid=651071

Keys to ERM – Adaptability

April 3, 2017

keys

Deliberately cultivating adaptability is how ERM reduces exposure to unexpected surprises.

There are four ways that an ERM program encourages adaptability:

  1. Risk Identification
  2. Emerging Risks
  3. Reaction step of Control Cycle
  4. Risk Learning

Many risk managers tell RISKVIEWS that their bosses say that their objective is “No Surprises”.  While that is an unrealistic ideal objective, cultivating Adaptability is the most likely way to approach that ideal.

More on Adaptability at WILLIS TOWERS WATSON WIRE.

New Year’s ERM Resolution – A Risk Diet Plan

December 31, 2014

Why do you need an aggregate risk limit?

For the same reason that a dieter needs a calorie limit.  There are lots and lots of fad diets out there.  Cottege Cheese diets, grapefruit diets, low carb, low fat, liquid.  And they might work, but only if you follow them exactly, with absolutely no deviation.  If you want to make some substitution, many diets do not have any way to help you to adapt.  Calories provide two things that are desparately needed to make a diet work.  Common currency for substitutions and a metric that can be applied to things not contemplated in the design of the diet.

So if you do a calorie counting diet, you can easily substitute one food for another with the same calorie count.  If some new food becomes available, you do not have to wait for the author of the diet book to come up with a new edition and hope that it includes the new food.  All you need to do is find out how much calories the new food has.

The aggregate risk limit serves the exact same role role for an insurer.  There may be an economic capital or other comprehensive risk measure as the limit.  That risk measure is the common currency.  That is the simple genius of VaR as a risk metric.  Before the invention of VaR by JP Morgan, the risk limit for each risk was stated in a different currency.  Premiums for one, PML for another, percentages of total assets for a third.  But the VaR thinking was to look at everything via its distribution of gains and losses.  Using a single point on that distribution.  That provided the common currency for risk.

The diet analogy is particularly apt, since minimizing weight is no more desirable than minimizing risk.  A good diet is just like a good risk tolerance plan – it contains the right elements for the person/company to optimum health.

And the same approach provided the method to consistently deal with any new risk opportunity that comes along.

So once an insurer has the common currency and ability to place new opportunities on the same risk basis as existing activities, then you have something that can work just like calories do for dieters.

So all that is left is to figure out how many calories – or how much risk – should make up the diet.

And just like a diet, your risk management program needs to provide regular updates on whether you keep to the risk limits.

 

Supporting Success with Risk Management

May 12, 2014

Risk Management is often seen as the Business Prevention Department and the Chief Risk Officer as the Wizard of NO.

But in some ways that can be seen as a glass half full, half empty sort of thing.

A major and sometimes neglected aspect of risk management relates to dealing with the planning for and execution of major changes.  We call this CHANGE RISK MANAGEMENT.

If we think of the Control Cycle as the major manifestation of risk management, Change Risk Management is the special process that is followed to make sure that important new things get on to the Control Cycle without stumbling.

Many times, these changes are the future of the company.  They are the new products, new distribution systems, new territories and acquisitions that will change the course of the company’s path forward.

The Change Risk management process can be performed as Business Prevention or it can be a support to the success of the company.  A good Change Risk Management process will help to identify the ways that the new activity might fail or might harm the firm.  If the Change Risk Management process is designed properly, the Risk Management inputs of that sort can be brought into the process in plenty of time to correct the problems that cause the concerns.  In that sense, fixing those problems adds to the potential success of the company.

But if Risk Management is brought very late to the process, many people have become invested in the change as it is currently planned and any input from risk management that something might go wrong is seen as an attempt to scuttle the project.

Listingship

So timing and attitude are the two things that make the Change Risk Management process something that supports the success of the company.

 

 

The biggest Risk is that the rules keep changing

December 27, 2013

RISKVIEWS played the board game Risk Legacy with the family yesterday.  We were playing for the 8th time.  This game is a version of the board game Risk where the rules are changed by the players after each time playing the game.  Most often, the winner is the person who most quickly adapts to the new rules.  Once the other players see how the rules can be exploited, they can adapt to defend against that particular strategy, but at the same time, the rules have changed again, presenting a new way to win.

This game provides a brilliant metaphor for the real world and the problems faced by business and risk managers in constantly having to adapt both to avoid losing and to find the path to winning.  The biggest risk is that the rules keep changing.  But unlike the game, where the changes are public and happen only once per game, in the real world, the changes to the rules are often hidden and can happen at any time.

Regulators are forced to follow a path very much like the Risk Legacy game of making public changes on a clear timetable, but  competitors can change their prices or their products or their distribution strategy at any time.  Customers can change their behaviors, sometimes drastically, most often gradually without notice.  Even the weather seems to change, but we are not really sure how much.

Meanwhile, risk managers have been forced into a universe of their own design with the movement towards heavy metal complex risk models.  Those models are most often based upon the premise that when it comes to risk, things will not change.  That the future will be much like the past and in fact, that even inquiring about changes may be difficult and may therefore be discouraged due to limited resources.

But risk can be thought of as the tail of the cat.  The exact path of the cat is unpredictable.  The rules for what a cat is trying to accomplish at any point in time keep changing.  Not constantly changing, but changing nonetheless without warning.  So imagine trying to model the path of the cat.  Now shift to the tail of the cat representing the risk.  The tail has a much wider and more unpredictable path than the body of the cat.

That is not to suggest that the path of the tail (the risk) is wildly unpredictable.  But keeping up with the tail requires much more than simply extrapolating the path of the cat from the recent past.  It requires keeping up with the ever changing path of the cat.  And the tail movement will often represent the possibilities for changes in the future path.

Some risk models and risk management programs are created with recognition of the likelihood that the rules will change, sometimes even between the time that the model assumptions are set and when the model results are presented.  In those programs, the models are valued for their insights into the nature of risk, but of the risk as it was in the recent past.  And with recognition that the risk that will be will be somewhat different because the rules will change.

Real Resilience is not what you think it is

January 30, 2013

There is confusion about the term Resilience.  To many people, it means the ability to withstand stress. To some people, the ultimate resilience comes from thick walls (or huge capital requirements).  The picture above is one of many thousands like it that shows the ultimate result of seeking resilience in a static manner.

The dictionary has something slightly different:

the power or ability to return to the original form, position, etc., after being bent, compressed, or stretched; elasticity.

But Holling, a prominent ecologist, suggests something much more robust.  He suggests that a resilient species will survive all of the stressors that attack it from its environment and thrive when conditions become benign.

“a major strategy selected is not one maximizing either efficiency or a particular reward, but one which allows persistence by maintaining flexibility above all else. A population responds to any environmental change by the initiation of a series of physiological, behavioral, ecological, and genetic changes that restore its ability to respond to subsequent unpredictable environmental changes. Variability over space and time results in variability in numbers, and with this variability the population can simultaneously retain genetic and behavioral types that can maintain their existence in low populations together with others that can capitalize on opportunities for dramatic increase. The more homogeneous the environment in space and time, the more likely is the system to have low fluctuations and low resilience.”  CS Holling, Resilience and Stability of Ecological Systems

Real resilience is ADAPTABILITY.  The ability to change your approach.  To find the way to survive the extreme adverse scenario without devoting so much resources to safety that you miss the chance to “capitalize on opportunities for dramatic increase” as Holling says.

Does your ERM program build walls, thicker and thicker, or does it build adaptability?

How many people in your organization do you think would know what to do in the event of an adverse situation that has never happened before?

But what is this adaptablity?  In two studies in the late 1990’s, researchers studied thousands of crisis situations and identified 8 dimensions of adaptability for individuals.  See study here.

Handling emergencies or crisis situations

Reacting with appropriate and proper urgency in life threatening, dangerous, or emergency situations; quickly analyzing options for dealing with danger or crises and their implications; making split-second decisions based on clear and focused thinking; maintaining emotional control and objectivity while keeping focused on the situation at hand; stepping up to take action and handle danger or emergencies as necessary and appropriate.

Handling work stress

Remaining composed and cool when faced with difficult circumstances or a highly demanding workload or schedule; not overreacting to unexpected news or situations; managing frustration well by directing effort to constructive solutions rather than blaming others; demonstrating resilience and the highest levels of professionalism in stressful circumstances; acting as a calming and settling influence to whom others look for guidance.

Solving problems creatively

Employing unique types of analyses and generating new, innovative ideas in complex areas; turning problems upside-down and inside-out to find fresh, new approaches; integrating seemingly unrelated information and developing creative solutions; entertaining wide-ranging possibilities others may miss, thinking outside the given parameters to see if there is a more effective approach; developing innovative methods of obtaining or using resources when insufficient resources are available to do the job.

Dealing with uncertain and unpredictable work situations

Taking effective action when necessary without having to know the total picture or have all the facts at hand; readily and easily changing gears in response to unpredictable or unexpected events and circumstances; effectively adjusting plans, goals, actions, or priorities to deal with changing situations; imposing structure for self and others that provide as much focus as possible in dynamic situations; not needing things to be black and white; refusing to be paralyzed by uncertainty or ambiguity.

Learning work tasks, technologies, and procedures

Demonstrating enthusiasm for learning new approaches and technologies for conducting work; doing what is necessary to keep knowledge and skills current; quickly and proficiently learning new methods or how to perform previously unlearned tasks; adjusting to new work processes and procedures; anticipating changes in the work demands and searching for and participating in assignments or training that will prepare self for these changes; taking action to improve work performance deficiencies.

Demonstrating interpersonal adaptability

Being flexible and open-minded when dealing with others; listening to and considering others’ viewpoints and opinions and altering own opinion when it is appropriate to do so; being open and accepting of negative or developmental feedback regarding work; working well and developing effective relationships with highly diverse personalities; demonstrating keen insight of others’ behavior and tailoring own behavior to persuade, influence, or work more effectively with them.

Demonstrating cultural adaptability

Taking action to learn about and understand the climate, orientation, needs, and values of other groups, organizations, or cultures; integrating well into and being comfortable with different values, customs, and cultures; willingly adjusting behavior or appearance as necessary to comply with or show respect for others’ values and customs; understanding the implications of one’s actions and adjusting approach to maintain positive relationships with other groups, organizations, or cultures.

Demonstrating physically oriented adaptability

Adjusting to challenging environmental states such as extreme heat, humidity, cold, or dirtiness; frequently pushing self physically to complete strenuous or demanding tasks; adjusting weight and muscular strength or becoming proficient in performing physical tasks as necessary for the job.

The questions that remains are:

Is adaptability of a company anything different from adaptability of the people in the company?

How does a company get adaptable people?  Are people born that way or can they be trained?

The Risk Embedded in Competitive Advantage

July 13, 2011

The term Competitive Advantage is popular with management gurus.  On the website, QuickMBA, they describe Michael Porter’s ideas on the topic as:

A Competitive Advantage exists when a firm is able to deliver the same benefits as competitors but at a lower cost (cost advantage) or deliver benefits that exceed those of competing products (differentiation advantage).  Thus a competitive advantage enables the firm to create superior value for its customers and superior profits for itself.

This is a major objective of most firms in a capitalist system, an objective far more desirable than risk and reward.  Going into the competitive marketplace and taking risks to get profits is a commodity approach to business.  That is why Market Consistent accounting regimes seek to show this activity as less desirable by recognizing those profits later.  Profits created by competitive advantage are reported immediately.

Once a firm has found a competitive advantage, they will seek to make it a sustainable advantage.  If the advantage is significant enough, they will also seek to eliminate all risk; turning it into a pure rent seeking activity.  In many cases, the managers of the business start to think of this as a PERMANENT RISK FREE BUSINESS.  

And that is risk that is embedded in Competitive Advantage.  It is a risk that comes with long experience with a favorable outcome.  Every day that goes by collecting those rents makes it harder and harder for employees and management to even imagine that there is any risk that the gravy train will stop.

Henry Ford had that sort of position until Sloan’s General Motors took advantage of Ford’s inability to imagine a different way of doing business than his “any color you want as long as it is black” approach.  IBM had that permanent risk free look 30+ years ago when everyone said that “no one ever got fired for recommending that the company buy IBM” for its computer needs.  Microsoft looked that way 10 years ago as well.  At the time that Microsoft was losing suits about their monopolistic behaviors, Gates was predicting Microsoft’s competition.  And he was right.

A business is not safe from this just because it is not a world dominating franchise.  Companies with small niches where they dominate have the exact same situation.

this does not mean that such competitive advantages are not a good goal for a business.  But it does mean that once you find one and you do the natural thing of eliminating risk to turn that business in a pure rent collection, there is always that one risk that you cannot eliminate.

10 ERM Questions from an Investor – The Answer Key (3)

July 8, 2011

Riskviews was once asked by an insurance sector equity analyst for 10 questions that they could ask company CEOs and CFOs about ERM.  Riskviews gave them 10 but they were trick questions.  Each one would take an hour to answer properly.  Not really what the analyst wanted.

Here they are:

  1. What is the firm’s risk profile?
  2. How much time does the board spend discussing risk with management each quarter?
  3. Who is responsible for risk management for the risk that has shown the largest percentage rise over the past year?
  4. What outside the box risks are of concern to management?
  5. What is driving the results that you are getting in the area with the highest risk adjusted returns?
  6. Describe a recent action taken to trim a risk position?
  7. How does management know that old risk management programs are still being followed?
  8. What were the largest positions held by company in excess of risk the limits in the last year?
  9. Where have your risk experts disagreed with your risk models in the past year?
  10. What are the areas where you see the firm being able to achieve better risk adjusted returns over the near term and long term?

They never come back and asked for the answer key.  Here it is:

3.  The answer to this question requires several parts of risk management to be right.  First of all, the answerer needs to know which risk position grew the most.  Second of all, in a good risk management program, the position that grew the most should have had by far the most scruitny.  High growth does not always spark big blow ups, but big blow ups are always preceded by high growth.  A firm that is not paying lots and lots of attention to its fastest growing risk is not going to end up with good results.  The highest growth positions require a disproportionate large amount of attention, but most often they get a disproportionately smaller share of attention.  Risk management budgets are determined based upon the business at the start of the year.  Finally, to answer the question, the firm needs to have someone who they can immediately identify who is responsible for that risk.  Best practice is to have a senior person responsible for each major risk.  That should be a business person, not the CRO or CFO.  If it is not the same person who is responsible for sales and profits, then management has set up a fight.  On one side is the person responsible for bringing in the business and for achieving profits.  On the other side is the person responsible for preventing losses.  Not a fair fight in most firms.

In the end, the best practice firms recognize that in situations of great change, there needs to be a special ERM process that exceeds the regular ERM process.

Major Regime Change – The Debt Crisis

May 24, 2011

A regime change is a corner that you cannot see around until you get to it.  It is when many of the old assumptions no longer hold.  It is the start of a new set of patterns.  Regime changes are not necessarily bad, but they are disruptive.  Many of the things that made people and companies successful under the old regime will no longer work.  But there will be completely new things that will now work.

The current regime has lasted for over 50 years.  Over that time, debt went all in one direction – UP.  Most other financial variables went up and down over that time, but their variability was in the context of a money supply that was generally growing somewhat faster than the economy.

Increasing debt funds some of the growth that has fueled the world economies over that time.

But that was a ride that could not go on forever.  At some point in time the debt servicing gets to be too high in comparison to the capacity of the economy.  The economy has gone through the stage of hedge lending (see Financial Instability) where activities are able to afford payments on their debt as well as repayment of principal long ago.  The economy is in the stage of Speculative Finance where activities are able to afford payments on the debt, but not the repayment of principal.  The efforts to pay down debt will tell us whether it is possible to reverse course on that.  If one looks ahead to the massive pensions crisis that looms in the moderate term, then you would likely judge that the economy is in Ponzi Financing land where the economy can neither afford the debt servicing or the payment of principal.

All this seems to be pointing towards a regime change regarding the level of debt and other forward obligations in society.  With that regime change, the world economy may shift to a regime of long term contraction in the amount of debt or else a sudden contraction (default) followed by a long period of massive caution and reduced lending.

Riskviews does not have a prediction for when this will happen or what other things will change when that regime change takes place.  But risk managers are urged to take into account that any models that are calibrated to historical experience may well mislead the users.  And market consistent models may also mislead for long term decision making (or is that will continue to mislead for long term decision making – how else to characterize a spot calculation) until the markets come to incorporate the impact of a regime change.

This may be felt in terms of further extension of the uncertainty that has dogged some markets since the financial crisis or in some other manner.

However it materializes, we will be living in interesting times.

Regime Change

February 18, 2011

In risk modeling, the idea of regime change is a mathematical expression.  A change from one mathematical rule to another.

But in the world, Regime Change can have a totally different meaning.  Like what is happening in Egypt.

When someone sits atop a government for 30 years, it is easy to assume that next week they will still be on top.

Until that is no longer true.

When there is a regime change, it happens because the forces that were in a stable equilibrium shift in some way so that they can no longer support a continuation of the past equilibrium.  In hindsight, it is possible to see that shift.  But the shift is often not so obvious in advance.

Again, as when the Soviet Union fell apart, the intelligence services were seemingly taken by surprise.

But is there really any difference between the two types of regime change?  Is it any easier to actually notice an impending regime change on a modeled risk than an impending political risk?

Why are we so bad at seeing around corners?

In the area of public health, it is well known that diseases follow a standard path called an S curve.  That is the path of a curve plotting the number of people infected by a disease over time.  The path has a slight upward slope at first then the slope gets much, much steeper and eventually it slows down again.

When a new disease is noticed, some observers who come upon information about the disease during that middle period during the rapid upward slope will extrapolate and predict that the disease incidence will grow to be much higher than it ever gets.

The reason for the slowdown in the rate of growth of the disease is because diseases are most often self limiting because people do not usually get the disease twice.  Diseases are spread by contact between a carrier and an uninfected person.  In the early stages of a disease, the people who make the most contacts with others are the most likely to become infected and themselves become carriers.  Eventually, they all lose the ability to be carriers and become immune and the number of times that infected carriers come into contact with uninfected persons starts to drop.  Eventually, such contacts become rare.

It is relatively easy to build a model of the progression of a disease.  We know what parameters are needed.  We can easily estimate those that we cannot measure exactly and can correct our estimates as we make observations.

We start out with of model of a disease that assumes that the disease is not permanent.

We plan for regime change.

Perhaps that is what we need for the rest of our models.  We should start out by assuming that no pattern that we observe is permanent.  That each regime carries the seeds of its own destruction.

If we start out with that assumption, we will look to build the impermanence of the regime into our models and look for the signs that will show that whatever guesses we had to make initially about the path of the next regime change can be improved.

Because when we build a model that does not include that assumption, we do not even think about what might cause the next regime change.  We do not make any preliminary guesses.  The signs that the next change is coming are totally ignored.

In the temperate zones where four very different seasons are the norm, the signs of the changes of seasons are well known and widely noticed.

The signs of the changes in regimes of risks can be well known and widely noticed as well, but only if we start out with a model that allows for regime changes.

Avoiding Risk Management

February 14, 2011

In the past two years, many firms and many investors have de-risked their world.

On the other hand, there is no shortage of advice that you should never seek to avoid all risk.  Try typing the two words “Avoid Risk” into Google and more than half of the links that come up are discussions of why that is not a good strategy.

But one of the links that is on the first page is from the Chronicle of Higher Education.  The headline is “Most Colleges Avoid Risk Management

So you now have the classic two by two grid of choices:

Each of the four choices has adherents.  But there are pluses and minuses to each choice.

1.  Avoid Risk/Avoid Risk Management – a person or organization can do very well with this choice.  Until – – – they are struck by a risk that they did no know that they were taking.  The only risks that a person who avoids all risk takes are those risk that they are unaware of.  This strategy also requires that the world not change too much.  The largest risk to this choice is the risk that the person or organization will no longer have a viable strategy.  By avoiding risk, they have saved themselves from the agony of failure but also from the joy of successfully developing new strategies – some of which might become the strategy for the future.

2.  Avoid Risk/Risk Management – This was the Mubarak strategy.  It was very successful for 30 years.  Then, suddenly, it stopped working.  It feel victim to the failure to adapt risk which is the second type mentioned above.   But by practicing risk management, he was able to avoid the first risk above – the risk of taking risks unawares.  A firm with a very successful product or business might take up this strategy, seeking to maximize value of that successful strategy.

“People who don’t take risks generally make about two big mistakes a year. People who do take risks generally make about two big mistakes a years.” – Peter F. Drucker

3.  Take Risks/ Avoid Risk Management – On its face, this choice seems clearly irrational.  However, it is widely practiced and sometimes by people that are held to be highly successful geniuses in their fields.  What we fail to recognize is that some of these folks are simply lucky and the rest might well be geniuses.  The lucky are noticed because of survivor bias.  So if you choose this strategy, you are following in the footsteps of some of the most famous.  And in your own experience, you have probably worked with people who got where they are because of luck.  Someone has to get 8 tails in a row flipping coins.  And if you award a senior vice presidency to everyone who does …

4.  Take Risks / Risk Management – this seems like the most sensible choice.  You are then left with the decision of how to choose the risks that you take and which sort of risk management to practice.  Which are the main topics of this blog.

In my experience, I have found that some people define risk taking as 3 above – that is diving off the board without looking down first.  When they say “you must take risks to get the rewards” they are thinking about the blind risk taking of 3.  I can only suggest that a firm should seek to avoid applying strategy 3 to something on which the survival of the firm depends.

Thanks to Riskczar for the Drucker quote.

Momentum Risk

January 31, 2011

How many times have you heard this

If it isn’t broken don’t fix it.

As a risk manager, momentum risk is one of the most difficult risk to overcome.  (I wonder how many times on these posts I have claimed this?)

But this is the aspect of the Horizon disaster that led to millions and millions of barrels of oil spilling into the Gulf.  Before that the oil companies claimed that there had never been a failure of an oil rig in the Gulf.  So that was the Momentum assumption.  It had never failed so it never would fail.

Standing against that is the seemly endlessly negative point of view of the risk manager:

If anything can go wrong, it will.

Murphy‘s Law is usually taken as the ultimate statement of negative pessimism.  But instead you the risk manager need to use Murphy’s law as he did.  As a mantra to keep repeating to yourself as you look for ways to stress test a system.

Looking to engineering (Murphy was an engineer you know) for some thinking about stress to failure, we find this post:

When a component is subject to increasing loads it eventually fails.   It is comparatively easy to determine the point of failure of a component subject to a single tensile force. The strength data on the material identifies this strength.   However when the material is subject to a number of loads in different directions some of which are tensile and some of which are shear, then the determination of the point of failure is more complicated…

Some of your stress to failure tests will have to be tensile, some compressive, some shear, in different directions and in different combinations.  You should do this sort of testing to know the weakest points of your system.

But there is no guarantee that the system will fail at the weakest points either.  In fact, you may put in place methods to reduce stresses to those weakest points.  Remember that now elevates other points to be the new stresses.

And do not let Momentum thinking define your approach to likelihood of these stresses.  In physical systems, the engineer knows how the system is supposed to be used and can plan for the stresses of those uses.  But in many cases, the systems designed and tested by engineers are not used in the conditions planned for or even for the exact uses that the engineer anticipated.

Sound familiar?

Human systems are not so fixed as physical systems.  Humans react to the system that they are experiencing and adjust their actions according to the feedback that they are receiving from the system.  So human systems will almost always change as they are used.

Human systems will almost always change as they are used.

That is what makes it so much more difficult to be a risk manager for a financial firm than for a firm that deals mainly with physical risks.  As noted above the humans that interface with the physical risks system do change and adapt, but there are usually a larger portion of possibilities that are fixed by the constraints of the physical systems.

With financial risks, the idea of adapting and using a type of transaction or financial structure for alternate purposes has become the occupation of a large number of folks who command a large amount of resources.

So if, for example, you are using a particular type of derivative to accomplish a fairly straightforward risk management purpose, it is quite possible that the market for that instrument will suddenly be taken over by folks with lots and lots of money, fast computers and turnover averages in the thousands per week.  Their entry into a market will change pricing and the speed of changes in pricing and then one day, suddenly, they will decide, perhaps little by little, but possibly all at once, to abandon that trade and the market will snap to being something different still.

The same sort of thing happens in insurance, but at a different speed.  Lawyers are always out there looking to “perfect” an argument to create a new class of claimants against different businesses and their insurers. THis results in a sudden jump in claims costs.

Interestingly, the strategies for those two examples might be the exact opposite.  It might be best to move on from the market that is suddenly overtaken by high speed hedge fund traders.  But the only way to recover extra losses from a newly discovered and “perfected” cause of tort is to stay with the coverage.

But in all cases, the risk manager is faced with the problem of overcoming Momentum Risk.  Convincing others that something that is not broken needs attention and possibly even fixing.


Business Risks

December 22, 2010

US News and World Report had a recent feature “20 Companies that Cratered in 2010“.

Reading their article, I can only come up with four reasons why the 20 firms went bankrupt:

  1. Overconcentration in the mortgage backed securities market.  (Ambac)
  2. Failed to adapt to competition with a new approach to the business (Affiliated Media, Mareican Media, Penton Media, Blockbuster, Movie Gallery, Newsweek, Oriental Trading)
  3. Insufficient New Products (Hummer, Mercury, Pontiac, MGM)
  4. Insufficient resilience to recession due to excess debt (Inkeepers USA, Jennifer Convertibles, Loehmann’s, Mesa Air, Uno Restuarant Holdings, Urban Brands, Swoozies, A&P)

Fully 95%, 19 out of 20 of these bankruptcies are caused by business risks.

Meanwhile, risk managers in the insurance industry are off building risk management systems that assure that there is no more than a 1/200 chance of a loss large enough to cause a bankruptcy.

But Business Risk is not on the list of risks that are being considered in the Solvency II or Basel III regimes.

Fully 95% of US bankruptcies in 2010 were caused by business risks.  Does that mean that we are building a system that assures that we are 99.5% safe from 5% of the risks?

Does this give risk managers a hint as to why top management may only want to devote a small amount of their attention to the management of those 5% risks?

Are top management spending their time paying attention to those pesky risks of Competition, Products and Resilience?

Risk Managers can and should address those risks as well.  But rather than moving away from the risk management discipline, risk managers should be looking to see how the risk management processes can be of help with those risks.

Now, for the folks who think of risk management purely as a modeling exercize, this discussion is largely over.  But if you see your risk management program as a management control system, then there is much for you to bring to help with these risks.

These risks can be handled like any of the Operational risks that are difficult to model.  Key Risk indicators are identified and monitored.  Triggers can be set to initiate actions.  And actions taken to react to increasing indication of risks.

For the three big Business Risks that took down companies in 2010, there are particular concerns:

  • Competition – Business managers must move away from sports analogies.  They make companies particularly at risk for this type of competition.  In sports, the opposing team rarely starts playing a totally different game.  The football team will not be opposed by a hockey club.  But in business, there is often not anything to stop a competitor from starting to play a totally different game.  Risk management needs to be built from te premise that there really are very few rules restricting competitors.
  • Product Risk – in many cases that largest source of product risk is a successful product.  Especially a highly profitable successful product.  Firms with such often find it extremely difficult to justify the cost and risk and low profitability of new products.  The risk manager needs to consider addressing this risk from the point of view of revenue diversification.  Concentrations are often the most profitable and the most risky in the long term.
  • Resilience – This comes closer to regular risk management territory.  But often a major change in business volume either up or down is not a scenario that is factored into the risk model.  Most often, the level of business activity is taken as a constant!  How totally unrealistic is that?  The level of business activity is definitely NOT constant and NOT predictable.  It is at least as uncertain as any of the things that ARE being modeled.  Risk models can be used to evaluate the impact of simultaneous changes in the level of business along with other adverse events.   Perhaps it might make sense to also assume that if volumes are going up beyond a certain range, that selectivity might be going down.  Or that if volumes are decreasing, that margins might be squeezed in addition to the expense squeeze because of competition for the lower amount of business.

Risk managers can bring something to the table for discussions of Business Risk.  But it will take breaking out of their sometimes self imposed bounds.

Risk Management Learns from Sun Tzu

October 10, 2010

Usually risk managers do not think of themselves as being at war.  But a risk manager is facing a number of foes.  And failure to succeed against those foes can result in the end of the enterprise.  So maybe the risk manager can learn from The Art of War.

Sun Tzu’s The Art of War has 11 chapters.  Each of these topics can be seen to have a lesson for risk managers.

  1. Laying Plans explores the five fundamental factors that define a successful outcome (the Way, seasons, terrain, leadership, and management). By thinking, assessing and comparing these points you can calculate a victory, deviation from them will ensure failure. Remember that war is a very grave matter of state.             The risk manager of course needs plans.  Remember that risk management is a grave matter for the enterprise.
  2. Waging War explains how to understand the economy of war and how success requires making the winning play, which in turn, requires limiting the cost of competition and conflict.        Risk management does not run on an unlimited budget.  In some cases risk managers have not completed their preparations because they have gone forward as if they could spend whatever it took to fulfill their vision for risk management.  Of course risk management spending needs to be at a sensible level for the enterprise.  Excessive risk management spending can harm an enterprise just as much as an unexpected loss.
  1. Attack by Stratagem defines the source of strength as unity, not size, and the five ingredients that you need to succeed in any war.            The risk manager succeeds best if they are able to get the entire organization to support the risk management efforts, not just a large corporate risk management department.
  2. Tactical Dispositions explains the importance of defending existing positions until you can advance them and how you must recognize opportunities, not try to create them.           The risk manager needs to build organizational strength to support risk management opportunistically.  A risk management program that does not wait for the right opportunities will create internal enemies and will then be fighting both the external risks as well as the internal enemies.
  3. Energy explains the use of creativity and timing in building your momentum.            The risk manager also needs to be creative and needs to build momentum.  The best risk management program fits well with the culture of the organization.  That fit will need to be developed by creatively combining the ideas of risk management with the written and unwritten parts of the organizational imperatives.
  4. Weak Points & Strong explains how your opportunities come from the openings in the environment caused by the relative weakness of your enemy in a given area.             Quite often the risk manager will know the right thing to do but will not be able to execute except at extreme danger to their position in the firm.  The openings for a risk manager to make the moves that will really lake a difference in the future of the firm come infrequently and without warning.  The Risk manager must be looking at these openings and be ready and able to act.
  5. Maneuvering explains the dangers of direct conflict and how to win those confrontations when they are forced upon you.      Some thing that the risk managers job is the direct conflict with the important people in the firm who would put the firm in an excessively risky position.  This in inadvisable
  6. Variation in Tactics focuses on the need for flexibility in your responses. It explains how to respond to shifting circumstances successfully.       Risk Management tactics will be the most successful if they are alligned with the actual risk environment.  See Plural Rationalities and ERM.
  7. The Army on the March describes the different situations in which you find yourselves as you move into new enemy territories and how to respond to them. Much of it focuses on evaluating the intentions of others.        Rational Adaptability is the process of assessing the risk environment and selecting the risk management strategy that will work best for the environment.
  8. Terrain looks at the three general areas of resistance (distance, dangers, and barriers) and the six types of ground positions that arise from them. Each of these six field positions offer certain advantages and disadvantages.      The risk environment has four main stages, Boom, Bust, Moderate and Uncertain.
  9. The Nine Situations describe nine common situations (or stages) in a campaign, from scattering to deadly, and the specific focus you need to successfully navigate each of them.      Companies must determine their risk taking strategy and their risk appetite by looking at the risk environment as well as at their risk taking capacity.
  10. The Attack by Fire explains the use of weapons generally and the use of the environment as a weapon specifically. It examines the five targets for attack, the five types of environmental attack, and the appropriate responses to such attack.
  11. The Use of Spies focuses on the importance of developing good information sources, specifically the five types of sources and how to manage them.

Financial Reform & Risk Management (2)

September 12, 2010

An AP summary of the negotiated consolidated Financial Reform act of 2010, there are 9 major provisions.  These posts will feature commentary on the Risk Management implications of each.

2. CONSUMER PROTECTION A Consumer Financial Protection Bureau within the Federal Reserve would police lending, taking powers now exercised by various bank regulators.

The current financial crisis is not unique in the financial history in that the major banks took it on the chin.

But while there are many troubling stories of consumers who are suffering hardships as a result of transactions that they entered into during the run up to the crisis, Roger Lowenstein admitted in a recent Sunday New York Times magazine article that try as they might, journalists have not been able to find a story of a truly innocent consumer who was taken advantage of.  In fact, if you look at most situations where folks seem to have been hurt, they either went into the situation with their own greedy motives to get something for nothing (house flippers) or were able to live in much better housing often at a lower price than before the crisis.  As the crisis hit and housing prices fell and refinancing opportunities evaporated, many consumers lost the houses that they could not afford in the first place.  But in fact if you look at the details of what happened, they usually got more than their money’s worth in terms of housing during the time they had a house.  What they lost were their unrealistic expectations.

To be brutally honest, the consumers did ok not well, but ok, and the bankers got hosed.

So as a result, Congress has decided to protect the consumers from any such future abuse.

And to again be brutally honest,  the motives of this “consumer” protection seems to be to protect banks from themselves.

But motives and consequences will doubtless be different.  The consequences of this part of the financial reform act will likely be the erosion of the margins of banks and other financial organizations that deal with consumers.

The margins that banks and others were getting from the sub prime mortgage business were so great that they generated their own myth of the actual viability of that business.  That self justifying myth can be thought of as the actual driver of the crisis.  To anyone who was not caught up in the wave of activity of the housing market, the myth may have seemed as somewhat unrealistic and benign.  But belief in the myth of unending appreciation of real estate enabled people at all levels to justify the behavior that now can be seen to be clearly outrageous.

But getting back to consumer protection, the new Consumer Protection Bureau will clamp down on abuses large and small that have helped to drive the bloated profitability of banks over the past 10 years.

The Risk Management consequences of this are that banks will not stand still and watch their earnings get savaged.  If they did that, then their stock values would either stay low or erode further.  So their reaction will be to seek other sources of revenue to replace the loss of the various fees and charges to consumers that are now found to be abusive.

And why is that a Risk Management concern?  It is because the new activity that will be undertaken to replace the lost revenues adds uncertainty to the system.  Some of that activity will fall inbetween the cracks of the regulatory system.  It will create risks that are not recognized in Basel III.   Some banks will act as if they believe Basel III and run these new activities as if there is no need for capital and end up adding significantly to their actual leverage.

So beware the unintended consequences of this new regulation.  The danger will only pass when banks have accepted the fact that they are fundamentally only 5% to 10% ROE businesses.  As long as they believe that they are 20% to 25% ROE businesses, they will end up finding the risks that will allow them to post those ROEs.

Risk Velocity

June 17, 2010

By Chris Mandel

Understand the probability of loss, adjusted for the severity of its impact, and you have a sure-fire method for measuring risk.

Sounds familiar and seems on point; but is it? This actuarial construct is useful and adds to our understanding of many types of risk. But if we had these estimates down pat, then how do we explain the financial crisis and its devastating results? The consequences of this failure have been overwhelming.

Enter “risk velocity,” or how quickly risks create loss events. Another way to think about the concept is in terms of “time to impact” a military phrase, a perspective that implies proactively assessing when the objective will be achieved. While relatively new in the risk expert forums I read, I would suggest this is a valuable concept to understand and more so to apply.

It is well and good to know how likely it is that a risk will manifest into a loss. Better yet to understand what the loss will be if it manifests. But perhaps the best way to generate a more comprehensive assessment of risk is to estimate how much time there may be to prepare a response or make some other risk treatment decision about an exposure. This allows you to prioritize more rapidly, developing exposures for action. Dynamic action is at the heart of robust risk management.

After all, expending all of your limited resources on identification and assessment really doesn’t buy you much but awareness. In fact awareness, from a legal perspective, creates another element of risk, one that can be quite costly if reasonable action is not taken in a timely manner. Not every exposure will result in this incremental risk, but a surprising number do.

Right now, there’s a substantial number of actors in the financial services sector who wish they’d understood risk velocity and taken some form of prudent action that could have perhaps altered the course of loss events as they came home to roost; if only.

More at Risk and Insurance

Not Complex Enough

June 10, 2010

Things changed and the models did not adapt.  But I am saying that is mostly because the models had no place to put the information.

With 20-20 hindsight, perhaps the models would have been better if instead of boiling everyone in one pot, you separated out folks into 5 or 10 pots.  Put the flippers into a separate pot.  Put the doctors into another pot.  (Did folks really believe that the no doc mortgages represented 10 times as many doctors than previously).  What about the no doc loans to contractors?  Wasn’t there a double risk there?  Put the people with LTV>100% in another pot.  Then model your 20% drop in prices.

And there was also no model of what the real estate market would do if there were 500,000 more houses than buyers.  Or any attempt to understand whether there were too many houses or not.

And the whole financial modeling framework has never had the ability to reflect the spirals that happen.

The models are just not complex enough for the world we live in.

Many are taught to look at a picture like the view above of the situation in Afghanistan and immediately demand that the picture be simplified.  To immediately conclude that if we draw a picture that complicated then it MUST be because we do not really understand the situation.  However, complexity like the above may be a sign that the situation is really being understood and that the model might just be complex enough to work as things change.

The idea that we will change the world so that the models work is tragically wrong headed.   But that is exactly the thinking that is behind most of the attempts at “reforming” the financial markets.  The thinking is that our models accurately describe the world when it is “normal” and that when our models are wrong it is because the world is “abnormal”.  So the conclusion is that we should be trying to keep the world in the normal range.

But the way that our models always fail is when the world makes a change, a non-linearity in the terminology of modelers.  The oft used analogy is the non-linearity that ruined the businesses of the buggy whip manufacturers.  They had a great model of demand for their product that showed how there was more demand every spring so that they put on extra shifts in the winter and rolled out the new models every April.

Then one April, the bottom fell out of their market.  That was because not only did those pesky horseless carriages cut into their businesses, but the very folks who bought the cars were the people who were always sure sales for new buggy whips each and every year.  That early adopter set who just had to have the latest model of buggy whip.

So we must recognize that these troubling times when the models do not work are frequently because the world is fundamentally changing and the models were simply not complex enough to capture the non-linearities.

Lessons for Insurers (6)

May 25, 2010

In late 2008, the The CAS, CIA, and the SOA’s Joint Risk Management Section funded a research report about the Financial Crisis. This report featured nine key Lessons for Insurers. Riskviews will comment on those lessons individually…

6. Insurers must pay special attention to high growth/profit areas in their companies, as these are often the areas from which the greatest risks emanate.

All high growth areas are not risk problems, but almost all risk problems come from areas of high growth.

And high growth areas present several special problems for effective risk management.

  1. High growth in the financial services field usually results when a firm has a new product or service or territory.  There is almost always a deficit of experience and data about the riskiness of the new area.  Uncertainty rules.
  2. In new high growth areas, pricing can be far off the mark at the outset.  If the initial experience is benign, then the level of pricing can become firmly set in the minds of the distributors, the market and the management.  When adverse experience starts to undermine the pricing, it may be initially dismissed as an anomaly, a temporary loss.  It may be very difficult to determine the real situation.
  3. If risk resources were included in the plan for the high growth activity, they were probably not increased when the growth started to exceed expectations.  As growth occurs, the risk resources are most often held at the level called for in the initial plan.  Any additional resources that are applied to the growing area are needed to support the higher level of activity.  Often this is simply a natural caution about increasing expenses in what may well be a temporary situation.  This caution is often justified as growth ebbs.  But in the situations where growth does not wane, a major mismatch between risk resources and business activity develops.
  4. There is usually a political problem within the firm.  The management of the highest growth area are most likely the current corporate heroes.  It is very highly unlikely that the CRO will have as much clout within the organization as the heroes.  The only solution to this issue is support from the CEO for the importance of risk.
  5. Risk efforts need to be seen not as “business prevention” but as a partner with the business in getting it right.  This is difficult to accomplish unless risk is involved from the outset.  If the business gets going and growing with procedures that are questionable from a risk perspective, then it is quite possible that changing those procedures might well hurt the growth of the area.  Risk needs to be involved form the outset so that appropriate procedures and execution of those procedures does not become a growth issue later on.

This is the most difficult and important area for the risk management of the firm.  The business needs to be able to take chances in new areas where good growth is possible.  The Risk function needs to be able to help these new activities to have the chance to succeed.

At the same time, the organization needs to be protected from the sort of corner cutting that leads to growth through drastically under-priced risks.

It is a delicate balancing act that requires a high degree of political skill as well as good business judgment about when to dig in the heels and when to let go.

Lessons for Insurers (1)

Lessons for Insurers (2)

Lessons for Insurers (3)

Lessons for Insurers (4)

Lessons for Insurers (5)

Lessons for Insurers (6)

LIVE from the ERM Symposium

April 17, 2010

(Well not quite LIVE, but almost)

The ERM Symposium is now 8 years old.  Here are some ideas from the 2010 ERM Symposium…

  • Survivor Bias creates support for bad risk models.  If a model underestimates risk there are two possible outcomes – good and bad.  If bad, then you fix the model or stop doing the activity.  If the outcome is good, then you do more and more of the activity until the result is bad.  This suggests that model validation is much more important than just a simple minded tick the box exercize.  It is a life and death matter.
  • BIG is BAD!  Well maybe.  Big means large political power.  Big will mean that the political power will fight for parochial interests of the Big entity over the interests of the entire firm or system.  Safer to not have your firm dominated by a single business, distributor, product, region.  Safer to not have your financial system dominated by a handful of banks.
  • The world is not linear.  You cannot project the macro effects directly from the micro effects.
  • Due Diligence for mergers is often left until the very last minute and given an extremely tight time frame.  That will not change, so more due diligence needs to be a part of the target pre-selection process.
  • For merger of mature businesses, cultural fit is most important.
  • For newer businesses, retention of key employees is key
  • Modelitis = running the model until you get the desired answer
  • Most people when asked about future emerging risks, respond with the most recent problem – prior knowledge blindness
  • Regulators are sitting and waiting for a housing market recovery to resolve problems that are hidden by accounting in hundreds of banks.
  • Why do we think that any bank will do a good job of creating a living will?  What is their motivation?
  • We will always have some regulatory arbitrage.
  • Left to their own devices, banks have proven that they do not have a survival instinct.  (I have to admit that I have never, ever believed for a minute that any bank CEO has ever thought for even one second about the idea that their bank might be bailed out by the government.  They simply do not believe that they will fail. )
  • Economics has been dominated by a religious belief in the mantra “markets good – government bad”
  • Non-financial businesses are opposed to putting OTC derivatives on exchanges because exchanges will only accept cash collateral.  If they are hedging physical asset prices, why shouldn’t those same physical assets be good collateral?  Or are they really arguing to be allowed to do speculative trading without posting collateral? Probably more of the latter.
  • it was said that systemic problems come from risk concentrations.  Not always.  They can come from losses and lack of proper disclosure.  When folks see some losses and do not know who is hiding more losses, they stop doing business with everyone.  None do enough disclosure and that confirms the suspicion that everyone is impaired.
  • Systemic risk management plans needs to recognize that this is like forest fires.  If they prevent the small fires then the fires that eventually do happen will be much larger and more dangerous.  And someday, there will be another fire.
  • Sometimes a small change in the input to a complex system will unpredictably result in a large change in the output.  The financial markets are complex systems.  The idea that the market participants will ever correctly anticipate such discontinuities is complete nonsense.  So markets will always be efficient, except when they are drastically wrong.
  • Conflicting interests for risk managers who also wear other hats is a major issue for risk management in smaller companies.
  • People with bad risk models will drive people with good risk models out of the market.
  • Inelastic supply and inelastic demand for oil is the reason why prices are so volatile.
  • It was easy to sell the idea of starting an ERM system in 2008 & 2009.  But will firms who need that much evidence of the need for risk management forget why they approved it when things get better?
  • If risk function is constantly finding large unmanaged risks, then something is seriously wrong with the firm.
  • You do not want to ever have to say that you were aware of a risk that later became a large loss but never told the board about it.  Whether or not you have a risk management program.

The Dirty Dozen

February 4, 2010

Guest Post from David Merkel

The Aleph Blog

I have been thinking about the the forces distorting the global economy.  In the long run, the distortions don’t matter, because economies are bigger than governments, and eventually economies prevail over governments.  Here are my dozen problems in the global economy.

1) China’s mercantilism — loans and currency.  The biggest distortionary force in the world now is China.  They encourage banks to loan to enterprises in order to force growth.  They keep their currency undervalued to favor exports over imports.  What was phrased to me as a grad student in development economics as a good thing is now malevolent.  The only bright side is that when it blows, it might take the Chinese Communist Party with it.

2) US Deficits, European Deficits — In one sense, this reminds me of the era of the Rothschilds; governments relied on borrowing because other methods of taxation raised little.  Well, this era is different.  Taxes are high, but not high enough for governments that are trying to create the unachievable “permanent prosperity.” In the process they substitute public for private leverage, and in the process add to the leverage of their societies as a whole.

3) The Eurozone is a mess — Greece, Portugal, Spain, etc.  I admit that I got it partially wrong, because I have always thought that political union is necessary in order to have a fiat currency.  I expected inflation to be the problem, and the real problem is deflation.  Will there be bailouts?  Will the troubled nations leave?  Will the untroubled nations leave that are the likely targets for bailout money?

4) Many entities that are affiliated with lending in the US Government, e.g., FDIC, GSEs, FHA are broke.  The government just doesn’t say that, because they can still make payments.

5) The US Government feels it has to “do something” — so it creates more lending programs that further socialize lending, leading to more dumb loans.

6) Residential real estate is still in the tank.  Residential delinquencies are at all-time highs.  Strategic default is rising.  The shadow inventory of homes that will come onto the market is large.  I’m not saying that prices will fall for housing; I am saying that it will be tough to get them to rise.

7) Commercial real estate — there is too much debt supporting commercial real estate, and too little equity.  There will be losses here; the only question is how deep the losses will go.

8 ) I have often thought that analyzing the strength of the states is a better measure for US economic strength, than relying on the statistics of the Federal Government.  The state economies are weak at present.  Part of that comes from the general macroeconomy, and part from the need to fund underfunded benefit plans.  Life is tough when you can’t print your own money.

9) The US, UK, and Japan are force feeding liquidity into their economies.  Thus the low short-term interest rates.  Also note the Federal Reserve owning MBS in bulk, bloating their balance sheet.

10) Yield greed.  The low short term interest rates touched off a competition to bid for risky debt.  The only question is when it will reverse.  Current yield levels do not fairly price likely default losses.

11) Most Western democracies are going into extreme deficits, because they can’t choose between economic stimulus and deficit reduction.  Political deadlock is common, because no one is willing to deliver any real pain to the populace, lest they not be re-elected.

12) Demographics is one of the biggest  pressures, but it is hidden.  Many of the European nations and Japan face shrinking populations.  China will be there also, in a decade.  Nations that shrink are less capable of carrying their debt loads.  In that sense, the US is in good shape, because we don’t discourage immigration.

From David Merkel

The Aleph Blog

This post is produced by David Merkel CFA, a registered representative of Finacorp Securities as an outside business activity. As such, Finacorp Securities does not review or approve materials presented herein. By viewing or participating in discussion on this blog, you understand that the opinions expressed within do not reflect the opinions or recommendations of Finacorp Securities, but are the opinions of the author and individual participants. Neither the information nor any opinion expressed constitutes a solicitation for the purchase or sale of any security or other instrument. Before investing, consider your investment objectives, risks, charges and expenses. Any purchase or sale activity in any securities instrument should be based upon your own analysis and conclusions. Past performance is not indicative of future results. Finacorp Securities is a member FINRA and SIPC.

Adaptability is the Key Survival Trait

November 27, 2009

…different and potentially much more difficult issues arise in the identification and measurement of risks where past experience is an uncertain or potentially misleading guide. When risk materialises, it may do so as a risk previously thought to be understood and managed that turns out to be very different indeed, and may do so quickly, well within normal audit cycles. The valuation of an asset or liability in a stressed market environment and the identification of other potential risks that may not previously have been encountered pose major questions for real-time assessment that are unlikely to have been factored into construction of the pre-existing business model.

Excerpt from the Walker Review

To survive such situations, it seems that the ability to quickly assess new situations, especially ones that look like old tried and true but that are seriously more dangerous, and to change what the organization is doing in response to these risks is key.

But to do that, significant amounts of senior resources must be dedicated to determining whether such risks are NOW in the environment each and every day.  The findings of this review must be taken very seriously and the organization must consider the possibility of changing course – not just a minor correction – a major change of business activity.

In addition to the discernment to identify such situations, the organization must cultivate the capacity to make such changes quickly and effectively.

An organization that can do those things have true adaptability and have a much better chance of survival.

However, for a business to be very profitable, it needs to be very focused, very efficient.  Everyone in the organization needs to be pointed in the same direction.  Doubt will undermine.

Within capitalism, the conflict is resolved by allowing individual businesses to maximize profits and relying on an assumption that there will be enough diversity of businesses that enough businesses will have chosen the right business model for the new environment.  Some of the most successful businesses from the old environment will fail to adapt, but some of the laggards will now thrive.

And therefore, the system survives.

But, that is not always so.  In some circumstances, too many firms choose the exact same strategy.  If the environment stays unchanging for too long, individual firms lose any adaptability that they might have had, they all become specialists in that one “most profitable thing”.  A major change in the environment and too many businesses fail too fast.

How does that happen?

Regulators play a large role.  The central bankers work very hard to keep the environment on a steady course, moderating the bumps that encourage diversity.

Prudential and risk management regulation also play a large role, forcing everyone to pay attention to the exact same risks and encouraging similar risk treatments through capital regime incentives.

So for the system to remain healthy, it needs adaptability and adaptability comes from diversity.  And diversity will not exist unless the environment is more variable.  There needs to be diversity in terms of both business strategy and interms of risk management approaches.

So improving the prudential regulation will have the effect of driving everyone to have the same risk management – it will have the perverse effect of diminishing the likelihood of survival of the system.

Most Popular on Riskviews

November 15, 2009

Most Visited on Riskviews:

Since August 2009 when the blog was restarted as a forum for ERM discussions.

Risk Management Quotes 668 visits

A haphazard collection of over 100 quotes from people who might be either famous or knowledgeable or both.  This page drew about 150 hits per month even when there was zero new activity on Riskviews for 3 months.

Risk Management Failures 230 visits

Names of over 75 firms around the world that have encoundered serious financial difficulties that may or may not have been related to poor risk management.

ERM only has value to those who know that the future is uncertain 149 visits

There is a massive difference in the value of risk management when you look forward from when you look backwards.

Chief Risk Officers in the News 149 visits

Another haphazard collection of items from the news.  Mostly collected from a Google News alert for the phrase “Chief Risk Officer”.

Enterprise Risk Management for Smaller Iinsurers 83 visits

Much of what is written and discussed about risk management focuses on the needs and efforts of the largest firms.  This post tells how ERM is different for a smaller firm.

Bad Label leads to Bad Thinking 63 visits

For years, risk managers have been telling people that they are transferring risks.

Introduction to ERM 111 visits

Materials prepared for a week long seminar for TASK (The Actuarial Society of Kenya).   Also includes slides from a 1/2 day workshop for Kenyan Bank and Insurance CEOs.

Project Risk Management 62 visits

Discussion of how risk management ideas can help to get projects to run on time and within budget.

Black Swan Free World (5) 61 visits

Part of a series of ten reflections on comments by Nassim Taleb on how to create a Black Swan Free World.  This particular discussion is about complexity and simplicity.

The Interest Rate Spike of the Early 1980’s 58 visits

Discussion  of how the unprecedented levels of interest rates affected the US life insurance industry 30 years ago.

Optimizing ERM & Economic Capital

October 15, 2009

The above was the title of a conference in London that I attended this week.  Here are some random take-aways:

    • Sometimes it makes sense to think of risk indicators instead of risk limits.

    • Should MVM reflect diversification?  But who’s diversification?

    • Using a Risk and Control Self Assessment as the central pillar to an Operational Risk program

    • Types of Operational Losses:  Financial, Reputation, Opportunity, Inefficiency

    • Setting low thresholods for risk indicators/KRIs provides an early warning of the development of possible problems

    • Is your risk profile stable?  Important question to consider.

    • Number of employees correlates to size of operational risk losses.  May be a simple way to start thinking about how to assign different operational risk capital to different operations.  Next variable might be experience level of employees – might be total experience or task specific experience.  If a company goes into a completely new business, there are likely to be operational issues if they do not hire folks with experience from other firms.

    • Instead of three color indicators, use four – Red, Orange(Amber), Yellow, Green.  Allows for elevating situations out of green without raising alarm.

    • Should look at CP33

    • Controls can encourage more risk taking.  (See John Adams work on seatbelts)

    • Disclosures of safety margin in capital held might create market expectations that would make it impossible to actually use those margins as a buffer without market repercussions.

    • Serious discussions about a number of ways that firms want to deviate from using pure market values.  Quite a shift from the discussions I heard 2 -3 years ago when strict adherence to market values was a cornerstone of good financial and risk management.  As Solvency 2 is getting closer to reality, firms are discovering some ways that the MTM regime would fundamentally change the insurance business.  People are starting to wonder how important it is to adhere to MTM for situations where liquidity needs are very low, for example.

      All in all a very good conference.

      ERM Role in Implementing a Winning Acquisition Strategy (2)

      October 8, 2009

      From Mike Cohen

      Part 2

      (Part 1)

      Execution of an Acquisition Strategy Goes Through Several Stages and Involves Many and Varied Complex, Interrelated Business Issues (they must be performed well, and there are numerous junctures where things can go awry … suggesting that many potential risks need to be addressed, and more effectively than they typically are)

      – Defining the business case

      Considering the corporate strategy and the resulting (ideally enhanced) business model

      * Fit vs. conflict

      * Synergies; potential synergies are frequently overstated

      * Diversification

      – Assessing market opportunities and competitive dynamics

      * Products

      * Distribution

      * Markets/segments

      * Brand/reputation

      – Financial impact

      * Earnings

      * Capital

      * Economic value

      * Assessment of an appropriate price

      – Investments

      * Asset classes

      * Loss positions

      * Liquidity

      – Operational fit (or problematically, the need to ‘fix’ the target’s operations)

      * Technology

      * Administration

      * Core competencies

      – Integrating the target: melding the two organizations so that they can perform effectively together, while mitigating risk, volatility and confusion to the greatest extent possible

      Q: Is an acquisition strategy a core competency of your company … can you execute such a transaction successfully?

      Due Diligence Performed on any Acquisition Target: A Critical Activity on the Strategic and Tactical Levels

      – Valuation, impact on future financial results

      – Management/staff

      – Profitability of new (potential), existing business

      – Competitive market position; product management, distribution capabilities

      – Synergies: strategic, operational, financial, market/product/distribution

      – Investments

      – Expense structure (opportunities for increasing efficiency and/or cost reduction)

      – Technological capabilities or possible lack of fit

      – Contractual obligations

      – Areas of risk or uncertainty

      Many acquisitions are viewed retrospectively as failures. A lack of accurate evaluation of/objectivity about prospective acquisition targets (using ‘rose-colored glasses’ leads many (most?) acquirers to have unrealizable goals for their transactions, and as a consequence the end results (strategic, financial or otherwise) do not meet expectations.  There is a considerable level of risk to the acquirer if the due diligence process is not conducted with sufficient accuracy and objectivity.

      Evaluating the Capabilities of an Organization to Execute Successful Acquirer: Being a successful acquirer requires a number of skills and mind-sets:

      – Knowing one’s own corporate vision, mission, strategy and operating model, and how  acquisitions complement them

      – Having a disciplined approach: evaluating fit, paying an appropriate price based on economic value, both current and future

      – Performing careful, accurate and objective due diligence on the target company and management counterparts … caveat emptor!

      – Executing timely, well planned and orchestrated integration activities focus on achieving a favorable operational model and attaining a satisfactory level of cost savings; a number of  companies that acquired positive reputations as acquirers were in fact poor at integrating their acquisition(s), causing their organizations to implode

      – Managing the staffs and corporate cultures sensitively. There is considerable amount of research that identifies human resource related issues as the most prevalent causes for acquisition failure; personalities (egos), conflicting management styles and cultures, and different compensation structures are all too common. Proactive conflict resolution is critical to steer the resulting entity past these pratfalls. Open and continuous communication is critical.

      The General Lack of Success from Acquisitions is Attributed to Mismanaging One or More Critical Aspects of the Transaction with Material Risk

      Strategy

      – Incompatible cultures

      – Incompatible business models

      – Synergy non-existent or overestimated

      Due Diligence

      – Acquirer overpaid

      – Foreseeable problems overlooked

      – Acquired firm too unhealthy

      – Overlooking aspects of the target where excessive divestiture or liquidation might be required

      Implementation

      – Inability to manage target

      – Inability to implement change

      – Clash of management styles/egos

      Conclusion

      An acquisition is arguably the most difficult business endeavor a company can undertake. This report discussed a considerable number of elements involved in acquisition activity; they are all complex, and there are many junctures in the process where a number of these elements can go awry or reach adverse conclusions, either derailing transactions that could have otherwise been successful or ‘proving’ the efficacy of transactions that upon closer scrutiny could not have succeeded and should have been avoided.

      Studies of acquisition activity across all industries (not just insurance) have consistently  found that approximately two-thirds of these transactions yielded unsatisfactory results. One could observe that this is not surprising, as there are so many steps along the way that can turn into insurmountable roadblocks. Considering the myriad of factors that must be performed well, it is clear than sound, pragmatic risk management throughout the process and beyond is critical in order for acquisition activity to succeed

      ERM Role in Implementing a Winning Acquisition Strategy

      October 4, 2009

      From Mike Cohen

      Part 1 (of 2)

      “Winning bids are made by winning bidders”
      Author Unknown

      “Is there such a dynamic as The Winners’ Curse?”
      Richard H. Thaler

      Is an acquisition strategy a positive endeavor for an insurance company? Is it a strategy necessary for the survival of some companies? In these difficult times, even for companies that have a track record of success in this arena, is an acquisition the answer? This report explores the various thought processes that companies go through when they consider an acquisition strategy, explores what activities need to take place in order for an acquisition to be seen as successful, and reflects on the role of enterprise risk management in improving the likelihood of success.

      Success: According to Whom?

      A property isn’t valued on the same terms by a buyer and a seller. Buyers and sellers are trying to accomplish different things relative to their particular situations:                                                                   – The buyer is trying to enhance his business (ideally strategically, not just financially … although improving one’s financial position at this point time looks very appealing!); on what criteria will the buyer’s acquisition be viewed a success?                                                                                                        – The seller is trying to either raise capital or increase focus; on what terms will the seller’s divestiture be viewed a success?

      What can buyers and sellers do to increase their respective chances of success? What role can/should ERM play in these transactions?

      Acquisitions as an Element of Corporate Strategy: Various Perspectives

      What is the mind–set companies have as they consider acquisition activity?

      “We see the opportunity to make suitable acquisitions at the right price as just another way of meeting our corporate objectives”

      “We see acquisitions as crucial to achieving our objectives”

      “We are an acquisition specialist”

      “Our strategy is to make acquisitions and then integrate them effectively”

      Which is of these approaches is right for you, if any … and, if so, under what circumstances? Given that acquisition activity in the aggregate has an uneven track record of success, how can acquirers improve their likelihood of success? Have the myriad of risks involved in such complicate endeavors not been understood and dealt with effectively, causing the majority of acquisitions to fall short of expectations?

      Companies’ conversations with rating agencies have often revealed ‘curious’ expectations of acquisition activity:

      “The deal is ‘fully priced,’ but we did not overpay”

      “The deal will work because there is overlap”

      “The deal will work because there is no overlap”

      “Cultures are similar despite apparent differences”

      “Although not accretive, it’s non-dilutive”

      “Growth & profit objectives will be met through synergies”

      Enhancing an Organization’s Business Model, in General and via Acquisition, to Better Meet Goals and Objectives

      Can an Acquisition Be a Driver of Positive Change?

      Existing business model   Clear business case for an acquisition  Enhanced business model

      A well respected expert on business strategy and planning, Russell L. Ackoff, presented the concept of ‘idealized design” …  the best conceived business model a company can put into place. Does an acquisition help a company make its business model more effective? For this to happen, it must be supportive of the following:

      – Mission, Vision: Is the acquisition consistent with the company’s strategic direction?
      – Profitability: EPS, ROE, EVA; is the acquisition accretive to financial results, and if not when will it be? Are there dynamics/risks that could prevent attainment of the stated financial objectives?
      – Competitive dynamics: Will additional market share provide the ability to dictate competitive terms? Given how fragmented the life insurance industry is, can the largest companies (as large as they are) alter competitive dynamics more in their favor? Does the acquisition enable the company to compete more strongly against powerful competitors?
      – Market share: Are economics of scale gained? Is less desirable (unfavorably priced) business being acquired? As said, since most insurance business segments are so fragmented, even after decades of consolidation activity, does market share even matter?
      – Is a company’s business profile materially enhanced?
      – Is favorable diversification gained? Is focus lost?

      Does an Acquisition Make a Company a More Successful Competitor?

      – Expanding distribution
      – Expanding geographic coverage
      – Achieving business growth, scale
      – Acquiring/enhancing functional capabilities
      – Increasing profits and capital

      To be continued …

      No Thanks, I have enough “New”

      September 24, 2009

      It seems sad when 75 year old businesses go bust.  They had something that worked for several generations of managers, employees and investors.  And now they are gone.  How could that be?

      There are two ways that old businesses can come to their demise.  They can do it because they stick to what they know and their product or service  (usually) slowly goes out of fashion.  Usually slowly, because all but the most ossified large successful companies can adapt enough to keep going for quite some time, even when faced by competition with a better business model/product or service.  Think of the US auto industry slowly declining for 40 years.

      The second way is a quick demise. This usually happens after the old company chooses to completely embrace something completely new.  If their historic business is in decline, many large old firms are on the look out for that new transformational thing.  The mistake that they sometimes make is to be in much too much of a hurry. They want to apply their size advantage to the new thing and start getting economies of scale in addition to early adopter advantages.

      The failure rate of new business is very, very high.  A big business that jumps to putting a large amount of its resources into the new business will be transforming a solid longstanding business effectively into a start-up.  But rarely do the big businesses in restart mode deliver anything like start-up returns.  So investors bare the risks of of the start-up with the returns only slightly higher than long term averages.

      This is a clear example of when the CEO needs to be the risk manager.  The established firm needs to have a limit for “New” businesses.  The plan for the new business should reflect an orderly transition between the franchise business and what MAY become the new franchise.  This requires the CEO to have a time frame in mind that is appropriate for a business that may have existed before he/she was born and that, if the risks are managed well, should exist long after they are gone.

      There are good underlying reasons why the “New” needs to be limited for a company with long term survival plans.  “New” involves several risks that a well established firm may have mastered a generation ago and have relegated to the corporate unconscious.

      The first is execution risk.  The established firm will doubtless be excellent at execution of its franchise business.  But the “New” will doubtless require different execution.  An example of this from the insurance industry, when US Life Insurers started into the equity linked products, man of them experienced severe execution problems.  Their traditional products involved collecting cash and putting it into their general fund.  They only provided annual information to their customers if any.  Their administrative systems and procedures were set up within an environment that was not particularly time sensitive.  The money was in the right place, their accounting could catch up “whenever”.   With the new equity linked products, exacting execution was important.  Money was not left in the general fund of the insurer but needed to be transferred to the investment manager within three days of receipt.  So insurers adapted to this new world by getting to the accounting and cash transfers “whenever” but crediting the customer with the performance of their chosen equity fund within the legal 3 day limit.  This worked out fine with small timing delays creating some small gains and some small losses for the insurers.  But the extended bull market of the late 1990’s made for a repeated loss because the delay of processing and cash transfer meant that the insurer was commonly backdating to a lower purchase price for the shares than what they paid.  Some large old insurers who had jumped into this new world with both feet were losing millions to this simple execution risk.  In addition, for those who were slow to fix things, they got hit on the way down as well.  When the Internet bubble popped, there were many, many calls for customer funds to be taken out of the equity funds.  Slow processing meant that they paid out at a higher rate than what they received from their delayed transactions with the investment funds.

      The insurers had a well established set of operational procedures that actually put them at a disadvantage compared to start-ups in the same business.

      The second is the “unknown” risk.  A firm that has been operating for many years is often very familiar with the risks of its franchise business.  In fact, their approach to risk management for that business may well be so ingrained, that it is no longer considered a high priority.  It just happens.  And the risk management systems that have been in place may work well with little active top management attention.  These organizations are usually not very well positioned to be able to notice and prepare for the new unknown risks that the new business will have.

      The third is the “Unknowable”.  For a new activity, product or business, you just cannot tell what the periodicity of loss events or the severity of those events.  That was one of the mistakes in the sub prime market  The mortgage market has about a 15 year periodicity.  Since a large percentage of people operating in the sub prime space were not in that market the last time there was a downturn, they had no personal experience with the normal cycle of losses in the mortgage market.  Then there was the unknowable impact of the new mortgage products and the drastic expansion into sub prime.  It was just unknowable what would be the periodicity and severity of losses in the “new” mortgage market.

      So the point is that these things that are observed about the prior “new” things can be learned and extrapolated to future “new” things.

      But the solution is not to never do anything “new”, it is to keep the “new” reasonable in proportion to the rest of the organization, to put limits on “new” just like there are limits on any other major aspect of risk.

      The Interest Rate Spike of the Early 1980s: An Epic Dislocation in the Life Insurance Business

      September 19, 2009

      From Mike Cohen

      Perspective: The life insurance business was a relatively straightforward business from its inception and early growth years in the nineteenth century up until the late 1970’s.  Whole life insurance, with a fixed rate of return on its savings component in the 4% range, was sold by career agents who were ‘captive’ to (sold exclusively for) their companies. The business model clearly appeared to be sound. An inside joke at life insurance companies (insurance humor being what it is) was that “All you had to do was turn the lights on” and the business worked.

      An unprecedented economic event occurred over a span of 4 1/2 years, from late 1976 until the third quarter of 1981, that changed all that. Interest rates spiked to levels never before seen in the United States. The prime rate rose from a cyclical trough of 6.25% in December, 1976 to unheard of levels of 20% or higher in April, 1980, crossed the 20% threshold again for a two month stretch in December, 1980 through February, 2001, and yet again from May through September, 2001. This shock challenged literally everything about the life insurance business:

      1) Guaranteed interest rates offered by whole life products were not (at all) competitive with other investment options consumers could get. Policyholders were borrowing heavily from their policies, as the loan interest rates were well below rates they could earn on their investments.  This dynamic spawned the financial strategy known as “buy term and invest the difference”, and drove insurers to develop products that paid competitive (relative to the market) rates, such as Universal Life

      2)  Bonds values were far ‘under water’ (below cost), as the rates of interest they paid were substantially below what investors could earn on other instruments. Without wanting to realize capital losses on their sale, insurers generally had little choice but to hope for a lower interest rate environment.

      3) Given that cash flow was leaving companies in substantial and potentially crippling amounts, many companies made one of two disastrous choices (and often both):

      – They paid their producers first year (heaped) commissions to rewrite business already on the books so it wouldn’t surrender, ruining the profitability on that business

      – They sold business offering current interest rates (GICs were an egregious example) to raise cash, but they weren’t able to invest the cash at comparable rates, locking in a negative spread, and losses. This dynamic spawned the creation of a critical financial/ actuarial technique, Asset Liability Management.

      As companies’ profitability reeled from these and related problems, they looked much closer looks at their profit fundamentals and sought ways to improve results. One area of many came under intense scrutiny … distribution costs. In this new environment, companies across the industry learned that an entirely new distribution model was critical for survival, let alone success.

      My company at the time (a life insurer) undertook a major strategic analysis in 1983 … products, markets, distribution were the key areas, but not the only ones. I was a member of the four person team heading this critical project. Overheard in one of our working sessions:

      “If we could only come up with a diamond in the rough”, said one of the other members on the project team, a close friend of mine.

      “We’ve already had it, and it endured for over 100 years.”, I replied. “We now need to develop significantly different solutions, and more fundamentally focus on entirely new ways to think about our business”.

      The life insurance industry had reached a dislocation. All of its strategic dynamics changed, and its companies were forced to change with it in order to survive. It took many years;  many industry observers would say more than a decade, but the industry was able to essentially reinvent itself and prosper.

      Now, in 2009, the life insurance industry is in the throes of the current dislocation as is the entire financial services industry, and its companies are faced with the challenge of responding to a new set of dynamics.


      %d bloggers like this: