Archive for the ‘Correlation’ category

Too Much Risk

August 18, 2014

Risk Management is all about avoiding taking Too Much Risk.

And when it really comes down to it, there are only a few ways to get into the situation of taking too much risk.

  1. Misunderstanding the risk involved in the choices made and to be made by the organization
  2. Misunderstanding the risk appetite of the organization
  3. Misunderstanding the risk taking capacity of the organization
  4. Deliberately ignoring the risk, the risk appetite and/or the risk taking capacity

So Risk Management needs to concentrate on preventing these four situations.  Here are some thoughts regarding how Risk Management can provide that.

1. Misunderstanding the risk involved in the choices made and to be made by an organization

This is the most common driver of Too Much Risk.  There are two major forms of misunderstanding:  Misunderstanding the riskiness of individual choices and Misunderstanding the way that risk from each choice aggregates.  Both of these drivers were strongly in evidence in the run up to the financial crisis.  The risk of each individual mortgage backed security was not seriously investigated by most participants in the market.  And the aggregation of the risk from the mortgages was misunderestimated as well.  In both cases, there was some rationalization for the misunderstanding.  The Misunderstanding was apparent to most only in hindsight.  And that is most common for misunderstanding risks.  Those who are later found to have made the wrong decisions about risk were most often acting on their beliefs about the risks at the time.  This problem is particularly common for firms with no history of consistently and rigorously measuring risks.  Those firms usually have very experienced managers who have been selecting their risks for a long time, who may work from rules of thumb.  Those firms suffer this problem most when new risks are encountered, when the environment changes making their experience less valid and when there is turnover of their experienced managers.  Firms that use a consistent and rigorous risk measurement process also suffer from model induced risk blindness.  The best approach is to combine analysis with experienced judgment.

2.  Misunderstanding the risk appetite of the organization

This is common for organizations where the risk appetite has never been spelled out.  All firms have risk appetites, it is just that in many, many cases, no one knows what they are in advance of a significant loss event.  So misunderstanding the unstated risk appetite is fairly common.  But actually, the most common problem with unstated risk appetites is under utilization of risk capacity.  Because the risk appetite is unknown, some ambitious managers will push to take as much risk as possible, but the majority will be over cautious and take less risk to make sure that things are “safe”.

3.  Misunderstanding the risk taking capacity of the organization

 This misunderstanding affects both companies who do state their risk appetites and companies who do not.  For those who do state their risk appetite, this problem comes about when the company assumes that they have contingent capital available but do not fully understand the contingencies.  The most important contingency is the usual one regarding money – no one wants to give money to someone who really, really needs it.  The preference is to give money to someone who has lots of money who is sure to repay.  For those who do not state a risk appetite, each person who has authority to take on risks does their own estimate of the risk appetite based upon their own estimate of the risk taking capacity.  It is likely that some will view the capacity as huge, especially in comparison to their decision.  So most often the problem is not misunderstanding the total risk taking capacity, but instead, mistaking the available risk capacity.

4.  Deliberately ignoring the risk, the risk appetite and/or the risk taking capacity of the organization

A well established risk management system will have solved the above problems.  However, that does not mean that their problems are over.  In most companies, there are rewards for success in terms of current compensation and promotions.  But it is usually difficult to distinguish luck from talent and good execution in a business about risk taking.  So there is a great temptation for managers to deliberately ignore the risk evaluation, the risk appetite and the risk taking capacity of the firm.  If the excess risk that they then take produces excess losses, then the firm may take a large loss.  But if the excess risk taking does not result in an excess loss, then there may be outsized gains reported and the manager may be seen as highly successful person who saw an opportunity that others did not.  This dynamic will create a constant friction between the Risk staff and those business managers who have found the opportunity that they believe will propel their career forward.

So get to work, risk managers.

Make sure that your organization

  1. Understands the risks
  2. Articulates and understands the risk appetite
  3. Understands the aggregate and remaining risk capacity at all times
  4. Keeps careful track of risks and risk taking to be sure to stop any managers who might want to ignore the risk, the risk appetite and the risk taking capacity

Risk Portfolio Management

April 18, 2013

In 1952, Harry Markowitz wrote the article “Portfolio Selection” which became the seed for the theory called Modern Portfolio Theory. Modern Portfolio Theory (MPT) promises a path to follow to achieve the maximum return for a given level of risk for an investment portfolio.

It is not clear who first thought to apply the MPT ideas to a portfolio of risks in an insurer. In 1974, Gustav Hamilton of Sweden’s Statsforetag proposed the “risk management circle” to describe the interaction of all elements in the risk management process, including assessment, control, financing and communication. In 1979, Randell Brubaker wrote about “Profit Maximization for a multi line Property/Liability Company.” Since then, the idea of risk and reward optimization has become to many the actual definition of ERM.

Standard & Poor’s calls the process “Strategic Risk Management”.

“Strategic Risk Management is the Standard & Poor’s term for the part of ERM that focuses on both the risks and returns of the entire firm. Although other aspects of ERM mainly focus on limiting downside, SRM is the process that will produce the upside, which is where the real value added of ERM lies.“

The Risk Portfolio Management process is nothing more or less than looking at the expected reward and loss potential for each major profit making activity of an insurer and applying the Modern Portfolio Management ideas of portfolio optimization to that risk and reward information.

At the strategic level, insurers will leverage the risk and reward knowledge that comes from their years of experience in the insurance markets as well as from their enterprise risk management (ERM) systems to find the risks where their company’s ability to execute can produce better average risk-adjusted returns. They then seek to optimize the risk/reward mix of the entire portfolio of insurance and investment risks that they hold. There are two aspects of this optimization process. First is the identification of the opportunities of the insurer in terms of expected return for the amount of risk. The second aspect is the interdependence of the risks. A risk with low interdependency with other risks may produce a better portfolio result than another risk with a higher stand alone return on risk but higher interdependence.

Proposals to grow or shrink parts of the business and choices to offset or transfer different major portions of the total risk positions can be viewed in terms of risk-adjusted return. This can be done as part of a capital budgeting/strategic resource allocation exercise and can be incorporated into regular decision-making. Some firms bring this approach into consideration only for major ad hoc decisions on acquisitions or divestitures and some use it all the time.

There are several common activities that may support the macro- level risk exploitation.

Economic Capital
Economic capital (EC) flows from the Provisioning principle. EC is often calculated with a comprehensive risk model consistently for all of the actual risks of the company. Adjustments are made for the imperfect correlation of the risks. Identification of the highest-concentration risks as well as the risks with lower correlation to the highest-concentration risks is risk information that can be exploited. Insurers may find that they have an advantage when adding risks to those areas with lower correlation to their largest risks if they have the expertise to manage those risks as well as they manage their largest risks.

Risk-adjusted product pricing
Another part of the process to manage risk portfolio risk reward involves the Consideration principle. Product pricing is “risk-adjusted” using one of several methods. One such method is to look at expected profits as a percentage of EC resulting in an expected return-to-risk capital ratio. Another method reflects the cost of capital associated with the economic capital of the product as well as volatility of expected income. The cost of capital is determined as the difference between the price to obtain capital and the rate of investment earnings on capital held by the insurer. Product profit projections then will show the pure profit as well as the return for risk of the product. Risk-adjusted value added is another way of approaching risk-adjusted pricing.

Capital budgeting
The capital needed to fulfill proposed business plans is projected based on the economic capital associated with the plans. Acceptance of strategic plans includes consideration of these capital needs and the returns associated with the capital that will be used. Risk exploitation as described above is one of the ways to optimize the use of capital over the planning period. The allocation of risk capital is a key step in this process.

Risk-adjusted performance measurement (RAPM)
Financial results of business plans are measured on a risk-adjusted basis. This includes recognition of the cost of holding the economic capital that is necessary to support each business as reflected in risk-adjusted pricing as well as the risk premiums and loss reserves for multi-period risks such as credit losses or casualty coverages. This should tie directly to the expectations of risk- adjusted profits that are used for product pricing and capital budgeting. Product pricing and capital budgeting form the expectations of performance. Risk-adjusted performance measurement means actually creating a system that reports on the degree to which those expectations are or are not met.

For non-life insurers, Risk Portfolio Management involves making strategic trade-offs between insurance, credit (on reinsurance ceded) and all aspects of investment risk based on a long-term view of risk-adjusted return for all of their choices.

Insurers that do not practice Portfolio Risk Management usually fail to do so because they do not have a common measurement basis across all of their risks. The recent move of many insurers to develop economic capital models provides a powerful tool that can be used as the common risk measure for this process. Economic capital is most often the metric used to define risk in the risk/reward equation of insurers.

Some insurers choose not to develop an EC model and instead rely upon rating agency or regulatory capital formulas. The regulatory and rating agency capital formulas are by their nature broad market estimates of the risk capital of the insurer. These formulae will over-state the capital needs for some of the insurer’s activity and understate the needs for others. The insurer has the specific data about their own risks and can do a better job of assessing their risks than any outsider could ever do. In some cases, insurers took high amounts of catastrophe exposure or embedded guarantee and option risks, which were not penalized in the generic capital formulas. In the end, some insurers found that they had taken much more risk than their actual loss tolerance or capacity.

Risk Portfolio management provides insurers with the framework to take full advantage of the power of diversification in their risk selection. They will look at their insurance and investment choices based on the impact, after diversification, on their total risk/reward profile. These insurers will also react to the cycles in risk premium that exist for all of their different insurance risks and for all of their investment risks in the context of their total portfolio.

Sales of most insurance company products result in an increase in the amount of capital needed by the business due to low or negative initial profits and the need to support the new business with Economic Capital. After the year of issue, most insurance company products will show annual releases of capital both due to the earnings of the product as well as the release of supporting capital that is no longer needed due to terminations of prior coverages. The net capital needs of a business arise when growth (new sales less terminations) is high and/or profits are low and capital is released when growth is low and/or profits are high.

The definition of the capital needs for a product is the same as the definition of distributable earnings for an entire business: projected earnings less the increase in Economic Capital. The capital budgeting process will then focus on obtaining the right mix of short and long term returns for the capital that is needed for each set of business plans.

Both new and existing products can be subjected to this capital budgeting discipline. A forecast of capital usage by a new product can be developed and used as a factor in deciding which of several new products to develop. In considering new and existing products, capital budgeting may involve examining historic and projected financial returns.

Pitfalls of Risk Portfolio Management

In theory, optimization processes can be shown to produce the best results for practitioners. And for periods of time when fluctuations of experience are moderate and fall comfortably within the model parameters, continual fine tuning and higher reliance on the modeled optimization recommendations produce ever growing rewards for the expert practitioner. However, model errors and uncertainties are magnified when management relies upon the risk model to lever up the business. And at some point, the user of complex risk models will see that levering up their business seems to be a safe and profitable way to operate. When volatility shifts into a less predictable and/or higher level, the highly levered company can find it self quickly in major trouble.

Even without major deviations of experience, the Risk Portfolio Management principles can lead to major business disruptions. When an insurer makes a major change in its risk profile through an acquisition or divestiture of a large part of their business, the capital allocation of all other activities may shift drastically. Strict adherence to theory can whipsaw businesses as the insurer makes large changes in business.

Insurers need to be careful to use the risk model information to inform strategic decisions without overreliance and abdication of management judgment. Management should also push usage of risk and reward thinking throughout the organization. The one assumption that seems to cause the most trouble is correlation. The saying goes that “in a crisis, all correlations go to one”. If the justification for a major strategic decision is that correlations are far from one, management should take note of the above saying and prepare accordingly. In addition management should study the variability of correlations over time. They will find that correlations are often highly unreliable and this should have a major impact on the way that they are used in the Risk Portfolio Management process.

Risk Portfolio Management is one of the Seven ERM Principles for Insurers

Where is the Metric for Diversity?

June 18, 2012

“What gets measured, gets managed.” – Peter Drucker

By gaetanlee, via Wikimedia Commons

It seems that while diversification is widely touted as the fundamental principle behind insurance and behind risk management in general, there is no general measure of diversity. So based upon Drucker’s rule of thumb RISKVIEWS would say that we all fail to manage diversity.

A measure of diversity would tell us when we take more similar risks and when we are taking more distinct risks.  But we do not even look.

This may well be another part of good financial management that has been stolen by the presumptions of financial economics.  Financial economics PRESUMES that we all have full diversification.  It tells us that we cannot get paid for our lack of diversification.

But those presumptions are untested and untestable, at least as long as we fail to even measure diversity.

Correlation is the best measure that we have and it is barely used.  For the most part, correlation is used mainly to look at macro portfolio effects on Economic Capital Models.  And it is not a particularly good measure of diversity anyway.  It actually only measures a certain type of statistical comovement of data.  For example, below is a chart that shows that equity market comovement is increasing.

But have the activities of the largest companies in those markets been converging?  Or is this picture just an artifact of the continuing Euro crisis? In either case, if we were looking at a measure of diversity, rather than just comovement, we might have an idea whether this chart makes any sense or not.

Many believe that they are protected by indexing.  That an index is automatically diverse.  But there is little guarantee of that.  Particularly for a market-value weighted index.  In fact, a market-values weighted index is almost guaranteed to have less diversity just when it is needed most.

For a clear indication of that look at the TSX index during the internet bubble Nortel represented 35% of the index!  Concentration increases risk.  In this case, the results were disastrous for any indexers. While Nortel stock rose in the Dot Com mania, buyers of the TSX index were holding a larger and larger fraction of their investment in a single stock.

We badly need a metric for diversity.


Ford does some Real ERM Thinking

February 28, 2012

Ford shifted their pension fund investment strategy to overweight in bonds.  See Business Insider Story 

This is a clear example of real ERM thinking. 

For at least 40 years, pension plans have been investing in equities and they have claimes that since they have a long investment horizon, that they were immune to concerns about the fluctuations. 

But what has happened instead is that company after company has built up a very large equity exposure.  If they figured their real corporate risk profile, management would see how exposed that they are to stock market risk. 

Ford did some real ERM thinking when they realized that their business risk was fairly highly correlated to the stock market.  So by investing their pension plan assets in the stock market, they were assuring that investors would see their pension plan funding levels faulter just when their business was sputtering. 

There are two aspects of real ERM thinking here.  First, Ford looked past the fiction of the separate pension fund to realize that the company was really exposed to the risk of equity fluctuations.  Second, they realized the true correlations that face their business and its risks. 

Risk managers need to think outside the lines that we draw just like Ford did.   The banks did not do that when they lent money to hedge funds to purchase Mortgage CDOs. 

Risk managers need to look for risks that are likely to hit together and prepare to reduce the likely impact of the combined risk exposure by whatever means makes the msot sense.

Echo Chamber Risk Models

June 12, 2011

The dilemma is a classic – in order for a risk model to be credible, it must be an Echo Chamber – it must reflect the starting prejudices of management. But to be useful – and worth the time and effort of building it – it must provide some insights that management did not have before building the model.

The first thing that may be needed is to realize that the big risk model cannot be the only tool for risk management.  The Big Risk Model, also known as the Economic Capital Model, is NOT the Swiss Army Knife of risk management.  This Echo Chamber issue is only one reason why.

It is actually a good thing that the risk model reflects the beliefs of management and therefore gets credibility.  The model can then perform the one function that it is actually suited for.  That is to facilitate the process of looking at all of the risks of the firm on the same basis and to provide information about how those risks add up to make up the total risk of the firm.

That is very, very valuable to a risk management program that strives to be Enterprise-wide in scope.  The various risks of the firm can then be compared one to another.  The aggregation of risk can be explored.

All based on the views of management about the underlying characteristics of the risks. That functionality allows a quantum leap in the ability to understand and consistently manage the risks of the firm.

Before creating this capability, the risks of each firm were managed totally separately.  Some risks were highly restricted and others were allowed to grow in a mostly uncontrolled fashion.  With a credible risk model, management needs to face their inconsistencies embedded in the historical risk management of the firm.

Some firms look into this mirror and see their problems and immediately make plans to rationalize their risk profile.  Others lash out at the model in a shoot the messenger fashion.  A few will claim that they are running an ERM program, but the new information about risk will result in absolutely no change in risk profile.

It is difficult to imagine that a firm that had no clear idea of aggregate risk and the relative size of the components thereof would find absolutely nothing that needs adjustment.  Often it is a lack of political will within the firm to act upon the new risk knowledge.

For example, when major insurers started to create the economic capital models in the early part of this century, many found that their equity risk exposure was very large compared to their other risks and to their business strategy of being an insurer rather than an equity mutual fund.  Some firms used this new information to help guide a divestiture of equity risk.  Others delayed and delayed even while saying that they had too much equity risk.  Those firms were politically unable to use the new risk information to reduce the equity position of the group.  More than one major business segment had heavy equity positions and they could not choose which to tell to reduce.  They also rejected the idea of reducing exposure through hedging, perhaps because there was a belief at the top of the firm that the extra return of equities was worth the extra risk.

This situation is not at all unique to equity risk.   Other firms had the same experience with Catastrophe risks, interest rate risks and Casualty risk concentrations.

A risk model that was not an Echo Chamber model would be any use at all in these situation above. The differences between management beliefs and the model assumptions of a non Echo Chamber model would result in it being left out of the discussion entirely.

Other methods, such as stress tests can be used to bring in alternate views of the risks.

So an Echo Chamber is useful, but only if you are willing to listen to what you are saying.

A Wealth of Risk Management Research

December 15, 2010
The US actuarial profession has produced and/or sponsored quite a number of risk management research projects.  Here are links to the reports: 

It’s Usually the Second Truck

July 8, 2010

In many cases, companies survive the first bout of adversity.

It is the second bout that kills.

And more often than not, we are totally unprepared for that second hit.

Totally unprepared because of how we misunderstand statistics.

First of all, we believe that large loss events are unlikely and two large loss events are extremely unlikely.  So we decide not to prepare for the extremely unlikely event that we get hit by two large losses at the same time.  And in this case, “at the same time” may mean in subsequent years.  Some who look at correlation, only use an arbitrary calendar year split out of experience data.  So that they would consider losses in the third and fourth quarter to be happening at the same time but fourth quarter and first quarter of the next year would be considered different periods and therefore might show low correlations!

Second, we fail to deal with our reduced capacity immediately after a major loss event.  We still think of our capacity as it was before the first hit.  A part of our risk management plans for a major loss event should have been to immediately initiate a process to rationalize our risk exposures with our newly reduced capacity.  This may in part be due to the third issue.

Third, we misunderstand that the fact of the first event does not reduce the likelihood of the other risk events.  Those joint probabilities that made the dual event, no longer apply.  In fact, with the reduced capacity, the type of even that would incapacitate the firm has suddenly become much more likely.

Most companies that experience one large loss event do not experience a second shortly thereafter, but many companies that fail do.

So if your interest is to reduce the likelihood of failure, you should consider the two loss event situation as a scenario that you prepare for.

But those preparations will present a troubling alternative.  If, after the first major loss event, the actions needed include a sharp reduction in retained risk position, that will severely reduce the likelihood of growing back capacity.

Management is faced with a dilemma – that is two choices, neither of which are desirable.   But as with most issues in risk management, better to face those issues in advance and to make a reasoned plan, rather than looking away and hoping for the best.

But on further reflection, this issue can be seen to be one of over concentration in a single risk.  Some firms have reacted to this whole idea by setting their risk tolerance such that any one loss event will be limited to their excess capital.  Their primary strategy for this type of concentration risk is in effect a diversification strategy.

%d bloggers like this: