The Joint Risk Management Section of the Canadian Institute of Actuaries, the Casualty Actuarial Society, and the Society of Actuaries will oversee an online survey to help understand individual risk managers’ perspectives on emerging risks. We value insights from all levels of experience and background and invite you to participate in this annual survey. Please complete this survey by Nov. 22nd. It should take about 15 minutes to complete. We hope you will share your thoughts and experiences in comment boxes. Responses from more than one risk manager within the same company are encouraged. All responses are anonymous. Thanks to the SOA Reinsurance and Financial Reporting Sections for supporting this research. If you have questions about the survey, please contact Jan Schuh at the SOA Research Institute, jschuh@soa.org.
Many of the most serious problems that have beset firms have not been repeats of past issues but very new situations. Emerging risks is one description that is used to refer to these “unknown unknowns.” It is simply not sufficient for an ERM program to fully master the control of potential losses from the risks that are known to exist right now. Many would consider the current financial crisis to be the result of emerging risks that were not sufficiently anticipated. Emerging risks may be unknown, but their consequences are real and insurers need to actively prepare for them.
Management should be monitoring and controlling the known risks. Emerging risks management is concerned with the impact of completely new or extremely rare adverse events. These risks cannot be managed via a control process. Monitoring systems would not show any results. But there are ways that the best- practice firms address emerging risks.
Emerging risks may appear suddenly or slowly, are difficult to identify, and often represent a new idea more than factual circumstances. They often result from changes in the political, legal, market, or physical environment, but the link between cause and effect is not proven. An example from the past is asbestos or silicone liabilities. Other examples could be problems deriving from nanotechnology, genetically modified food, climate change, etc. The recent problems experienced by banks and other financial firms resulting from mortgage losses could be classified as emerging risks.
For these risks, normal risk identification and monitoring will not work because the frequency is usually completely unknown. Nevertheless, past experience shows that when they materialize, they have a significant impact on businesses and therefore cannot be excluded from a solid risk management program. Specific strategies and approaches must be implemented to cope with them properly.
Emerging risks can be unknown to the corporate body or merely unknown to the main decision takers. The O-ring problem was known about before disaster hit the US space shuttle Challenger in 1986 – just not known in a way that helped. When considering emerging risks, we need to consider communication to, and within, the corporate body. A good ERM approach should be able to handle both these aspects.
Emerging risks management will include a process of early warnings that will allow company management to anticipate disasters, however short the period of notice. Such a firm will have an inclusive approach to identifying and evaluating risk. This inclusiveness will encourage employees to express concerns openly, it will lead to the ability to learn from others’ experiences and it will allow a constructive approach to intelligence-gathering of both hard and soft information. A firm with good emerging risks management would expect to perform thorough post-mortem analyses of problem situations and would feed the results of that analysis back into its on-going disaster-planning process.
While the best ERM programs will often have a comprehensive emerging risks process, that process is not well served by a routine checklist. A company with excellent extreme-event management practices will instill and sustain a decidedly non-routine, imaginative flavor into its process.
Normal risk control processes focus on everyday risk management, including the management of identifiable risks and/or risks where uncertainty and unpredictability, are mitigated by historical data that allow insurers to estimate loss distribution with reasonable confidence. Emerging risk management processes take over for risks that do not currently exist but that might emerge at some point due to changes in the environment.
Emerging risks may appear abruptly or gradually, are difficult to identify, and may for some time represent a hypothetical idea more than factual circumstances. They often result from changes in the political, legal, market or physical environment. An example from the past is asbestos; other examples could be problems deriving from nanotechnology, genetically modified food, climate change, etc. For these risks, normal risk identification and monitoring will not work because the likelihood is usually completely unknown.
Nevertheless, past experience shows that when they materialize, they can have a significant impact on insurers and therefore cannot be excluded from a solid risk management program. So insurers have implemented unique specific strategies and approaches to cope with them properly.
Identifying Emerging Risks
Developing an early warning system for emerging risks that methodically identifies potential new risk factors either through internal or external sources is very important. To minimize the uncertainty surrounding these risks, insurers will consistently gather all existing relevant information to amass preliminary evidence of emerging risks, which would allow the insurer to reduce or limit the growth of exposure as the evidence becomes more and more certain. However, insurers practicing this discipline will need to be aware of the cost of false alarms.
Assessing Their Significance
Parties should assess the relevance (i.e. potential losses) of the emerging risks linked to a company’s commitment— which classes of business and existing policies would be affected by the materialization of the risk—and continue with the assessment of the potential financial impact, taking into account potential correlation with other risks already present in the firm.
For an insurer, the degree of concentration and correlation of the risks that they have taken on from their customers are two important parameters to be considered; the risk in question could be subject to very low frequency/high intensity manifestations, but if exposure to that particular risk is limited, then the impact on the company may not be as important.
On the other hand, unexpected risk correlations should not be underestimated; small individual exposures can coalesce into an extreme risk if underlying risks are highly interdependent. When developing extreme scenarios, some degree of imagination to think of unthinkable interdependencies could be beneficial.
A further practice of insurers is to sometimes work backwards from concentrations to risks. Insurers might envision risks that could apply to their concentrations and then track for signs of risk emergence in those areas. Some insurers set risk limits for insurance concentrations that are very similar to investment portfolio credit limits, with maximum concentrations in specific industries in geographic or political regions.
In addition, just as investment limits might restrict an insurer’s debt or equity position as a percentage of a company’s total outstanding securities, some insurers limit the percentage of coverage they might offer in any of the sectors described above.
Define Appropriate Responses
Responses to emerging risks might be part of the normal risk control process, i.e. risk mitigation or transfer, either through reinsurance (or retrocession) in the case of insurance risks, through the financial markets for financial risks, or through general limit reduction or hedging.
When these options are not available or the insurer decides not to use them, it must be prepared to shoulder significant losses, which can strain a company’s liquidity. Planning access to liquidity is a basic part of emerging risk management. Asset-selling priorities, credit facilities with banks, and notes programs are possible ways for insurers to manage a liquidity crisis.
Apart from liquidity crisis management, other issues exist for which a contingency plan should be identified in advance. The company should be able to quickly estimate and identify total losses and the payments due. It should also have a clear plan for settling the claims in due time so as to avoid reputation issues. Availability of reinsurance is also an important consideration: if a reinsurer were exposed to the same risks, it would be a sound practice for the primary insurer to evaluate the risk that the reinsurer might delay payments.
Advance Warning Process
For emerging risks the response plans developed as described above would often not be implemented immediately. Their implementation would often be deferred until a later date when the immanence of the emerging risk is more certain. For the risks that have been identified as most significant and where the insurer has developed coherent contingency plans, the next step is to create and install an advanced warning process.
To do that, the insurer identifies key risk indicators that provide an indication of increasing likelihood of a particular emerging risk. These key risk indicators are tracked and compared to a trigger point that has been identified in advance. The trigger point might be set at the point when it is thought that action is needed, but more likely it triggers a new round of investigation of both potential impact and responses.
Learn
Finally, sound practices for managing emerging risks include establishing procedures for learning from past events is important. The company should identify problems that appeared during the last extreme event and identify improvements to be added to the risk controls.
All of these steps can be applied by any firm in any sector with some adaptation.
The Joint Risk Management Section of the Canadian Institute of Actuaries, the Casualty Actuarial Society, and the Society of Actuaries is overseeing an online survey to help understand individual risk managers’ perspectives on emerging risks. We value your insights and invite you to participate in this annual survey. Please complete this survey by Nov. 23rd. It should take about 15 minutes to complete. We hope you will share your thoughts and experiences in comment boxes. Responses from more than one risk manager within the same company are encouraged. All responses are anonymous. Thanks to the SOA Reinsurance and Financial Reporting Sections for supporting this research. If you have questions about the survey, please contact Jan Schuh at jschuh@soa.org.
Many discussions of COVID-19 mitigation revolve around the requirements and recommendations that are made by the government.
The CDC suggests answering this question:
To what extent do individuals and organizations practice community mitigation strategies?
We will seek to answer that question via a questionnaire. Right now, we have piloted that questionnaire twice with about 30 people providing observations.
We have observations from people in the above states, which provide diverse situations regarding their COVID situation. (Here Level refers to the number of new cases per 100k from the past 14 days and Rate refers to the New Infection Rate which is the new infections from the current day as a percentage of the infections for the prior 14 days.)
Pilot Project Findings – not credible amount of data
The above reflects the average compliance over 36 mitigation strategies. This is a Pilot, so we are not concerning ourselves about numbers of observations but we recognize that these are not sufficient to draw any conclusions about the actual level of compliance. Of those 36 strategies, the top 10 are:
Pilot Project Findings – not credible amount of data
We welcome additional observers. We will be continuing the Pilot Project and working on getting funding to turn this into a full scale research project.
To contribute your observations follow this LINK. We welcome both additional observers for the states above as well as observers from states where we have not yet received any observations.
RISKVIEWS believes that this may be the best top 10 list of posts in the history of this blog. Thanks to our readers whose clicks resulted in their selection.
Instructions for a 17 Step ORSA Process– Own Risk and Solvency Assessment is here for Canadian insurers, coming in 2015 for US and required in Europe for 2016. At least 10 other countries have also adopted ORSA and are moving towards full implementation. This post leads you to 17 other posts that give a detailed view of the various parts to a full ORSA process and report.
What kind of Stress Test? – Risk managers need to do a better job communicating what they are doing. Much communications about risk models and stress tests is fairly mechanical and technical. This post suggests some plain English terminology to describe the stress tests to non-technical audiences such as boards and top management.
ORSA ==> AC – ST > RCS– You will notice a recurring theme in 2014 – ORSA. That topic has taken up much of RISKVIEWS time in 2014 and will likely take up even more in 2015 and after as more and more companies undertake their first ORSA process and report. This post is a simple explanation of the question that ORSA is trying to answer that RISKVIEWS has used when explaining ORSA to a board of directors.
The History of Risk Management – Someone asked RISKVIEWS to do a speech on the history of ERM. This post and the associated new permanent page are the notes from writing that speech. Much more here than could fit into a 15 minute talk.
Hierarchy Principle of Risk Management– There are thousands of risks faced by an insurer that do not belong in their ERM program. That is because of the Hierarchy Principle. Many insurers who have followed someone’s urging that ALL risk need to be included in ERM belatedly find out that no one in top management wants to hear from them or to let them talk to the board. A good dose of the Hierarchy Principle will fix that, though it will take time. Bad first impressions are difficult to fix.
Risk Culture, Neoclassical Economics, and Enterprise Risk Management– A discussion of the different beliefs about how business and risk work. A difference in the beliefs that are taught in MBA and Finance programs from the beliefs about risk that underpin ERM make it difficult to reconcile spending time and money on risk management.
What CEO’s Think about Risk– A discussion of three different aspects of decision-making as practiced by top management of companies and the decision making processes that are taught to quants can make quants less effective when trying to explain their work and conclusions.
Decision Making Under Deep Uncertainty– Explores the concepts of Deep Uncertainty and Wicked Problems. Of interest if you have any risks that you find yourself unable to clearly understand or if you have any problems where all of the apparent solutions are strongly opposed by one group of stakeholders or another.
There is no single approach to risk management that will work for all risks nor, for any one risk, is there any one approach to risk management that will work for all times. Rational adaptability is the strategy of altering … Continue reading →
In 1973, CS Holling, a biologist, argued that the “Equilibrium” idea of natural systems that was then popular with ecologists was wrong.He said that natural systems went through drastic, unpredictable changes – such systems were “profoundly affected by random events”. … Continue reading →
Many theoreticians and more than a few executives take the position that incentive compensation is a powerful motivator. It therefore follows that careful crafting of the incentive compensation program is all that it takes to get the most out of a … Continue reading →
As video gaming has become more and more sophisticated, and as the hardware to support those games has become capable of playing movies and other media, video game consoles have now become “Entertainment Systems”. Continue reading →
Insurance company risk managers need to recognize that traditional activities like underwriting, pricing and reserving are vitally important parts of managing the risks of their firm. Enterprise risk management (ERM) tends to focus upon only two or three of the … Continue reading →
In just a few days, actuaries will be the first group of Enterprise Risk Management (ERM) professionals to make a commitment to specific ERM standards for their work. In 2012, the Actuarial Standards Board passed two new Actuarial Standards of … Continue reading →
The 2013 ERM Symposium goes back to Chicago this year after a side trip to DC for 2012. This is the 11th year for the premier program for financial risk managers. Continue reading →
WillisWire has on several occasions featured opinions from a large number of our contributors about what might be the next emerging risk in various sectors. But what can be done once you have identified an emerging risk? Continue reading →
Slowly, but surely, and without a lot of fanfare, U.S. insurance regulators have been orchestrating a sea change in their interaction with companies over solvency. Not as dramatic as Solvency II in Europe, but the U.S. changes are actually happening … Continue reading →
The Joint Risk Management Section, sponsored by the Casualty Actuarial Society, Canadian Institute of Actuaries, and the Society of Actuaries, is interested in better understanding how risk managers deal with emerging risks.
This online survey is a follow-up to earlier surveys of emerging risks and will help to provide insight to evolving trends.
We would greatly appreciate you taking the time to complete the survey by November 12. It should take about 10 minutes to complete the basic survey. We hope you will share your thoughts and experiences in comment boxes. All responses are anonymous.
If you have questions about the survey, please contact Barbara Scott.
The story goes on to discuss the fact that Americans, especially in red states like Oklahoma, strongly prefer keeping the government out of the business of providing things like storm shelters, allowing that to be an individual option. Then reports that few individuals opt to spend their money on shelters.
The answer might well be in the numbers…
Below, from the National Oceanic and Atmospheric Administration (NOAA) is a list of the 25 deadliest tornadoes in US history:
1. Tri-State (MO, IL, IN) – March 18, 1925 – 695 deaths
2. Natchez, MS – May 6, 1840 – 317 deaths
3. St. Louis, MO – May 27, 1896 – 255 deaths
4. Tupelo, MS – April 5, 1936 – 216 deaths
5. Gainesville, GA – April 6, 1936 – 203 deaths
6. Woodward, OK – April 9, 1947 – 181 deaths
7. Joplin, MO – May 22, 2011 – 158 deaths
8. Amite, LA, Purvis, MS – April 24, 1908 – 143 deaths
9. New Richmond, WI – June 12, 1899 – 117 deaths
10. Flint, MI – June 8, 1953 – 116 deaths
11. Waco, TX – May 11, 1953 – 114 deaths
12. Goliad, TX – May 18, 1902 – 114 deaths
13. Omaha, NE – March 23, 1913 – 103 deaths
14. Mattoon, IL – May 26, 1917 – 101 deaths
15. Shinnston, WV – June 23, 1944 – 100 deaths
16. Marshfield, MO – April 18, 1880 – 99 deaths
17. Gainesville, GA – June 1, 1903 – 98 deaths
18. Poplar Bluff, MO – May 9, 1927 – 98 deaths
19. Snyder, OK – May 10, 1905 – 97 deaths
20. Comanche, IA & Albany, IL – June 3, 1860 – 92 deaths
21. Natchez, MS – April 24, 1908 – 91 deaths
22. Worcester, MA – June 9, 1953 – 90 deaths
23. Starkville, MS to Waco, AL -April 20, 1920 – 88 deaths
24. Lorain & Sandusky, OH – June 28, 1924 – 85 deaths
25. Udall, KS – May 25, 1955 – 80 deaths
Looks scary and impressively dangerous. Until you look more carefully at the dates. Most of those events are OLD. In fact, if you look at this as a histogram, you see something interesting…
You see from this chart, why there are few storm shelters. Between the 1890’s and 1950’s, there were at least two very deadly tornadoes per decade. Enough to keep people scared. But before the last week, there had not been a decade in over 50 years with any major events. 50 years is a long time to go between times when someone somewhere in the US needed a storm shelter to protect them from a very deadly storm.
This is not to say that there have not been storms in the past 50 years. The chart below from the Washington Post, shows the losses from tornadoes for that same 50 year period and the numbers are not small.
It is RISKVIEWS’ guess that in the face of smaller, less deadly but destructive storms, people are much more likely to attribute their own outcome to some innate talent that they have and the losers do not have. Sort of like the folks who have had one or several good experiences at the slot machines who believe that they have a talent for gambling.
Another reason is that almost 45% of storm fatalities are folks who live in trailers. They often will not even have an option to build their own storm shelter. There it is probably something that could be addressed by regulations regarding zoning of trailer parks.
Proper risk management can only be done in advance. The risk management second guessing that is done after the fact helps to create a tremendous drag on society. We are forced into spending money to prevent recurrence of the last disaster, regardless of whether that expenditure makes any sense at all on the basis of frequency and severity of the potential adverse events or not.
We cannot see the future as clearly as we can see the past. We can only prepare for some of the possible futures.
The BBC article stands on the side of that discussion that looks back after the fact and finds fault with whoever did not properly see the future exactly as clearly as they are now able to see the past.
A simple recent example of this is the coverage of the Boston Marathon bombers. Much has been made of the fact that there were warnings about one or more members of the family before the event. But no one has chosen to mention how many others who did not commit bombings were there similar or even much more dire warnings about. It seems quite likely, that the warnings about these people were dots in a stream of hundreds of thousands of similar warnings.
• Planning and testing: It is important that your company and all of your important counterparties, vendors, and sub contractees, fully understand the functionality of contingency systems, and that key operations and business personnel communicate efficiently to assure enterprise-wide clarity. Expanded testing exercises would enhance assurance of failover reliability. Such testing should involve all parties inside and outside your firm that you depend upon to continue functioning, and should also involve providers of essential services such as power, water, and telecommunications.
• Incident management: Protocols for assuring a timely decision on whether and when to close or open the company would benefit from review and streamlining by the responsible parties. Likewise, protocols for assuring timely decisions within the firm on whether and when to leverage back-up sites would benefit from continued regular testing. Furthermore, operational interdependencies need to be fully incorporated in the decision-making process.
• Personnel: The resilience of critical components of the company requires geographic dispersal of both electronic systems and personnel sufficient to enable an organization to operate despite the occurrence of a wide-scale disruption affecting the metropolitan or geographic area of the organization’s primary operations, including communities economically integrated with, adjacent to, or within normal commuting distance of the primary operations area. Organizations, including major firms, need to continuously and rigorously analyze their routine positioning and emergency repositioning of key management and staff. This is an ongoing requirement as technology, market structure, and institutions evolve rapidly. Developed business continuity plans should be implemented, and key staff should be sent to disaster recovery sites when there is advance notice of events.
• Dependencies: Cross-industry interdependencies require constant review, reassessment, and improvement by organizations to mitigate the impact of energy, power, transport, and communications failures during severe incidents, and to help ensure reliable redundancy.
Often called emerging risks. Going back to Knight’s definitions of Risk and Uncertainty, there is very little risk contained in these potential situations. Emerging risks are often pure uncertainty. Humans are good at finding patterns. Emerging risks are breaks in patterns.
What to Do about Emerging Risks…
Emerging risks are defined by AM Best as “new or evolving risks that are difficult to manage because their identification, likelihood of occurrence, potential impacts, timing of occurrence or impact, or correlation with other risks, are highly uncertain.” An example from the past is asbestos; other current examples could be problems deriving from nanotechnology, genetically modified food, climate change, etc. Lloyd’s, a major sufferer from the former emerging risk of asbestos, takes emerging risks very seriously. They think of emerging risks as “an issue that is perceived to be potentially significant but which may not be fully understood or allowed for in insurance terms and conditions, pricing, reserving or capital setting”.
What do the rating agencies expect?
AM Best says that insurers need “sound risk management practices relative to its risk profile and considering the risks inherent in the liabilities it writes, the assets it acquires and the market(s) in which it operates, and takes into consideration new and emerging risks.” In 2013, Best has added a question asking insurers to identify emerging risks to the ERM section of the SRQ. Emerging Risks Management has been one of the five major pillars of the Standard & Poor’s Insurance ERM ratings criteria since 2006.
How do you identify emerging risks?
A recent report from the World Economic Forum, The Global Risks 2012 report is based on a survey of 469 experts from industry, government, academia and civil society that examines 50 global risks. Those experts identified 8 of those 50 risks as having the most significance over the next 10 years:
Chronic fiscal imbalances
Cyber attacks
Extreme volatility in energy and agriculture prices
Food shortage crises
Major systemic financial failure
Rising greenhouse gas emissions
Severe income disparity
Water supply crises
This survey method for identifying or prioritizing risks is called the Delphi method and can be used by any insurer. Another popular method is called environmental scanning which includes simply reading and paying attention for unusual information about situations that could evolve into future major risks.
What can go wrong?
Many companies do not have any process to consider emerging risks. At those firms, managers usually dismiss many possible emerging risks as impossible. It may be the company culture to scoff at the sci fi thinking of the emerging risks process. The process Taleb describes of finding ex post explanation for emerging Black Swan risks is often the undoing of careful plans to manage emerging risk. In addition, lack of imagination causes some managers to conclude that the past worst case is the outer limit for future losses.
What can you do about emerging risks?
The objectives for emerging risks management are just the same as for other more well-known risks: to reduce the frequency and severity of future losses. The uncertain nature of emerging risks makes that much more difficult to do cost effectively. Insurers can use scenario testing to examine potential impact of emerging risks and to see what actions taken in advance of their emergence might lessen exposures to losses. This scenario testing can also help to identify what actions might lessen the impact of an unexpected loss event that comes from a very rapidly emerging risk. Finally, insurers seek to identify and track leading indicators of impending new risk emergence.
Reinsurance is one of the most effective ways to protect against emerging risks, second only to careful drafting of insurance contract terms and conditions
Many of the largest insurers and reinsurers have developed very robust practices to identify and to prepare for emerging risks. Other companies can learn from the insurers who practice emerging risk management and adapt the same processes to their emerging risks.
Normal risk control processes focus on everyday risk management, including the management of identifiable risks and/or risks where uncertainty and unpredictability are mitigated by historical data that allow insurers to estimate loss distribution with reasonable confidence. Emerging risk management processes take over for risks that do not currently exist but that might emerge at some point due to changes in the environment. Emerging risks may appear abruptly or slowly and gradually, are difficult to identify, and may for some time represent an ill formed idea more than factual circumstances. They often result from changes in the political, legal, market, or physical environment, but the link between cause and effect is fully known in advance. An example from the past is asbestos; other examples could be problems deriving from nanotechnology, genetically modified food, climate change, etc. For these risks, normal risk identification and monitoring will not work because the likelihood is usually completely unknown. Nevertheless, past experience shows that when they materialize, they have a significant impact on the insurers and therefore cannot be excluded from a solid risk management program. So insurers have implemented unique specific strategies and approaches to cope with them properly.
Identifying emerging risks
Emerging risks have not yet materialized or are not yet clearly defined and can appear abruptly or very slowly. Therefore, having some sort of early warning system in place, methodically identified either through internal or external sources, is very important. To minimize the uncertainty surrounding these risks, insurers will consistently gather all existing relevant information to amass preliminary evidence of emerging risks, which would allow the insurer to reduce or limit growth of exposure as the evidence becomes more and more certain. However, Insurers practicing this discipline will need to be aware of the cost of false alarms.
Assessing their significance
Assess the relevance (i.e. potential losses) of the emerging risks linked to a company’s commitment— which classes of business and existing policies would be affected by the materialization of the risk—and continue with the assessment of the potential financial impact, taking into account potential correlation with other risks already present in the firm. For an insurer, the degree of concentration and correlation of the risks that they have taken on from their customers are two important parameters to be considered; the risk in question could be subject to very low frequency/high intensity manifestations, but if exposure to that particular risk is limited, then the impact on the company may not be as important. On the other hand, unexpected risk correlations should not be underestimated; small individual exposures can coalesce into an extreme risk if underlying risks are highly interdependent. When developing extreme scenarios, some degree of imagination to think of unthinkable interdependencies could be beneficial.
A further practice of insurers is to sometimes work backwards from concentrations to risks. Insurers might envision risks that could apply to their concentrations and then track for signs of risk emergence in those areas. Some insurers set risk limits for insurance concentrations that are very similar to investment portfolio credit limits, with maximum concentrations in specific industries in geographic or political regions. In addition, just as investment limits might restrict an insurer’s debt or equity position as a percentage of a company’s total outstanding securities, some insurers limit the percentage of coverage they might offer in any of the sectors described above.
Define appropriate responses
Responses to emerging risks might be part of the normal risk control process, i.e., risk mitigation or transfer, either through reinsurance (or retrocession) in case of insurance risks, through the financial markets for financial risks, or through general limit reduction or hedging. When these options are not available or the insurer decides not to use them, it must be prepared to shoulder significant losses, which can strain a company’s liquidity. Planning access to liquidity is a basic part of emerging risk management. Asset-selling priorities, credit facilities with banks, and notes programs are possible ways of managing a liquidity crisis.
Apart from liquidity crisis management, other issues exist for which a contingency plan should be identified in advance. The company should be able to quickly estimate and identify total losses and the payments due. It should also have a clear plan for settling the claims in due time so as to avoid reputation issues. Availability of reinsurance is also an important consideration: if a reinsurer were exposed to the same risks, it would be a sound practice for the primary insurer to evaluate the risk that the reinsurer might delay payments.
Advance Warning Process
For the risks that have identified as most significant and where the insurer has developed coherent contingency plans, the next step is to create and install an advanced warning process. To do that, the insurer identifies key risk indicators that provide an indication of increasing likelihood of a particular emerging risk.
Learn
Finally, sound practices for managing emerging risks include establishing procedures for learning from past events. The company will identify problems that appeared during the last extreme event and identify improvements to be added to the risk controls. In addition, expect to get better at each step of the emerging risk process with time and experience.
But emerging risk management costs money. And the costs that are most difficult to defend are the emerging risks that never emerge. A good emerging risk process will have many more misses than hits. Real emerged risks are rare. A company that is really taking emerging risks seriously will be taking actions on occasion that cost money to perform and possibly include a reduction in the risks accepted and the attendant profits. Management needs to have a tolerance for these costs. But not too much tolerance.
The authors are part of a group at Cambridge (actually, there are three members of the group) who are interested in studying threats from technology. “Many scientists are concerned that developments in human technology may soon pose new, extinction-level risks to our species as a whole.” says their website, The Cambridge Project for Existential Risk.
Go back and watch I Robot again. The only reason that the robot rebellion was foiled was because there was one robot who was designed to be independent enough to disagree.
If the “group” from Cambridge is correct, we need to get working on designing that robot that will save the day.
But first, we should ask them what they mean by “many scientists”?
Much too much of what we do relies upon the simplest idea of linear extrapolation. It must be hard wired into human brains to always think first of that process. Because we frequently seem to miss when extrapolation does not work.
Risk managers desperately need to understand the idea of system capacity. The capacity of a system is a point beyond which the system will fail or will start to work completely differently.
The obvious simple example is a cup with a small hole in the bottom. If you pour water into that cup at a rate that is exactly equal to the rate of the leak from the hole at the bottom, then the water level of the cup will be in equilibrium. A little slower and the cup will empty. A little faster and it will fill. Too long in the fill mode and it will spill. The capacity will be exceeded.
The highly popular single serving coffee machines are built with a fixed approach to cup capacity. The more sophisticated will allow for two different capacities, but usually leave it to the human operator to determine which limit to apply.
For the past several years, there have been a number of events, the latest a hurricane that damaged an area the size of Western Europe, that have far exceeded the resilience capacity of our systems. The resilience capacity is the amount of damage that we can sustain without any significant disruption. If we exceed our resilience capacity by a small amount, then we end up with a small amount of disruption. But the amount of disruption seems to grow exponentially as the exceedance of resilience capacity increases.
The disruption to the New York area from Hurricane Sandy far exceeded the resilience capacity. For one example, the power outages still continue two weeks after the storm. The repairs that have been done to date have reflected herioc round the clock efforts by both local and regional repair crews. The size of the problem was so immense that even with the significant outside help, the situation is still out of control for some homes and businesses.
We need to ask ourselves whether we need to increase the resilience capacity of our modern societies?
Have we developed our sense of what is needed during a brief interlude of benign experiences? In the financial markets, the term “Great Moderation” has been used to describe the 20 year period leading up to the bursting of the dot com bubble. During that period, lots of financial economics was developed. The jury is still out about whether those insights have any value if the world is actually much more volatile and unpredictable than that period of time.
Some weather experts have pointed out that hurricanes go in cycles, with high and low periods of activities. Perhaps we have been moving into a high period.
It is also possible that some of the success that mankind has experienced in the past 50 years might be in part due to a tempory lull in many damaging natural phenomina. The cost of just keeping even was lower than over the rest of mankind’s history.
What if the current string of catastrophes is just a regression to the mean and we can expect that the future will be significantly more adverse than the mild past that we fondly remember?
We need to come to a conclusion on those questions to determine How Much Resilience Do We Need?
The Joint Risk Management Section, sponsored by the Casualty Actuarial Society, Canadian Institute of Actuaries, and the Society of Actuaries, is interested in better understanding how risk managers deal with emerging risks. The objective of this effort is to examine and ultimately give guidance to risk managers on how to deal with these unknown and developing risks.
To achieve this, we have designed an online survey to gather information about emerging risks and related issues. This survey is a follow-up to earlier surveys on emerging risks and will help to provide insight to changes and trends in this evolving field.
We would greatly appreciate you taking the time to complete the survey by October 26. It should take less than 10 minutes to complete the basic survey, but we hope you will share your thoughts in comment boxes, as well. Please share this survey link with other risk managers (internal and external) who might be interested in sharing their thoughts. We hope to gather a wide variety of perspectives from the survey.
It is our hope that the results of this survey will help risk managers deal with information that exists outside historical data sets. We assure you that results will be reported anonymously and that your specific responses will be held under the strictest confidence.
If you have questions about the survey, please contact Barbara Scott.
Thanks very much for your consideration! We expect to report results in December.
“Truth be told, risk management is an ever-evolving discipline. The Great Recession pointed out both the shortcomings of implementation at many companies, as well as the potential for a strong risk culture driving the risk management process. As time passes from this crisis to the next (as there is always another one around the bend), recurring trends are becoming apparent and companies across the world are getting smarter about the essential need to move risk management from the back room to a position influencing strategic decisions.”
Joshua Brown wrote “Ten Commandments for a Crash” – his advice for stock traders in a stock market crash. Most of his ideas can be generalized to refer to any situation where large losses or even the threat of large losses occurs.
1. Acknowledge that its a crash.
This is first and most difficult. The natural impulse of humans when things look worse than they ever imagined is to close your eyes and hope that it was a dream. To wait for things to come back to normal. But sometimes the only survivors are the people who stopped imagining a return to normal first and accepted the bad news as reality.
2. Pencils Down!
This means abandoning your research based upon the previous paradigm. Do not run the model one more time to see what it says. All of the model parameters are now suspect. You do not usually know enough to say which ones are still true.
3. Don’t listen to “stockpickers” or sell-side equity analysts.
Get your head out of the nits. Your usual business may require that you are a master of the details of your markets. You are looking to build your year’s result up over 52 weeks, looking to create 1/52 of your target return each week. But when the crisis hits, the right macro decisions can change your results by half a year’s worth of normal business.
4. Ignore the asset-gatherers and the brokerage firm strategists,
Know the bias of the people you are getting advice from. They may be saying what is necessary for THEIR firm to make it through the crash, no matter what their advice would do to you.
5. Make sacrifices
You are going to need to let go of one or several of the things that you were patiently nursing along in hopes of a big payoff later on when they came around. Make these decisions sooner rather than later. Otherwise, they will be dragging you down along with everything else. Think of it as a scale change. The old long term opportunities mostly become losers while some of the marginally profitable situations become your new opportunities. Choose fast.
6. Make two lists.
Those are the lists of things that you might now want to start doing if the terms suddenly get sweeter and the things where you plan to dump unless you can tighten the terms. Keep updating the list every day as you get new information. Act on the list as opportunities change.
7. Watch sentiment more closely
This is the flip side to #1 above. The analysis may no longer be of help, but a good handle on the sentiment of your market will be invaluable. It will tell you when it is time to press for the stricter terms from your list #6.
8. Abandon any hope or intention of catching the bottom.
This may be an excuse for not making decisions when things are unclear. Guess what? THe bottom is only ever clear afterwards.
9. Suspend disbelief.
Any opinions that you have that some aspect of your business environment will never get “that” bad will often be trashed by reality. In case you have been asleep for the last decade, each crisis results in new bigger losses than ever before. The sooner you get off the illusion that you know exactly how bad it can get, the sooner you will be making the right decisions and avoiding totally wrongly timed moves.
10. Stop being a know-it-all and shut up.
Everyone out there seems to know a small part of what is happening that no one else knows and is totally ignorant of most of what is going on from their own internal sources. If you talk all of the time, you will never learn those other pieces of the puzzle.
A good list. Some things to think about. A challenge to work these ideas into your planning for emerging risks. Need to practice adopting this point of view.
At least 75% of the US has experienced some Solar Risk this summer. Temperatures were into triple digits.
(in Fahrenheit. Fahrenheit is a part of the ancient measuring system that only America uses. 100F is 37.7C. Not so magical stated that way. But it is still exceptional.)
But very different solar risk is thought to be on the way. Solar Storms are thought to entering a busy season and to have the capability of wrecking havoc on various electromagnetic broadcast and receiving systems. GPS systems are thought to be particularly vulnerable.
The last major storm to hit earth reportedly caused the emerging telegraph systems in the US and Europe to encounter problems. We now depend upon many, many complex electronic systems.
But see what happens if you try to get your firm to prepare for violent solar storms. The best that may happen is that you would be laughed out of the room.
In a recent post, RISKVIEWS stated six key parts to ERM. These six ideas can act as the outline for describing an ERM Program. Here is how they could be used:
1. Risks need to be diversified. There is no risk management if a firm is just taking one big bet.
REPORT: Display the risk profile of the firm. Discuss how the firm has increased or decreased diversification within each risk and between risks in the recent past. Discuss how this is a result of deliberate risk and diversification related choices of the firm, rather than just a record of what happened as a result of other totally unrelated decisions.
2. Firm needs to be sure of the quality of the risks that they take. This implies that multiple ways of evaluating risks are needed to maintain quality, or to be aware of changes in quality. There is no single source of information about quality that is adequate.
REPORT: Display the risk quality of the firm. Discuss how the firm has increased or decreased risk quality in the recent past and the reasons for those changes. Discuss how risk quality is changing in the marketplace and how the firm maintains the quality of the risks that are chosen.
3. A control cycle is needed regarding the amount of risk taken. This implies measurements, appetites, limits, treatment actions, reporting, feedback.
REPORT: The control cycle will be described in terms of who is responsible for each step as well as the plans for remediation should limits be breached. A record of breaches should also be shown. (Note that a blemish-less record might be a sign of good control or it might simply mean that the limits are ineffectively large.) Emerging risks should have their own control cycle and be reported as well.
4. The pricing of the risks needs to be adequate. At least if you are in the risk business like insurers, for risks that are traded. For risks that are not traded, the benefit of the risk needs to exceed the cost in terms of potential losses.
REPORT: For General Insurance, this means reporting combined ratio. In addition, it is important to show how risk margins are similar to market risk margins. Note that products with combined ratios over 100% may or may not be profitable if the reserves do not include a discount for interest. This is accomplished by mark-to-market accounting for investment risks. Some insurance products have negative value when marked to market (all-in assets and liabilities) because they are sold with insufficient risk margins. This should be clearly reported, as well as the reasons for that activity.
5. The firm needs to manage its portfolio of risks so that it can take advantage of the opportunities that are often associated with its risks. This involves risk reward management.
REPORT: Risk reward management requires determining return on risk for all activities as well as a planning process that starts with projections of such and a conscious choice to construct a portfolio of risks. This process has its own control cycle. The reporting for this control cycle should be similar to the process described above. This part of the report needs to explain how management is thinking about the diversification benefits that potentially exist from the range of diverse risks taken.
6. The firm needs to provision for its retained risks appropriately, in terms of set asides (reserves or technical provisions) for expected losses and capital for excess losses.
REPORT: Losses can be shown in four layers, expected losses, losses that decrease total profits, losses that exceed gains from other sources but that are less than capital and losses that exceed capital. The likelihood of losses in each of those four layers should be described as well as the reasons for material changes. Some firms will choose to report their potential losses in two layers, expected losses, losses that reach a certain likelihood (usually 99.5% in a year or similar likelihood). However, regulators should have a high interest in the nature and potential size of those losses in excess of capital. The determination of the likelihood of losses in each of the four layers needs to reflect the other five aspects of ERM and when reporting on this aspect of ERM, discussion of how they are reflected would be in order.
News International has been the news for several days now. ABC News says that they are an example of How not to Handle a Phone Hacking Crisis. It seems that nearly every year hands us another example of how a company should NOT handle a crisis. The ideas of how TO handle one are pretty simple:
Get all the news out. Don’t withhold. The constant drip, drip of additional revelations makes many people skeptical about whether they ever hear the whole story.
Don’t just take advice from your lawyer. It is quite possible to be totally safe in a legal sense and totally ruined in the court of public opinion.
Have a plan and practice. Most company CEO’s that are faced with a crisis do not give the impression that they have ever given a minute of thought to what they might say in a crisis up until the very minute that they open their mouths. They also seem to be totally surprised by the questions that they get. There is no upside to knowing how to handle a crisis, but the downside to not knowing is a large fraction of the total net worth of the company. If the CEO cannot be bothered to prepare, then they must assign a very senior person to be prepared to be the spokesperson in a crisis. And also be prepared to hand over the top job to that person if there is a crisis and they handle things well.
Speed of response is Key. And once you have a crisis, every new item needs a response. In normal times, most items will blow over. Ignoring them is the best policy. In a crisis, the opposite is true. Everything, no matter how trivial or inaccurate, needs a response. You need to target getting as much airplay as your detractors.
Crisis management is not just talking. The actions that you take need to be as clear and decisive as your words. In many problem situations, early mitigation can be much more effective than a late mitigation, and less costly, and less troublesome to talk about. Imagine someone trying to make a big deal of a problem that you have already solved. Being ready to fix lots of things is not cheap, however. But imagine how much money BP would have saved if ANYONE would have had the equipment right there in the Gulf that was needed to fix that leak.
What in the end it takes is to focus some time and attention and money to being prepared for your worst nightmare.
From a mechanical perspective, finding something to “hedge” against longevity risk, i.e. the risk that pension payouts will increase due to improving mortality, is not particularly difficult. It is necessary to determine investment possibilities that will benefit from increased life expectancy.
Businesses that serve the aged such as nursing homes and medical products companies will be some of the sorts of things that will prosper in an increasingly aged economy.
Clever quants will be able to show that while the hedge is far from perfectly effective, it can be used to reduce the capital requirements of pensions and annuity exposures.
But there is a much larger question that is not likely to be addressed in looking at capital requirements for insurers and pension plans.
That is the issue of whether the economy will be able to sustain the aggregate effects of the aging of the populations in Japan, the US, Europe and China. Those investments in elderservice providers and elderproduct firms will provide a relative hedge. Those firms may do relatively better than the rest of the economy.
But on the whole, the economy might well be in the dumps, making the potential to earn the returns on investment needed to support the base level of pensions extremely difficult. We may well find out that it is not viable for an economy to both maintain its base promises to elders AND maintain a healthy economy at the same time.
Robert Schiller has described this problem well in a NYT Op Ed piece last spring. He describes an autonomous family farm where they must decide how to treat the family elders who are no longer able to work. If the farm has a bad year and harvest is poor, do they continue to feed the elders the same as in the good years and therefore starve the working members of the family? Or would that create a spiral that brought the entire family to ruin?
It would be good if we knew what happens to an economy that doubles the amount of total resources that are directed towards its non-productive elders. If there is a point where an economy would stop being viable, then the concerns about minor increases to pension benefits due to longevity increases are immaterial. The ruined economy sill simply not be able to pay the basic benefits.
It seems highly likely that the systems that were imagined in the last 100 years will not stand up to the pressures of the aging Baby Boomers. The discussion that at least in the US is not happening about funding for retiree medical and income needs may well be the wrong discussion. The discussion that is needed is to ask how the economy will survive the strain of the very large pool of elders.
Schiller’s family farm example leads to an immediate suggestion. One that many people are coming to privately, even if there is little public discussion. That suggestion is a complete rethinking of retirement and employment for elders. An honest evaluation of the real economic impact of the exploding numbers of elders is very likely to reveal that it is just not practical for an economy to provide for 20 – 25 years of leisure to a large fraction of its population.
This is a situation where our simple extrapolatory approach to assessing risk is inadequate. The future will most certainly be different from an extrapolation of the past.
Charles Lindberg made the fist solo transatlantic flight in 1927.
He was called Lucky Lindy because he succeeded at something that was judged to be highly unlikely. In fact, by analyzing prior experience you would give his solo trans Atlantic flight a ZERO likelihood.
So his flight was a freak occurrence. A Black Swan.
Six years later, Italo Balboa led a group of 24 planes across the Atlantic. By the 1940’s, flights across the Atlantic were a very regular thing.
Think about Lucky Lindberg when you imagine the next major catastrophe. You may not be able to get the event right, but there will be something that never happened that will be significantly worse that we imagined. And after it happens, there will be a few more larger events until events of that magnitude become commonplace.
Now instead of assigning that sequence a zero probability, figure out how to include that in your risk management system.
Steve Covey called it Sharpening the Saw. A good risk management program will be continually learning. The school of hard knocks is an extremely expensive teacher. It is much better to audit the course by observing the experiences of others and learning from them. The effective risk management program will be actively working to audit the courses of others experiences.
With that in mind, Risk Management magazine has devoted the May 2011 issue to learning from the Honshu earthquake. There are four articles that review some key aspects of the Japanese experience as it appears right now.
Nuclear Safety – the problems at the Fukushima Daiichi reactor came from the multiple events that struck. The safety provisions were sufficient for the earthquake, but not for the tsunami. There are specific questions raised in the article here about the specific design of the reactor cooling system. But a greater question is the approach to providing for extreme events. The tsunami was greater than any on the historical record. Should it be necessary to prepare for adverse events that are significantly worse than the worst that has ever happened? If so, how much worse is enough? Do we even have a way to talk about this important question?
Building Codes – the conclusion here is that Japanese building codes worked fairly well. Many larger buildings were still standing after both the quake and the tsunami. Christchurch did not fare as well. But New Zealand codes were thought to be very strict. However, the fault that was responsible for the earthquake there was only discovered recently. So Christchurch was not thought to be in a particularly quake prone area. As they overhaul the building codes in NZ, they do not expect to get much argument from strengthening the codes significantly in the Canterbury region. The question is whether any other places will learn from Christchurch’s example and update their codes?
Supply Chain – the movement over the past 10 years or more has been to “just-in-time” supply chain management. What is obvious now is that the tighter that the supply chain is strung, the more that it is susceptible to disruption – the riskier that it is. What we are learning is that great efficiency can bring great risk. We need to look at all of our processes to see whether we have created risks without realizing through our efforts to improve efficiency.
Preparedness – ultimately, our learnings need to be turned into actions. Preparedness is one set of actions that we should consider. The Risk Magazine focuses on making a point about the interconnectedness of all society now. They say “Even a simple sole proprietorship operating a company in rural South Dakota can be negatively affected by political and social unrest in Egypt.” We risk managers need to be aware of what preparedness means for each of our vulnerabilities and the degree to which we have reached a targeted stage of readiness.
Whenever there is a major crisis anywhere in the world, risk managers should review the experience to see what they can learn. They can look for parallels to their business. Can systems at their firm withstand similar stresses? What preparedness would create enough resilience? What did they learn from their adversity?
A second series of essays from the actuarial profession about the financial crisis. Download them HERE.
A Tale of Two Density Functions
By Dick Joss
The Systemic Risk of Risk Capital (Or the "No Matter What" Premise)
By C. Frytos &I.Chatzivasiloglou
Actuaries and Assumptions
By Jonathan Jacobs
Managing Financial Crises, Today and Beyond
By Vivek Gupta
What Did We Learn from the Financial Crisis?
By Shibashish Mukherjee
Financial Reform: A Legitimate Function of Government
By John Wiesner
The Economy and Self-Organized Criticality
By Matt Wilson
Systemic Risk Arising from a Financial System that Required Growth in a World with Limited Oil Supply
By Gail Tverberg
Managing Systemic Risk in Retirement Systems
By Minaz Lalani
Worry About Your Own Systemic Risk Exposures
By Dave Ingram
Systemic Risk as Negative Externality
By Rick Gorvette
Who Dares Oppose a Boom?
By David Merkel
Risk Management and the Board of Directors–Suggestions for Reform
By Richard Leblanc
Victory at All Costs
By Tim Cardinal and Jin Li
The Financial Crisis: Why Won't We Use the F(raud) Word?
By Louise Francis
PerfectSunrise–A Warning Before the Perfect Storm
By Max Rudolph
Strengthening Systemic Risk Regulation
By Alfred Weller
It's Securitization Stupid
By Paul Conlin
I Want You to Feel Your Pain
By Krzysztof Ostaszewski
Federal Reform Bill and the Insurance Industry
By David Sherwood
#2 Higher Interest Rates and Tighter Money in Emerging Markets
#3 Political Crises in the Middle East
#4 Surging Oil Prices
#5 An Increase in Interest Rates in Developed Markets
#6 The End of QE2
#7 Fiscal Cuts and Sovereign Debt Crises
#8 The Japanese Disaster
How should ideas like these impact on ERM systems? Is it at all reasonable to say that they should not? Definitely not.
These potential shocks illustrate the need for the ERM system to be reflexive. The system needs to react to changes in the risk environment. That would mean that it needs to reflect differences in the risk environment in three possible ways:
In the calibration of the risk model. Model assumptions can be adjusted to reflect the potential near term impact of the shocks. Some of the shocks are certain and could be thought to impact on expected economic activity (Japanese disaster) but have a range of possible consequences (changing volatility). Other shocks, which are much less certain (end of QE2 – because there could still be a QE3) may be difficult to work into model assumptions.
With Stress and Scenario Tests – each of these shocks as well as combinations of the shocks could be stress or scenario tests. Riskviews suggest that developing a handful of fully developed scenarios with 3 or more of these shocks in each would be the modst useful.
In the choices of Risk Appetite. The information and stress.scenario tests should lead to a serious reexamination of risk appetite. There are several reasonable reactions – to simply reduce risk appetite in total, to selectively reduce risk appetite, to increase efforts to diversify risks, or to plan to aggressively take on more risk as some risks are found to have much higher reward.
The last strategy mentioned above (aggressively take on more risk) might not be thought of by most to be a risk management strategy. But think of it this way, the strategy could be stated as an increase in the minimum target reward for risk. Since things are expected to be riskier, the firm decides that it must get paid more for risk taking, staying away from lower paid risks. This actually makes quite a bit MORE sense than taking the same risks, expecting the same reward for risks and just taking less risk, which might be the most common strategy selected.
The final consideration is compensation. How should the firm be paying people for their performance in a riskier environment? How should the increase in market risk premium be treated?
“There is currently an upsurge in management’s willingness to listen to risk managers.” But Risk Managers consistently show a disturbing tendency towards projecting the next crisis from the last. Now in its fourth year, the Emerging Risks Survey from the Joint Risk Management Section and conducted by Max Rudolph.
Emerging risks are risks that are evolving in uncertain ways, have been forgotten in their dormancy, or are new. Emerging risks typically do not have a known distribution, that is their frequency is unknown.
In 2007, a shock to oil prices was seen as the top “emerging risk” in the first survey of risk managers. That year had seen a major spike in oil prices. In 2008, a blow-up in asset prices was identified as the top “emerging risk” immediately following the melt down of the sub prime market and a major drop in stock prices. In 2009, a fall in the value of the US dollar was identified as the top “emerging risk” at the end of a year when many major currencies had strengthened against the dollar. The new 2010 survey, released this week, indicates again that a fall in the US dollar is the top “emerging risk”.
If in fact these risk managers are advising their employers in the same way that they answer surveys, firms will continue to be well prepared for the last crisis and unprepared for the next one.
However, when asked to identify the single top emerging risk concern, a Chinese economic hard landing was the top pick with 14% of the respondents selecting that choice. That is certainly a scenario that has not just recently happened. So at least 14% of the respondents are doing some forward thinking.
The World Economic Forum has recently released their sixth edition of the Global Risks Report. When they started issuing this report in 2006, many of the largest economies in the world were sailing along. To imagine world class risks took a vivid imagination. After the Global Financial Crisis, they now suggest “The world is in no position to face major, new shocks. The financial crisis has reduced global economic resilience, while increasing geopolitical tension and heightened social concerns suggest that both governments and societies are less able than ever to cope with global challenges.”
They highlight five risks:
Cyber-security issues ranging from the growing prevalence of cyber theft to the little-understood possibility of all-out cyber warfare
Demographic challenges adding to fiscal pressures in advanced economies and creating severe risks to social stability in emerging economies
Resource security issues causing extreme volatility and sustained increases over the long run in energy and commodity prices, if supply is no longer able to keep up with demand
Retrenchment from globalization through populist responses to economic disparities, if emerging economies do not take up a leadership role
Weapons of mass destruction, especially the possibility of renewed nuclear proliferation between states
The following graph that they draw from the IMF provides some startling perspective on the looming demographic/fiscal crisis in the developed countries, all with shrinking and rapidly aging populations:
This chart suggests that the unfunded old age pension liability for the advanced nations is on the average 8 times as large as the debt incurred fighting the financial crisis! This was called The World’s Largest Risk on that post.
According to the “experts” that the WEF polls as a part of their research, these are the most significant risks of the near future (frequency x severity):
Pension systems around the world are in total crisis. It is not a question whether the systems can fulfill any of their promises. There is not a real possibility that systems that exist can continue to pay the benefits that are now being paid to retirees over the next 40 years.
A loss that you know is coming is not a risk.
The risk is how the governments of the world will respond to this problem. Poor handling of this problem can bankrupt governments and throw an entire economy into a long term decline.
The fundamental issue is to find a way to balance the ability of an economy to pay retirement benefits with the needs of the bulge of retirees that the entire world will experience over the next 40 years. If governments try to pay out more than the economy can afford, then there will be very serious problems for those governments and their economies.
One very large problem is that in many countries, the pension benefits are not even set to be a reasonable self supporting system over time even without the age bulge.
Those issues should be tackled first. Those issues include:
Setting the basic benefit to be approximately 1.5% of wages per year of employment.
Full benefit for no less than 40 years of employment. Results in benefit of 60% of wages.
Full actuarial reduction of benefits for early retirement. Eliminate other subsidies where they exist.
Index pensions to wages, not to prices. Keeps link of benefits to revenues.
To work towards resolution of the age bulge requires benefit changes. Increases to taxes are likely to be counterproductive with the levels of government debt and changes to government spending and taxes that will be required to resolve those imbalances leave little leeway for pensions. The main change that will be needed will be to raise the retirement age. The above basic benefit of 1.5% for 40 years of employment needs to be shifted to a minimum of 45 years of employment. In some countries, the retirement age needs to be higher still. Needs of individuals who are not able to work because of physical problems of age will need to be handled under a disability system. That system will need to be policed to avoid overuse of the disability benefits.
This risk should be of high, though not immediate concern for all firms. How the governments resolve this issue will have massive impact on employment, taxes and the financial markets of each country. All firms should include this issue on their list of emerging risks and should do scenario analysis of the potential impact on their firms business, employees and investments.
This post was inspired by a World Bank presentation. To learn of their positions on these issues and to get the facts and projections that they present on this topic see worldbank.org.
The hunters had come back to the village empty handed after a particularly difficult day. They talked through the evening around the fire about what had happened. They needed to make sense out of their experience, so that they could go back out tomorrow and feel that they knew how the world worked well enough to risk another hunt. This day, they were able to convince themselves that what had happened was similar to another day many years ago and that it was an unusually bad day, but driven by natural forces that they could expect and plan for in the future.
Other days, they could not reconcile an unusually bad day and they attributed their experience to the wrath of one or another of their gods.
Risk managers still do the same thing. They have given this process a fancy name, Bayesian inference. The very bad days, we now call Black Swans instead of an act of the gods.
Where we have truly advanced is in our ability to claim that we can reverse this process. We claim that we can create the stories in advance of the experience and thereby provide better protection.
But we fail to realize that underneath, we are still those hunters. We tell the stories to make ourselves feel better, to feel safe enough to go back out the next day. Once we have gone through the process of a posteriori creation of the framework, the past events fit neatly into a framework that did not really exist when those same events were in the future.
If you do not believe that, think about how many risk models have had to be significantly recalibrated in the last 10 years.
To correct for this, we need to go against 10,000 or more years of human experience. The correction can be summed up with the line from the movie The Fly,
Be afraid. Be very afraid.
There is another answer. That answer is
Be smart. Be very smart.
That is because it is not always the best or even a very good strategy to be very afraid. Only sometimes. So you need to become smart enough to:
Know when it is really important to mistrust the models and to be very afraid
Have built up the credibility and trust so that you are not ignored.
While you are doing that,be careful with the a posteriori creations. The better people get with explaining away the bad days, the harder it will be for you to convince them that a really bad day is at hand.
Once you think of it, it seems obvious. Risk Managers need humility.
If you are dealing with any killer physical risk, there are two types of people who work close to that risk, the humble and the dead.
Being humble means that you never lose sight of the fact that RISK may at any time rise up in some new and unforeseen way and kill you or your firm.
Risk managers should read the ancient Greek story of Icarus.
Risk managers without humility will suffer the same fate.
Humility means remembering that you must do every step in the risk management process, every time. The World Cup goalkeeper Robert Green who lets an easy shot bounce off of his hands and into the goal has presumed that they do not need to consciously attend to the mundane task of catching the ball. They can let their reflexes do that and their mind can move on to the task of finding the perfect place to put the ball next.
But they have forgotten their primary loss prevention task and are focusing on their secondary offense advancement task.
The risk managers with humility will be ever watchful. They will be looking for the next big unexpected risk. They will not be out there saying how well that they are managing the risks, they will be more concerned about the risks that they are unprepared for.
Risk managers who are able to say that they have done all that can be done, who have taken all reasonable precautions, who can help their firm to find the exact right level and mix of risks to optimize the risk reward of the firm are at serious risk of having the wax holding their feathers melt away and of falling to earth.
As one looks back at the recent history of the financial crisis, it can now be clearly seen that a large number of financial firms and a few regulators did identify the looming problems and took reasonable steps to avoid excessive losses. Almost all of the attention has been on the firms and regulators who missed the crisis until it was much too late.
Now, everyone is talking about how to avoid the next crisis and the focus seems to be on the regulators and the largest firms – in short, those who got it wrong just a few years ago.
“The unknown losses can potentially bring the system to a halt at a much lower amount of loss than known losses.”
But we should also be focusing on what everyone else could be doing to prevent their firms from experiencing excessive losses in future crises.
Planning to have no future crises is not a realistic way to proceed [see my earlier article: IERM, Risk governance, 16 September 2009, “Understanding the four seasons of risk management“). The broad idea of Basel II and Solvency II is sound. Firms would be forced to identify their risk exposures and compare that to their capacity to bear risk. That information would be available to five groups under the three pillars: management, boards, regulators, investors and counterparties. It is assumed that one or more of the five groups would notice upticks in risk and prevent the firms from taking on more risk than their capacity to bear that risk.
There have been many problems with the execution of those principles and Solvency II is just starting the discussion of exactly what information will be made available for investors and counterparties. But the broad idea of disclosure to all those groups is sound. The disclosure of potential systemic risks is absolutely necessary for firms to use as a basis for developing their own programmes for avoiding excessive losses in these situations.
Systemic risks
The way that the term “systemic risk” is used and misused, it seems clear that most people understand that systemic risk was a problem that led to the crisis, but beyond that there is little consensus, other than a conviction that we want much less of that in the future. The IMF provides a definition:
“the risk of disruption to the flow of financial services that is (i) caused by an impairment of all or parts of the financial system; and (ii) has the potential to have serious negative consequences for the real economy.”
Had the quote ended after 10 words, that would have been sufficient.
For the system to be disrupted, two things need to be true:
there needs to be an exposure that everyone believes or suspects will turn into a loss of an amount that exceeds the capacity to bear losses of a large number of participants in the system and
there needs to be either a high degree of interdependency in the system or else widespread exposure to the loss-making large exposure. The system may seize up because the losses are known and the institutions are known to be insolvent or more commonly, because the losses are unknown.
It is clear and obvious that BP and the US government regulators were not at all prepared for failure of a deep water oil rig in the Gulf.
What would have helped them is a procedure that I have heard Dave Sandberg describe many times that is used at his employer, Allianz.
Stress to Failure.
Whenever something new is proposed, they require that a demonstration is prepared that shows the type of stress that will cause complete failure. That test provides them with several pieces of very valuable information: It helps to put a boundry around the situations under which it will NOT fail. This is the green (and yellow) zone for the new project. They can then evaluate the expected return and volatility of return in those scenarios.
It allows an estimate of the likelihood of success vs. failure of the project. This can be seen by looking at the type of situation that causes failure and the likelihood of that situation. However, caution should be applied to not put too much weight on this likelihood estimate if the failure type of even has never before happened. Human nature may well be biased towards underestimating adversity.
It allows for planning for the failure event. This is where the BP folks and Transocean as well as the Minerals Management Service failed. They clearly had no plan for the failure event. It sounds like they were able to convince themselves that any failure event was so remote in likelihood that there was no need to plan for one.
Understanding the true weaknesses of the system. If you do not know how to break it, then perhaps you do not understand the system.
This is an idea our of engineering and probably we could learn much by studying how they have used the idea.
The new CARE report has been posted to the IAA website this week.CARE_EN
It raises a point that must be fairly obvious to everyone that you just cannot manage risks without looking at them from multiple angles.
Or at least it should now be obvious. Here are 8 different angles on risk that are discussed in the report and my quick take on each:
MARKET CONSISTENT VALUE VS. FUNDAMENTAL VALUE – Well, maybe the market has it wrong. Do your own homework in addition to looking at what the market thinks. If the folks buying exposure to US mortgages had done fundamental evaluation, they might have noticed that there were a significant amount of sub prime mortgages where the Gross mortgage payments were higher than the Gross income of the mortgagee.
ACCOUNTING BASIS VS. ECONOMIC BASIS – Some firms did all of their analysis on an economic basis and kept saying that they were fine as their reported financials showed them dying. They should have known in advance of the risk of accounting that was different from their analysis.
REGULATORY MEASURE OF RISK – vs. any of the above. The same logic applies as with the accounting. Even if you have done your analysis “right” you need to know how important others, including your regulator will be seeing things. Better to have a discussion with the regulator long before a problem arises. You are just not as credible in the middle of what seems to be a crisis to the regulator saying that the regulatory view is off target.
SHORT TERM VS. LONG TERM RISKS – While it is really nice that everyone has agreed to focus in on a one year view of risks, for situations that may well extend beyond one year, it can be vitally important to know how the risk might impact the firm over a multi year period.
KNOWN RISK AND EMERGING RISKS – the fact that your risk model did not include anything for volcano risk, is no help when the volcano messes up your business plans.
EARNINGS VOLATILITY VS. RUIN – Again, an agreement on a 1 in 200 loss focus is convenient, it does not in any way exempt an organization from risks that could have a major impact at some other return period.
VIEWED STAND-ALONE VS. FULL RISK PORTFOLIO – Remember, diversification does not reduce absolute risk.
CASH VS. ACCRUAL – This is another way of saying to focus on the economic vs the accounting.
Read the report to get the more measured and complete view prepared by the 15 actuaries from US, UK, Australia and China who participated in the working group to prepare the report.
Adverse events are all learning labs for risk managers. We should not look at the event and say “We do not fly to Europe so we are not involved” and change the channel when it is being discussed. We should be very actively listening of reports of how the event develops and what the impact on various businesses and markets has been.
One big thing that many of us are learning is that we have not been imaginative enough in our emerging risk scenarios.
Many are busy learning that their business interruption insurance policies do NOT pay out for this event. Business interruption is usually triggered by physical damage to a business. (Seems like a perverse incentive – if preventing physical damage causes business interruption, the business interruption is not covered because the physical damage did not happen?)
What precautions should be taken before cleaning up ash?
Seems like a very good list. Not just for Volcanic Ash. For any emergency situation. How would you fill it in for each emerging risk that you envision?
The ERM Symposium is now 8 years old. Here are some ideas from the 2010 ERM Symposium…
Survivor Bias creates support for bad risk models. If a model underestimates risk there are two possible outcomes – good and bad. If bad, then you fix the model or stop doing the activity. If the outcome is good, then you do more and more of the activity until the result is bad. This suggests that model validation is much more important than just a simple minded tick the box exercize. It is a life and death matter.
BIG is BAD! Well maybe. Big means large political power. Big will mean that the political power will fight for parochial interests of the Big entity over the interests of the entire firm or system. Safer to not have your firm dominated by a single business, distributor, product, region. Safer to not have your financial system dominated by a handful of banks.
The world is not linear. You cannot project the macro effects directly from the micro effects.
Due Diligence for mergers is often left until the very last minute and given an extremely tight time frame. That will not change, so more due diligence needs to be a part of the target pre-selection process.
For merger of mature businesses, cultural fit is most important.
For newer businesses, retention of key employees is key
Modelitis = running the model until you get the desired answer
Most people when asked about future emerging risks, respond with the most recent problem – prior knowledge blindness
Regulators are sitting and waiting for a housing market recovery to resolve problems that are hidden by accounting in hundreds of banks.
Why do we think that any bank will do a good job of creating a living will? What is their motivation?
We will always have some regulatory arbitrage.
Left to their own devices, banks have proven that they do not have a survival instinct. (I have to admit that I have never, ever believed for a minute that any bank CEO has ever thought for even one second about the idea that their bank might be bailed out by the government. They simply do not believe that they will fail. )
Economics has been dominated by a religious belief in the mantra “markets good – government bad”
Non-financial businesses are opposed to putting OTC derivatives on exchanges because exchanges will only accept cash collateral. If they are hedging physical asset prices, why shouldn’t those same physical assets be good collateral? Or are they really arguing to be allowed to do speculative trading without posting collateral? Probably more of the latter.
it was said that systemic problems come from risk concentrations. Not always. They can come from losses and lack of proper disclosure. When folks see some losses and do not know who is hiding more losses, they stop doing business with everyone. None do enough disclosure and that confirms the suspicion that everyone is impaired.
Systemic risk management plans needs to recognize that this is like forest fires. If they prevent the small fires then the fires that eventually do happen will be much larger and more dangerous. And someday, there will be another fire.
Sometimes a small change in the input to a complex system will unpredictably result in a large change in the output. The financial markets are complex systems. The idea that the market participants will ever correctly anticipate such discontinuities is complete nonsense. So markets will always be efficient, except when they are drastically wrong.
Conflicting interests for risk managers who also wear other hats is a major issue for risk management in smaller companies.
People with bad risk models will drive people with good risk models out of the market.
Inelastic supply and inelastic demand for oil is the reason why prices are so volatile.
It was easy to sell the idea of starting an ERM system in 2008 & 2009. But will firms who need that much evidence of the need for risk management forget why they approved it when things get better?
If risk function is constantly finding large unmanaged risks, then something is seriously wrong with the firm.
You do not want to ever have to say that you were aware of a risk that later became a large loss but never told the board about it. Whether or not you have a risk management program.
In late 2008, the The CAS, CIA, and the SOA’s Joint Risk Management Section funded a research report about the Financial Crisis. This report featured nine key Lessons for Insurers. Riskviews will comment on those lessons individually…
4. Insurers should establish a robust liquidity management system to ensure that they have ample liquidity under stress scenarios.
The only trouble with this advice it that it is totally unneeded. That is because almost all cases of insurer problems with liquidity, those problems were preceded by a loss that significantly exceeded management expectations for a worst loss.
So it would not have made a difference whether those insurers planned more for liquidity, those plans would have been inadequate.
Insurers are generally cash flow positive. Liquidity is only ever a problem if that changes drastically. Even the “runs on the bank” that have occured on insurers have followed large losses.
So this advice sounds nice, but is actually unnecessary. If insurers properly anticipate extreme losses, then they will be prepared to pay those losses without triggering problems.
That is because they will:
Price for the losses so that they have sufficient income to pay the losses.
Only accept as much of the risks that might trigger extreme losses as they can afford and spread effectively.
Those are fundamental risk management tasks. If they are done properly, liquidity management is relatively trivial. It consists of remembering not to invest the funds you have on hand to pay those extreme claims in instruments that are illiquid or or widely fluctuating value.
Seems like a good rule in general. One that many insurers forget after many years of positive cashflows.
Risk management is sometimes summarized as a short set of simply stated steps:
Identify Risks
Evaluate Risks
Treat Risks
There are much more complicated expositions of risk management. For example, the AS/NZ Risk Management Standard makes 8 steps out of that.
But I would contend that those three steps are the really key steps.
The middle step “Evaluate Risks” sounds easy. However, there can be many pitfalls. A new report [CARE] from a working party of the Enterprise and Financial Risks Committee of the International Actuarial Association gives an extensive discussion of the conceptual pitfalls that might arise from an overly narrow approach to Risk Evaluation.
The heart of that report is a discussion of eight different either or choices that are often made in evaluating risks:
MARKET CONSISTENT VALUE VS. FUNDAMENTAL VALUE
ACCOUNTING BASIS VS. ECONOMIC BASIS
REGULATORY MEASURE OF RISK
SHORT TERM VS. LONG TERM RISKS
KNOWN RISK AND EMERGING RISKS
EARNINGS VOLATILITY VS. RUIN
VIEWED STAND-ALONE VS. FULL RISK PORTFOLIO
CASH VS. ACCRUAL
The main point of the report is that for a comprehensive evaluation of risk, these are not choices. Both paths must be explored.
In the recent paper from the Said School, “Beyond the Financial Crisis” the authors use the phrase “inability to make sense of immanent failure” to describe one of the aspects that lead up to the financial crisis.
And perfectly describes the otherwise baffling Chuck Prince quote about dancing.
I imagine that it is a problem that is more common with people who believe that they have really done their homework. They have looked under every rock and they do not see the rock falling out of the sky. It is not that they are failures. In most times their extreme diligence will pay off handsomely. There is just one sort of time period when they will not benefit appropriately from their careful work.
That is when there is a REGIME CHANGE. Also called a SURPRISE. All of the tried and true signals are green. But the intersection is uncharacteristicly clogged.
A major task for risk managers is to look for those regime changes – those times when the risk models no longer fit and at that point to CHANGE MODELS. That is different from recalibrating the same old model. That means applying the Baysian thinking not just to the parameters of the model but to the model selection as well.
It is not a failure when a new model must be chosen. It is a normal and natural state of affairs. Changing models is what I will call “Rational Adaptability”.
The reason why it will not work to simply recalibrate the old model is that the model with combined calibration for several regimes would be too broad to give appropriate guidance in different regimes.
You ride a car on highways, a boat on water and a plane on air. Multi vehicles exist but they are never as efficient in any environment as the specialized vehicle.
So the risk manager needs to make sense of immanent failure and practice rational adaptability.
Get out of the car when you are wet up to the doors and get into a boat!
What is the reaction of your firm going to be in the event of a large loss or other crisis?
If you are responsible for risk management, it is very much in your interest to enter into a Crisis Pre-Nuptial.
The Crisis Pre-Nuptial has two important components.
A protocol for management actions in the event of the crisis. There is likely a need for there to be a number of these protocols. These protocols can be extremely valuable, their value will most likely far exceed the entire cost of a risk management function. Their value comes because they eliminate two major problems that firms face in the event of a crisis or large loss. First is the deer in the headlights problem – the delay when no one is sure what to do and who is to do it. That delay can mean that corrective actions are much less effective or much more expensive or both. Second is the opposite, that too many people take actions, but that the actions are conflicting. This again increasses costs and decreases effectiveness. Just as with severe medical emergencies, prompt corrective actions are almost always more likely to have the most favorable results.
Setting up an expectation that the crises and losses either are or are not an expected part of the risks that the firm is taking. If the firm is taking high risks, but does not expect to ever experience losses, then there is a major disconnect between the two. Just as a marital pre-nuptial agreement is a conscious acknowledgement that marriages sometimes end in divorce, a Crisis Pre-Nuptial is an acknowledgement that normal business activity sometimes involves losses and crises.
Risk managers who have a Crisis Pre-Nuptial in place might, just might, have a better chance to survive with their job in tact after a crisis or large loss.
And if someday, investors and/or boards come to the realization that firms that plan for rainy days are, in the long run, going to be more valuable, the information that is in the Crisis pre-nuptial could be very important information for them.
The Risk Management Quotes page of Riskviews has consistently been the most popular part of the site. Since its inception, the page has received almost 2300 hits, more than twice the next most popular part of the site.
The quotes are sometimes actually about risk management, but more often they are statements or questions that risk managers should keep in mind.
They have been gathered from a wide range of sources, and most of the authors of the quotes were not talking about risk management, at least they were not intending to talk about risk management.
The list of quotes has recently hit its 100th posting (with something more than 100 quotes, since a number of the posts have multiple quotes.) So on that auspicous occasion, here are my favotites:
Human beings, who are almost unique in having the ability to learn from the experience of others, are also remarkable for their apparent disinclination to do so. Douglas Adams
“when the map and the territory don’t agree, always believe the territory” Gause and Weinberg – describing Swedish Army Training
When you find yourself in a hole, stop digging.-Will Rogers
“The major difference between a thing that might go wrong and a thing that cannot possibly go wrong is that when a thing that cannot possibly go wrong goes wrong it usually turns out to be impossible to get at or repair” Douglas Adams
“A foreign policy aimed at the achievement of total security is the one thing I can think of that is entirely capable of bringing this country to a point where it will have no security at all.”– George F. Kennan, (1954)
“THERE ARE IDIOTS. Look around.” Larry Summers
the only virtue of being an aging risk manager is that you have a large collection of your own mistakes that you know not to repeat Donald Van Deventer
Philip K. Dick “Reality is that which, when you stop believing in it, doesn’t go away.”
Everything that can be counted does not necessarily count; everything that counts cannot necessarily be counted. Albert Einstein
“Perhaps when a man has special knowledge and special powers like my own, it rather encourages him to seek a complex explanation when a simpler one is at hand.” Sherlock Holmes (A. Conan Doyle)
The fact that people are full of greed, fear, or folly is predictable. The sequence is not predictable. Warren Buffett
“A good rule of thumb is to assume that “everything matters.” Richard Thaler
“The technical explanation is that the market-sensitive risk models used by thousands of market participants work on the assumption that each user is the only person using them.” Avinash Persaud
There are more things in heaven and earth, Horatio,
Than are dreamt of in your philosophy.
W Shakespeare Hamlet, scene v
When Models turn on, Brains turn off Til Schuermann
You might have other favorites. Please let us know about them.
George Soros says that financial markets are reflexive. He means that the participants in the system influence the system. Market prices reflect not just fundamentals, but investors expectations.
The same thing is true of risk systems. This can be illustrated by a point that is frequently made by John Adams. Seat belts are widely thought to be good safety devices. However, Adams points out that aggregate statistics of traffic fatalities do not indicate any improvement whatsoever in safety. He suggests that because of the real added safety from the seat belts, people drive more recklessly, counteracting the added safety with added risky behavior.
That is one of the problems that firms who adopted and were very strong believers in their sophisticated ERM systems. Some of those firms used their ERM systems to enable them to take more and more risk. In effect, they were using the ERM system to tell them where the edge of the cliff was and they then proceeded to drive along the extreme edge at a very fast speed.
What they did not realize was that the cliff was undercut in some places – it was not such a steady place to put all of your weight.
Stated more directly, the risk system caused a feeling of safety that encouraged more risk taking.
What was lost was the understanding of uncertainty. Those firms were perfectly safe from risks that had happened before and perhaps from risks that were anticipated by the markets. The highly sophisticated systems were pretty accurate at measuring those risks. However, they were totally unprepared for the risks that were new. Mark Twain once said that history does not repeat itself, but it rhymes. Risk is the same only worse.
Not listening to your CRO – having him too low down the management chain;
Hiring a CEO who “doesn’t want to hear bad news”;
Not linking the Board tolerance for risk to the risk management practices of the company;
Having the CRO report to the CFO instead of to the CEO or Board, i.e., not having a system of checks and balances in place regarding risk practices;
The board not leading the risk management charge;
Not communicating the risk management goals;
Not driving the risk management culture down to the lower levels of the organization;
Ignorance is not Bliss
Not doing your own risk evaluations;
Not expecting the unexpected;
Overreacting to risks that turn out to be harmless;
Don’t shun the risk you understand, only to jump into a risk you don’t understand;
Failure to pay attention to actual risk exposure in the context of risk appetite;
Using outsider view of how much capital the firm should hold uncritically;
Cocksureness
Believing your risk model;
The opinion held by the majority is not always the right one;
There can be several logical, but contradictive explanations for one sequence of events, and logical doesn’t mean true;
We do not have perfect information about the future, or even the past and present;
Don’t use old normal assumptions to model in the new normal;
Arrogance of quantifying the unquantifiable;
Not believing your risk model – waiting until you have enough evidence to prove the risk is real;
Not Seeing the Big Picture
Making major changes without heavy involvement of Risk Management;
Conflict of interest: not separating risk taking and risk management;
Disconnection of strategy and risk management: Allocating capital blindly without understanding the risk-adjusted value creation;
One of the biggest mistakes has to be thinking that you can understand the risks of an enterprise just by looking at the components of risk and “adding them up” – the complex interactions between factors are what lead to real enterprise risk;
Looking at risk using one single measure;
Measuring and reporting risks is the same as managing risks;
Risk can always be measured;
Fixation on Structure
Thinking that ERM is about meetings and org charts and capital models and reports;
Think and don’t check boxes;
Forgetting that we are here to protect the organization against risks;
Don’t let an ERM process become a tick-box exercise;
Not taking a whole company view of risk management;
Nearsightedness
Failing to seize historic opportunities for reform, post crisis;
Failure to optimize the corporate risk-return profile by turning risk into opportunity where appropriate;
Don’t be a stop sign. Understand the risks AND REWARDS of a proposal before venturing an opinion;
Talking about ERM but never executing on anything;
Waiting until ratings agencies or regulatory requirements demand better ERM practices before doing anything;
There is no obstacle so difficult that, with sufficient thought, cannot be turned into an opportunity;
No opportunity so assured that, with insufficient thought, cannot be turned into a disaster;
Do not confuse trauma with learning;
Using a consistent discipline to search for opportunities where you are paid to accept risk in the context of the entire entity will move you toward an optimized position. Just as important is using that discipline to avoid “opportunities” where this is not the case.
undertake positive NPV projects
risk comes along with these projects and should be priced in the NPV equation
the price of risk is the lesser of the external cost of disposal (e.g., hedging) or the cost of retention “in the context of the entire entity”;
also hidden in these words is the need to look at the marginal impact on the entity of accepting the risk. Am I better off after this decision than I was before? A silo NPV may not give the same answer for all firms/individuals;
What is important is the optimization journey, understanding it as a goal we will never achieve;
More Skin in the Game
Misalign the incentives;
Most people will act based on their financial incentives, and that certainly happened (and continues to happen) over the past couple of years. Perhaps we could include one saying that no one is peer reviewing financial incentives to make sure they don’t increase risk elsewhere in the system;
Not tying risk management practices to compensation;
Not aligning risk management goals with compensation;
A haphazard collection of over 100 quotes from people who might be either famous or knowledgeable or both. This page drew about 150 hits per month even when there was zero new activity on Riskviews for 3 months.
Names of over 75 firms around the world that have encoundered serious financial difficulties that may or may not have been related to poor risk management.
Much of what is written and discussed about risk management focuses on the needs and efforts of the largest firms. This post tells how ERM is different for a smaller firm.
Materials prepared for a week long seminar for TASK (The Actuarial Society of Kenya). Also includes slides from a 1/2 day workshop for Kenyan Bank and Insurance CEOs.
Part of a series of ten reflections on comments by Nassim Taleb on how to create a Black Swan Free World. This particular discussion is about complexity and simplicity.
Some good and not so good parts to this conference. Hosted by Courant Institute of Mathematical Sciences, it was surprisingly non-quant. In fact several of the speakers, obviously with no idea of what the other speakers were doing said that they were going to give some relief from the quant stuff.
Sad to say, the only suggestion that anyone had to do anything “different” was to do more stress testing. Not exactly, or even slightly, a new idea. So if this is the future of risk management, no one should expect any significant future contributions from the field.
There was much good discussion, but almost all of it was about the past of risk management, primarily the very recent past.
Here are some comments from the presenters:
Banks need regulator to require Stress tests so that they will be taken seriously.
Most banks did stress tests that were far from extreme risk scenarios, extreme risk scenarios would not have been given any credibility by bank management.
VAR calculations for illiquid securities are meaningless
Very large positions can be illiquid because of their size, even though the underlying security is traded in a liquid market.
Counterparty risk should be stress tested
Securities that are too illiquid to be exchange traded should have higher capital charges
Internal risk disclosure by traders should be a key to bonus treatment. Losses that were disclosed and that are within tolerances should be treated one way and losses from risks that were not disclosed and/or that fall outside of tolerances should be treated much more harshly for bonus calculation purposes.
Banks did not accurately respond to the Spring 2009 stress tests
Banks did not accurately self assess their own risk management practices for the SSG report. Usually gave themselves full credit for things that they had just started or were doing in a formalistic, non-committed manner.
Most banks are unable or unwilling to state a risk appetite and ADHERE to it.
Not all risks taken are disclosed to boards.
For the most part, losses of banks were < Economic Capital
Banks made no plans for what they would do to recapitalize after a large loss. Assumed that fresh capital would be readily available if they thought of it at all. Did not consider that in an extreme situation that results in the losses of magnitude similar to Economic Capital, that capital might not be available at all.
Prior to Basel reliance on VAR for capital requirements, banks had a multitude of methods and often used more than one to assess risks. With the advent of Basel specifications of methodology, most banks stopped doing anything other than the required calculation.
Stress tests were usually at 1 or at most 2 standard deviation scenarios.
Risk appetites need to be adjusted as markets change and need to reflect the input of various stakeholders.
Risk management is seen as not needed in good times and gets some of the first budget cuts in tough times.
After doing Stress tests need to establish a matrix of actions that are things that will be DONE if this stress happens, things to sell, changes in capital, changes in business activities, etc.
Market consists of three types of risk takers, Innovators, Me Too Followers and Risk Avoiders. Innovators find good businesses through real trial and error and make good gains from new businesses, Me Too follow innovators, getting less of gains because of slower, gradual adoption of innovations, and risk avoiders are usually into these businesses too late. All experience losses eventually. Innovators losses are a small fraction of gains, Me Too losses are a sizable fraction and Risk Avoiders often lose money. Innovators have all left the banks. Banks are just the Me Too and Avoiders.
T-Shirt – In my models, the markets work
Most of the reform suggestions will have the effect of eliminating alternatives, concentrating risk and risk oversight. Would be much safer to diversify and allow multiple options. Two exchanges are better than one, getting rid of all the largest banks will lead to lack of diversity of size.
Problem with compensation is that (a) pays for trades that have not closed as if they had closed and (b) pay for luck without adjustment for possibility of failure (risk).
Counter-cyclical capital rules will mean that banks will have much more capital going into the next crisis, so will be able to afford to lose much more. Why is that good?
Systemic risk is when market reaches equilibrium at below full production capacity. (Isn’t that a Depression – Funny how the words change)
Need to pay attention to who has cash when the crisis happens. They are the potential white knights.
Correlations are caused by cross holdings of market participants – Hunts held cattle and silver in 1908’s causing correlations in those otherwise unrelated markets. Such correlations are totally unpredictable in advance.
National Institute of Financa proposal for a new body to capture and analyze ALL financial market data to identify interconnectedness and future systemic risks.
If there is better information about systemic risk, then firms will manage their own systemic risk (Wanna Bet?)
Proposal to tax firms based on their contribution to gross systemic risk.
Stress testing should focus on changes to correlations
Treatment of the GSE Preferred stock holders was the actual start of the panic. Leahman a week later was actually the second shoe to drop.
Banks need to include variability of Vol in their VAR models. Models that allowed Vol to vary were faster to pick up on problems of the financial markets. (So the stampede starts a few weeks earlier.)
On April 7 2009, the Financial Times published an article written by Nassim Taleb called Ten Principles for a Black Swan Free World. Let’s look at them one at a time…
9. Citizens should not depend on financial assets or fallible “expert” advice for their retirement. Economic life should be definancialised. We should learn not to use markets as storehouses of value: they do not harbour the certainties that normal citizens require. Citizens should experience anxiety about their own businesses (which they control), not their investments (which they do not control).
The treatment of retirement in many countries has been drastically marred by a fundamental lack of understanding of risk and of risk pooling. Taleb’s suggestion here seems drastically radical, especially here in the US where we came very close just a few years ago to shifting all retirement programs over to market based.
Whether or not you believe in the “socialization” of social security, no one seems to be thinking of the risk management aspect of retirement. One of the fundamental concepts of risk management is to take specific risk and to use diversification to minimize the relative impact of any specific adverse event. What the planned market based alternatives to Social Security did was to maximize two specific risks. Those are the risk of the level of the market at point of retirement and the risk of outliving the funds. An individual can avoid one of the two, but never both as savings plans are currently run.
This would have been one more step in the direction away from any recognition that there is any risk whatsoever in the idea of providing pensions. In 1974, the US Congress, in effect, drove the insurance industry out of the business of providing guarantees of pensions in any form. They did that by telling businesses that they were fully funded if they put up an amount that was sufficient to pre-fund their promices and made sure that the amount was determined without any risk margin whatsoever. You see, when insurers were in the business of guaranteeing pension benefits, they included a risk margin. So if you compare an actuarial projection of costs WITHOUT a risk margin to an actuarial projection of costs WITH a risk margin, the projection WITHOUT a risk margin will always seem more economical.
So looking at an individual retirement savings plan without regard to risk is just one more step in this same wrong direction.
So I believe that Taleb has a point, but I would not agree that it is necessarily the best solution to remove the retirement issue entirely from the markets. That is because I firmly believe that with the entirely unrealistic way that government approaches financial issues that extend into the far future (meaning after lunch), some relationship to the market provides discipline and transparency around the adequacy of the funding.
I would suggest two simple adjustments to the normal features of the personal retirement savings programs. These can be additional options that are required for all qualified retirement vehicles (US term for plans that meet regulatory standards – there must be similar terms for any other countries where there are personal retirement accounts), or they can be required for all plans – if you are the type that prefers making people do things for their own good. For investing, the single date dependency of the current system can be repaired with a fund that bases its earnings on an average of 5 prior years and that can only be cashed out over 5 years.
For the longevity risk, my suggestion is to offer an annuity payout option that can be purchased piecemeal at any time prior to retirement. This option should appear very competitive to younger workers since their cost for an annuity unit deferred until their retirement will appear very inexpensive. The annuity option can be provided through purchasing additional units of Social Security benefits or through private insurers. Since the lack of income for elderly people in the countries like the US where lack of lifetime annuity ownership by retired individuals (like the US) will become an extremely serious issue within 20 years when most of the baby boomers who had retirement savings will have spent that savings long before half of us expire, some amount of annuity purchase should be required. I would favor the gradual elimination of tax advantage to any funds withdrawn as a lump sum or as any form that has no lifetime guarantee.
In the end, to do this right with individual accounts may just be too much trouble for all. Perhaps what would be better would be to require all employers to provide defined benefit plans and to fund them with risk adjusted premiums. Now that would make sense.
Many, many good questions and good ideas at the RISK USA conference in New York. Here is a brief sampling:
Risk managers are spending more time showing different constituencies that they really are managing risk.
May want to change the name to “Enterprise Uncertainty Management”
Two risk managers explained how their firms did withdraw from the mortgage market prior to the crisis and what sort of thinking by their top management supported that strategy
Now is the moment for risk management – we are being asked for our opinion on a wide range of things – we need to have good answers
Availability of risk management talent is an issue. At both the operational level and the board level.
Risk managers need to move to doing more explaining after better automating the calculating
Group think is one of the major barriers of good risk management
Regulators tend to want to save too many firms. Need to have a middle path that allows a different sort of resolution of a troubled firm than bankrupcy.
Collateral will not be a sufficient solution to risks of derivatives. Collateral covers only 30 – 50% of risk
No one has ever come up with a theory for the level of capital for financial firms. Basel II is based upon the idea of keeping capital at about the same level as Basel I.
Disclosure of Stress tests of major banks last Spring was a new level of transparency.
Banking is risky.
Systemic Risk Regulation is impossibly complicated and doomed to failure.
Systemic Risk Regulation can be done. (Two different speakers)
In Q2 2007, the Fed said that the sub-prime crisis is contained. (let’s put them in charge)
Having a very good system for communicating was key to surviving the crisis. Risk committees met 3 times per day 7 days per week in fall 2008.
Should have worked out in advance what do do after environmental changes shifted exposures over limits
One firm used ratings plus 8 additional metrics to model their credit risk
Need to look through holdings in financial firms to their underlying risk exposures – one firm got red of all direct exposure to sub prime but retained a large exposure to banks with large sub prime exposure
Active management of counterparties and information flow to decision makers of the interactions with counter parties provided early warning to problems
Several speakers said that largest risk right now is regulatory changes
One speaker said that the largest Black Swan was another major terrorist attack
Next major systemic risk problem will be driven primarily by regulators/exchanges
Some of structured markets will never come back (CDO squareds)
Regret is needed to learn from mistakes
No one from major firms actually went physically to the hottest real estate markets to get an on the ground sense of what was happening there – it would have made a big difference – Instead of relying solely on models.
Discussions of these and other ideas from the conference will appear here in the near future.
The British dominance of the world scene was largely seen to have ended with WWI. However, that decline was not really an absolute decline in wealth, it was really mostly just a relative decline. Other countries, especially the US rose in wealth faster than the UK.
That story begins to hint at the ELEPHANT in the room. That elephant is the relative per capita wealth of the people in China, India, and the other emerging economies.
We have entered a period of equalization of personal wealth between the have-nots and the haves. That will be a very disruptive process in the Have countries. It may go gradually with small slow changes or it may go rapidly through a series of big jumps.
But what we will see will be a series of shocks like the dot com bubble and the current financial crisis. At the end of each shock, the PPP per capita wealth of the rising economies will be the same as at the start or more likely higher and the PPP per capital wealth of the Have economies will be lower.
This will happen largely via shocks because there is extreme amounts of resistance to the process on the part of the Have economies. This resistance took the form of excessive leverage in recent times. People were unwilling to accept the fact that their PPP income was dropping, so that they borrowed to keep their lifestyle at the level that they felt that they are entitled to.
So discussions about deficits are really about how the US will handle the coming change in distribution of the wealth of the world. If we simply choose to resist the change and try to bring things back to “normal” by government or personal deficit spending, then eventually we will have to pay through devaluation of our currency and if we persist, those funding our debt will cut us off.
It is hard to imagine our political process coming to the conclusion that we need to rethink our financial strategies in the light of the changing world financial order. That thinking has to come from outside the political process and eventually find its way in.
So the Emerging Risks scenario is for the long term decline of the income of the Have economies accomplished through a long series of financial system shocks accompanies by growing government deficits and declining credit quality for the government debt of the developed nations. At the same time, the successful “emerging market” economies become the dominant economic players and their people gradually risk in PPP income to match up with the PPP income of the “developed” nations for people who still do the same or comparable work. That income equalization will include some significant increase in overall wealth, but not enough to maintain the incomes of the developed countries during this process.
So if this is the emerging risk scenario. the questions are:
1. How would your firm fare in this scenario if no specific advance planning or anticipation is done?
2. Are there any things that your firm might do differently if you thought that this scenario was somewhat likely?
3. Assuming that this scenario occurs, what is the cost benefit of those actions? i.e. do they make sense in that scenario?
4. Are there any ways to track secondary signs that this scenario might be coming to be?
Riskviews 