Management by Onside Kick

Many American football fans can recall a game when their team drove the ball 80 or more yards in the waning moments of the game to pull within a touchdown of the team that had been dominating them. Then they call for the on side kick – recover the ball and charge to a win within a few more plays.

But according to NFL stats, that onside kick succeeds only 20% of the time in the waning minutes of the game.

Mid game onside kicks – that are surprises – work 60% of the time.

But mostly it is the successful onside kicks that make the highlights reel. RISKVIEWS guesses that on the highlights those kicks are 80% or more successful.

And if you look back on the games of the teams that make it to the Super Bowl, they probably were successful the few times that they called that play.

What does that mean for risk managers?

Be careful where you get your statistics. Big data is now very popular. Winners use Big Data. So many conclude that it will give better indications. But make sure that your data inputs are not from highlight reels or from the records of the best year for a company.

Many firms use default data collected by rating agencies for example to parameterize their credit models. But the rating agencies would point out that the data is from rated companies only. This makes little difference for rated Bonds. There the bonds are rated from issue to maturity or default. But if you want to build a default model of insurers or reinsurers then you need to know that many insurers and some reinsurers will drop their rating if it falls below a level where it hurts their business. So ratings transition statistics for insurers are more like the highlight reels below a certain level.

Some models of dynamic hedging strategies were in effect taking the mid game success rates and assuming that they would apply in bad times. But like the onside kick, things worked very different.

So realize that a business strategy and especially a risk mitigation strategy may work differently when things have gone all a mess.

And an onside kick is nothing more than putting the ball in play and praying that something good will happen.

The CRO is making a list and checking it twice

“You never said that you wanted me to do that”  is an answer that managers often get when they point out a shortfall in performance.  And in many cases it is actually true.  As a rule, some of us tend to avoid too much writing things down.  And that is also true when it comes to risk management

That is where ERM policies come in.  The ERM policy is a written agreement between various managers in a company and the board documenting expectations regarding risk management.

But too many people mistake a detailed procedure manual for a policy statement.  Often a policy statement can be just a page or two.

For Risk Management there are several places where firms tend to “write it down”:

• ERM Policy – documents that the firm is committed to an enterprise wide risk management system and that there are broad roles for the board and for management.  This policy is usually approved by the board.  The ERM Policy should be reviewed annually, but may not be changed but every three to five years.
• ERM Framework – this is a working document that lists many of the details of how the company plans to “do” ERM.  When an ERM program is new, this document many list many new things that are being done.  Once a program is well established, it will need no more or no less documentation than other company activities.  RISKVIEWS usually recommends that the ERM Framework would include a short section relating to each of the risk management practices that make up a Risk Management System.
• Risk Appetite & Tolerance Statement – may be separate from the above to highlight its importance and the fact that it is likely to be more variable than the Policy statement, but not as detailed as the Framework.
• Separate Risk Policies for major risk categories – almost all insurers have an investment policy.  Most insurers should consider writing policies for insurance risk.  Some firms decide to write operational risk policies as well.  Very few have strategic risk policies.
• Policies for Hedging, Insurance and/or Reinsurance – the most powerful risk management tools need to have clear uses as well as clear lines of decision-making and authority.
• Charter for Risk Committees – Some firms have three or more risk committees.  On is a board committee, one is at the executive level and the third is for more operational level people with some risk management responsibilities.  It is common at some firms for board committees to have charters.  Less so for committees of company employees.  These can be included in the ERM Framework, rather than as separate documents.
• Job Description for the CRO – Without a clear job description many CROs have found that they become the scapegoat for whatever goes wrong, regardless of their actual authority and responsibilities before hand.

With written policies in place, the board can hold management accountable.  The CEO can hold the CRO responsible and the CRO is able to expect that may hands around the company are all sharing the risk management responsibilities.

More on ERM Policies on WillisWire.

http://blog.willis.com/2015/01/erm-in-practice-risk-policies-and-standards/

http://blog.willis.com/2014/02/erm-practices-policies-and-standards/

 

Trimming Risk Positions – 10 ERM Questions from Investors – The Answer Key (6)

Riskviews was once asked by an insurance sector equity analyst for 10 questions that they could ask company CEOs and CFOs about ERM.  Riskviews gave them 10 but they were trick questions.  Each one would take an hour to answer properly.  Not really what the analyst wanted.

Here they are:

1. What is the firm’s risk profile?
2. How much time does the board spend discussing risk with management each quarter?
3. Who is responsible for risk management for the risk that has shown the largest percentage rise over the past year?
4. What outside the box risks are of concern to management?
5. What is driving the results that you are getting in the area with the highest risk adjusted returns?
6. Describe a recent action taken to trim a risk position?
7. How does management know that old risk management programs are still being followed?
8. What were the largest positions held by company in excess of risk the limits in the last year?
9. Where have your risk experts disagreed with your risk models in the past year?
10. What are the areas where you see the firm being able to achieve better risk adjusted returns over the near term and long term?

They never come back and asked for the answer key.  Here it is:

There are a number of issues relating to this question.  First of all, does the insurer ever trim a risk position?  Some insurers are pure buy and hold.  They never think to trim a position, on either side of their balance sheet.  But it is quite possible that the CEO might know that terminology, but the CFO should.  And if the insurer actually has an ERM program then they should have considered trimming positions at some point in time.  If not, then they may just have so much excess capital that they never have felt that they had too much risk.

Another issue is whether the CEO and CFO are aware of risk position trimming.  If they are not, that might indicate that their system works well and there are never situations that need to get brought to their attention about excess risks.  Again, that is not such a good sign.  It either means that their staff never takes and significant risks that might need trimming or else there is not a good communication system as a part of their ERM system.

Risks might need trimming if either by accident or on purpose, someone directly entered into a transaction, on either side of the balance sheet, that moved the company past a risk limit.  That would never happen if there were no limits, if there is no system to check on limits or if the limits are so far above the actual expected level of activity that they are not operationally effective limits.

In addition, risk positions might need trimming for several other reasons.  A risk position that was within the limit might have changed because of a changing environment or a recalibration of a risk model.  Firms that operate hedging or ALM programs could be taking trimming actions at any time.  Firms that use cat models to assess their risk might find their positions in excess of limits when the cat models get re-calibrated as they were in the first half of 2011.

And risk positions may need to be trimmed if new opportunities come along that have better returns than existing positions on the same risk.  A firm that is expecting to operate near its limits might want to trim existing positions so that the new opportunity can be fit within the limits.

SO a firm with a good ERM program might be telling any of those stories in answer to the question.

Skating Away on the Thin Ice of the New Day

The title of an old Jethro Tull song.  It sounds like the theme song for the economy today!

Now we all know.  The correlations that we used for our risk models were not reliable in the one instance where we really wanted an answer.

In times of stress, correlations go to one.

That is finally, after only four or five examples with the exact same result, become accepted wisdom.

But does that mean that Diversification is dead as a strategy?

I would argue that it certainly puts a hurt to diversification as a strategy for finding risk free returns.  Which is how it was being (mis) used in the Sub Prime markets.

But Diversification should still reign as the king of risk management strategies.  But it needs to be real diversification.  Not tiny diversification that is observable only under a mathematical microscope.  Real Diversification is where risks have completely different drivers.  Not slightly different statistical histories.

So in Uncertain Times, and these days must be labeled Uncertain Times (or the thin ice age), diversification is the best risk management strategy.  Along with its mirror image twin, avoidance of concentrations.

The banks had given up on diversification as a risk strategy.  Instead they believed that they were making risk free returns by taking lots and lots of concentrated risk that they were either fully hedging or moving the risk off their balance sheets very quickly.

Both ideas failed.  Hedging failed when the counter party was Lehman Brothers.  It succeeded when the counter party was any of the other institutions that were bailed out, but there was an extended period of severe uncertainty about that before the bailouts were finally put into place.  Moving the risks off the balance sheet failed in two ways.  First it failed because they were really playing hot potato without admitting it.  When the music stopped, someone was holding the potato.  And some banks were holding many potatoes.  It also failed because some banks had been offloading the risks to hedge funds and other investors who they were lending funds to finance the purchase.  When the CDOs soured, the loans secured by the CDOs were underwated and the CDOs came back onto the bank balance sheets.

The banks that were hurt the least were the banks who were not so very concentrated in just one major risk.

The cost of the simple diversification strategy is that those banks with real diversification showed lower returns during the build up of the bubble.

So that is the risk reward trade off of real diversification – it will often produce lower returns than the mathematical diversification but it will also show lower losses in proportion to total revenue than a strategy that concentrates in the most profitable risk choices according to a model that is tuned to the accounting or performance bonus system.

Diversification is the risk management strategy for the Thin Ice Age.

No Risk Management is Betting

So many times, the financial press gets it exactly backwards. (See Bloomberg) Firms who manage their risks by hedging or insurance are reported to be betting and firms who do not are simply subject to the normal fluctuations of uncontrollable events.

But Risk Management offers a real alternative to either betting or being tossed around by the frothy seas of misfortune.  Risk management offers the possibility of identifying and mitigating the most extreme negative events and trends of the world.

Imagine your business owns a building worth $100,000,000.  There is a 1 in 250 chance that a storm will hit your building and destroy the building leaving you with a $10 million piece of empty property and a $10 million clean up bill.  (ignore the business interruption for now).

So the expected cost of that loss is $400,000.  You get an insurance quote for $600,000.  There are two ways you can tell the story of purchasing insurance:

1. The firm can place a bet that its building will be destroyed by a storm.  If there is no storm, then they lose their bet.
2. The firm can manage its risk from a severe storm by buying an insurance policy.

Now if the storm does not happen, the story can be:

1. The firm lost its bet that its building would be destroyed.
2. The firm incurred a fixed cost of managing its storm risk and avoided the volatility of an uninsured situation.

And if the storm does one day hit, the story is:

1. The firm won its bet that a storm would destroy its building and was rewarded by a $100 million gain from insurance.
2. The losses from the storm were covered by the firms insurance.

Risk Management just is not a good story for the reporters, if told right.  For the firm, that may just be one more reason to consider risk management.

Now if the firm chooses not to buy the insurance, the coverage is twisted.  Again read two ways that it might be reported if there is no storm:

1. No story.  Nothing happened.
2. The firm got lucky and did not take a loss on its uninsured building.  They took a bet that had a huge downside for their shareholders for a very small payoff.

ANd if the storm hits, the story is reported as:

1. Tragedy strikes.  Unfortunate event causes $100 M loss.  CEO say “We are just not able to control the weather.”
2. The bet that management took went bad.  That bet was just not necessary.  Now shareholders have experienced large losses because the management was trying to save a little on insurance.  The CEO should be fired.

Unless the firm’s was in the business of long term weather forecasting they had no business making the bet when they did NOT buy the insurance.  THey had no expertise to tell them that they shouldn’t buy the insurance.

They were just gambling.

Protected by the Crowd

A major question for risk managers to ponder is whether it is sufficient to be protected by the crowd.

What I mean is whether they can feel that they are doing their job when they are ignoring the same risks that every one else is ignoring.

An example of that is inflation risk.  Inflation risk does not appear on most firms list of major risks.  But if there is inflation, their expenses will rise, their cost of borrowing will rise, the values of their stock and bond portfolios will fall, their claims costs will rise – all for certain and possibly, just possibly, their prices and their earnings on investments will rise enough to compensate for all of that.

But most firms take the approach that if they do not put inflation on their list of risks, then they do not have to deal with it.

Inflation can be like the rising tide eating away at the child’s sandcastle on the beach.  It does not appear anywhere near as inevitable as it is.  During the low tide, the sand castle appears more than strong enough and plenty far away from the water.  But slowly, slowly the tide works its way up the beach until eventually the castle is completely swept away.

And if everyone does not prepare for inflation, then the price increases that everyone will be able to get will most likely be enough to survive.  Because everyone in the market will need the price increases to survive themselves.

So all it takes to ruin that situation is for one significant competitor to screw it all up and to prepare for the risk of inflation.  Like the one airline that hedged their fuel costs.  They did not need to raise prices when oil prices spiked, so therefore, everyone that competed on routes with them had to eat the cost of their lack of risk management.

The same will be true with inflation.  Some firms will prepare for inflation.  They will not depend on being protected by the crowd.  And they will spoil it by refusing to raise prices as much as the firms that were not prepared need.  The unprepared firms will be stuck with several bad choices – losing business,  doing business at an unsupportable price or cutting costs that may not have any fat in them already.

The U.S. government on Wednesday said it will expand sales of Treasury securities that help investors hedge against inflation risks, a move aimed at improving management of its ballooning debt sales while boosting buying interest at home and abroad. (WSJ)

There has been an excuse, however.  Inflation has been difficult to hedge.  But with the above program of expanding the offerings of TIPS, the cost of hedging inflation may be reduced to something more similar to the hedge costs for other risks (I mean the transaction cost part of the cost of hedging).

The interesting thing about the story behind the TIPS change is that TIPS cannot be said to be a very successful program to date – largely because of the fact that most people and most firms choose to hide in the crowd for this risk.  The TIPS market has been just too thinly traded.  However, the WSJ article says that the TIPS are now seen to be a way to protect foreign investors against rampant dollar inflation.  If the US government must make inflation adjusted payments for a significant fraction of the debt, the WSJ article thought that might be a disincentive to the government excesses that drive inflation.

I wonder if the people who wrote that have heard of the inflation plagued countries where everything is indexed to inflation.  It makes inflation into a more bearable fact of life.  That seems to be a dangerous path to start down.

Moral Hazard

Kevin Dowd has written a fine article titled “Moral Hazard and the Financial Crisis” for the Cato Journal.  Some of his very well articulated points include:

• Moral Hazard comes from the ability for individuals to benefit from gains without having an equal share in losses.  (I would add that that has almost nothing to do with government bailouts.  It exists fully in the compensation of most executives of most firms in most economies. )
• Bad risk model (Gaussian).  That ignore abnormal market conditions. 
• Ignoring the fact that others in the market all have the same risk management strategy and that that strategy does not work for the entire market at once. 
• Mark to Model where model is extremely sensitive to assumptions. 
• Using models that were not designed for that purpose. 
• Assumption of continuously liquid markets. 
• Risk management system too rigid, resulting in easy gaming by traders. 
• “the more sophisticated the [risk management] system, the more unreliable it might be.”
• Senior management was out of control.  (and all CEOs are paid as if they were above average!)
• Fundamental flaw in Limited Liability system.  No one has incentive to put a stop to this.  Moral Hazard is baked into the system.

Unfortunately, there are two flaws that I see in his paper. 

First, he misses the elephant in the room.  The actual exposure of the financial system to mortage loan losses in the end was over 400% of the amount of mortgages.  So without the multiplication of risk that happened under the guise of risk spreading had not happened, the global financial crisis would have simply been a large loss for the banking sector and other investors.  However, with the secret amplification of risk that happened with the CDO/CDS over the counter trades, the mortgage crisis became a depression sized loss, exceeding the capital of many large banks. 

So putting all of the transactions out in the open may have gone a long way towards allowing the someone to react intelligently to the situation.  Figuring out a way to limit the amount of the synthetic securities would probably be a good idea as well.  Moral Hazard is a term from insurance that is important to this situation.  Insurable interest in one as well. 

The second flaw of the paper is the standard Cato line that regulation should be eliminated.  In this case, it is totally outrageous to suggest that the market would have applied any discipline.  The market created the situation, operating largely outside of regulations. 

So while I liked most of the movie, I hated the ending. 

We really do need a Systemic Risk Regulator.  And somehow, we need to create a system so that 50 years from now when that person is sitting on a 50 year track record of no market meltdowns, they will still have enough credibility to act against the mega bubble of those days.

Risk Management Changed the Landscape of Risk

The use of derivatives and risk management processes to control risk was very successful in changing the risk management Landscape.

But that change has been in the same vein as the changes to forest management practices that saw us eliminating the small forest fires only to find that the only fires that we then had were the fires that were too big to control.  Those giant forest fires were out of control from the start and did more damage than 10 years of small fires.

The geography of the world from a risk management view is represented by this picture:

The ball represents the state of the world.  Taking a risk is represented by moving the ball one direction or the other.  If the ball goes over the top and falls down the sides, then that is a disaster.

So risk managers spend lots of time trying to measure the size of the valley and setting up processes and procedures so that the firm does not get up to the top of the valley onto one of the peaks, where a good stiff wind might blow the firm into the abyss.

The tools for risk management, things like derivatives with careful hedging programs now allowed firms to take almost any risk imaginable and to “fully” offset that risk.  The landscape was changed to look like this:

Managers believed that the added risk management bars could be built as high as needed so that any imagined risk could be taken.  In fact, they started to believe that the possibility of failure was not even real.  They started to think of the topology of risk looking like this:

Notice that in this map, there is almost no way to take a big enough risk to fall off the map into disaster.  So with this map of risk in mind, company managers loaded up on more and more risk.

But then we all learned that the hedges were never really perfect.  (There is no profit possible with a perfect hedge.)  And in addition, some of the hedge counterparties were firms who jumped right to the last map without bothering to build up the hedging walls.

And we also learned that there was actually a limit to how high the walls could be built.  Our skill in building walls had limits.  So it was important to have kept track of the gross amount of risk before the hedging.  Not just the small net amount of risk after the hedging.

Now we need to build a new view of risk and risk management.  A new map.  Some people have drawn their new map like this:

They are afraid to do anything.  Any move, any risk taken might just lead to disaster.

Others have given up.  They saw the old map fail and do not know if they are ever again going to trust those maps.

They have no idea where the ball will go if they take any risks.

So we risk managers need to go back to the top map again and revalidate our map of risk and start to convince others that we do know where the peaks are and how to avoid them.  We need to understand the limitations to the wall building version of risk management and help to direct our firms to stay away from the disasters.

Black Swan Free World (6)

On April 7 2009, the Financial Times published an article written by Nassim Taleb called Ten Principles for a Black Swan Free World. Let’s look at them one at a time…

6. Do not give children sticks of dynamite, even if they come with a warning . Complex derivatives need to be banned because nobody understands them and few are rational enough to know it. Citizens must be protected from themselves, from bankers selling them “hedging” products, and from gullible regulators who listen to economic theorists.

It is my opinion that many bubbles come about after a completely incorrect valuation model or approach becomes widely adopted.  Today, we have the advantage over observers from prior decades.  In this decade we have experienced two bubbles.  In the case of the internet bubble, the valuation model was attributing value to clicks or eyeballs.  It had drifted away from there being any connection between free cashflow and value.  As valuations soared, people who had internet investments had more to invest in the next sensation driving that part of the bubble. The internet stocks became more and more like Ponzi schemes.  In fact, Hyman Minsky described bubbles as Ponzi finance.

In the home real estate bubble, valuation again drifted away from traditional metrics, the archaic and boring loan to value and coverage ratio pair.  It was much more sophisticated and modern to use copulas and instead of evaluating the quality of the credit to use credit ratings of a structured securities of loans.

Goerge Soros has said that the current financial crisis might just be the final end of a fifty year mega credit bubble.  If he is right, then we will have quite a long slow ride out of the crisis.

There are two aspects of derivatives that I think were ignored in the run up to the crisis.  The first is the leverage aspect of derivatives.  A CDS is equivalent to a long position in a corporate bond and a short position in a risk free bond.  But few observers and even fewer principals considered CDS as containing additional leverage equal to the full notional amount of the bond covered.  And leverage magnifies risk.  Worse than that.

Leverage takes the cashflows and divides them between reliable cashflows and unreliably cashflows and sells the reliable cashflows to someone else so that more unreliable cashflows can be obtained.

The second misunderstood aspect of the derivatives is the amount of money that can be lost and the speed at which it can be lost.  This misunderstanding has caused many including most market participants to believe that posting collateral is a sufficient risk provision.  In fact, 999 days out of 1000 the collateral will be sufficient.  However, that other day, the collateral is only a small fraction of the money needed.  For the institutions that hold large derivative positions, there needs to be a large reserve against that odd really bad day.

So when you look at the two really big, really bad things about derivatives that were ignored by the users, Taleb’s description of children with dynamite seems apt.

But how should we be dealing with the dynamite?  Taleb suggests keeping the public away from derivatives.  I am not sure I understand how or where the public was exposed directly to derivatives, even in the current crisis.

Indirectly the exposure was through the banks.  And I strongly believe that we should be making drastic changes in what different banks are allowed to do and what different capital must be held against derivatives.  The capital should reflect the real leverage as well as the real risk.  The myth that has been built up that the notional amount of a derivative is not an important statistic and that the market value and movements in market value is the dangerous story that must be eliminated.  Derivatives that can be replicated by very large positions in securities must carry the exact same capital as the direct security holdings.  Risks that can change overnight to large losses must carry reserves against those losses that are a function of the loss potential, not just a function of benign changes in market values and collateral.

In insurance regulatory accounting, there is a concept called a non-admitted asset.  That is something that accountants might call an asset but that is not permitted to be counted by the regulators.  Dealings that banks have with unregulated financial operations should be considered non-admitted assets.  Transferring something off to the books to an unregulated entity just will not count.

So i would make it extremely expensive for banks to get anywhere near the dynamite.  Or to deal with anyone who has any dynamite.

Black Swan Free World (5)

Black Swan Free World (4)

Black Swan Free World (3)

Black Swan Free World (2)

Black Swan Free World (1)

Black Swan Free World (5)

On April 7 2009, the Financial Times published an article written by Nassim Taleb called Ten Principles for a Black Swan Free World. Let’s look at them one at a time…

5. Counter-balance complexity with simplicity. Complexity from globalisation and highly networked economic life needs to be countered by simplicity in financial products. The complex economy is already a form of leverage: the leverage of efficiency. Such systems survive thanks to slack and redundancy; adding debt produces wild and dangerous gyrations and leaves no room for error. Capitalism cannot avoid fads and bubbles: equity bubbles (as in 2000) have proved to be mild; debt bubbles are vicious.

Complexity gets away from us very, very quickly.  And at the same time, we may spend so much time worrying about the complexity, building very complex models to deal with the complexity, that we lose sight of the basics.  So Complexity can hurt us both coming and going.

So why do we insist on Complexity?  That at least is simple.  Most complexity exists to provide differentiation between financial products that otherwise would be pure commodities.  The excuse is that the Complex products are needed to match up with the risks of a complex world.  Another, even less admirable reason for the complexity is to create something that sounds like a simple risk relief product but that costs the seller much less to provide, by carving out the parts of the risk relief that are more expensive but less desirable or less well understood by the customer.

Generally, customers who are buying risk relief products like insurance or hedges have a simple objective.  If they have a loss they want something that will make a payment that will offset the loss.  Complexity comes in when the risk relief products are customized to potentially better meet customer needs. (according to the sales literature).

Taleb suggests that complexity also hides leverage.  That is ver definitely the case.  For example, a CDS can be replicated by a long position in a credit and a short position in a treasury.  A short position in a treasury is finance speak for a loan at a better rate than you can actually get.  And a loan is leverage.  THe amount of the leverage is the full notional amount of the CDS.  Fans of derivatives will scoff at the idea that the notional amount if of any interest to anyone, but in this case at least, anyone who wants to know how much leverage the buyer of a CDS has, needs to add in the full notional amount of all of the CDS.

Debt bubbles are vicious because of the feedback loop in debt.  If one borrows money to purchase an asset and the asset increases in value, then you can use that increased value as collateral to increase the debt and purchase more of the asset.  The increase in demand for the asset causes prices to rise and so it goes.

But ultimately the reason that may economists have a hard time identifying bubbles (other than they do not believe that bubbles really ever exist) is that they do not know the capacity of any asset market to absorb additional investment.  Clearly in the example above, if there is a fixed amount of the asset that becomes subject to a debt bubble, it will very, very quickly run into a bubble situation.  But if the asset is a business or more likely a sector, it is not so easy to know exactly when the capacity of that sector to efficiently use additional capital is reached.

Black Swan Free World (10)

Black Swan Free World (9)

Black Swan Free World (8)

Black Swan Free World (7)

Black Swan Free World (6)

Black Swan Free World (5)

Black Swan Free World (4)

Black Swan Free World (3)

Black Swan Free World (2)

Black Swan Free World (1)

ERM: Law of Unintended Consequences [2]

From Neil Bodoff

One of the reasons that so many counterparties bought CDS protection [from the same counterparty, precipitating a crisis] was their desire to reduce their regulatory capital requirements. So the regulatory framework had high capital requirements for credit risk, but low capital requirements when the credit risk was hedged. Basically the regulatory framework created a strong incentive for all banks to simultaneously execute the same strategy of hedging risk via CDS. Lessons are: [1] Whereas individual firms in a competitive market may pursue various strategies, the government’s monopoly on regulation might create a homogenizing effect on firms’ behavior, thus concentrating risk. Thus the regulatory framework itself becomes a systemic risk and thus requires extra scrutiny and care. [2] For any regulatory framework, the designers ought to choose someone to “roleplay” the part of firms trying to minimize regulatory capital requirements, so as to understand the behaviors and countermeasures the firms might take in response to the regulatory demands. [3] Beware of unintended consequences.

ERM only has value to those who know that the future is uncertain.

Businesses have three key needs.

First they need to have a product or service that people will buy. They need revenues.

Second they need to have the ability to provide that product or service at a cost less than what their customers will pay. They need profits.

Once they have revenues and profits, their business is a valuable asset. So third, they need to have a system to avoid losing that asset because of unforeseen adverse experience. They need risk management.

So Risk Management is the third most important need of a firm.

And there is often a conflict between risk management and the other two goals. Risk management will sometimes say that a business activity that produces revenue is too risky and must be curtailed or modified in such a way that it produces less revenues. Risk Management often costs money or otherwise depresses profits. For example, an insurance policy covering fire of a building owned by the firm will cost money and depress profits.

So Risk Management needs to defend its value to the firm. Many risk management proponents have been asked to tell the value added of their activities. This is difficult to explain. Not because risk management does not have a value, but because the cost of risk management in terms of reduced revenues or increased costs are usually tangible and definite, while the benefits are probabilistic. Often the person asking the question is looking for a traditional spreadsheet answer that shows two columns adding up and perhaps the difference between the two is the benefit of risk management.

It does not work that way. For Risk Management to have value, one must understand that the future is uncertain. The value of risk management comes from the way that it shapes that uncertainty.

The next time you are asked about the value of risk management, ask the questioner what value they would put on the airbags and seat belts in their car. If they have no uncertainty about their ability to avoid accidents, then they will put a zero value on the safety devices – the personal risk management systems. If they resist answering, ask them if they will agree to have them removed for $20? Or for $2000? What value do they place on that risk management?

Most people will agree that the demise of a company is less serious than the demise of a person, but it is not difficult to see that there is some value to activities that increase the chance that a company will not expire in the next business cycle or windstorm.

So risk management decreases the uncertainty about the survival of the firm. There is a way to quantitatively value that reduction in uncertainty and compare it to the reduced revenues or increased costs of the risk management activities.

The Need for Speed

One of the causes for the financial crisis is the very high speed trading operations. There are several reasons that is true.

First, the high speed transaction oriented operations needs to eliminate any reflection or analysis on the part of the trading firms. There is simply no time for this. If the transactions need any analysis to support them, then that analysis must be outsourced. This is the driver behind the idea that credit risk, which for most of financial history has been seen to be a risk that required careful analysis and reflection, became a traded commodity. Banks started to merge market and credit risk and do away with their credit research staffs. This is one of the most common issues cited in explaining the crisis. Banks failure to do their own credit analysis on the sub prime loans. The lack of scrutiny led directly to the liar loans – since no one was looking at the loan applications there was no need to take any effort to make them correct.

Second, models of these risks need to be closed form models that can run instantly. More robust and complex monte carlo models that might capture the nuances of the risks were just not practical given the time frame. Monte Carlo models take too long to develop and too long to run. With a few simplifying assumptions, the need for Monte Carlo models can be eliminated and a closed form model that runs in seconds developed. The simplifying assumptions also allow the daily updating of these models. This process makes sense if and only if you believe that market prices generally reflect all information, so a closed form model that mostly just replicates and extends market prices is all that you need anyway. This approach to modeling risk makes it almost completely impossible to detect changes in the underlying risks. All users of this approach will always go over the cliff together – and they did.

Third, the speed of transactions means that there is turnover of the risks held during the year. This turnover may be 5 or 10 or 20 or 50 times. This business can easily be seen to be very, very low profit margin since capital is generally only held on the amount of risk at any one time. However, when the crisis hit, the banks were unable to continue to roll their inventory of risks and they piled up in amounts 5 or 10 times their past average holding.

Maybe MTM isn’t exactly what is needed?

Everyone (except corporate boards and managers) seem to agree that short term incentive compensation is one of the key drivers for the excessive risk taking that led to the financial crisis. In an earlier post, it is suggested that one of the reasons is that accounting is less reliable in the short term.

Perhaps the problem is Mark-to-Market accounting. While it is an extremely important discipline to know the market value of positions, MTM has a misleading presumption. In effect, MTM treats a position that has been closed by sale on the day that the financials are set exactly the same as an open position.

Short term compensation based upon such accounting allows traders and managers to take credit for open positions AS IF THEY HAD CLOSED THEM. And I mean truly closed them by Risk Transfer, not simply Risk Offset. This means that the firm settles with the trader for something that the trader has not yet done and that there is no sure indication that the trader could actually accomplish.

That is because the MTM value may or may not be the amount of cash that the trader could get for their position, especially if you include the requirement that the risk is actually really and totally off the books, not simply offset. To know the actual cash equivalent and the difference between that cash equivalent and the MTM value, a firm would need to study each market to understand the trend and liquidity.

This issue is particularly important when valuing the custom non-exchange traded derivatives. Practice is to value those contracts by a replication process, using market traded instruments. There is no attempt to assign any illiquidity premium. This accounting practice is one of the fundamental supports to the practice of trading off market. During the height of the sub prime crisis, it was found that there was no market at all for some of these securities and the MTM process produced completely sham values. Sham because the real clearing value for the securities was much lower than the values that the holders wanted to report.

The difference between the next trade and especially a trade of the size of the position valued and the last trade regardless of the size of the trade is the issue here. And the problem is with treating completely closed positions exactly the same as open positions, by valuing them both as realistic cash equivalents.

Finally, there is the issue of continuing risk. A totally closed (transferred or expired) position has no capital requirement. An open position SHOULD have a capital requirement. Even an OFFSET position should have a capital requirement based upon the basis risk, the counterparty risk.

This discussion reveals an additional risk – the clearing risk.

So the value of the open position needs to reflect one level of clearing risk and the capital needs to reflect a much larger amount of clearing risk.

Bad Label leads to Bad Thinking

How many times have you heard the term “Risk Transfer” to refer to a risk mitigation action such as hedging or (re)insurance? It is used in text books and articles about risk management. But, be careful, that labeling is bad and it could just lead to bad decisions.

That is because risks are rarely actually “transferred” to another party. If they were actually transferred, then the consequences would be theirs and theirs alone. However, in most hedging and (re)insurance situations, the risk is usually just “offset”. There are two common terms that are used to refer to the real differences between risk transfer and risk offset.

Those terms are counterparty risk and basis risk. If the risk had been transferred, then there would be no counterparty risk, the risk would BELONG to the other party. In fact, the risk does not belong to them, it still belongs to you. You have paired the risk with an offsetting obligation from the counterparty and you are as safe from loss due to the risk as the counterparty is secure. If the counterparty fails to pay their obligation to you, then you still have the risk and experience the entire loss.

And also, because you have not really transferred the risk, there is a possibility that their payment to you will not be a perfect match to the loss in timing or amount or both. The risk offset might be triggered by a different event than your obligation. For example, the trigger for CDS to actually pay-off are not exactly tied to missed bondholder obligations so the spreads on CDS for a distressed bond may move slightly differently than the actual bond spreads, even though they moved very similarly when the bond was not distressed. A hedging strategy based upon market sensitivities (greeks) is only as good of a fit with the hedged risk as the models used to calculate the greeks.

But this bad terminology is not harmless. If you execute a risk offset and tell others that it is a risk transfer, then they might be quite happy to treat the gains as fully realized. They will not inquire about the offsetting positions, because the bad terminology implies that there are none. When in fact, in any case of risk offset, it should be import to monitor and communicate the risk offsets, highlighting the counterparty risk and tracking the potential emergence of basis risk.

Learnings from the Financial Crisis (3)

Gone is not always gone – another of the underpinnings of the market risk business is the constant of trading of risks. However, in the case of sub prime, some of the counterparties in these trades were very intimately related to the banks that sold the risky securities. Sometimes, they were investment funds that were sold by to bank customers; sometimes the banks lent the money to the same party that bought the security. Sometimes, the bank kept the security and bought protection from a counterparty. In each of these types of situations, banks found that they ended up needing to take back some of all of the risks that they thought that they had laid off. Insurers can learn that they need to keep relationships clear. The banking model has long suffered from the idea that they were a relationship business and they would try to do as much business as possible with the customers who they have the best relationships with. Insurers need to be constantly aware of this trap that creates more and sometimes cloudy concentration risk. Both net and gross risks need to be tracked and attended to.

One simple reason for this part of the problem is the terminology that risk managers use. Usually hedging transactions are called Risk Transfers. But in fact, they are almost never a real transfer of risk. Usually they would more appropriately be called Risk Offsets. This sloppy terminology supports sloppy thinking. And the high speed of a trading business left no time for reflection, so the misrepresentation was left totally unchallenged.

Now good risk managers knew the truth and so were concerned with counterparty risk and basis risk as well as contract risk. But in the end, the largest risk turned out to be reputation risk. Banks were usually unable to take the hit to their reputation that walking away from their closely or even semi related counterparties. Especially when those counterparties were funded with customer money.

Lessons from the Financial Crisis (2)

It must be ok if everyone else is doing it – Banks were unwilling to miss out and not take part of this lucrative idea. In the past insurers have been caught up in this approach to business as well. The presence of a well respected firm in a market does not make that market good for everyone.

THis factor was so strong that one bank CEO suggested that if he did not allow his bank to continue in the lucrative sub prime business, that he would start to lose key employees and eventually would lose his job to someone who would participate in that business.

That must be one of the last stages of a bubble, when markets become so profitable that many feel that they have to participate.

In this case, the very low interest rates and spreads for almost any other type of risk helped to feed the situation. The sub prime market was one of the only place where there was any spread to be had.

And a major flaw with the “everyone is doing it” motivation is that some things only work if a small fraction of the market is doing it and fall apart when everyone jumps on.

Just like the ferry. A few people can stand on the edge looking at the shore, but if everyone on the ferry stands along that same edge and looks, the boat may dip and might even capsize.