Archive for the ‘Operational Risk’ category

Imminent Risk – Employee Turnover

May 16, 2011

Many risks go in cycles.  And While it makes some sense to keep an eye on them during the part of the cycle when they are low, it makes much more sense to concentrate on them when they are imminent.

A recent report from Metlife “Study of Employee Benefits Trends” diverts from its primary topic to spend an entire chapter on The Erosion of Employee Loyalty.  One startling statistic that they report is that over one third of employees say that if they have the choice, they will change employers in 2011!

Risk managers often think of risks like employee turnover as being “soft” risks that are difficult to measure and model.  But that may be mostly due to lack of familiarity.  In this case, people have measured the costs.  The Society of Human Resources Management (SHRM) has estimated that turnover costs vary by the level of employee.  For minimum wage employees, the costs are 30% to 50% and goes up for more skilled employees – up as high as 400% of salary for the most skilled employees.

And that does not take into account that the people who are most able to leave are the most competent and productive of your employees.

So your firm has an imminent risk that will emerge when the job market in your industry opens up.  You will know exactly when that risk is going to hit.  You will know because your firm will start to hire more after several years of low or zero hiring.  Once you notice the actual turnover, it will be too late. So monitoring hiring by your own firm and in your part of the economy is your key risk leading indicator.

The risk treatment steps to take would be those that might impact either the frequency or severity of the losses from this risk.  (duh)

Metlife includes this discussion in their report on employee benefits so that they can make the case that more employee benefits would be an effective preventative.

But before setting out to define risk treatment plans, the risk manager will want to look at the loss estimates.  That SHRM study points to costs from the hiring process, from training costs as well as productivity losses.  Each firm should examine their practices and experience to refine the general estimate to their situation.  Some firms will always choose to hire highly experienced employees to minimize the training and lost productivity costs.  Other firms will go to the other extreme, hiring mostly at the entry level and expecting to promote from within to replace any higher level losses.

Salary costs are a large percentage of financial businesses costs.  The management of this cost could probably benefit from some good quantitative analysis, if that is not already the practice.

If the SHRM costs are correct and even half the people identified by Metlife are able to change jobs, then firms on the average are facing extra costs of as much as 20% of payroll.

Do the math, where does this put employee turnover risk in terms of your top ten risks list?

Infrastructure Risk – Too High

March 23, 2011

The American Society of Civil Engineers has produced a reportcard on the state of the infrastructure in the US.

The good news is that the richest country in the world did not flunk.

The bad news is that the overall average grade is a D.

Now Warren Buffet reminds us that you shouldn’t expect an unbiased answer if you ask a barber whether you need a haircut.  And in this case, the civil engineers would benefit significantly from an increase of attention to infrastructure.

But let’s look at the sorts of suggestions that they make.  Many of them can be generalized to other areas of risk. (Paraphrased by Riskviews)

  • Encourage risk reduction/management programs
  • Use the best of current science rather than continuing to follow science from many years ago
  • Develop emergency action plans
  • Develop maintenance standards
  • Establish plan to fund needed improvements in risk management
  • Evaluate specific impact of failure to improve risk management
  • Educate stakeholders regarding above
  • Establish a regular review process

In the case of infrastructure, there is a recognized lifespan of the systems and a continual deterioration expected.

Risk systems in general are not thought of as wasting assets, but perhaps that is simply because risk management is so new.

Perhaps even the firms that have achieved the point of a full and integrated set of risk management systems should think of the useful life of those systems.

“The principal reason we have train crashes is a lack of investment in rail infrastructure – and the reason we have systemic crises is a lack of investment in financial infrastructure.”  Hugo Bänziger, in the FT

The money will always be there to keep funding innovations in the way that risk is added to a firm.

ERM Questions for US Insurers

March 10, 2011

By Max Rudolph

A.M. Best added a Supplemental Rating Questionnaire (SRQ) for insurers at the end of 2010. While it will provide interesting information that will aid the analyst develop questions for a face-to-face meeting, the mainly checklist format will limit its value. A better option would be for a company to utilize this SRQ to develop an internal risk management report that could be presented to the board and external stakeholders much as insurers generate an investment management report. The A.M. Best checklist could be a by-product of this process. A.M. Best’s statement that “each company’s need for ERM is different” is absolutely correct. Organizations with complex and varied product mixes should spend their time understanding both the silo risks and the interactions between those silos. Going into 2006 insurers (and rating agencies) did not have leading indicators in place to monitor housing prices, yet that proved to be the driver leading to the financial crisis. There is little in this questionnaire that is forward looking toward new and emerging risks.

Concentration

The questionnaire does not do enough to focus on concentration of exposures. No credit is awarded for a diversified group of independent risks. There is also no mention of counterparty risk with reinsurers. The financial crisis left reinsurers ever more entangled, and if one ever experiences financial difficulties a contagion effect could drag quite a few down with them. If that happens there is no reason to think that insurers would not batten down the hatches as banks did with their loan portfolios. Insurers should have a contingency plan for this possibility, along with performing other stress tests and board discussions.

Key Risk Indicators

The questionnaire refers to reporting risk metrics. This should be more specific. Financial statements do a pretty good job of reporting lagging indicators such as revenue and net income. What would be more useful when managing risk are leading indicators. What metric can I look at today to anticipate future revenue? Keeping track of metrics such as agent retention, applications received, or unemployment will allow the line manager to better understand the business line and the risk manager to better identify potential risks. Today, many insurers are developing this process but it is still evolving.

Risk Culture

In the risk culture section of the questionnaire, terms such as risk/return measures and reporting risk jump out at me. Not all risks can be measured, and many can’t be measured accurately. That does not mean they can’t, and certainly does not mean they should not, be managed. Examples would include the likelihood and severity of civil unrest around the world. It is not important to judge precisely how likely these events might be, but it is important to think about how you might react if such an event does occur. Options are generally limited after an event occurs, and time is often the critical factor. Reporting risk means many things to many people. It would be preferred to have a dialogue about risks, using a written report as a starting point.

Identifying Risks

In the Risk Identification/Measurement/Monitoring section of the questionnaire, A.M. Best asks “Who is the most responsible for identifying material risks to the company’s financial position?” This seems to be a no-win question, as no matter who is listed shortcomings will be associated with it. If you list the CEO, then the CRO is short-changed. If you list the CRO, the line managers wonder what their role is. Perhaps a better question would be to ask who is responsible for consolidating risks and looking at them holistically, scanning for emerging risks as well. It will be interesting to see what A.M. Best does with the table considering the largest potential threats to financial strength. There is no consistent approach to estimated potential impact. Two companies with the exact same exposure to a risk might report vastly different dollar figures. The higher number might be generated by the organization that better understands the risk.

Economic Capital

The most interesting question to me would be to ask how independent of results are the modelers? Who do they report to? How is their bonus determined? My perception is that there is subtle pressure put on modelers to hit certain results and that they should understand their models well enough to know which levers to pull that won’t raise a warning flag. At this point there is no audit requirement for an economic capital model.

Forward Looking

Missing in this questionnaire, as well as the NAIC’s Risk Focused Examinations, is a view of the future. In my opinion, if there is not an immediate solvency issue then the most interesting question is what could impair this organization in the future. For many insurance firms this will be related to selling profitable products and being flexible. It is hard to find distribution without giving away either options or returns. Consolidation in the insurance industry is likely. How many companies have considered their competitive position is their competitors merge? For distressed firms it is rarely a previously managed risk that takes them down. What environmental scanning is being done? What Risks are you Worried about Today? Risks that could be included in this type of analysis would be considered stress tests by many, but how many organizations would share more than they think their competitors are sharing? Here are some risks to ponder, along with their unintended consequences, in no order.

  • Low interest rate environment is replaced by an inflationary shock
  • A new competitor enters the insurance market with a known and trusted brand and new distribution channel (WalMart comes to mind)
  • A reinsurer becomes insolvent due to investment losses, stressing other reinsurers.
  • The insurance industry experiences higher trending mortality, with a flurry of 30-50 deaths due to obesity
  • Climate change results in changing weather patterns, with more volatile weather and crop patterns
  • A consolidator enters the industry, generating economies of scale that reduce potential returns by 2%.
  • Infrastructure around the world ends its useful lifetime and is not replaced.
  • Water wells are drilled in developed countries by farmers and local communities to access an aquifer.
Warning: The information provided in this newsletter is the opinion of Max Rudolph and is provided for general information only. It should not be considered investment advice. Information from a variety of sources should be reviewed and considered before decisions are made by the individual investor. My opinions may have already changed, so you don’t want to rely on them. Good luck! Warning: The information provided in this newsletter is the opinion of Max Rudolph and is provided for general information only. It should not be considered investment advice. Information from a variety of sources should be reviewed and considered before decisions are made by the individual investor. My opinions may have already changed, so you don’t want to rely on them. Good luck!

Outsourcing Risk

February 16, 2011

Last week the Seattle Times had an incredible story about the ultimate costs of a failed outsourcing strategy at Boeing.

The story quotes Wall Street sources to say that ultimately the failure of outsourcing partners created $12 Billion of extra costs on a project initially planned to cost $5 Billion.

“We spent a lot more money in trying to recover than we ever would have spent if we’d tried to keep the key technologies closer to home,” said Boeing Commercial Airplanes Chief Jim Albaugh.

The story is probably one extreme of bad outsourcing.  In many cases it works out well.  But it is quite likely that firms often make the mistake of ignoring or downplaying risk and uncertainty and only look at cost savings when they make outsourcing decisions.

One simple way to look at the uncertainty is with the 5 point scale from “Getting a Handle on Uncertainty“.  But perhaps because of the “one off” nature of outsourcing, one point should be added to the uncertainty score.

But doubtless, firms who get “comfortable” with outsourcing, get comfortable with a higher degree of uncertainty.

ERM an Economic Sustainability Proposition

January 6, 2011

Global ERM Webinars – January 12 – 14 (CPD credits)

We are pleased to announce the fourth global webinars on risk management. The programs are a mix of backward and forward looking subjects as our actuarial colleagues across the globe seek to develop the science and understanding of the factors that are likely to influence our business and professional environment in the future. The programs in each of the three regions are a mix of technical and qualitative dissertations dealing with subjects as diverse as regulatory reform, strategic and operational risks, on one hand, and the modeling on tail risks and implied volatility surfaces, on the other. For the first time, and in keeping with our desire to ensure a global exchange of information, each of the regional programs will have presentations from speakers from the other two regions on subjects that have particular relevance to their markets.

Asia Pacific Program
http://www.soa.org/professional-development/event-calendar/event-detail/erm-economic/2011-01-14-ap/agenda.aspx

Europe/Africa Program
http://www.soa.org/professional-development/event-calendar/event-detail/erm-economic/2011-01-14/agenda.aspx

Americas Program
http://www.soa.org/professional-development/event-calendar/event-detail/erm-economic/2011-01-12/agenda.aspx

Registration
http://www.soa.org/professional-development/event-calendar/event-detail/erm-economic/2011-01-12/registration.aspx

A Wealth of Risk Management Research

December 15, 2010
The US actuarial profession has produced and/or sponsored quite a number of risk management research projects.  Here are links to the reports: 

Murphy was a Risk Manager!

July 6, 2010

Perhaps you have heard the saying…

If anything can go wrong, it will.

Widely known as Murphy’s Law.  Well, you may not know it but Murphy was actually a risk manager.

The originator of Murphy’s Law was an engineer named Captain Ed Murphy.  He was responsible for safety testing for the Air Force and later for several private engineering firms.

He was a reliability engineer.  And in his mind, the statement that became known as Murphy’s Law was just his way of describing how you had to think to design stress tests.

He had just experienced the failure of a device that he had designed because of incorrect wiring.  At the time, he may have blamed the problem on the people who installed his device, but later, he came to realize that he should have anticipated the possibility of confusion over which lead to connect to what and made provision for the wiring error in his design.

His original design required that the installer would have perfect knowledge of his intentions with the design.  Instead he should have assumed that the installer would have been completely ignorant of what was in his head.

Does that sound like a word of caution for the designers of risk models?

Will future operators of your risk model need to fully understand what you had intended?  Or do you anticipate that they will doubtless not.

I had that experience.  Fifteen years after I had completed a risk model for a company and in the process taken some shortcuts that made perfect sense to me, I was told that the firm was still using my model, but they suddenly noticed that it was giving very troubling signals, signals that turned out to be almost completely incorrect.

Those shortcuts had moved further and further away from the truth.  I had some realization that the model needed regular recalibration, but I had failed to make that completely clear to the people who inherited the model from me and they certainly had not thought it important to pass along my verbal instructions to the people who inherited it from them.

So remember Murphy’s Law and this little story about how Murphy came to originally say what became known as his law.  It could happen to you.

Managing Operational Risk

June 13, 2010

By Jean-Pierre Berliet

Discussions with senior executives have suggested that decision signals from ERM would be more credible and that ERM would be a more effective management process if ERM were shown to support management of operational risk

Operational risk comprises two different types of risks: execution risk and strategic risk.

These two categories of operational risk are important to policyholders and shareholders because they can reduce both the insurance strength and the value of insurance companies.

Strategic risk stems from external changes that can undermine the profitability and growth expectations of a company’s business model and strategy, and therefore have a significant impact on its value. Execution risk originates in internal failures to manage the operations of a company competently, with the needed level of foresight, prudence, risk awareness, and preparedness. Execution and strategic risks impact insurance companies differently and, as a result, call for distinct mitigation strategies.

Execution risks

Although financial risks are the primary determinant of the volatility of financial results of insurance companies, execution risks can also cause material adverse deviations from expected financial results

Execution risks include, for example,   economic losses resulting from i) delays in alleviating adverse consequences of changes in the volume of activity (mismanagement), ii) events that can interrupt business operations whether man made or natural (lack of preparedness), and iii) failures in controls that cause economic losses, create liabilities or damage the company’s reputation (market conduct, regulatory compliance, bad faith in claim management, fraud, IT security, etc..).

Execution risks reduce current financial performance and company valuation. Company valuation is reduced because i) investors often view negative earnings  deviations as predictors of future decline in profitability and ii) performance volatility can derail the execution of a company’s growth strategy

Execution risks are relatively easy to identify, if not to mitigate for company management. Although stochastic modeling tools and event databases could be used to simulate the impact of execution risks on financial performance, and fine tune mitigation strategies, undertaking such modeling is very costly, and may be of limited value. Company management has fiduciary obligations to set in place processes designed to avoid executions risks, establish post event recovery procedures, and to ensure compliance.

Both policyholders and shareholders need to note that

  • Execution risks can impact financial performance significantly in the year or period of occurrence but may have a more or less pronounced impact on performance in subsequent periods and company valuation, depending on the availability of recovery strategies and the preparedness of a company.
  • The impact of execution risks on a company’s market value can be derived from estimated adjustments to free cash flow projections.  This is particularly significant in connection with risk events that erode a company’s competitive advantage or damage its reputation. Such events can reduce the market value of a company significantly by reducing its volume of business or its pricing flexibility.

Management processes and management action, not capital, are the natural remedy for execution risks. Board of Directors or Audit Committees of such boards have become increasingly involved in exercising oversight of execution risks and their management by operating executives.

Strategic Risks

Strategic risks can undermine the economic viability of the business model and future financial performance of insurance companies. They can have a significant adverse effect on i) a company’s insurance ratings and the credit worthiness of its debt and ii) its market capitalization. Strategic risks can cause otherwise solvent companies to lose a substantial share of their market value in a short time, provoke legal action by disgruntled shareholders, inflict serious economic losses to Directors, senior executives and other employees, and induce potential raiders to attempt a take over.

Strategic risks are also very important to policyholders, (especially those who have bought protection against slowly emerging liabilities or policies that provide indemnification benefits in the form of annuity payments), because strategic risks that undermine the ability of companies to earn formerly expected returns also reduce the credit worthiness of these companies. Strategic risks stem from external changes in the regulations, institutional arrangements, competition, technology or demand that can erode the competitive advantage of an insurance company and its ability to operate credibly and profitably as a going concern in the future.

Strategic risks do not receive as much attention as they should because they are difficult to identify and assess, and are often viewed as “uncontrollable”. At any point in time, it can be very difficult to assess whether a quantum change in any element of strategic risks is close to happening. When such a change occurs, however, its impact on future performance can cause a swift decline in the market values of a company.

To identify and manage strategic risks, companies need to:

  • Conduct and challenge a periodic defensibility analysis of their business model and competitive advantage
  • Monitor market developments for emerging trends with potential adverse effects (loss of business to competitors, emergence of new risk transfer technologies or product innovations, regulatory developments, etc.)
  • Develop appropriate responses to adverse developments through adjustment in capabilities, redeployment of capacity, change in composition and level of service provided, industry level lobbying of lawmakers and regulators, sponsorship of and participation in industry associations, etc…
  • Communicate reasons for and objectives of needed changes to both customers and shareholders.
  • Integrate the planned strategic response into action plans, budgets and objectives of business units

Insurance companies need to include in ERM a process that provides consistent and updateable insights into strategic risks to which they are exposed. Because the insurance industry has been highly regulated, many insurance companies have not developed deep strategy development and assessment skills. It will be a challenge at first for such companies to establish strategic risk assessment frameworks powerful enough to yield robust insights but simple enough to be user friendly.

A number of companies that have already implemented comprehensive  frameworks to manage financial risks have begun addressing operational risks more formally. They believe that the introduction in operations management of specific risk management control components will create value by:

  • Enhancing the level and the stability of their financial results
  • Reducing the probability of serious value losses caused execution risks and strategic risks.

The establishment of operational effective risk management frameworks and processes within ERM is of critical importance to all constituents of insurance companies.

©Jean-Pierre Berliet

Berliet Associates, LLP

(203) 247 6448

jpberliet@att.net

May 22, 2010

Making Better Decisions using ERM

April 21, 2010

Max Rudolph provided a lecture on ERM for the University of Waterloo and the Waterloo Research institute in Insurance, Securities and Quantitative finance (WatRISQ).

Key Points:

ERM’s Role in Strategic Planning

  • Understanding the Risk Profile
  • Solutions are Unique
  • Using Quantitative and Qualitative Tools

ERM is Not:

  • A Checklist Exercize
  • A Rating Agency Exercize
  • Just About Risk Mitigation

Have You ever heard of the Financial Crisis?

And Much more…

Max Rudolph

LIVE from the ERM Symposium

April 17, 2010

(Well not quite LIVE, but almost)

The ERM Symposium is now 8 years old.  Here are some ideas from the 2010 ERM Symposium…

  • Survivor Bias creates support for bad risk models.  If a model underestimates risk there are two possible outcomes – good and bad.  If bad, then you fix the model or stop doing the activity.  If the outcome is good, then you do more and more of the activity until the result is bad.  This suggests that model validation is much more important than just a simple minded tick the box exercize.  It is a life and death matter.
  • BIG is BAD!  Well maybe.  Big means large political power.  Big will mean that the political power will fight for parochial interests of the Big entity over the interests of the entire firm or system.  Safer to not have your firm dominated by a single business, distributor, product, region.  Safer to not have your financial system dominated by a handful of banks.
  • The world is not linear.  You cannot project the macro effects directly from the micro effects.
  • Due Diligence for mergers is often left until the very last minute and given an extremely tight time frame.  That will not change, so more due diligence needs to be a part of the target pre-selection process.
  • For merger of mature businesses, cultural fit is most important.
  • For newer businesses, retention of key employees is key
  • Modelitis = running the model until you get the desired answer
  • Most people when asked about future emerging risks, respond with the most recent problem – prior knowledge blindness
  • Regulators are sitting and waiting for a housing market recovery to resolve problems that are hidden by accounting in hundreds of banks.
  • Why do we think that any bank will do a good job of creating a living will?  What is their motivation?
  • We will always have some regulatory arbitrage.
  • Left to their own devices, banks have proven that they do not have a survival instinct.  (I have to admit that I have never, ever believed for a minute that any bank CEO has ever thought for even one second about the idea that their bank might be bailed out by the government.  They simply do not believe that they will fail. )
  • Economics has been dominated by a religious belief in the mantra “markets good – government bad”
  • Non-financial businesses are opposed to putting OTC derivatives on exchanges because exchanges will only accept cash collateral.  If they are hedging physical asset prices, why shouldn’t those same physical assets be good collateral?  Or are they really arguing to be allowed to do speculative trading without posting collateral? Probably more of the latter.
  • it was said that systemic problems come from risk concentrations.  Not always.  They can come from losses and lack of proper disclosure.  When folks see some losses and do not know who is hiding more losses, they stop doing business with everyone.  None do enough disclosure and that confirms the suspicion that everyone is impaired.
  • Systemic risk management plans needs to recognize that this is like forest fires.  If they prevent the small fires then the fires that eventually do happen will be much larger and more dangerous.  And someday, there will be another fire.
  • Sometimes a small change in the input to a complex system will unpredictably result in a large change in the output.  The financial markets are complex systems.  The idea that the market participants will ever correctly anticipate such discontinuities is complete nonsense.  So markets will always be efficient, except when they are drastically wrong.
  • Conflicting interests for risk managers who also wear other hats is a major issue for risk management in smaller companies.
  • People with bad risk models will drive people with good risk models out of the market.
  • Inelastic supply and inelastic demand for oil is the reason why prices are so volatile.
  • It was easy to sell the idea of starting an ERM system in 2008 & 2009.  But will firms who need that much evidence of the need for risk management forget why they approved it when things get better?
  • If risk function is constantly finding large unmanaged risks, then something is seriously wrong with the firm.
  • You do not want to ever have to say that you were aware of a risk that later became a large loss but never told the board about it.  Whether or not you have a risk management program.

Best Risk Management Quotes

January 12, 2010

The Risk Management Quotes page of Riskviews has consistently been the most popular part of the site.  Since its inception, the page has received almost 2300 hits, more than twice the next most popular part of the site.

The quotes are sometimes actually about risk management, but more often they are statements or questions that risk managers should keep in mind.

They have been gathered from a wide range of sources, and most of the authors of the quotes were not talking about risk management, at least they were not intending to talk about risk management.

The list of quotes has recently hit its 100th posting (with something more than 100 quotes, since a number of the posts have multiple quotes.)  So on that auspicous occasion, here are my favotites:

  1. Human beings, who are almost unique in having the ability to learn from the experience of others, are also remarkable for their apparent disinclination to do so.  Douglas Adams
  2. “when the map and the territory don’t agree, always believe the territory” Gause and Weinberg – describing Swedish Army Training
  3. When you find yourself in a hole, stop digging.-Will Rogers
  4. “The major difference between a thing that might go wrong and a thing that cannot possibly go wrong is that when a thing that cannot possibly go wrong goes wrong it usually turns out to be impossible to get at or repair” Douglas Adams
  5. “A foreign policy aimed at the achievement of total security is the one thing I can think of that is entirely capable of bringing this country to a point where it will have no security at all.”– George F. Kennan, (1954)
  6. “THERE ARE IDIOTS. Look around.” Larry Summers
  7. the only virtue of being an aging risk manager is that you have a large collection of your own mistakes that you know not to repeat  Donald Van Deventer
  8. Philip K. Dick “Reality is that which, when you stop believing in it, doesn’t go away.”
  9. Everything that can be counted does not necessarily count; everything that counts cannot necessarily be counted.  Albert Einstein
  10. “Perhaps when a man has special knowledge and special powers like my own, it rather encourages him to seek a complex explanation when a simpler one is at hand.”  Sherlock Holmes (A. Conan Doyle)
  11. The fact that people are full of greed, fear, or folly is predictable. The sequence is not predictable. Warren Buffett
  12. “A good rule of thumb is to assume that “everything matters.” Richard Thaler
  13. “The technical explanation is that the market-sensitive risk models used by thousands of market participants work on the assumption that each user is the only person using them.”  Avinash Persaud
  14. There are more things in heaven and earth, Horatio,
    Than are dreamt of in your philosophy.
    W Shakespeare Hamlet, scene v
  15. When Models turn on, Brains turn off  Til Schuermann

You might have other favorites.  Please let us know about them.

New Decade Resolutions

January 1, 2010

Here are New Decade Resolutions for firms to adopt who are looking to be prepared for another decade

  1. Attention to risk management by top management and the board.  The past decade has been just one continuous lesson that losses can happen from any direction. This is about the survival of the firm.  Survival must not be delegated to a middle manager.  It must be a key concern for the CEO and board.
  2. Action oriented approach to risk.  Risk reports are made to point out where and what actions are needed.  Management expects to and does act upon the information from the risk reports.
  3. Learning from own losses and from the losses of others.  After a loss, the firm should learn not just what went wrong that resulted in the loss, but how they can learn from their experience to improve their responses to future situations both similar and dissimilar.  Two different areas of a firm shouldn’t have to separately experience a problem to learn the same lesson. Competitor losses should present the exact same opportunity to improve rather than a feeling of smug superiority.
  4. Forwardlooking risk assessment. Painstaking calibration of risk models to past experience is only valuable for firms that own time machines.  Risk assessment needs to be calibrated to the future. 
  5. Skeptical of common knowledge. The future will NOT be a repeat of the past.  Any risk assessment that is properly calibrated to the future is only one one of many possible results.  Look back on the past decade’s experience and remember how many times risk models needed to be recalibrated.  That recalibration experience should form the basis for healthy skepticism of any and all future risk assessments.

  6. Drivers of risks will be highlighted and monitored.  Key risk indicators is not just an idea for Operational risks that are difficult to measure directly.  Key risk indicators should be identified and monitored for all important risks.  Key risk indicators need to include leading and lagging indicators as well as indicators from information that is internal to the firm as well as external. 
  7. Adaptable. Both risk measurement and risk management will not be designed after the famously fixed Ligne Maginot that spectacularly failed the French in 1940.  The ability needs to be developed and maintained to change focus of risk assessment and to change risk treatment methods on short notice without major cost or disruption. 
  8. Scope will be clear for risk management.  I have personally favored a split between risk of failure of the firm strategy and risk of losses within the form strategy, with only the later within the scope of risk management.  That means that anything that is potentially loss making except failure of sales would be in the scope of risk management. 
  9. Focus on  the largest exposures.  All of the details of execution of risk treatment will come to naught if the firm is too concentrated in any risk that starts making losses at a rate higher than expected.  That means that the largest exposures need to be examined and re-examined with a “no complacency” attitude.  There should never be a large exposure that is too safe to need attention.   Big transactions will also get the same kind of focus on risk. 

Register Now for Global ERM Webinar

November 24, 2009

2010 Webinar Now Open for Registrations

Learn how to cut to the core of ERM and identify those elements your strategic plan cannot live without. Gain confidence in your knowledge on ERM by attending this can’t-miss worldwide webcast.

The Casualty Actuarial Society (CAS), The Faculty and Institute of Actuaries (UK), Joint Risk Management Section(JRMS), the Institute of Actuaries of Japan (IAJ), the Institute of Actuaries of Australia(IAAust) and The Society of Actuaries (SOA) present the Global Best Practices in ERM for Insurers and Reinsurers Webcast.

December 1, 2009 Session times vary depending upon location. Speakers from three different regions (Asia Pacific, Europe and North and South America) will provide their own unique perspective on four topics affecting ERM around the world:

Value Creation vs. Systemic Risk Consider some of the concerns around systemic risk and the drivers of value creation that have come under close attention by virtue of their links to systemic risk. The Asia Pacific Region will include a discussion of pension schemes.

Different approaches to ERM and Capital Models Learn how different stakeholders including insurers, banks, regulators and rating agencies are approaching the development of an ERM / ECM framework.

Economic Capital Models Focus on the processes associated with designing, calibrating, validating and the updating of internal models based on bringing new information and intelligence as they arise.

Governance, Strategic Risk and Operational Risk Discuss issues such as ERM governance, tools and techniques to assess strategic and operational risks and their integration into an overall ERM framework.

NEW THIS YEAR! Earn up to 18.0 Continuing Professional Development credits by participating in all four sessions in each region! And with each session presented in at either a basic or advanced level, there is no reason to miss this important global event.

Learn more.

Register today for the Global Best Practices in ERM for Insurers and Reinsurers Webcast.

Most Popular on Riskviews

November 15, 2009

Most Visited on Riskviews:

Since August 2009 when the blog was restarted as a forum for ERM discussions.

Risk Management Quotes 668 visits

A haphazard collection of over 100 quotes from people who might be either famous or knowledgeable or both.  This page drew about 150 hits per month even when there was zero new activity on Riskviews for 3 months.

Risk Management Failures 230 visits

Names of over 75 firms around the world that have encoundered serious financial difficulties that may or may not have been related to poor risk management.

ERM only has value to those who know that the future is uncertain 149 visits

There is a massive difference in the value of risk management when you look forward from when you look backwards.

Chief Risk Officers in the News 149 visits

Another haphazard collection of items from the news.  Mostly collected from a Google News alert for the phrase “Chief Risk Officer”.

Enterprise Risk Management for Smaller Iinsurers 83 visits

Much of what is written and discussed about risk management focuses on the needs and efforts of the largest firms.  This post tells how ERM is different for a smaller firm.

Bad Label leads to Bad Thinking 63 visits

For years, risk managers have been telling people that they are transferring risks.

Introduction to ERM 111 visits

Materials prepared for a week long seminar for TASK (The Actuarial Society of Kenya).   Also includes slides from a 1/2 day workshop for Kenyan Bank and Insurance CEOs.

Project Risk Management 62 visits

Discussion of how risk management ideas can help to get projects to run on time and within budget.

Black Swan Free World (5) 61 visits

Part of a series of ten reflections on comments by Nassim Taleb on how to create a Black Swan Free World.  This particular discussion is about complexity and simplicity.

The Interest Rate Spike of the Early 1980’s 58 visits

Discussion  of how the unprecedented levels of interest rates affected the US life insurance industry 30 years ago.

Optimizing ERM & Economic Capital

October 15, 2009

The above was the title of a conference in London that I attended this week.  Here are some random take-aways:

    • Sometimes it makes sense to think of risk indicators instead of risk limits.

    • Should MVM reflect diversification?  But who’s diversification?

    • Using a Risk and Control Self Assessment as the central pillar to an Operational Risk program

    • Types of Operational Losses:  Financial, Reputation, Opportunity, Inefficiency

    • Setting low thresholods for risk indicators/KRIs provides an early warning of the development of possible problems

    • Is your risk profile stable?  Important question to consider.

    • Number of employees correlates to size of operational risk losses.  May be a simple way to start thinking about how to assign different operational risk capital to different operations.  Next variable might be experience level of employees – might be total experience or task specific experience.  If a company goes into a completely new business, there are likely to be operational issues if they do not hire folks with experience from other firms.

    • Instead of three color indicators, use four – Red, Orange(Amber), Yellow, Green.  Allows for elevating situations out of green without raising alarm.

    • Should look at CP33

    • Controls can encourage more risk taking.  (See John Adams work on seatbelts)

    • Disclosures of safety margin in capital held might create market expectations that would make it impossible to actually use those margins as a buffer without market repercussions.

    • Serious discussions about a number of ways that firms want to deviate from using pure market values.  Quite a shift from the discussions I heard 2 -3 years ago when strict adherence to market values was a cornerstone of good financial and risk management.  As Solvency 2 is getting closer to reality, firms are discovering some ways that the MTM regime would fundamentally change the insurance business.  People are starting to wonder how important it is to adhere to MTM for situations where liquidity needs are very low, for example.

      All in all a very good conference.

      An Al-Chet for Risk Managers:

      October 8, 2009

      From James McCallum

      I was not strong enough to stand up to my boss

      I put selfish gain ahead of ethical considerations

      I falsified or hid data to conceal results

      I failed to be objective

      My risk model was too subjective

      I ignored warning signs

      I was in over my head

      I did not understand all the risk factors

      I failed to get an outside opinion

      I was beholden to monetary gain

      I was victim to group think

      I placed institutional interest before ethical considerations

      I failed to admit I was wrong

      I was not honest with regulators

      I was not honest with shareholders

      I looked the other way

      I failed to act

      I conveniently overlooked infractions

      I turned a blind eye to irregularities

      I made exemptions

      I did not understand the depth of the problem

      I know there are many more.

      Please help me to uncover, understand, make right and overcome.

      Shalom

      From

      Audit, Risk & Controls Community Blog

      ERM Role in Implementing a Winning Acquisition Strategy (2)

      October 8, 2009

      From Mike Cohen

      Part 2

      (Part 1)

      Execution of an Acquisition Strategy Goes Through Several Stages and Involves Many and Varied Complex, Interrelated Business Issues (they must be performed well, and there are numerous junctures where things can go awry … suggesting that many potential risks need to be addressed, and more effectively than they typically are)

      – Defining the business case

      Considering the corporate strategy and the resulting (ideally enhanced) business model

      * Fit vs. conflict

      * Synergies; potential synergies are frequently overstated

      * Diversification

      – Assessing market opportunities and competitive dynamics

      * Products

      * Distribution

      * Markets/segments

      * Brand/reputation

      – Financial impact

      * Earnings

      * Capital

      * Economic value

      * Assessment of an appropriate price

      – Investments

      * Asset classes

      * Loss positions

      * Liquidity

      – Operational fit (or problematically, the need to ‘fix’ the target’s operations)

      * Technology

      * Administration

      * Core competencies

      – Integrating the target: melding the two organizations so that they can perform effectively together, while mitigating risk, volatility and confusion to the greatest extent possible

      Q: Is an acquisition strategy a core competency of your company … can you execute such a transaction successfully?

      Due Diligence Performed on any Acquisition Target: A Critical Activity on the Strategic and Tactical Levels

      – Valuation, impact on future financial results

      – Management/staff

      – Profitability of new (potential), existing business

      – Competitive market position; product management, distribution capabilities

      – Synergies: strategic, operational, financial, market/product/distribution

      – Investments

      – Expense structure (opportunities for increasing efficiency and/or cost reduction)

      – Technological capabilities or possible lack of fit

      – Contractual obligations

      – Areas of risk or uncertainty

      Many acquisitions are viewed retrospectively as failures. A lack of accurate evaluation of/objectivity about prospective acquisition targets (using ‘rose-colored glasses’ leads many (most?) acquirers to have unrealizable goals for their transactions, and as a consequence the end results (strategic, financial or otherwise) do not meet expectations.  There is a considerable level of risk to the acquirer if the due diligence process is not conducted with sufficient accuracy and objectivity.

      Evaluating the Capabilities of an Organization to Execute Successful Acquirer: Being a successful acquirer requires a number of skills and mind-sets:

      – Knowing one’s own corporate vision, mission, strategy and operating model, and how  acquisitions complement them

      – Having a disciplined approach: evaluating fit, paying an appropriate price based on economic value, both current and future

      – Performing careful, accurate and objective due diligence on the target company and management counterparts … caveat emptor!

      – Executing timely, well planned and orchestrated integration activities focus on achieving a favorable operational model and attaining a satisfactory level of cost savings; a number of  companies that acquired positive reputations as acquirers were in fact poor at integrating their acquisition(s), causing their organizations to implode

      – Managing the staffs and corporate cultures sensitively. There is considerable amount of research that identifies human resource related issues as the most prevalent causes for acquisition failure; personalities (egos), conflicting management styles and cultures, and different compensation structures are all too common. Proactive conflict resolution is critical to steer the resulting entity past these pratfalls. Open and continuous communication is critical.

      The General Lack of Success from Acquisitions is Attributed to Mismanaging One or More Critical Aspects of the Transaction with Material Risk

      Strategy

      – Incompatible cultures

      – Incompatible business models

      – Synergy non-existent or overestimated

      Due Diligence

      – Acquirer overpaid

      – Foreseeable problems overlooked

      – Acquired firm too unhealthy

      – Overlooking aspects of the target where excessive divestiture or liquidation might be required

      Implementation

      – Inability to manage target

      – Inability to implement change

      – Clash of management styles/egos

      Conclusion

      An acquisition is arguably the most difficult business endeavor a company can undertake. This report discussed a considerable number of elements involved in acquisition activity; they are all complex, and there are many junctures in the process where a number of these elements can go awry or reach adverse conclusions, either derailing transactions that could have otherwise been successful or ‘proving’ the efficacy of transactions that upon closer scrutiny could not have succeeded and should have been avoided.

      Studies of acquisition activity across all industries (not just insurance) have consistently  found that approximately two-thirds of these transactions yielded unsatisfactory results. One could observe that this is not surprising, as there are so many steps along the way that can turn into insurmountable roadblocks. Considering the myriad of factors that must be performed well, it is clear than sound, pragmatic risk management throughout the process and beyond is critical in order for acquisition activity to succeed

      No Thanks, I have enough “New”

      September 24, 2009

      It seems sad when 75 year old businesses go bust.  They had something that worked for several generations of managers, employees and investors.  And now they are gone.  How could that be?

      There are two ways that old businesses can come to their demise.  They can do it because they stick to what they know and their product or service  (usually) slowly goes out of fashion.  Usually slowly, because all but the most ossified large successful companies can adapt enough to keep going for quite some time, even when faced by competition with a better business model/product or service.  Think of the US auto industry slowly declining for 40 years.

      The second way is a quick demise. This usually happens after the old company chooses to completely embrace something completely new.  If their historic business is in decline, many large old firms are on the look out for that new transformational thing.  The mistake that they sometimes make is to be in much too much of a hurry. They want to apply their size advantage to the new thing and start getting economies of scale in addition to early adopter advantages.

      The failure rate of new business is very, very high.  A big business that jumps to putting a large amount of its resources into the new business will be transforming a solid longstanding business effectively into a start-up.  But rarely do the big businesses in restart mode deliver anything like start-up returns.  So investors bare the risks of of the start-up with the returns only slightly higher than long term averages.

      This is a clear example of when the CEO needs to be the risk manager.  The established firm needs to have a limit for “New” businesses.  The plan for the new business should reflect an orderly transition between the franchise business and what MAY become the new franchise.  This requires the CEO to have a time frame in mind that is appropriate for a business that may have existed before he/she was born and that, if the risks are managed well, should exist long after they are gone.

      There are good underlying reasons why the “New” needs to be limited for a company with long term survival plans.  “New” involves several risks that a well established firm may have mastered a generation ago and have relegated to the corporate unconscious.

      The first is execution risk.  The established firm will doubtless be excellent at execution of its franchise business.  But the “New” will doubtless require different execution.  An example of this from the insurance industry, when US Life Insurers started into the equity linked products, man of them experienced severe execution problems.  Their traditional products involved collecting cash and putting it into their general fund.  They only provided annual information to their customers if any.  Their administrative systems and procedures were set up within an environment that was not particularly time sensitive.  The money was in the right place, their accounting could catch up “whenever”.   With the new equity linked products, exacting execution was important.  Money was not left in the general fund of the insurer but needed to be transferred to the investment manager within three days of receipt.  So insurers adapted to this new world by getting to the accounting and cash transfers “whenever” but crediting the customer with the performance of their chosen equity fund within the legal 3 day limit.  This worked out fine with small timing delays creating some small gains and some small losses for the insurers.  But the extended bull market of the late 1990’s made for a repeated loss because the delay of processing and cash transfer meant that the insurer was commonly backdating to a lower purchase price for the shares than what they paid.  Some large old insurers who had jumped into this new world with both feet were losing millions to this simple execution risk.  In addition, for those who were slow to fix things, they got hit on the way down as well.  When the Internet bubble popped, there were many, many calls for customer funds to be taken out of the equity funds.  Slow processing meant that they paid out at a higher rate than what they received from their delayed transactions with the investment funds.

      The insurers had a well established set of operational procedures that actually put them at a disadvantage compared to start-ups in the same business.

      The second is the “unknown” risk.  A firm that has been operating for many years is often very familiar with the risks of its franchise business.  In fact, their approach to risk management for that business may well be so ingrained, that it is no longer considered a high priority.  It just happens.  And the risk management systems that have been in place may work well with little active top management attention.  These organizations are usually not very well positioned to be able to notice and prepare for the new unknown risks that the new business will have.

      The third is the “Unknowable”.  For a new activity, product or business, you just cannot tell what the periodicity of loss events or the severity of those events.  That was one of the mistakes in the sub prime market  The mortgage market has about a 15 year periodicity.  Since a large percentage of people operating in the sub prime space were not in that market the last time there was a downturn, they had no personal experience with the normal cycle of losses in the mortgage market.  Then there was the unknowable impact of the new mortgage products and the drastic expansion into sub prime.  It was just unknowable what would be the periodicity and severity of losses in the “new” mortgage market.

      So the point is that these things that are observed about the prior “new” things can be learned and extrapolated to future “new” things.

      But the solution is not to never do anything “new”, it is to keep the “new” reasonable in proportion to the rest of the organization, to put limits on “new” just like there are limits on any other major aspect of risk.

      Project Risk Management

      September 11, 2009

      A Guest Post from Johann Meeke

      Why do most projects overrun on time or cost?

      Perhaps it’s because sane people are involved. One of the components of sanity is optimism. (It’s why we are happy to get out of bed each morning – because we think things will be okay). Sane people, trying to anticipate the problems ahead, on a new venture, will most often believe things will be good … and that bad things can be dealt with!

      When is a risk a threat and when is it an opportunity?

      Imagine you commissioned a new bridge. The week before opening the constructor tells you that it needs to be delayed by 48 hours. Do you cancel the whole project … or just wait 48 hours?  What happens if they come to you and say they can open it early by 24 hours. Do you declare the project a failure? Of course not. But this is the point about project risk. The very essence of what we mean by risk needs to be reflected on. Now the nature of risk is much more uncertain.

      Contrast this to an incident where the bridge is built but collapses through poor workmanship. Now there is no doubt about the nature of risk. It’s very clear.

      Projects present a particular form of challenge to the risk manager. Firstly, the definition of risk needs to more balanced. Secondly, the processes used to identify and evaluate risk need to be specifically considered and finally the risk mitigation techniques require tailored consideration.

      Typically projects have three main risk variables:

      • Price – will you make a profit by building/delivering for less cost that you can eventually sell it for. (Or will you be on budget).
      • Performance – will it work to customer specification, over its entire life (or life of contract obligations)
      • Programme – will you complete on time.

      All these variables interact in a positive and negative way. You could deliver early but might have to sacrifice performance and price (by compromising spec or putting more resource, i.e. cost, into the project). You could delay the programme (a negative) by reducing costs (normally a positive).

      What is actually happening is a trade-off between threat and opportunity in a manner that’s doesn’t happen so directly in most others areas of risk management.

      For example, installing automatic sprinklers in a factory doesn’t provide a direct opportunity to earn more profit. It might protect the profit you have projected. But as can be seen above, trading off programme and performance risk, on a project, might lead to directly increased profits (because costs have been reduced through less overtime working for example).

      The reason this point has been concentrated on is because there is a strong tendency to assume project risk management is just like any other form of risk management – with just a few more time and cost constraints.

      So what are the main differences in managing risk?

      Well, for this article we will ignore those risks that can be subject to some form of preconception e.g. building site health and safety where normal safeguards should be applied. Let’s instead focus on the unique aspects.

      Risk identification

      By definition a project is a new thing. Whether developing a new product, building a new factory or installing a new IT system – it will never have been done before, under quite the same circumstances. You may have built a similar factory nearby, but the ground conditions will be different, the neighbours, the weather, key staff might have left and so it goes on.

      In short, you can learn from the past but the future consists of potentially significant new elements. Therefore, whilst you can rely on checklists and lessons learned you will also have to consider the unknowns that have never been encountered in quite the permutation you will come across. For this reason, some form of multi-disciplinary “brainstorming” or scenario envisaging should take place. This will allow you to comprehensively explore the future and how it might manifest itself. The multidisciplinary approach allows quick identification of risks that arise through a combination of circumstance or that might fall through gaps.

      Risk Assessment

      Determining downside threat without also calculating upside opportunity would make a project risk management exercise like a car with brakes but no engine. For example, considering the costs of project overrun will give one view of management action – however, looking at the potential benefits of delivering early (e.g. improved cash flow, availability of staff for other projects, project bonuses etc.) will give a completely different emphasis. Blending the upside/downside trade-offs between performance, programme and price is the very essence of good project management.

      Risk  Treatment or Mitigation

      Dealing with risk here is more than ensuring compliance. It is about having the correct upside and downside KPI’s. it’s about integrated contract negotiation with proper project monitoring. It is about mitigation that starts at the bid phase with clear contracts and a thorough understanding of what needs to be done, by whom and by when. It’s about having the right staff and material, when and where needed. In short, it’s a whole world of complex interactions requiring experience and skill, underpinned by robust processes.

      Some concluding thoughts

      How does one tell a good project risk management process from a mediocre one?

      Perhaps the most obvious indicator is where the risk management starts when the project starts. In reality it should have started at the bid or inception phase.

      On other occasions it has actually occurred at the bid phase – but has never been integrated into the project plan after contract start.

      But perhaps the best indicator of all is a bit more personal. Most project risk assessments are de-humanised. It’s the modern way as we search for the commanding heights of objectivity. But imagine the effect of an excellent project manager versus an average one. Would it affect timings, costings, relationships. You bet. If your project risk management hasn’t even assessed this most obvious of risks then I suggest it is back to the drawing board.


      %d bloggers like this: