Archive for the ‘People Risk’ category

Attributes of Unsuccessful Companies

March 26, 2014

from Mike Cohen

(whether they have gone out of business or have underperformed)

1) Goals (most importantly financial) have not been clearly identified or calibrated, with a number of damaging consequences:

  • It is not clear whether strategies being pursued will lead to the company achieving desired results
  • Companies may not be able to quantify and qualify the potential impact of the risks they are taking relative to the goals they are trying to accomplish (Many firms!)
  • The goals may not be realistic, and the company could be stretching beyond its capabilities and risk tolerance to attempt to achieve those goals (possibly becoming desperate)

2) Company does not have the necessary expertise or reputation to operate successfully in its chosen lines, for various reasons:

  • Leading competitors have set standards that are not attainable by the company (Many firms, for example those pursuing the ‘Financial services supermarket’ model)
  • Smaller companies seeking to compete ‘toe-to-toe’ with larger companies as opposed to executing niche strategies in segments the larger firms are not interested in
  • Core competencies aren’t sufficiently robust (Many firms!)
  • Competitive advantages are overstated (Many firms!)

3) Not accurately understanding the customer (product pushers are particularly susceptible)

  • Being out of touch with current trends, needs, wants, attitudes, demographics
  • Customers may not know what they want, exacerbating the problem (Steve Jobs’ theory, executed extremely successfully at Apple!). Following on this thought, can focus groups provide accurate, actionable input? The quip about ‘quality’ also comes to mind: “I can’t define quality, but I’ll know it when I see it”

4) Product performance is materially poorer than projected

  • Pricing assumptions are missed, leading to lower margins or necessitating reserve strengthening
  • Product features cause benefits to be paid that are much greater than anticipated (Variable annuities)
  • Product guarantees are not effectively hedged (Again, variable annuities)

5) Risk management practices do not adequately address the company’s most important potential exposures, leading to:

  • Taking risks that do not have commensurate returns
  • Pursuing strategies or entering into transactions that have not been exhaustively vetted
  • Inaccurately calibrating the potential adverse impact of risks taken (General American – Funding Agreements, AIG – Credit Default Swaps)
  • Overestimating the company’s tolerance for risk, and underestimating stakeholders’ reactions to outsized risk exposures
  • Weakened capital
  • Suppressed earnings
  • Asset-related issues: Erosion of principal, poor returns, constrained liquidity

6) Decision making culture and processes producing poor choices

  • Inwardly focused decision making, placing greater value on what has been created internally than on what others (externally) have done, either individually or collectively, potentially missing out on higher-order thinking generated by groups and on critical perspectives of others
  • Not recognizing dislocations, changed paradigms and fundamentals; slow and cautious reactions to new information
  • Getting bad advice (including faulty research) or no advice (not realizing when they are at an information disadvantage), and not differentiating between helpful and harmful experts ahead of time
  • Defensive attitude: Arrogance, cowardice, lack of openness to other ideas
  • Ineffective problem solving
  • Working only on problems that seemingly can be solved and avoiding those that appear difficult to solve
  • Not admitting mistakes or misassumptions, tending to blame others for poor results as opposed to studying the causes for their own mistakes and fixing them.
  • Not making corrections decisively, or overreacting
  • Penalizing (punishing) associates for raising troublesome issues (Many companies!)
  • Following the herd

Conclusion

  • There probably isn’t a single attribute leading to company underperformance that couldn’t be successfully addressed if the company was so inclined.
  • It is instructive to note that the causes leading to underperformance are not the ‘opposites’ of the attributes of successful companies. Every company strives to be successful, but unfortunately many haven’t realized their aspirations.

Michael A. Cohen, Principal of Cohen Strategic Consulting

Collective Approaches to Risk in Business: An Introduction to Plural Rationality Theory

December 18, 2013

New Paper Published by the NAAJ
http://www.tandfonline.com/doi/abs/10.1080/10920277.2013.847781#preview

This article initiates a discussion regarding Plural Rationality Theory, which began to be used as a tool for understanding risk 40 years ago in the field of social anthropology. This theory is now widely applied and can provide a powerful paradigm to understand group behaviors. The theory has only recently been utilized in business and finance, where it provides insights into perceptions of risk and the dynamics of firms and markets. Plural Rationality Theory highlights four competing views of risk with corresponding strategies applied in four distinct risk environments. We explain how these rival perspectives are evident on all levels, from roles within organizations to macro level economics. The theory is introduced and the concepts are applied with business terms and examples such as company strategy, where the theory has a particularly strong impact on risk management patterns. The principles are also shown to have been evident in the run up to—and the reactions after—the 2008 financial crisis. Traditional “risk management” is shown to align with only one of these four views of risk, and the consequences of that singular view are discussed. Additional changes needed to make risk management more comprehensive, widely acceptable, and successful are introduced.

Co-Author is Elijah Bush, author of German Muslim Converts: Exploring Patterns of Islamic Integration.

Ingram Looks into ERM – Eight short articles.

December 17, 2013

The magazine of the Society of Actuaries published eight short essays on a variety of ERM topics.

Making Risk Models Collaborative   With our risk models, we make the contribution of managers to the risk management of the company disappear into the mist of probabilities. And then we wonder why so many managers are opposed to “letting a model run the company.”

We Must Legitimize Uncertainty   In a post to the Harvard Business Review blog, “American CEO’s should Stop Complaining about Uncertainty,” Jonathan Berman points out that while African companies are able to cope with their uncertain environment, American CEOs mostly just complain.  Americans must legitimize the Uncertain environment and study how mest to cope.

Finding a Safe Place New ERM and Old School goals for risk management all seek to keep the company safe.

ERM and the Hierarchy of Corporate Needs  The reason that ERM is not given the degree of priority that its proponents desire is that its proponents want is that it is at best third in the hierarchy of corporate needs.

Help Wanted: Risk Tolerance  It is a rare company that can create a risk appetite statement if they do not already have years of experience with the measure of risk that will be used.

What should you do at a Yellow Light?  Companies need to plan in advance what should be happening when their risk reports indicates that they are entering into risky territory.

Are you Sure about that?  Frequently, we ignore the fact that our risk models do NOT produce infomation about our risks that are all consistently reliable.  Yet we still add those numbers to gether as if they were on the exact same basis. 

Creating a Risk Management Culture – Risk Management needs to be embedded into the corporate culture, just as expense management was embedded thirty years ago. 

 

Code of Conduct… for Baseball Players

November 29, 2013

1.   I will always play the game to the best of my ability.

2.   I will always play to win, but if I lose, I will not look for an excuse to detract from my opponent’s victory.

3. I will never take an unfair advantage in order to win.

4. I will always abide by the rules of the game—on the diamond as well as in my daily life.

5.   I will always conduct myself as a true sportsman—on and off the playing field.

6. I will always strive for the good of the entire team rather than for my own glory.

7.   I will never gloat in victory or pity myself in defeat.

8. I will do my utmost to keep myself clean—physically, mentally, and morally.

9.   I will always judge a teammate or an opponent as an individual and never on the basis of race or religion.

Connie Mack 1916

How does your company’s Code of Conduct compare to this?

Back in 1916, baseball players where not yet superstars who could write their own ticket.  Do your superstars (rather than management) set the conduct norms at your company?

Businesses all need a real code of conduct that is held by management to be just as important as the bottom line.  This code of conduct needs to become embedded in the corporate culture, if it isn’t already.

This is needed because the business that is run entirely on the principle of “shareholder value” will be inherently amoral.  Guided by the belief that if they do not do it, someone else will.  And this approach is excused because “the invisible hand” makes sure that when everyone operates in this manner, that the collective outcome will be the best.

But that invisible hand idea was written by the person who also authored “The Theory of Moral Sentiments”, a book that opened with the sentence:

How selfish soever man may be supposed, there are evidently some principles in his nature, which interest him in the fortunes of others, and render their happiness necessary to him, though he derives nothing from it, except the pleasure of seeing it.  A Smith 1759

 

Does your Risk Management Program have a Personality?

December 19, 2012

Many people are familiar with the Myers-Briggs Personality Type Indicator.  It is widely used by businesses.  What a shocker to read in the Washington Post last week that psychologists are not particularly fond of it.

The Myers-Briggs Personality types were developed directly from the work of Carl Jung, who is not highly regarded by modern psychologists according to the Washington Post story.

Psychologists have their own personality types.  The chart below is from The Personal Growth Library, and is called the Five Factor Model.

Personality

You may be able to find options here that would allign with your ERM program. 

Stability – You may seek Resilience, and settle for Responsiveness. 

Originality – You may want to be an Explorer, but much more likely, your ERM program is a Preserver.

Accommodation – Your goal is to be a Challenger, you end up a Negotiator. 

Consolidation – You should be able to achieve a Focused ERM program, but pressures of business and the never ending crises force you to be Flexible much too often. 

That seems to provide some valuable introspection. 

Next you need to look at the overall enterprise personality.  Many successful companies will have a personality that is very different from the choices that you want to steer towards as the risk manager for your program.  You should check it out and see.

If there is an actual allignment between your overall organization’s personality and the personality that you aspire to for your ERM program, then you will be running downhill to get that development accomplished. 

What does that mean when the personality that you want for your ERM program is almost totally different from the personality of your organization?  It means that you will be pulled constantly towards the corporate personallity and away from what you believe to be the most effective ERM personality.  You then have to choose whether to run your ERM program as a bunch of outsiders.  You then will need to form a tight knit support group for your outsiders.  And make sure that you watch the movie Seven Samuri or The Magnificant Seven. 

Or you can rethink the idea you have of ERM.  Think of a version of ERM that will fit with the personality of your company.  Take a look at The Fabric of ERM for some ideas.  Along with the rest of the Plural Rationality materials.

Rounding Up to Reduce Drift into Failure and Maintain Risk Karma

July 31, 2012

So what to do about Drift into Failure?

Think of DIF in simple math terms.  At every turn in the calculation, you are rounding down or truncating the values that you calculate.  With that process, your result will always be low.  Not always noticeably low but with a bias to be below the value that you would have calculated with carrying forward the value with all of the decimal points.

With a Risk Management or Safety system, it is the same thing.  If checking ten times will give a .9999 guaranty of safety, then nine times should be good enough.  If lubricating weekly produces no failures, how about lubricating every 9 days.  And so on.  If a hedge that is 98% effective works out fine most days, how about a hedge that is 96% effective.  A $5 million retention works, why not move it to $5.5 million.

In every case, the company rounds down.

So the practice that is needed to reduce DIF is to occasionally round up.  One year, try rounding up on half the risk systems.  Make the standards just a tiny bit tighter a few times.  Balance things that way.  Think of your firm as accumulating bad karma by allowing the shortcuts, the rounding down on the risk management and safety systems.  Protect the karma, by going the other way in the same sort of imperceptible small steps that are the evidence of the DIF.

Stop Drifting.   Join the Fight Against Bad Risk Karma Today.

The Risk of Paying too much Attention to your Experience

July 30, 2012

The Drift into Failure idea from the Safety Engineers is quite valuable.

One way that DIF occurs is when an organization listens too well to the feedback that they get from their safety system.

That is right, too much attention.  In the case of a remote risk, the feedback that you will get most days, most weeks, most months is NOTHING HAPPENS.

That is the feedback you are likely to get if you have a good loss prevention system or if you have none.

This ties to the DIF idea because organizations are always under pressure to do more with less.  To streamline and reduce costs.

So what happens?  In Safety and Risk Management, someone studies the risks of a situations and designs a risk mitigation system that reduces the frequency or severity of problem situations to an acceptable level.

Then, at some future time, the company management looks to reduce costs and/or staff.  This particular risk mitigation system looks like a prime candidate.  The company is spending time and money and there has never been a problem.  Doubtless, the same “nothing” could be achieved with less.  So the budget is cut, a position is elimated and they get by with less mitigation.

Then time pass and they collect the feedback, the experience with the reduced risk mitigation process.  And the experience tells them that they still have no problems.  The budget cutters are vindicated.  Things seem to be just fine with a less costly program.

If the risk here is highly remote, then this process might happen several times.

Which may eventually result in a very bad situation if the remote adverse event finally happens.  The company will be inadequately unprepared.  And no one made a clear decision to dilute the defense to an ineffective level.  They just kept making small decisions and eventually they drifted into failure.

And each step was validated by their experience.

A Learning Break

July 16, 2012

Riskviews has been taking a learning break.

Some times we are refreshed and invigorated by getting away from anything relating to their primary occupation.

But other times the most refreshing thing that you can do is to learn about how people faced with seemingly different, but fundamentally similar problems approach their work.

Riskviews has been learning small bits about Resilience.  That topic is usually associated with physical systems failures.  We are fooled into thinking that physical systems failures are all about engineering questions about the failures of metals or breakdown of lubricants.

But just as most failures in financial firms are directly related to human systems issues, so are most physical systems failures.  Studies about resilience are mostly studies of the human systems that are tightly linked to the physical systems that fail.

Here is a definition of resilience:

Resilience is the intrinsic ability of a system
to adjust its functioning prior to, during, or
following changes and disturbances, so that
it can sustain required operations under both
expected and unexpected conditions.

Already, Riskviews is learning something.  In much risk management literature, it is assumed that the system is determined via rules and that there is not necessarily ANY adjusting happening.  But from experience, we know that in almost all cases, systems will adjust to most significant changes and certainly will adjust to “disturbances”.

At the highest level, banks found out that a capital regime under which they held capital for a 1 in x event worked for absorbing the large loss, but it did not work for providing needed capital after the large loss.  They had a plan that worked up until the day after the event.

What both banks and insurers also found in the crisis was that their systems did adjust as things got insanely adverse.  But what they found was that in some cases, their systems adjusted so that they reduced the impact of the crisis and in other cases, made things worse.

One of the concepts that Resilience Engineers have developed is what they call “Drift into Failure.”  What they mean by that is that in many cases, complex systems fail, not because of some single part of person’s failure, but because of a series of small problems that in the end cause an avalanche type failure.

Here are four ideas that were discussed at a Resilience Engineering conference in 2004 from the notes of C Nemeth:

. Get smarter at reporting the next [adverse] event, helping
organizations to better manage the processes by which they decide
to control risk
. Detect drift into failure before breakdown occurs. Large system
accidents have revealed that what is considered to be normal is
highly negotiable. There is no operational model of drift.
. Chart the momentary distance between operations as they are,
versus as they are imagined, to lessen the gap between operations
and management that leads to brittleness.
. Constantly test whether ideas about risk still match reality. Keeping
discussions of risk alive even when everything looks safe can serve
as a broader indicator of resilience than tracking the number of
accidents that have occurred.

Resilience is a big topic and Riskviews will continue to share further learnings.

CEO is still the Real CRO

June 23, 2012

It was just a couple of weeks ago Riskviews posted…

It’s the job of a CEO to be the Chief Risk Officer

A week later, Reuters ran a story about JP Morgan…

Analysis: JPMorgan repeats basic mistakes managing traders

In that article Rachel Wolcott suggests that the CRO needs to be powerful enough to buck the most powerful traders.

What she fails to recognize is that the CRO and the trader are both acting out the orders of the CEO.  If the CEO is telling the CRO to enforce a risk limit and also telling the trader that he is free to break the limit, then it is not the power of the CRO that is the problem.

It is a CEO that wants the appearance of risk management and the profits from excessive risk both at the same time.

CEOs will often allow underlings to “fight it out” rather than making all of the decisions in the company.  In this case, however, everyone must realize that when it appears the CRO is too weak to do their job, that means that the CEO is not standing behind them and is completely responsible for the risk that is being taken by the overaggressive traders.

Psychologists Tend to Overgeneralize

March 5, 2012

With the obvious failures of neo classical economics in the Global FInancial crisis, Behavioral Finance has been raised as the best explanation that we have for “how things work” and many people are trying to use BF as a basis for how to go forward.

BF is often held up as great work because its authors received a Nobel Prize.

But Behavioral Finance is psychology work that received a Nobel prize in Economics. I do not know, but I strongly suspect that few if any of the Nobel committee were experts on psychology.

But it does not take very much research to learn that there are quite a number of reasons to go slow in holding up BF as the next new thing to explain economic behavior.

Here are some things to think about when you look at Behavioral Finance:

  • Behavioral finance starts out with the premise that Neo Classical economics is “correct” and that anytime that their study reveals behavior that is not consistent with neo classical economics that people are “biased” towards “wrong” behavior
  • Many of the BF experiments were done with college students. Other researchers into the development of the brain find that the parts of the brain that support judgement are not fully mature until age 25 on the average
  • All of the BF experiments are done totally “out of context” by definition. Most research into general human decision making shows that humans rely heavily on context for decision making. Some of the “biases” that BF have “found” may simply be the result of people inserting a context that is common to their experience into their answers instead of the purely academic contextless point of view that is being imposed to judge the answers.
  • Psychologists strenuously try to avoid “the Practice Effect”. This is the effect of people learning from repeated tries on an experiment. However, “the Practice Effect” is the primary way that humans learn to get things correct. So it is possible that most of their conclusions only apply to the very first time that people make the sorts of decisions that are being tested. In fact, other psychologists have shown that the most consistently found bias, the overconfidence bias, can be completely overcome with experience.
  • Many of the findings of BF are much less strongly in evidence with fairly small changes in wording of the questions asked. For example, in one study they found that more people would say that Mary was likely to be a feminist and a bank teller than just a bank teller. However, if they simply instead asked out of 100 women, how many would be bank tellers and how many would be bank tellers and feminists the bias completely disappeared.
  • Some of the conclusions of BF that are questionable may be traced to flaws in neo classical economics. Neo classical economics assumes that there is exactly one correct view of both risk and expected reward. If you recognize that since both the risk and the reward are in the future and that it is impossible to in advance determine the exact correct answer for either risk or expected reward, the possibility of a variety of opinions is obvious. This line of reasoning permits may different “correct” answers.
  • Real economic actors will say that academic discussions are one thing, but people making real statements of opinion are only credible when they are expressed with the commitment of funds. None of the BF experiments involve commitments of amounts of money that is real and significant to the subjects. All of their answers are therefore suspect.

The human element is very real in economic affairs. However, the simple experiments of BF are by no means the last word. They open us up to alternate lines of thinking than the even more oversimplified ideas of human behavior embedded into neo classical economics.

The final and most compelling reason for distrusting BF is the extremely high degree to incompetence that seems to be implied for the human race from the scores of biases that have been identified.  That just does not square with the simple observation that we no longer live in caves and hunt with sticks.  Somehow, along the way, humans made many, many decisions correctly.  If there were such strong biases towards wrong decisions, then it would be hard to imagine any such progress at all.

Not a moment too soon

November 28, 2011

“At first glance, Homo sapiens is an unlikely contestant for taking over the world.”  Gerd Gigerenzer

Evolutionary biologists have identified that one of H. sapiens original competitive strengths was the ability to run for very long periods of time, chasing their prey to exhaustion.  Not a particularly powerful weapon.  For my money, in the primitive world, I would have choosen large teeth and blinding speed any day.

But that was not mankind’s only advantage.  Humans eventually found that we could use tools.  And best of all, man was one of the best on the planet (among larger life forms at least) in adapting.  In “Rationality for Mortals”, Gigerenzer calls the approach that humans used the “fast and frugal heuristic”.  With that approach, humans developed ways to best use both man’s limited natural and constantly growing artificial toolset adapting to the environment.  A heuristic is an approach to problem solving with partial information.

Gigenzer gives an example of a heuristic used by a baseball outfielder catching a fly ball.  You will see that in most cases that outfielder will catch the ball on the run.  That is because the natural heuristic is for the outfielder to keep moving and to make small adjustments to their position until they and the ball are in the same location.  Binocular vision does not necessarily give enough information soon enough to position properly.  But successive observations provided by moving approximates a much wider set of eyes.  The heuristic uses a skill that the human brain already has – the ability to process multiple images of the same object to develop a three dimensional view of the world.

Flash forward 10,000 years.  Zoom down into the world of insurance and pensions and you will find a conflict for the role of key decision maker.  On the one hand is the management (or in general insurance the underwriter), who is the product of tens of thousands of years of advances in the “fast and frugal heuristic” regarding the financial risks that insurers and pension plans have been running more or less profitably for a few hundred years.  Their ability to make judgments in this arena is honed by decades of experience avoiding the necessity to run down their prey for days until it dies of exhaustion.  Some of these heuristics can be readily explained to colleagues in the business decision making process, but some can not be put into words any better than a baseball player can explain exactly how they are able to hit a 95 mile per hour fastball.  Those heuristics are called “Gut instinct”.

In the other corner of this conflict are the actuaries.  Actuaries represent one of the most highly evolved specimens of scientific man.  Actuaries are trained to build sometimes excruciatingly complex models of small bits of the world to inform their decision making.  These actuarial models are fundamentally statistical in nature.  They rely upon a number of statistical laws for their power, such as the lay of large numbers and Bayes law.

There is a constant push and pull between the actuarial model builders and the heuristic weilders for the major decisions of the firm.  And since actuaries do not always win, there is a feeling of oppression.  There are jokes about the actuarial approach by the followers of the heuristic approach.

But in fact, the two approaches are closer than one might think from first (or even repeated) exposure to the issue.  Both approaches have at their core a Baysean view of how to get to the right decision.  That approach is to constantly update your decision making engine with new experiences.

The heuristic decision makers may cast a wider net for the information that they bring into their heuristic.  The modelers are usually limited to specifically quantifiable information that can be put into the model.  Since the heuristic group does not have a quantitative model, they do not have that constraint.  However, they have the disadvantage that they do not necessarily have a systematic way to incorporate new information.  The heruistic forming process is not necessarily a fully conscious process.  In fact, explanations of heuristics are usually post hoc, not really a part of the development process.

That flaw does not make heuristics something to sneer at.  Humans came to take over the world primarily because of this ability to create and update powerful heuristics.

The actuarial, statistical, quant approach to risk management and decision making is a development out of the scientific revolution.

Part of the scientific revolution was an effort to drive heuristics out of the position that they held in the area of major human decision making.  They did such a good job that it is often difficult for us modern people to even understand the pre-scientific revolution thinking processes and discussions.

We now favor evidence based logical reasoning.  Heuristics are often formed without any clear reasoning.  They just work.  But that heuristic thinking is also what we now call “judgment” that we are now trying to leven our quant approach to models with.   We say that without even noticing that this is a movement against the grain of several hundred years of scientific progress.

And not a moment too soon.

Don’t Forget to Breathe

September 5, 2011

All air breathing organisms do not need any special process to avoid the risk of simply forgetting to breathe. Mostly, they just do it automatically. And if for some strange reason, they stop breathing, their body very quickly develops a violent response to the lack of new air.

Drinking and eating are not quite so automatic, but it is also unnecessary to remind people not to starve to death, when they have a choice to do otherwise.

Animals, including humans, can be observed to also have many, many automatic risk management behaviors. Fear of heights, startle reactions, fight or flight adrenalin releases, and so on. In fact, if you are at a loss of how to deal with any business risk, just go down the list of human natural defenses against risk and you will get lots and lots of different ideas. The natural environment in which the human species evolved was and remains very dangerous. Risks come at us from every direction. Some are constant (like falling from a great height) and some change all the time (like predators and competitors for resources).

Many business managers will contend that their company has developed automatic systems that are embedded in the DNA of the firm to handle risk. The continued existence of the firm is put in evidence as the primary proof of that contention.

The problem with believing that sort of argument is that while a failure to breathe will send an animal into fits of gasping, and dancing on the edge of a cliff will make most animal’s head spin with a natural fear reflex, there is no noticeable consequences of a business stopping their risk management activities.

There are natural, automatic and almost fool proof mechanisms in animals to prevent them from taking some of the most immediately dangerous risks. There are absolutely none of those in a business setting.

So even if there has been a long history of ingrained risk management actions in a firm, a sudden change in personnel can send all that right out the window.

One way of looking at a risk management system is as the replacement for the natural fail safe mechanisms.

Nature saw fit to add a violent automatic natural reaction to a lack of air to the automatic breathing mechanism that can be consciously overridden. The business risk management traditions can be easily and painlessly overridden, unless there is a good risk management system to make the company gasp for breath.

You might find yourself swimming underwater. You override your natural urge to breathe. There are interesting things to see underwater. But you will find it very difficult to stay under too long. Your body has failsafe mechanisms that means you have to work at it very hard to stay under long enough to really hurt yourself. In fact, the mechanism seems to have such a margin of error that you start to want to come back up when you still have the capacity to get back to the surface.

Companies have no similar automatic mechanism.  When someone fails to do the risk management that they should, usually the reaction is that things look and seem better.  Most often, risk management depresses profits, and reduces choices.  The feedback that is experienced leads the exact wrong direction.

A risk management system is the answer to the problem.  The risk management system needs to have mechanisms to keep reminding employees that they need to follow the system rules.

Risk management is not at all like breathing.  In fact quite the opposite.  A firm that wants to have risk management for the long term will need to have a formal process to remind employees that it is important.  In addition, the importance of risk management needs to be periodically reinforced by statements of support from top management.

Risk management is more like a medicine that a person who feels perfectly fine is asked to take regularly.  Every day, they get up and take this medicine, but there is no obvious indication that the medicine is needed.  Many will simply start to forget to take the medicine.  Stop wasting the time it takes to buy and take the medicine.  Avoid even minor side effects.

On the other hand, things that are bad for your health are give quite positive short term feedback.

The trick is to make risk management become more and more like breathing.  To make it a reflex and to build up the mechanisms that will send out danger signals if someone tries to override those automatic mechanism.

Decision Fatigue and Crisis Risk Management

August 31, 2011

In a recent New York TImes Magazine article, the problem of decision making fatigue is described.  The article says that people will generally tire of making decisions.  It sites studies of judges rulings on parole hearings.  Parolees who have the bad luck to have their case heard later in the day have much less chance of success was one example cited.

Another interesting aspect of decision fatigue was that once fatigued of decisions, people tended to narrow their decision making criteria.  Tired decision makers would eventually get down to a single factor driving their decisions.

The idea given of how to avoid decision fatigue is generally to avoid making too many decisions.

There are interesting implications for risk management.  RISKVIEWS has said many times that risk management means that sometimes the company will do something different then before they had risk management.  But since the company is not doing something different all of the time, each different situation requires a decision.  But all decisions are not of the same economic impact.

So a strategy for getting it right – or at least avoiding decision fatigue for the most important decisions is to make sure that a fresh decision maker is involved in the decisions of higher importance.

This idea may not mean making any change in the procedures of many companies.  It is not uncommon for decisions that involve larger amounts of money to require approval by a more senior person than the person who makes the lesser decisions.  It appears that is a good idea from a decision fatigue point of view.  Firms who seek to empower their employees by avoiding that sort of system may be playing russian roulette with their most important risk management decisions.

In a crisis, many decisions are needed in a short time.  That is perhaps one way of defining a crisis.  Things must be done differently.  The likelihood of decision fatigue in a crisis seems to be immense.

A solution to this is to reduce the number of decisions.  This can be accomplished by anticipating the decisions that may be needed and making the most likely decisions in advance.  It may well be that an advance decision made with an approximation of the situation may be better than a fatigued decision.  There still remains the decision of whether the advance decision is still applicable.  But if done right, the stress of decisions can be greatly reduced.

In addition, the narrowing of decision making criteria for fatigued decision makers is an interesting finding.  Many management information people report that they need to refine the information that they provide to single indicators, in some cases to red light/green light on/off indicators.

This seems to be clear indication of decision fatigue of senior managers.  While MI professionals will not usually be empowered to have an opinion on this, it seems that what is in order is for the top managers to make fewer decisions until they get to the point where they are no longer too fatigued to recognize the actual complexity of the decisions that they are making.

Maybe it is not as obvious as you think…

August 24, 2011

Do you have any bad instructions risk?

Another Point of View

August 1, 2011
Good Risk Management requires people who can see things from another point of view.

The various tasks that are required for good risk management actually require different people with different points of view.

  • Loss Controlling requires people who are going to be willing to painstakingly review everything that the firm does to make sure that there are not any unintended accumulations of risk (or any risk accumulations that are being deliberately hidden).  These people need to have a point of view that focuses on the details.
  • Risk Steering requires people with almost the opposite point of view, the big picture people.  To do good risk steering one must look past all of the details of risk and concentrate on the broad themes of risk that the firm is taking.
  • Risk Trading requires people who are very outward focused, who are able to pay attention in the subtle and not so subtle changes in attitudes towards towards different risks in the marketplace.  They also need to be able to discern when changes in the company’s offerings or changes in the risk of the environment.  Their task is to make sure that the price that the company is getting for the risks it assumes is sufficient to pay for both the expected losses as well as appropriate compensation for the possibility of excess losses.
  • Emerging Risks management requires people who are able to think outside the box, sometimes totally outside of the box to notice the faint signals that something is changing or something totally new is starting to happen and to imagine what might be needed to cope in the new situation.

Those are just not the same people.  So a smaller firm that has assigned their risk management to one person will be disappointed if that one person is not able to tap the skills of others who actually are readily able to think in these totally different ways.

That is one of the ways that risk management disappoints top management and frustrates the people asked to do it.  Even when an assigned risk manager is allowed or even encouraged to tap into these various other skills and points of view, it is very difficult for one person to even recognize the value of each of these different approaches.  More often the assigned risk manager will plow ahead building the risk management program that fits with their own point of view.

So no matter who you are and how good you are at risk management, remember to look for those people with the point of view that is very different from yours.  And pay attention to that they say about risk.

Imminent Risk – Employee Turnover

May 16, 2011

Many risks go in cycles.  And While it makes some sense to keep an eye on them during the part of the cycle when they are low, it makes much more sense to concentrate on them when they are imminent.

A recent report from Metlife “Study of Employee Benefits Trends” diverts from its primary topic to spend an entire chapter on The Erosion of Employee Loyalty.  One startling statistic that they report is that over one third of employees say that if they have the choice, they will change employers in 2011!

Risk managers often think of risks like employee turnover as being “soft” risks that are difficult to measure and model.  But that may be mostly due to lack of familiarity.  In this case, people have measured the costs.  The Society of Human Resources Management (SHRM) has estimated that turnover costs vary by the level of employee.  For minimum wage employees, the costs are 30% to 50% and goes up for more skilled employees – up as high as 400% of salary for the most skilled employees.

And that does not take into account that the people who are most able to leave are the most competent and productive of your employees.

So your firm has an imminent risk that will emerge when the job market in your industry opens up.  You will know exactly when that risk is going to hit.  You will know because your firm will start to hire more after several years of low or zero hiring.  Once you notice the actual turnover, it will be too late. So monitoring hiring by your own firm and in your part of the economy is your key risk leading indicator.

The risk treatment steps to take would be those that might impact either the frequency or severity of the losses from this risk.  (duh)

Metlife includes this discussion in their report on employee benefits so that they can make the case that more employee benefits would be an effective preventative.

But before setting out to define risk treatment plans, the risk manager will want to look at the loss estimates.  That SHRM study points to costs from the hiring process, from training costs as well as productivity losses.  Each firm should examine their practices and experience to refine the general estimate to their situation.  Some firms will always choose to hire highly experienced employees to minimize the training and lost productivity costs.  Other firms will go to the other extreme, hiring mostly at the entry level and expecting to promote from within to replace any higher level losses.

Salary costs are a large percentage of financial businesses costs.  The management of this cost could probably benefit from some good quantitative analysis, if that is not already the practice.

If the SHRM costs are correct and even half the people identified by Metlife are able to change jobs, then firms on the average are facing extra costs of as much as 20% of payroll.

Do the math, where does this put employee turnover risk in terms of your top ten risks list?

Lucas Fayne Highly Recommends this Blog

April 24, 2011

The New York Times reported today that Lucas Fayne can be found on over 50 websites around the web endorsing the services of home remodeling contractors.  Riskviews did intensive research (i.e. a single Google search) and found a dozen references to the syndicated NYT article AND some of those endorsements.  Riskviews found that Fayne had home remodeling work done in Lexington Kentucky, San Marcos Texas, Irving Texas, Belmont Tennessee, Belmont New Hampshire, Minneapolis Minnesota before getting tired of researching.

So Riskviews decided to post his recommendation of this Blog.

Reality can be a much better teacher than Blogs.  Maybe there really is a Lucas Fayne who has had some much home remodeling work done all over the country.  Maybe he is such a consistent speaker that he has exactly the same thing to say about each and every contractor.

And maybe this story is a good lesson about due diligence.  And letting someone else provide your due diligence.

Riskviews seems to have actually done a little more research than the NYT.  Because Riskviews has discovered that there are other serial recommenders.  Nan Carlisle and Gillian Lee have also made statements about contractors in multiple states.  Lucas’ brother William seems to like the work that he had done also.

In this particular case, it was easy enough to find that these recommendations are probably bogus.  But you might want to keep this story in mind whenever you are tempted to be satisfied with a simple web based reference for someone or some service.

In the early days of computers, many unsophisticated managers were fooled into thinking that computer reports were by nature more accurate than hand typed reports.   More than one computer savvy person took advantage of that by getting the computer to simply print whatever they wanted a report to say, rather than doing what was assumed – getting the computer to actually determine an answer with its vast calculation power.

Few people who know how the internet works would fall for that sort of trick nowadays.  But how many people actually understand how the internet works?

Overreliance on the internet as an unchecked source of information is a risk to every business.  The risk manager should make sure that there are protocols to eliminate recommendations from the Faynes, Carlisles and Lees.

But in case you are someone who does not worry about things like that, here is the recommendation of this Blog:

We were very satisfied with the service and efficiency of your blog.  Getting the quote was quick and easy, and your staff started on time each day and worked hard. We are very confident with the job you did and have been recommending you to all our neighbors. Riskviews became a good friend to our family by the end of our project. He is a class act all the way!    Lucas Fayne (yourtown, yourstate)

Systemic Risk, Financial Reform, and Moving Forward from the Financial Crisis

April 22, 2011

A second series of essays from the actuarial profession about the financial crisis.  Download them  HERE.

A Tale of Two Density Functions
By Dick Joss

The Systemic Risk of Risk Capital (Or the "No Matter What" Premise)
By C. Frytos &I.Chatzivasiloglou

Actuaries and Assumptions
By Jonathan Jacobs

Managing Financial Crises, Today and Beyond
By Vivek Gupta

What Did We Learn from the Financial Crisis?
By Shibashish Mukherjee

Financial Reform: A Legitimate Function of Government
By John Wiesner

The Economy and Self-Organized Criticality
By Matt Wilson

Systemic Risk Arising from a Financial System that Required Growth in a World with Limited Oil Supply
By Gail Tverberg

Managing Systemic Risk in Retirement Systems
By Minaz Lalani

Worry About Your Own Systemic Risk Exposures
By Dave Ingram

Systemic Risk as Negative Externality
By Rick Gorvette

Who Dares Oppose a Boom?
By David Merkel

Risk Management and the Board of Directors–Suggestions for Reform
By Richard Leblanc

Victory at All Costs
By Tim Cardinal and Jin Li

The Financial Crisis: Why Won't We Use the F(raud) Word?
By Louise Francis

PerfectSunrise–A Warning Before the Perfect Storm
By Max Rudolph

Strengthening Systemic Risk Regulation
By Alfred Weller

It's Securitization Stupid
By Paul Conlin

I Want You to Feel Your Pain
By Krzysztof Ostaszewski

Federal Reform Bill and the Insurance Industry
By David Sherwood

ERM Questions for US Insurers

March 10, 2011

By Max Rudolph

A.M. Best added a Supplemental Rating Questionnaire (SRQ) for insurers at the end of 2010. While it will provide interesting information that will aid the analyst develop questions for a face-to-face meeting, the mainly checklist format will limit its value. A better option would be for a company to utilize this SRQ to develop an internal risk management report that could be presented to the board and external stakeholders much as insurers generate an investment management report. The A.M. Best checklist could be a by-product of this process. A.M. Best’s statement that “each company’s need for ERM is different” is absolutely correct. Organizations with complex and varied product mixes should spend their time understanding both the silo risks and the interactions between those silos. Going into 2006 insurers (and rating agencies) did not have leading indicators in place to monitor housing prices, yet that proved to be the driver leading to the financial crisis. There is little in this questionnaire that is forward looking toward new and emerging risks.

Concentration

The questionnaire does not do enough to focus on concentration of exposures. No credit is awarded for a diversified group of independent risks. There is also no mention of counterparty risk with reinsurers. The financial crisis left reinsurers ever more entangled, and if one ever experiences financial difficulties a contagion effect could drag quite a few down with them. If that happens there is no reason to think that insurers would not batten down the hatches as banks did with their loan portfolios. Insurers should have a contingency plan for this possibility, along with performing other stress tests and board discussions.

Key Risk Indicators

The questionnaire refers to reporting risk metrics. This should be more specific. Financial statements do a pretty good job of reporting lagging indicators such as revenue and net income. What would be more useful when managing risk are leading indicators. What metric can I look at today to anticipate future revenue? Keeping track of metrics such as agent retention, applications received, or unemployment will allow the line manager to better understand the business line and the risk manager to better identify potential risks. Today, many insurers are developing this process but it is still evolving.

Risk Culture

In the risk culture section of the questionnaire, terms such as risk/return measures and reporting risk jump out at me. Not all risks can be measured, and many can’t be measured accurately. That does not mean they can’t, and certainly does not mean they should not, be managed. Examples would include the likelihood and severity of civil unrest around the world. It is not important to judge precisely how likely these events might be, but it is important to think about how you might react if such an event does occur. Options are generally limited after an event occurs, and time is often the critical factor. Reporting risk means many things to many people. It would be preferred to have a dialogue about risks, using a written report as a starting point.

Identifying Risks

In the Risk Identification/Measurement/Monitoring section of the questionnaire, A.M. Best asks “Who is the most responsible for identifying material risks to the company’s financial position?” This seems to be a no-win question, as no matter who is listed shortcomings will be associated with it. If you list the CEO, then the CRO is short-changed. If you list the CRO, the line managers wonder what their role is. Perhaps a better question would be to ask who is responsible for consolidating risks and looking at them holistically, scanning for emerging risks as well. It will be interesting to see what A.M. Best does with the table considering the largest potential threats to financial strength. There is no consistent approach to estimated potential impact. Two companies with the exact same exposure to a risk might report vastly different dollar figures. The higher number might be generated by the organization that better understands the risk.

Economic Capital

The most interesting question to me would be to ask how independent of results are the modelers? Who do they report to? How is their bonus determined? My perception is that there is subtle pressure put on modelers to hit certain results and that they should understand their models well enough to know which levers to pull that won’t raise a warning flag. At this point there is no audit requirement for an economic capital model.

Forward Looking

Missing in this questionnaire, as well as the NAIC’s Risk Focused Examinations, is a view of the future. In my opinion, if there is not an immediate solvency issue then the most interesting question is what could impair this organization in the future. For many insurance firms this will be related to selling profitable products and being flexible. It is hard to find distribution without giving away either options or returns. Consolidation in the insurance industry is likely. How many companies have considered their competitive position is their competitors merge? For distressed firms it is rarely a previously managed risk that takes them down. What environmental scanning is being done? What Risks are you Worried about Today? Risks that could be included in this type of analysis would be considered stress tests by many, but how many organizations would share more than they think their competitors are sharing? Here are some risks to ponder, along with their unintended consequences, in no order.

  • Low interest rate environment is replaced by an inflationary shock
  • A new competitor enters the insurance market with a known and trusted brand and new distribution channel (WalMart comes to mind)
  • A reinsurer becomes insolvent due to investment losses, stressing other reinsurers.
  • The insurance industry experiences higher trending mortality, with a flurry of 30-50 deaths due to obesity
  • Climate change results in changing weather patterns, with more volatile weather and crop patterns
  • A consolidator enters the industry, generating economies of scale that reduce potential returns by 2%.
  • Infrastructure around the world ends its useful lifetime and is not replaced.
  • Water wells are drilled in developed countries by farmers and local communities to access an aquifer.
Warning: The information provided in this newsletter is the opinion of Max Rudolph and is provided for general information only. It should not be considered investment advice. Information from a variety of sources should be reviewed and considered before decisions are made by the individual investor. My opinions may have already changed, so you don’t want to rely on them. Good luck! Warning: The information provided in this newsletter is the opinion of Max Rudolph and is provided for general information only. It should not be considered investment advice. Information from a variety of sources should be reviewed and considered before decisions are made by the individual investor. My opinions may have already changed, so you don’t want to rely on them. Good luck!

Dealing with Crisis

February 24, 2011

Risk management has two important phases.  The first phase is Between Crises (BC) and the second phase is During Crises (DC).  The skills and activities needed for these two phases are totally different.  This post will talk about the DC phase.

During the Crisis, the concentration of the risk manager must shift to survival.  Much has been made of the famous saying from Baron Rothchild

“Buy when there’s blood in the streets, even if the blood is your own.

But Rothchild famously made his own luck by arranging that he was the first to know the outcome of the battle of Waterloo.  And when the crisis hits, that is what you will hope that you, or your predecessor did before the crisis – make some of that sort of luck.

One of the things that often happens is that the organization will seem to shift right out from under you.  The norms and objectives that you thought were agreed are no longer in place.  You will be judged by a set of rules that are being written right now.

An old (1938) article by Robert Merton, SOCIAL STRUCTURE AND ANOMIE, suggests that there are five ways that people can react to situations where they are unhappy with how the rules and norms are working:

  1. Conformity
  2. Innovation
  3. Ritualism
  4. Retreat
  5. Rebellion

Conformity means that they simply continue to operate under the old rules and norms as if nothing has happened.  In many cases, risk managers act as if this is the only possibility however.

Innovation means that they try to come up with a new way to solve their problem within the same structure that was in place.  Innovation may or may not work and if it does not work, then one of the other responses will be next. Often the risk manager is trying to innovate the way out of the crisis.

Ritualism means that they start to go through the motions of following the old rules, even though there is a strong sense that those rules no longer work as that had been working.  Things get more rigid and hierarchical.  Stepping on the wrong person’s toes has become a more significant infraction than it had been.

Retreat means that the organization freezes.  In some cases, it is the CEO who retreats, simply disappearing from the scene and lines of authority become blurry.

Rebellion means that the old rules and norms of the company are overthrown and new rules and norms replace the old quite rapidly.  This is most often accompanied by major management personnel changes.  But sometimes not.

The risk manager needs to be aware of these possibilities and make plans accordingly.

A Wealth of Risk Management Research

December 15, 2010
The US actuarial profession has produced and/or sponsored quite a number of risk management research projects.  Here are links to the reports: 

Is it Better to Be Lucky than Smart?

November 8, 2010

It certainly is cheaper and easier.  But is it BETTER?

The main difference between lucky and smart is that smart is more likely to be able to repeat than luck.

But I think that there are two different types of smart, and one is much better than the other.

  • The first type of smart is able to discern patterns and trends.  This type of smart can do momentum trading.  They figure out what works in this phase of the cycle of the part of the world that they are in and they discern how to take advantage of one aspect of the trend.
  • The second type of smart is able to discern not just the trend, but they can see that the trend will not last.  So they can plan for the change in trend.  This type of smart is adaptable.
  • The lucky see nor care about trends or changes in trends.  What they choose works.  Some of the lucky are able to convince themselves and those around them that their “gut” can really pick out the right answers.  Those are the dangerous lucky.

If you are led by the lucky, your firm might fail at any time.  The formerly lucky CEO will not have a clue as to why they failed. Over time, they will have relied on their gut more and more and their success will get them more and more authority and autonomy.  People forget that if all business decisions were random coin tosses, someone will guess the right toss 10 times in a row with nothing more than luck behind their string.

If you are led by the Momentum leader, your firm will thrive as long as the wave that they identified keeps going.  In some cases, the leader and the firm come to believe that the trend that you follow IS the way that they world will be forever.  More and more of the company becomes dependent on the assumption that the trend continues.  When the trend fails, the company will falter or fail.  If enough people and enough firms have been following that same trend, the entire economy might falter.  If a trend last long enough, then it is quite likely that more and more people and firms will notice the trend and start to work on the assumption that the trend will continue.

But if you are working in a firm with an adaptable leader, then the firm will not do as well as peers during the peak of the trend.  Your firm will not be putting all of your eggs into the basket of trend immortality.  Your firm will be looking around for things that will work even if the trend changes.  Your firm will have the resilience to weather the change in trend and perhaps some business activity planned that will work even in a new environment.  Your firm will be working smart towards the long term.

So is it better to be lucky than smart?  Not in the long run, not in my mind.

Risk Management Learns from Sun Tzu

October 10, 2010

Usually risk managers do not think of themselves as being at war.  But a risk manager is facing a number of foes.  And failure to succeed against those foes can result in the end of the enterprise.  So maybe the risk manager can learn from The Art of War.

Sun Tzu’s The Art of War has 11 chapters.  Each of these topics can be seen to have a lesson for risk managers.

  1. Laying Plans explores the five fundamental factors that define a successful outcome (the Way, seasons, terrain, leadership, and management). By thinking, assessing and comparing these points you can calculate a victory, deviation from them will ensure failure. Remember that war is a very grave matter of state.             The risk manager of course needs plans.  Remember that risk management is a grave matter for the enterprise.
  2. Waging War explains how to understand the economy of war and how success requires making the winning play, which in turn, requires limiting the cost of competition and conflict.        Risk management does not run on an unlimited budget.  In some cases risk managers have not completed their preparations because they have gone forward as if they could spend whatever it took to fulfill their vision for risk management.  Of course risk management spending needs to be at a sensible level for the enterprise.  Excessive risk management spending can harm an enterprise just as much as an unexpected loss.
  1. Attack by Stratagem defines the source of strength as unity, not size, and the five ingredients that you need to succeed in any war.            The risk manager succeeds best if they are able to get the entire organization to support the risk management efforts, not just a large corporate risk management department.
  2. Tactical Dispositions explains the importance of defending existing positions until you can advance them and how you must recognize opportunities, not try to create them.           The risk manager needs to build organizational strength to support risk management opportunistically.  A risk management program that does not wait for the right opportunities will create internal enemies and will then be fighting both the external risks as well as the internal enemies.
  3. Energy explains the use of creativity and timing in building your momentum.            The risk manager also needs to be creative and needs to build momentum.  The best risk management program fits well with the culture of the organization.  That fit will need to be developed by creatively combining the ideas of risk management with the written and unwritten parts of the organizational imperatives.
  4. Weak Points & Strong explains how your opportunities come from the openings in the environment caused by the relative weakness of your enemy in a given area.             Quite often the risk manager will know the right thing to do but will not be able to execute except at extreme danger to their position in the firm.  The openings for a risk manager to make the moves that will really lake a difference in the future of the firm come infrequently and without warning.  The Risk manager must be looking at these openings and be ready and able to act.
  5. Maneuvering explains the dangers of direct conflict and how to win those confrontations when they are forced upon you.      Some thing that the risk managers job is the direct conflict with the important people in the firm who would put the firm in an excessively risky position.  This in inadvisable
  6. Variation in Tactics focuses on the need for flexibility in your responses. It explains how to respond to shifting circumstances successfully.       Risk Management tactics will be the most successful if they are alligned with the actual risk environment.  See Plural Rationalities and ERM.
  7. The Army on the March describes the different situations in which you find yourselves as you move into new enemy territories and how to respond to them. Much of it focuses on evaluating the intentions of others.        Rational Adaptability is the process of assessing the risk environment and selecting the risk management strategy that will work best for the environment.
  8. Terrain looks at the three general areas of resistance (distance, dangers, and barriers) and the six types of ground positions that arise from them. Each of these six field positions offer certain advantages and disadvantages.      The risk environment has four main stages, Boom, Bust, Moderate and Uncertain.
  9. The Nine Situations describe nine common situations (or stages) in a campaign, from scattering to deadly, and the specific focus you need to successfully navigate each of them.      Companies must determine their risk taking strategy and their risk appetite by looking at the risk environment as well as at their risk taking capacity.
  10. The Attack by Fire explains the use of weapons generally and the use of the environment as a weapon specifically. It examines the five targets for attack, the five types of environmental attack, and the appropriate responses to such attack.
  11. The Use of Spies focuses on the importance of developing good information sources, specifically the five types of sources and how to manage them.

Filters are Sometimes Blinders

September 10, 2010

We saw a graph recently that tried to show how the stock market is totally disconnected with the GDP. It showed that the stock market growth was totally not correlated with GDP growth and perhaps has been negatively correlated on a decade by decade basis over the last 100 years or so.

http://www.businessinsider.com/chart-of-the-day-economy-stock-market-unrelated-2010-9

This made me think of something that we did years ago when I was working on trying to compare performance between stockholder owned insurers to mutual insurers. Eventually we figured that it might make more sense to compare the total return on total capital of stockholder owned companies to return on capital for mutuals. The division of ownership between bondholders and stockholders is artificial and not important to this comparison.

It makes me wonder what the chart above might look like if the value of the companies is represented by the value of the stocks PLUS the value of the bonds.

Just an example of how we have sometimes been taught to filter out some very important information. It is sometimes very hard to see outside of the filters that “everyone” has been taught to use.

Lightning or Lightning Bug

August 5, 2010

Mark Twain once observed that there was a difference between Lightning and Lightning Bug. An important difference.

The difference between the almost right word & the right word is really a large matter–it’s the difference between the lightning bug and the lightning.

Might there be a similar difference between Risk Management System and Risk Management?

A Risk Management System is composed of org charts, policy statements, Reports, meetings,committees, computer models, powerpoints and dashboards.

Risk Management means making tough decisions and taking unpopular actions that more than 9 out of 1o times will not look like they were the right calls after the facts.

But decisions and actions that every once in a long while will save the firm.

So can Risk Management happen inside of a Risk Management system?

But think about it.  Can you think of an example of a situation outside of a risk management system where getting more people involved results in MORE of the tough decisions being made?  Or MORE unpopular actions being taken?

So how should one go about creating a risk management system that actually does Risk Management?

Start with the tough decisions and unpopular actions that are sometimes needed.  Can you identify them?

Start there.  Find a person who has the qualities of discernment, judgment, balance, toughness and experience with the risk to make those tough decisions and to make sure that the unpopular actions happen.  Build the risk management system so that the person gets the information and authority and protection that they need to get the job done.

That would be difficult if that was all that was needed.  But this person, if they are doing their job, will be reversing some business decisions that might otherwise make some money.  So you also need an information system that assures top management that the risk manager is making the right tough decisions.

That system needs to help to identify whether the risk manager is making either Type I or Type II errors.  And if you want to keep a good risk manager and avoid keeping a bad risk manager, you need to have a realistic tolerance for the errors that your information system identifies.

Oh Hell.  It is much easier to just do the pretty risk management system and try to just take as much risk as everyone else.

Must be why so little Risk Management actually happens.

And Lightning Bugs are so pretty on a summer night.

REDUCING MORAL HAZARD

July 11, 2010

By Jean-Pierre Berliet

The MBO (Management By Objectives) process translates business objectives into performance targets and drives incentive compensation awards. Certain weaknesses of MBO processes make companies more vulnerable to crises. .

The MBO process is central to crisis prevention.  Weaknesses in the MBO process of an insurance company must be corrected to ensure that management action do not unwittingly exacerbate risk and magnify the impact of crises.

Senior management often takes pride in its tough and disciplined approach to managing performance. This involves setting stretch objectives, rewarding managers who deliver, and punishing those who fall short. It is argued that a “greed and fear” approach is necessary to motivate managers and align their interests with those of shareholders. It is not widely recognized, however, that this approach can increase moral hazard and induce managers to make decisions that reduce the resilience of their company to crises.

In such performance management cultures, managers are incented to exceed management expectations by using all means available.  This may include:

  • Reducing or postponing spending on product or service quality, product leadership, process productivity, or customer service responsiveness
  • Under-pricing risks to increase business volume and earnings
  • Taking on higher investment risks to increase current investment yields
  • Under investing in market growth, thereby increasing short-term earnings but losing market share.

Actions like these can enhance short-term earnings, but they can also undermine a company’s competitive capabilities and value creation potential. This, in turn, can reduce the company’s ability to raise capital and thus its resilience. The introduction of risk adjusted performance metrics into a company’s control framework can help reduce the incidence of actions taken inappropriately to “game” the incentive compensation system. However, it is hard to detect moral hazard because the effects of actions taken can remain latent for years to come.

Moral hazard of this type tends to affect decisions where senior management focuses on reported financial results rather than on underlying operating success factors. Excessive, and sometimes exclusive, emphasis on financial results gives operating managers overly broad discretion to “make the numbers”. In many instances (e.g. AIG, Bear Stearns, Citigroup, Lehman Brothers) such an approach to oversight invited moral hazard with serious consequences. When combined with financial leverage and risk leverage, decisions tainted by moral hazard can result in enormous shareholder losses.

Insurance companies need to revamp their MBO frameworks to reduce the risk of moral hazard.  They need to establish corporate cultures in which discussions about objectives, strategies, and results, while never informed by perfect knowledge and foresight, are guided by “high road” values of trust and loyalty. Revamped MBO frameworks should explicitly include consideration of risk insights produced by ERM and verification of the alignment of actions taken with approved plans and strategies.

To accomplish such a transformation of their cultures, insurers may need to link their ERM and MBO processes through the implementation of:

  • Risk-adjusted financial performance metrics
  • Risk-adjusted performance benchmarks, related to expectations of capital market investors
  • Incentive compensation awards linked to long-term measures of business value, including indicators of operational performance, and current profits.

Since no company operates with perfect foresight, Boards of Directors need to grant adequate discretion and flexibility to senior management for performance management.  Adjusting objectives and targets can be of critical importance when business conditions change unexpectedly. In an uncertain world, rigid enforcement reinforces greed and fear elements of corporate cultures, undermines trust, breeds cynicism and “gaming the system”, and increases moral hazard by inducing behavior that can, in time, fatally weaken an insurance company.

©Jean-Pierre Berliet

Berliet Associates, LLC

(203) 247-6448

jpberliet@att.net

Murphy was a Risk Manager!

July 6, 2010

Perhaps you have heard the saying…

If anything can go wrong, it will.

Widely known as Murphy’s Law.  Well, you may not know it but Murphy was actually a risk manager.

The originator of Murphy’s Law was an engineer named Captain Ed Murphy.  He was responsible for safety testing for the Air Force and later for several private engineering firms.

He was a reliability engineer.  And in his mind, the statement that became known as Murphy’s Law was just his way of describing how you had to think to design stress tests.

He had just experienced the failure of a device that he had designed because of incorrect wiring.  At the time, he may have blamed the problem on the people who installed his device, but later, he came to realize that he should have anticipated the possibility of confusion over which lead to connect to what and made provision for the wiring error in his design.

His original design required that the installer would have perfect knowledge of his intentions with the design.  Instead he should have assumed that the installer would have been completely ignorant of what was in his head.

Does that sound like a word of caution for the designers of risk models?

Will future operators of your risk model need to fully understand what you had intended?  Or do you anticipate that they will doubtless not.

I had that experience.  Fifteen years after I had completed a risk model for a company and in the process taken some shortcuts that made perfect sense to me, I was told that the firm was still using my model, but they suddenly noticed that it was giving very troubling signals, signals that turned out to be almost completely incorrect.

Those shortcuts had moved further and further away from the truth.  I had some realization that the model needed regular recalibration, but I had failed to make that completely clear to the people who inherited the model from me and they certainly had not thought it important to pass along my verbal instructions to the people who inherited it from them.

So remember Murphy’s Law and this little story about how Murphy came to originally say what became known as his law.  It could happen to you.

Biased Risk Decisions

June 18, 2010

The information is all there.  We have just wrapped it in so many technical terms that perhaps we forget what it is referring to.

Behavioral Finance explains exactly how people tend to make decisions without models.  They call them Biases and Heuristics.

This link is to one of my absolute favorite pages on the entire internet.  LIST OF COGNITIVE BIASES Take a look.  See if you can find the ways that you made your last 10 major business decisions there.

Now models are the quants ways to overcome these biases.  Quants believe that they can build a model that keeps the user from falling into some of the more emotional cognitive biases, such as the anchoring effect.  With a model, for example, anchoring is avoided because the modeler very carefully gives equal weight to many data points instead of more weight to the most recent data point.

But what the quants fail to recognize is that models strengthen some of the biases.  For example, models and modelers often fall under the Clustering illusion, finding patterns and attributing statistical distributions to data recording phenomena that has just finished one phase and is about to move on to another.

Models promote the hindsight bias.  No matter how surprising an event is at the time, within a few years, the data recording the impact of the event is incorporated into the data sets and the modelers henceforth give the impression that the model is now calibrated to consider just such an event.

And in the end, the model is often no more than a complicated version of the biases of the modeler, an example of the Confirmation Bias where the modeler has constructed a model that confirms their going in world view, rather than representing the actual world.

So that is the trade-off, between biased decisions with a model and biased decisions without a model.  What is a non-modeling manager to do?

I would suggest that they should go to that wikipedia page on biases and learn about their own biases and also sit down with that list with their modeler and get the modeler to reveal their biases as well.

Fortunately or unfortunately, things in most financial firms are very complicated.  It is almost impossible to get it right balancing all of the moving parts that make up the entirety of most firms without the help of a model.  But if the decision maker understands their own biases as well as the biases of the model, perhaps they can avoid more of them.

Finally, Jos Berkemeijer asks what must a modeler know if they are also the decision maker.  I would suggest that such a person needs desperately to understand their own biases.  They can get a little insight into this from traditional peer review.  But I would suggest even more than that they need to review the wiki list of biases with their peer reviewer and hope that the peer reviewer feels secure enough to be honest with them.

Managing Operational Risk

June 13, 2010

By Jean-Pierre Berliet

Discussions with senior executives have suggested that decision signals from ERM would be more credible and that ERM would be a more effective management process if ERM were shown to support management of operational risk

Operational risk comprises two different types of risks: execution risk and strategic risk.

These two categories of operational risk are important to policyholders and shareholders because they can reduce both the insurance strength and the value of insurance companies.

Strategic risk stems from external changes that can undermine the profitability and growth expectations of a company’s business model and strategy, and therefore have a significant impact on its value. Execution risk originates in internal failures to manage the operations of a company competently, with the needed level of foresight, prudence, risk awareness, and preparedness. Execution and strategic risks impact insurance companies differently and, as a result, call for distinct mitigation strategies.

Execution risks

Although financial risks are the primary determinant of the volatility of financial results of insurance companies, execution risks can also cause material adverse deviations from expected financial results

Execution risks include, for example,   economic losses resulting from i) delays in alleviating adverse consequences of changes in the volume of activity (mismanagement), ii) events that can interrupt business operations whether man made or natural (lack of preparedness), and iii) failures in controls that cause economic losses, create liabilities or damage the company’s reputation (market conduct, regulatory compliance, bad faith in claim management, fraud, IT security, etc..).

Execution risks reduce current financial performance and company valuation. Company valuation is reduced because i) investors often view negative earnings  deviations as predictors of future decline in profitability and ii) performance volatility can derail the execution of a company’s growth strategy

Execution risks are relatively easy to identify, if not to mitigate for company management. Although stochastic modeling tools and event databases could be used to simulate the impact of execution risks on financial performance, and fine tune mitigation strategies, undertaking such modeling is very costly, and may be of limited value. Company management has fiduciary obligations to set in place processes designed to avoid executions risks, establish post event recovery procedures, and to ensure compliance.

Both policyholders and shareholders need to note that

  • Execution risks can impact financial performance significantly in the year or period of occurrence but may have a more or less pronounced impact on performance in subsequent periods and company valuation, depending on the availability of recovery strategies and the preparedness of a company.
  • The impact of execution risks on a company’s market value can be derived from estimated adjustments to free cash flow projections.  This is particularly significant in connection with risk events that erode a company’s competitive advantage or damage its reputation. Such events can reduce the market value of a company significantly by reducing its volume of business or its pricing flexibility.

Management processes and management action, not capital, are the natural remedy for execution risks. Board of Directors or Audit Committees of such boards have become increasingly involved in exercising oversight of execution risks and their management by operating executives.

Strategic Risks

Strategic risks can undermine the economic viability of the business model and future financial performance of insurance companies. They can have a significant adverse effect on i) a company’s insurance ratings and the credit worthiness of its debt and ii) its market capitalization. Strategic risks can cause otherwise solvent companies to lose a substantial share of their market value in a short time, provoke legal action by disgruntled shareholders, inflict serious economic losses to Directors, senior executives and other employees, and induce potential raiders to attempt a take over.

Strategic risks are also very important to policyholders, (especially those who have bought protection against slowly emerging liabilities or policies that provide indemnification benefits in the form of annuity payments), because strategic risks that undermine the ability of companies to earn formerly expected returns also reduce the credit worthiness of these companies. Strategic risks stem from external changes in the regulations, institutional arrangements, competition, technology or demand that can erode the competitive advantage of an insurance company and its ability to operate credibly and profitably as a going concern in the future.

Strategic risks do not receive as much attention as they should because they are difficult to identify and assess, and are often viewed as “uncontrollable”. At any point in time, it can be very difficult to assess whether a quantum change in any element of strategic risks is close to happening. When such a change occurs, however, its impact on future performance can cause a swift decline in the market values of a company.

To identify and manage strategic risks, companies need to:

  • Conduct and challenge a periodic defensibility analysis of their business model and competitive advantage
  • Monitor market developments for emerging trends with potential adverse effects (loss of business to competitors, emergence of new risk transfer technologies or product innovations, regulatory developments, etc.)
  • Develop appropriate responses to adverse developments through adjustment in capabilities, redeployment of capacity, change in composition and level of service provided, industry level lobbying of lawmakers and regulators, sponsorship of and participation in industry associations, etc…
  • Communicate reasons for and objectives of needed changes to both customers and shareholders.
  • Integrate the planned strategic response into action plans, budgets and objectives of business units

Insurance companies need to include in ERM a process that provides consistent and updateable insights into strategic risks to which they are exposed. Because the insurance industry has been highly regulated, many insurance companies have not developed deep strategy development and assessment skills. It will be a challenge at first for such companies to establish strategic risk assessment frameworks powerful enough to yield robust insights but simple enough to be user friendly.

A number of companies that have already implemented comprehensive  frameworks to manage financial risks have begun addressing operational risks more formally. They believe that the introduction in operations management of specific risk management control components will create value by:

  • Enhancing the level and the stability of their financial results
  • Reducing the probability of serious value losses caused execution risks and strategic risks.

The establishment of operational effective risk management frameworks and processes within ERM is of critical importance to all constituents of insurance companies.

©Jean-Pierre Berliet

Berliet Associates, LLP

(203) 247 6448

jpberliet@att.net

May 22, 2010

Five Stages of Rapid Decline

April 22, 2010

Jim Collins wrote the popular book “Good to Great” at the peak of the Dot Com boom.  His latest book is titled “How the mighty Fall” and features the five stages of rapid decline:

Stage 1: Hubris Born of Success

Stage 2: Undisciplined Pursuit of More

Stage 3: Denial of Risk and Peril

Stage 4: Grasping for Salvation

Stage 5: Capitulation to Irrelevance or Death

Strategic failure of a firm – which could come from a hubris fueled rapid decline or simply a shift of your customers when you are not paying enough attention is really a risk that for most firms dwarfs the risks that are measurable and that are managed through the techniques of quantitative risk management.

According to a study conducted by Royal Dutch Shell the average life expectancy of Fortune 500 firms is 40 to 50 years.  That implies a 2% to 2.5% average annual failure rate.

Firms that are holding capital for measurable risks at a 1/200 level are pretending to protect their firm at a 0.5% annual failure rate.

But are quantitative risk management programs focusing too much resources on the things that can be measured and creating the Hubris, the false sense of invulnerability that is number one on the list above.

Certainly at some banks and some insurers that was the case.

Once you are convinced that you “know how to control risk” you are likely to go for it – the Undisciplined pursuit of More of the second item.  Even if quantitative risk management is doing most of what is needed, successful risk management can and will lead to Hubris and undisciplined growth.

Of course, sooner or later that lack of discipline will result in a misstep.  And here is where risk management needs to be ready to make it real.  The most common reaction to a problem in this situation is to assume that (a) this is not real, (b) this could not be happening to us – we are too good for this and when the bad news persists and grows in size and scope (c) this will turn around soon, it is only a temporary blip.  Those attitudes result in waiting too long to start doing anything.  That is where risk management must be ready to step in again with realisim and good plans for what to do next.

Unless risk management is caught up in the Hubris and Denial.

So try to make your move, risk managers, before it is to volunteer as a pall bearer.

LIVE from the ERM Symposium

April 17, 2010

(Well not quite LIVE, but almost)

The ERM Symposium is now 8 years old.  Here are some ideas from the 2010 ERM Symposium…

  • Survivor Bias creates support for bad risk models.  If a model underestimates risk there are two possible outcomes – good and bad.  If bad, then you fix the model or stop doing the activity.  If the outcome is good, then you do more and more of the activity until the result is bad.  This suggests that model validation is much more important than just a simple minded tick the box exercize.  It is a life and death matter.
  • BIG is BAD!  Well maybe.  Big means large political power.  Big will mean that the political power will fight for parochial interests of the Big entity over the interests of the entire firm or system.  Safer to not have your firm dominated by a single business, distributor, product, region.  Safer to not have your financial system dominated by a handful of banks.
  • The world is not linear.  You cannot project the macro effects directly from the micro effects.
  • Due Diligence for mergers is often left until the very last minute and given an extremely tight time frame.  That will not change, so more due diligence needs to be a part of the target pre-selection process.
  • For merger of mature businesses, cultural fit is most important.
  • For newer businesses, retention of key employees is key
  • Modelitis = running the model until you get the desired answer
  • Most people when asked about future emerging risks, respond with the most recent problem – prior knowledge blindness
  • Regulators are sitting and waiting for a housing market recovery to resolve problems that are hidden by accounting in hundreds of banks.
  • Why do we think that any bank will do a good job of creating a living will?  What is their motivation?
  • We will always have some regulatory arbitrage.
  • Left to their own devices, banks have proven that they do not have a survival instinct.  (I have to admit that I have never, ever believed for a minute that any bank CEO has ever thought for even one second about the idea that their bank might be bailed out by the government.  They simply do not believe that they will fail. )
  • Economics has been dominated by a religious belief in the mantra “markets good – government bad”
  • Non-financial businesses are opposed to putting OTC derivatives on exchanges because exchanges will only accept cash collateral.  If they are hedging physical asset prices, why shouldn’t those same physical assets be good collateral?  Or are they really arguing to be allowed to do speculative trading without posting collateral? Probably more of the latter.
  • it was said that systemic problems come from risk concentrations.  Not always.  They can come from losses and lack of proper disclosure.  When folks see some losses and do not know who is hiding more losses, they stop doing business with everyone.  None do enough disclosure and that confirms the suspicion that everyone is impaired.
  • Systemic risk management plans needs to recognize that this is like forest fires.  If they prevent the small fires then the fires that eventually do happen will be much larger and more dangerous.  And someday, there will be another fire.
  • Sometimes a small change in the input to a complex system will unpredictably result in a large change in the output.  The financial markets are complex systems.  The idea that the market participants will ever correctly anticipate such discontinuities is complete nonsense.  So markets will always be efficient, except when they are drastically wrong.
  • Conflicting interests for risk managers who also wear other hats is a major issue for risk management in smaller companies.
  • People with bad risk models will drive people with good risk models out of the market.
  • Inelastic supply and inelastic demand for oil is the reason why prices are so volatile.
  • It was easy to sell the idea of starting an ERM system in 2008 & 2009.  But will firms who need that much evidence of the need for risk management forget why they approved it when things get better?
  • If risk function is constantly finding large unmanaged risks, then something is seriously wrong with the firm.
  • You do not want to ever have to say that you were aware of a risk that later became a large loss but never told the board about it.  Whether or not you have a risk management program.

The Insurance Cycle

April 3, 2010

Nobody doubts that the insurance cycle is created by people.  So it makes sense to study people to understand the insurance cycle.

The Human Dynamics of the Cycle and Implications for Insurers

is a new paper by Alice Underwood and Dave Ingram that explores the link between the ideas of Plural Rationalities from anthropology and the people whose actions lead to the insurance cycle.

There is an interaction between the market and the people who make the decisions within insurers that is shown to create the insurance cycle.

Better insurer performance during the various stages of the insurance cycle can be obtained by better understanding these dynamics, studying the market with this understanding in mind and making choices that take advantage of that understanding.

This paper will be presented at the 2010 ERM Symposium in Chicago April 12 – 14.

The Evidence is all Around

March 24, 2010

In October 2008, Alan Greenspan had the following exchange during testimony before a Congressional committee:

Representative HENRY WAXMAN (Committee Chairman, Democrat, 30th District of California): You found a flaw in the reality…

Mr. GREENSPAN: Flaw in the model that I perceived is a critical functioning structure that defines how the world works, so to speak.

Rep. WAXMAN: In other words, you found that your view of the world, your ideology was not right. It was not working.

Mr. GREENSPAN: How it – precisely. That’s precisely the reason I was shocked, because I’ve been going for 40 years or more with very considerable evidence that it was working exceptionally well.

One of the things in that model was an assumption that the self interest of the bankers was a more important factor in containing their risks than regulations.

But the evidence that self interest is insufficient to control excessive risk taking is all around us and has been for many, many years.  It takes a massive amount of selective blindness to ignore it.

All it takes it to take your car out of the driveway and drive on the roads.  Driving involves risk management decision making.  For one thing, almost everyone drives a car that is capable of traveling much faster than the speed limit.  And the speed limits are only very occasionally enforced.  So it is an individual risk management decision of how fast to drive a car.

Now, I happen to live in an area of the New York City suburbs where many of the folks who work on Wall Street firms live.  And the evidence is all around.  Many drivers do not put long term safety self interest above short term time advantage of speeding.  In many cases, they are deliberately trying to take advantage of the folks who are trying to be safe and driving extra recklessly under the assumption that they will not run into someone who is driving as recklessly as they are.

Now it is quite possible that none of the reckless drivers are Wall Street executives.  But the reckless drivers are all people.  And the readily available evidence with 50 years or more of accident statistics to back up shows that self interest is NOT sufficient motivation for safety.

Perhaps economists and especially central bankers do not own cars.

To the rest of us who do, the theory seems to be from another planet.  The people that are risk takers and the people who drive safely are two different sets of people.

When your Parachute Doesn’t Open

February 16, 2010

Do you have a plan for what to do when your parachute doesn’t open?

Well, if you do not, pay attention.  Here is a 6 step checklist for what to do:

  1. Signal your Buddy.
  2. Get close with your Buddy.
  3. Link your arms through his/her straps.
  4. Open his/her chute.
  5. Let your Buddy steer the chute.
  6. Suggest that he/she look for an extra soft place to land (water).

There now.  Don’t you feel safer?

You say you do not parachute jump?  So what good it this?

Well, you must see that this is really good advice that can be applied to many situations.  Not just parachute jumping.

1.  Signal Your Buddy – this step might just be the most difficult.  That is because it requires two very different things.  First, you must recognize that you have a serious and potentially fatal problem.  You must be able to make that decision before it is too late.  So you probably need to have thought ahead to know how serious of a problem just might be terminal.  Second, you have to have a buddy in sight to be signaled.  If you are an individual working in risk management in a firm, you need to know in advance who is going to be your buddy in case of emergency.  This applies to entire firms as well.  The firm needs to know who they will go to when they might be in terminal trouble.

2.  Get Close with your Buddy – Troubled times are when you find out who your real buddies are.  Your fair weather friends will not be interested in getting close to you when you are in trouble.  This is the real definition of a Buddy.  Someone who is willing to be next you you then.  You need to realize that now and decide whether you have any real buddies.  If you are prarchute jumping, you need to figure that out on the ground, not in the air.  If you are managing risks, perhaps you are at the wrong firm if you look around and you do not know who your buddy is.  A firm with a good risk management program will more than encourage buddies, it will require them.  And it will foster a culture of mutual responsibility, not everyone for themselves. It needs to be a firmwide expectation that you can count on several potential buddies when a real problem crops up.

3.  Link your arms through his/her straps – for parachuting, holding on is not sufficient, the g-force that will hit when the chute opens with two people and one chute will rip you apart.  Also in risk management, the committment to the Buddy needs to be very firm.  All too often risk managers get blamed for inproper risk appetites, even when they had explicitly warned against the exact event that is causing the problem.  Many risk managers will sorely need to have someone who will remind management that the risk manager was not the one at fault. 

4.  Open his/her chute.  This is the key step for both the diver and the risk manager.  And it needs to be said and repeated and rehearshed.  The reason that the risk management might be of value to the organization is that it causes the organization to contemplate doing some things differently.  When there is severe troubles, the risk manager needs to be able to clearly call for action and the organization needs to be prepared to take that action, either by directly empowering the risk manager or through a cultural committment to real action based upon risk information.  The Buddy system described here might be a good way to create the possibility of quick action with some checks and balances in the event of severe threats.  The empowerment to action might require the agreement of the buddy. 

5.  Let your Buddy steer the chute.  This item on the checklist is there to acknowledge that the person who loses the chute might just be a little (or a lot) shook up and therefore might have somewhat impaired judgment.  The same might be true in the event of a disaster to the firm.  The buddy and the firm in general needs to look out for any actions that are of the nature of “doubling down” to recover past losses.  There must be a recognition that the best thing to do now can best be determined by looking at likely futures rather than the past. 

6.  Suggest that he/she look for an extra soft place to land (water).  The parachute will often not work exactly as planned when it carries two.  So the person steering needs to be particularly diligent to look for a softer than usual place to land.  So to with a risk management emergency.  It might be desirable to end up in a slightly more secure position than normal minimum standards after a major problem.  It will make everyone feel better.  The hardest story to tell is when a firm has had a major loss but was not able to really put on the brakes so is not sure if or how much further loss will be happening.  Both need to help with looking for that soft place to land.

Concentration of Power Risk

February 8, 2010

 

Guest Post from Max J. Rudolph, FSA CERA CFA MAAA

Rudolph Financial Consulting

A risk that we never talk about has become the elephant in the room. Some would call this ego risk, but at most institutions decision making occurs primarily at only the highest levels. It has been a year since I wrote a financial essay titled Does Your Company Need a Chief Skeptical Officer? I don’t think it has gotten any better. This is not due to poor goal setting. These senior officers believe they are doing what is best for their firm. Unfortunately, all of us tend to fall in love with our best ideas. We see that when we invest, where we hold losers far too long. When a manager has worked hard for a long period of time to develop an opportunity it can gain such momentum that it can’t be stopped no matter how poor the idea or the timing for the idea is. Many companies continued to write loans that previously had been securitized while liquidity in this market dried up. Others threw good money after bad on commercial real estate properties while existing properties were sitting vacant. There are very few companies that have instilled this skepticism in their risk culture. Berkshire Hathaway is one, where both Warren Buffett and Charlie Munger are comfortable in their own views and are encouraged to say what they think to each other. It will be interesting to see if this culture extends to the next generation of leaders at this highly successful firm. One way to ensure this is to practice consistent pricing discipline. When an opportunity comes about, the same financial analysis should always occur. This will include setting risk appetite, hurdle rates, and capital. It will not include having the CEO override the discussion.

There is no momentum to create this type of culture. Perhaps it should be developed at the board level with independent ERM experts providing the process and bringing in specific topic experts to anonymously consider these risks.

Warning: The information provided in this Post is the opinion of Max Rudolph and is provided for general information only. It should not be considered investment advice. Information from a variety of sources should be reviewed and considered before decisions are made by the individual investor. My opinions may have already changed, so you don’t want to rely on them. Good luck!

©2009 Rudolph Financial Consulting, LLC

The Dirty Dozen

February 4, 2010

Guest Post from David Merkel

The Aleph Blog

I have been thinking about the the forces distorting the global economy.  In the long run, the distortions don’t matter, because economies are bigger than governments, and eventually economies prevail over governments.  Here are my dozen problems in the global economy.

1) China’s mercantilism — loans and currency.  The biggest distortionary force in the world now is China.  They encourage banks to loan to enterprises in order to force growth.  They keep their currency undervalued to favor exports over imports.  What was phrased to me as a grad student in development economics as a good thing is now malevolent.  The only bright side is that when it blows, it might take the Chinese Communist Party with it.

2) US Deficits, European Deficits — In one sense, this reminds me of the era of the Rothschilds; governments relied on borrowing because other methods of taxation raised little.  Well, this era is different.  Taxes are high, but not high enough for governments that are trying to create the unachievable “permanent prosperity.” In the process they substitute public for private leverage, and in the process add to the leverage of their societies as a whole.

3) The Eurozone is a mess — Greece, Portugal, Spain, etc.  I admit that I got it partially wrong, because I have always thought that political union is necessary in order to have a fiat currency.  I expected inflation to be the problem, and the real problem is deflation.  Will there be bailouts?  Will the troubled nations leave?  Will the untroubled nations leave that are the likely targets for bailout money?

4) Many entities that are affiliated with lending in the US Government, e.g., FDIC, GSEs, FHA are broke.  The government just doesn’t say that, because they can still make payments.

5) The US Government feels it has to “do something” — so it creates more lending programs that further socialize lending, leading to more dumb loans.

6) Residential real estate is still in the tank.  Residential delinquencies are at all-time highs.  Strategic default is rising.  The shadow inventory of homes that will come onto the market is large.  I’m not saying that prices will fall for housing; I am saying that it will be tough to get them to rise.

7) Commercial real estate — there is too much debt supporting commercial real estate, and too little equity.  There will be losses here; the only question is how deep the losses will go.

8 ) I have often thought that analyzing the strength of the states is a better measure for US economic strength, than relying on the statistics of the Federal Government.  The state economies are weak at present.  Part of that comes from the general macroeconomy, and part from the need to fund underfunded benefit plans.  Life is tough when you can’t print your own money.

9) The US, UK, and Japan are force feeding liquidity into their economies.  Thus the low short-term interest rates.  Also note the Federal Reserve owning MBS in bulk, bloating their balance sheet.

10) Yield greed.  The low short term interest rates touched off a competition to bid for risky debt.  The only question is when it will reverse.  Current yield levels do not fairly price likely default losses.

11) Most Western democracies are going into extreme deficits, because they can’t choose between economic stimulus and deficit reduction.  Political deadlock is common, because no one is willing to deliver any real pain to the populace, lest they not be re-elected.

12) Demographics is one of the biggest  pressures, but it is hidden.  Many of the European nations and Japan face shrinking populations.  China will be there also, in a decade.  Nations that shrink are less capable of carrying their debt loads.  In that sense, the US is in good shape, because we don’t discourage immigration.

From David Merkel

The Aleph Blog

This post is produced by David Merkel CFA, a registered representative of Finacorp Securities as an outside business activity. As such, Finacorp Securities does not review or approve materials presented herein. By viewing or participating in discussion on this blog, you understand that the opinions expressed within do not reflect the opinions or recommendations of Finacorp Securities, but are the opinions of the author and individual participants. Neither the information nor any opinion expressed constitutes a solicitation for the purchase or sale of any security or other instrument. Before investing, consider your investment objectives, risks, charges and expenses. Any purchase or sale activity in any securities instrument should be based upon your own analysis and conclusions. Past performance is not indicative of future results. Finacorp Securities is a member FINRA and SIPC.

Basis Risk

January 14, 2010

In the simplest terms, basis risk is the difference between the hedge you bought and the risk that you own.  Especially the difference that is most noticeable when you had expected to be needing the hedge.

But that is not the topic here.  There is another Basis Risk.  That is the risk that you are using the wrong basis to judge your gains and losses.  This risk is particularly prevalent right after a bubble pops.  Everyone is comparing their wealth to what they thought that they had at the height of the bubble.

Here are two stories that show the problem with that:

  1. Think about a situation where someone made an error in preparing your brokerage statement.  That IBM stock you have was worth $100,000.  The mistake was that an extra zero slipped in somehow.  The position was recorded as $1,000,000.  Add that in to your net worth and most of us would have an exaggerated feeling of wealth.  Think of how destructive to your long term happiness it would be if you really came to believe that you had that extra $900,000?  Two ways that could be destructive.  First of all, you could start spending other funds as if you had all that excess value.  Second of all, once you were informed of the error, you could then undertake more aggressive investments to try to make up the difference.  The only way to be safe from that destruction is if you never believe the erroneous basis for the IBM stock.
  2. Possibly more realistic, think of someone in a casino.  During their day there they bet on some game or other continuously.  At one point in the visit, they are up by $100,000.  When they leave, they are actually down by $1000 compared to the amount they walked in the door with.  Should they tell people you lost $1000 or $101,000?

In both cases, it sounds silly to even think for long about the larger numbers as your “basis”.  But that seems to pervade the financial press.  Unfortunately, with regard to home values, many folks were persuaded to believe the erroneous valuation at the peak of the market and to borrow based upon that value.

So, now you know what is meant by this type of “Basis Risk”.  Unfortunately, it is potentially much larger than the first type of basis risk.  Behavioral Finance abounds with examples of how the wealth effect can distort the actions of people.  Possibly, the reason that the person in the casino walked out with a $1000 loss is realted to the sorts of destructive decisions that are made when wealth is suddenly increased.  Therefore, it is much more important to protect against this larger basis risk.

To protect against this type of risk requires a particularly strong ability to stick to your own “disciplined realism” valuation of your positions.  Plus an ability to limit your own valuation to include only reasonable appreciation.  Mark to mark is the opposite of the disciplined realism, at least when it comes to upside MTM.  For downside movements in value, it is best to make sure that your disciplined realism is at least as pessimistic as the market. 

This is a very different approach than what has been favored by the accounting profession and adoppted by most financial firms.  But they have found themselves in the position of the second story above.  They feel that they have made gigantic profits based upon the degree to which their bets are up in the middle of the session.  They have not left the casino yet, however.

And that is the last place where disciplined realism needs to be applied.  Most of us have been schooled to believe that “realized gains” are REAL and therefore can of course be recognized.  But think of that second story about the casino.  If you are taking those gains and putting them right back on the table, then you really do not “have” them in any REAL sense.  Firms need to adopt disciplined realism by recognizing that a series of similar positions are in reality not at all different from a single position held for a long time.  The gains should not be recognized until the size of the position is significantly reduced.

Best Risk Management Quotes

January 12, 2010

The Risk Management Quotes page of Riskviews has consistently been the most popular part of the site.  Since its inception, the page has received almost 2300 hits, more than twice the next most popular part of the site.

The quotes are sometimes actually about risk management, but more often they are statements or questions that risk managers should keep in mind.

They have been gathered from a wide range of sources, and most of the authors of the quotes were not talking about risk management, at least they were not intending to talk about risk management.

The list of quotes has recently hit its 100th posting (with something more than 100 quotes, since a number of the posts have multiple quotes.)  So on that auspicous occasion, here are my favotites:

  1. Human beings, who are almost unique in having the ability to learn from the experience of others, are also remarkable for their apparent disinclination to do so.  Douglas Adams
  2. “when the map and the territory don’t agree, always believe the territory” Gause and Weinberg – describing Swedish Army Training
  3. When you find yourself in a hole, stop digging.-Will Rogers
  4. “The major difference between a thing that might go wrong and a thing that cannot possibly go wrong is that when a thing that cannot possibly go wrong goes wrong it usually turns out to be impossible to get at or repair” Douglas Adams
  5. “A foreign policy aimed at the achievement of total security is the one thing I can think of that is entirely capable of bringing this country to a point where it will have no security at all.”– George F. Kennan, (1954)
  6. “THERE ARE IDIOTS. Look around.” Larry Summers
  7. the only virtue of being an aging risk manager is that you have a large collection of your own mistakes that you know not to repeat  Donald Van Deventer
  8. Philip K. Dick “Reality is that which, when you stop believing in it, doesn’t go away.”
  9. Everything that can be counted does not necessarily count; everything that counts cannot necessarily be counted.  Albert Einstein
  10. “Perhaps when a man has special knowledge and special powers like my own, it rather encourages him to seek a complex explanation when a simpler one is at hand.”  Sherlock Holmes (A. Conan Doyle)
  11. The fact that people are full of greed, fear, or folly is predictable. The sequence is not predictable. Warren Buffett
  12. “A good rule of thumb is to assume that “everything matters.” Richard Thaler
  13. “The technical explanation is that the market-sensitive risk models used by thousands of market participants work on the assumption that each user is the only person using them.”  Avinash Persaud
  14. There are more things in heaven and earth, Horatio,
    Than are dreamt of in your philosophy.
    W Shakespeare Hamlet, scene v
  15. When Models turn on, Brains turn off  Til Schuermann

You might have other favorites.  Please let us know about them.

Violator of Risk Limit

December 11, 2009

 

This may not be your corporate policy.  But you should be clear to all whether your risk limits are hard, soft or gigantic. 

A Hard risk limit is one where there just may be a rock and a snake for the violator.  Violations of limits are not expected to happen in a system with hard risk limits.  So maybe no one knows what the consequences are.  In systems with very hard limits, a system of “checkpoints” may develop that are actually soft limits that help managers to avoid coming too close to the hard limits.  These firms may have rules like “violations of limits must be reported to the board at the very next meeting”.  In addition, there may be a hard requirement to reverse or offset the actions that led to the violation within some short period of time, sometimes something like 72 hours. 

A Soft risk limit is very much the opposite.  Violation of a soft risk limit might most often result in raising the limit.  Or violations may simply be allowed to stand without any special notice or attempt to reverse.  A more diciplined soft limit system may track the number of violations and use the count of violations as an indication of potential issues. 

A Gigantic risk limit is very common.  There is no need to decide whether a Gigantic risk limit is hard or soft, because there is little chace that the firm will ever approach the limit.  Gigantic limits are often 200% or more than expected positions.  Commonly, Gigantic limits are are found in formal investment policies of firms or funds.  These are deliberately set so high that they will not get in the way of day to day operations of the investment managers, even if they want to make significant changes to the make-up of the fund.  Unfortunately, many firms have not yet realized that these policy limits are not useful risk limits.  But they do save money on snakes.

Risk Management Changed the Landscape of Risk

December 9, 2009

The use of derivatives and risk management processes to control risk was very successful in changing the risk management Landscape.

But that change has been in the same vein as the changes to forest management practices that saw us eliminating the small forest fires only to find that the only fires that we then had were the fires that were too big to control.  Those giant forest fires were out of control from the start and did more damage than 10 years of small fires.

The geography of the world from a risk management view is represented by this picture:

The ball represents the state of the world.  Taking a risk is represented by moving the ball one direction or the other.  If the ball goes over the top and falls down the sides, then that is a disaster.

So risk managers spend lots of time trying to measure the size of the valley and setting up processes and procedures so that the firm does not get up to the top of the valley onto one of the peaks, where a good stiff wind might blow the firm into the abyss.

The tools for risk management, things like derivatives with careful hedging programs now allowed firms to take almost any risk imaginable and to “fully” offset that risk.  The landscape was changed to look like this:

Managers believed that the added risk management bars could be built as high as needed so that any imagined risk could be taken.  In fact, they started to believe that the possibility of failure was not even real.  They started to think of the topology of risk looking like this:

Notice that in this map, there is almost no way to take a big enough risk to fall off the map into disaster.  So with this map of risk in mind, company managers loaded up on more and more risk.

But then we all learned that the hedges were never really perfect.  (There is no profit possible with a perfect hedge.)  And in addition, some of the hedge counterparties were firms who jumped right to the last map without bothering to build up the hedging walls.

And we also learned that there was actually a limit to how high the walls could be built.  Our skill in building walls had limits.  So it was important to have kept track of the gross amount of risk before the hedging.  Not just the small net amount of risk after the hedging.

Now we need to build a new view of risk and risk management.  A new map.  Some people have drawn their new map like this:

They are afraid to do anything.  Any move, any risk taken might just lead to disaster.

Others have given up.  They saw the old map fail and do not know if they are ever again going to trust those maps.

They have no idea where the ball will go if they take any risks.

So we risk managers need to go back to the top map again and revalidate our map of risk and start to convince others that we do know where the peaks are and how to avoid them.  We need to understand the limitations to the wall building version of risk management and help to direct our firms to stay away from the disasters.

Twilight Risk Management

November 21, 2009

This is a guest post from Trevor Levine at riskczar.com

With New Moon, the second installment of the Twilight movie saga set to come out this week, I thought I would examine four types of risk treatments from the Edward Cullen point of view. They are ACCEPT, AVOID, TRANSFER and MITIGATE. (Spoiler alert! Stop now if you haven’t read the books and actually care about this stuff.)

In our saga, Edward Cullen is an immortal teenage vampire living in Washington state who falls in love with the mortal, Bella Swan. Edward can hardly stand to be around Bella because her blood smells pretty darn good; he fears he may kill her if he so much as kisses her. Fortunately for Bella, Edward has learned to control his carnal urges and – along with his coven/family of other Cullens – Edward doesn’t eat people any more. Because Bella is so yummy (from a vampire perspective)  she is at risk every time she is near Edward and his “brothers”. The risk is there, but everyone – including Bella has ACCEPTED it.

At the beginning of New Moon, Bella cuts herself and bleeds. One of Edward’s “brothers” who isn’t as good managing his blood thirsty urges, tries attacking Bella. Edward intervenes and saves her, but realizes that the vampire risk to Bella is too great. Although he loves her dearly, he and his family decide it’s best to AVOID the risk of hurting her. Edward would rather live without her than live knowing he had harmed her. They leave Washington.

Well, poor Bella is terribly saddened when her true loves takes off unexpectedly. With lots of free time on her hands she begins to develop a friendship with Jacob Black, a native American teen living on a nearby reservation who also happens to be a shape-shifting werewolf. They build motorcycles and Bella starts to rev Jacob’s engine a bit. Here is an example of risk TRANSFER. The vampire left to protect his love and now she is hanging out with a werewolf who can shape shift at any time and harm those around him.

Later in our saga, Bella begs Edward to turn her into a vampire too so they can live immortally ever after. For our star-crossed lovers, this is the only way to completely MITIGATE the risk of Edward killing Bella.

So there you have it. ACCEPT, AVOID, TRANSFER and MITIGATE, Twilight style.

(And yes, I am already embarrassed that I know this much about the Twilight saga.)

Many Deadly Sins of Risk Management

November 16, 2009

Compiled by Anton Kobelev at www.inarm.org

Communication Breakdown

  • CEO thinks that risk management is the CRO’s job;
  • Not listening to your CRO – having him too low down the management chain;
  • Hiring a CEO who “doesn’t want to hear bad news”;
  • Not linking the Board tolerance for risk to the risk management practices of the company;
  • Having the CRO report to the CFO instead of to the CEO or Board, i.e., not having a system of checks and balances in place regarding risk practices;
  • The board not leading the risk management charge;
  • Not communicating the risk management goals;
  • Not driving the risk management culture down to the lower levels of the organization;

Ignorance is not Bliss

  • Not doing your own risk evaluations;
  • Not expecting the unexpected;
  • Overreacting to risks that turn out to be harmless;
  • Don’t shun the risk you understand, only to jump into a risk you don’t understand;
  • Failure to pay attention to actual risk exposure in the context of risk appetite;
  • Using outsider view of how much capital the firm should hold uncritically;

Cocksureness

  • Believing your risk model;
  • The opinion held by the majority is not always the right one;
  • There can be several logical, but contradictive explanations for one sequence of events, and logical doesn’t mean true;
  • We do not have perfect information about the future, or even the past and present;
  • Don’t use old normal assumptions to model in the new normal;
  • Arrogance of quantifying the unquantifiable;
  • Not believing your risk model –  waiting until you have enough evidence to prove the risk is real;

Not Seeing the Big Picture

  • Making major changes without heavy involvement of Risk Management;
  • Conflict of interest: not separating risk taking and risk management;
  • Disconnection of strategy and risk management: Allocating capital blindly without understanding the risk-adjusted value creation;
  • One of the biggest mistakes has to be thinking that you can understand the risks of an enterprise just by looking at the components of risk and “adding them up” – the complex interactions between factors are what lead to real enterprise risk;
  • Looking at risk using one single measure;
  • Measuring and reporting risks is the same as managing risks;
  • Risk can always be measured;

Fixation on Structure

  • Thinking that ERM is about meetings and org charts and capital models and reports;
  • Think and don’t check boxes;
  • Forgetting that we are here to protect the organization against risks;
  • Don’t let an ERM process become a tick-box exercise;
  • Not taking a whole company view of risk management;

Nearsightedness

  • Failing to seize historic opportunities for reform, post crisis;
  • Failure to optimize the corporate risk-return profile by turning risk into opportunity where appropriate;
  • Don’t be a stop sign.  Understand the risks AND REWARDS of a proposal before venturing an opinion;
  • Talking about ERM but never executing on anything;
  • Waiting until ratings agencies or regulatory requirements demand better ERM practices before doing anything;
  • There is no obstacle so difficult that, with sufficient thought, cannot be turned into an opportunity;
  • No opportunity so assured that, with insufficient thought, cannot be turned into a disaster;
  • Do not confuse trauma with learning;
  • Using a consistent discipline to search for opportunities where you are paid to accept risk in the context of the entire entity will move you toward an optimized position. Just as important is using that discipline to avoid “opportunities” where this is not the case.
    • undertake positive NPV projects
    • risk comes along with these projects and should be priced in the NPV equation
    • the price of risk is the lesser of the external cost of disposal (e.g., hedging) or the cost of retention “in the context of the entire entity”;
    • also hidden in these words is the need to look at the marginal impact on the entity of accepting the risk. Am I better off after this decision than I was before? A silo NPV may not give the same answer for all firms/individuals;
  • What is important is the optimization journey, understanding it as a goal we will never achieve;

More Skin in the Game

  • Misalign the incentives;
  • Most people will act based on their financial incentives, and that certainly happened (and continues to happen) over the past couple of years. Perhaps we could include one saying that no one is peer reviewing financial incentives to make sure they don’t increase risk elsewhere in the system;
  • Not tying risk management practices to compensation;
  • Not aligning risk management goals with compensation;

Black Swan Free World (9)

November 7, 2009

On April 7 2009, the Financial Times published an article written by Nassim Taleb called Ten Principles for a Black Swan Free World. Let’s look at them one at a time…

9. Citizens should not depend on financial assets or fallible “expert” advice for their retirement. Economic life should be definancialised. We should learn not to use markets as storehouses of value: they do not harbour the certainties that normal citizens require. Citizens should experience anxiety about their own businesses (which they control), not their investments (which they do not control).

The treatment of retirement in many countries has been drastically marred by a fundamental lack of understanding of risk and of risk pooling.  Taleb’s suggestion here seems drastically radical, especially here in the US where we came very close just a few years ago to shifting all retirement programs over to market based.

Whether or not you believe in the “socialization” of social security, no one seems to be thinking of the risk management aspect of retirement.  One of the fundamental concepts of risk management is to take specific risk and to use diversification to minimize the relative impact of any specific adverse event.  What the planned market based alternatives to Social Security did was to maximize two specific risks.  Those are the risk of the level of the market at point of retirement and the risk of outliving the funds.  An individual can avoid one of the two, but never both as savings plans are currently run.

This would have been one more step in the direction away from any recognition that there is any risk whatsoever in the idea of providing pensions.  In 1974, the US Congress, in effect, drove the insurance industry out of the business of providing guarantees of pensions in any form.  They did that by telling businesses that they were fully funded if they put up an amount that was sufficient to pre-fund their promices and made sure that the amount was determined without any risk margin whatsoever.  You see, when insurers were in the business of guaranteeing pension benefits, they included a risk margin.  So if you compare an actuarial projection of costs WITHOUT a risk margin to an actuarial projection of costs WITH a risk margin, the projection WITHOUT a risk margin will always seem more economical.

So looking at an individual retirement savings plan without regard to risk is just one more step in this same wrong direction.

So I believe that Taleb has a point, but I would not agree that it is necessarily the best solution to remove the retirement issue entirely from the markets.  That is because I firmly believe that with the entirely unrealistic way that government approaches financial issues that extend into the far future (meaning after lunch), some relationship to the market provides discipline and transparency around the adequacy of the funding.

I would suggest two simple adjustments to the normal features of the personal retirement savings programs.  These can be additional options that are required for all qualified retirement vehicles (US term for plans that meet regulatory standards – there must be similar terms for any other countries where there are personal retirement accounts), or they can be required for all plans – if you are the type that prefers making people do things for their own good.  For investing, the single date dependency of the current system can be repaired with a fund that bases its earnings on an average of 5 prior years and that can only be cashed out over 5 years.

For the longevity risk, my suggestion is to offer an annuity payout option that can be purchased piecemeal at any time prior to retirement.  This option should appear very competitive to younger workers since their cost for an annuity unit deferred until their retirement will appear very inexpensive.  The annuity option can be provided through purchasing additional units of Social Security benefits or through private insurers.  Since the lack of income for elderly people in the countries like the US where lack of lifetime annuity ownership by retired individuals (like the US) will become an extremely serious issue within 20 years when most of the baby boomers who had retirement savings will have spent that savings long before half of us expire, some amount of annuity purchase should be required.  I would favor the gradual elimination of tax advantage to any funds withdrawn as a lump sum or as any form that has no lifetime guarantee.

In the end, to do this right with individual accounts may just be too much trouble for all.  Perhaps what would be better would be to require all employers to provide defined benefit plans and to fund them with risk adjusted premiums.  Now that would make sense.

Black Swan Free World (8)

Black Swan Free World (7)

Black Swan Free World (6)

Black Swan Free World (5)

Black Swan Free World (4)

Black Swan Free World (3)

Black Swan Free World (2)

Black Swan Free World (1)

How to Fail

November 5, 2009

Reasons Civilizations Fail

from Jared Diamond
Author of “Guns, Germs & Steel”
1. Failure to anticipate a problem before it arrives
2. Failure to see a problem once it arrives
3. Failure to even try to solve a problem once they have perceived it
4. Failure to solve a problem that they are trying to solve.
http://www.edge.org/3rd_culture/diamond03/diamond_index.html

Diamond presents a simple taxonomy of failure.  Much of what risk management attempts to do is to prevent failures.

So a risk manager can use this list as a control list for risk management practices.

Failure to anticipate a problem before it arrives – this appplies to both emerging risks as well as identified risks. Anticipating a problem means more than just fretting about it; it means preparing for it as well.

Failure to see a problem once it arrives. Knowing of a risk, but not knowing when that risk becomes risky is almost as bad as not knowing about the risk at all.  The risk manager needs to assist the business manager in identifying when risk is risky.  In addition, there needs to be a process for identifying emerging risks, especially those that are just about emerged. 

Failure to even try to solve a problem once they have perceived it As Diamond points in his books, sometimes people fail to act because they know that the first action would be to stop or reduce something that is really important to them.  This part of the risk management role falls on the CEO.  The CEO needs to be able to take the reins out of the hand of the frozen manager.  And if it is the CEO that is frozen, then the board needs to act.

Failure to solve a problem that they are trying to solve. In the risk management context, this occurs when the standard rules and tools just do not work.  The risk manager needs to reframe the problem along with a scramble for alternate tools while throwing out the rules.

Capabilities

November 2, 2009

Your firm’s Risk Profile is a function of two things, the Opportunities for risk taking and your capabilities.  Using your capabilities, you will choose from your opportunities for risk to get your gross risk exposures. Then your capabilities will again take over and treat your risks to bring them to the net risks.

So your capabilities make two contributions to risk management.

A firm with strong capabilities will find the best opportunities from the choices that the firm has based upon its access to sourcing risks.  Those opportunities will have the most favorable risk reward potential.

Then the strong capabilities will seek to trim the risk through risk treatment, giving up as little return as possible while offsetting or otherwise reducing returns as much as possible.

A firm that wants to increase its capabilities has three choices:  Acquiring, Partnering or Training.

Risk capabilities can be Acquired in bulk by acquiring a firm with good capabilities, or by hiring one risk professional at a time.  With Partnering, the firm gets help from the partner who could be a consulting firm or an intermediary.  By using Training to acquire capabilities, the firm seeks to add capabilities to existing staff.

Each possibility has different short and long term costs and each has different levels of dependability and time to start up.

Cultural Theory of Risk

October 24, 2009

Back in 1984 an anthropologist, Mary Douglas, wrote about her theory for why people chose to form and continue to associate with groups.  She postulated that the way that people thought about RISK was a primary driver.

Cultural Theory describes four views of RISK:

Individualists see the world as mean reverting.  Any risk that they take will be offset by later gains.

Egalitarians see the world in a delicate balance where any risky behaviors might throw off that balance and result in major problems.

Authoritarians see the world as dangerous by manageable.  Some risk can be taken but must be tightly controlled.

Fatalists see the world as unpredictable.  No telling what the result might be from risk taking.

The dynamics of human behavior are influenced by these four groups.  People shift between the four groups because they find the environment either validating their belief or failing to validate their belief.

Cultural Theory also see that there are broadly four different risk regimes in the world.  The four groups exist because the risk regime that validates their view of risk will exist some of the time.

These four regimes are:

Normal Risk – when the ups and downs of the world fall within the expected ranges.

Low Risk – when everything seems to be working out well for the risk takers and the dips are quickly followed by jumps.

High Risk – when the world is on the edge of disaster and hard choices must be made very carefully.

High Loss – when the risks have all turned to losses and survival does not seem certain.

There are huge implications of these ideas for risk managers.  Risk management, as currently practiced, is process that is designed by Authoritarians for the Normal Risk regime.  The Global Financial Crisis has shown that current risk management fails when faced with the other regimes.

One solution would be to redesign risk management to be a broader idea that can both use the skills of those other three views of risk, adapting to the other three regimes of risk.

This idea is discussed in more detail here and in a forthcoming series of articles in Wilmott Magazine.

Black Swan Free World (6)

October 13, 2009

On April 7 2009, the Financial Times published an article written by Nassim Taleb called Ten Principles for a Black Swan Free World. Let’s look at them one at a time…

6. Do not give children sticks of dynamite, even if they come with a warning . Complex derivatives need to be banned because nobody understands them and few are rational enough to know it. Citizens must be protected from themselves, from bankers selling them “hedging” products, and from gullible regulators who listen to economic theorists.

It is my opinion that many bubbles come about after a completely incorrect valuation model or approach becomes widely adopted.  Today, we have the advantage over observers from prior decades.  In this decade we have experienced two bubbles.  In the case of the internet bubble, the valuation model was attributing value to clicks or eyeballs.  It had drifted away from there being any connection between free cashflow and value.  As valuations soared, people who had internet investments had more to invest in the next sensation driving that part of the bubble. The internet stocks became more and more like Ponzi schemes.  In fact, Hyman Minsky described bubbles as Ponzi finance.

In the home real estate bubble, valuation again drifted away from traditional metrics, the archaic and boring loan to value and coverage ratio pair.  It was much more sophisticated and modern to use copulas and instead of evaluating the quality of the credit to use credit ratings of a structured securities of loans.

Goerge Soros has said that the current financial crisis might just be the final end of a fifty year mega credit bubble.  If he is right, then we will have quite a long slow ride out of the crisis.

There are two aspects of derivatives that I think were ignored in the run up to the crisis.  The first is the leverage aspect of derivatives.  A CDS is equivalent to a long position in a corporate bond and a short position in a risk free bond.  But few observers and even fewer principals considered CDS as containing additional leverage equal to the full notional amount of the bond covered.  And leverage magnifies risk.  Worse than that.

Leverage takes the cashflows and divides them between reliable cashflows and unreliably cashflows and sells the reliable cashflows to someone else so that more unreliable cashflows can be obtained.

The second misunderstood aspect of the derivatives is the amount of money that can be lost and the speed at which it can be lost.  This misunderstanding has caused many including most market participants to believe that posting collateral is a sufficient risk provision.  In fact, 999 days out of 1000 the collateral will be sufficient.  However, that other day, the collateral is only a small fraction of the money needed.  For the institutions that hold large derivative positions, there needs to be a large reserve against that odd really bad day.

So when you look at the two really big, really bad things about derivatives that were ignored by the users, Taleb’s description of children with dynamite seems apt.

But how should we be dealing with the dynamite?  Taleb suggests keeping the public away from derivatives.  I am not sure I understand how or where the public was exposed directly to derivatives, even in the current crisis.

Indirectly the exposure was through the banks.  And I strongly believe that we should be making drastic changes in what different banks are allowed to do and what different capital must be held against derivatives.  The capital should reflect the real leverage as well as the real risk.  The myth that has been built up that the notional amount of a derivative is not an important statistic and that the market value and movements in market value is the dangerous story that must be eliminated.  Derivatives that can be replicated by very large positions in securities must carry the exact same capital as the direct security holdings.  Risks that can change overnight to large losses must carry reserves against those losses that are a function of the loss potential, not just a function of benign changes in market values and collateral.

In insurance regulatory accounting, there is a concept called a non-admitted asset.  That is something that accountants might call an asset but that is not permitted to be counted by the regulators.  Dealings that banks have with unregulated financial operations should be considered non-admitted assets.  Transferring something off to the books to an unregulated entity just will not count.

So i would make it extremely expensive for banks to get anywhere near the dynamite.  Or to deal with anyone who has any dynamite.

Black Swan Free World (5)

Black Swan Free World (4)

Black Swan Free World (3)

Black Swan Free World (2)

Black Swan Free World (1)

An Al-Chet for Risk Managers:

October 8, 2009

From James McCallum

I was not strong enough to stand up to my boss

I put selfish gain ahead of ethical considerations

I falsified or hid data to conceal results

I failed to be objective

My risk model was too subjective

I ignored warning signs

I was in over my head

I did not understand all the risk factors

I failed to get an outside opinion

I was beholden to monetary gain

I was victim to group think

I placed institutional interest before ethical considerations

I failed to admit I was wrong

I was not honest with regulators

I was not honest with shareholders

I looked the other way

I failed to act

I conveniently overlooked infractions

I turned a blind eye to irregularities

I made exemptions

I did not understand the depth of the problem

I know there are many more.

Please help me to uncover, understand, make right and overcome.

Shalom

From

Audit, Risk & Controls Community Blog

ERM Role in Implementing a Winning Acquisition Strategy (2)

October 8, 2009

From Mike Cohen

Part 2

(Part 1)

Execution of an Acquisition Strategy Goes Through Several Stages and Involves Many and Varied Complex, Interrelated Business Issues (they must be performed well, and there are numerous junctures where things can go awry … suggesting that many potential risks need to be addressed, and more effectively than they typically are)

– Defining the business case

Considering the corporate strategy and the resulting (ideally enhanced) business model

* Fit vs. conflict

* Synergies; potential synergies are frequently overstated

* Diversification

– Assessing market opportunities and competitive dynamics

* Products

* Distribution

* Markets/segments

* Brand/reputation

– Financial impact

* Earnings

* Capital

* Economic value

* Assessment of an appropriate price

– Investments

* Asset classes

* Loss positions

* Liquidity

– Operational fit (or problematically, the need to ‘fix’ the target’s operations)

* Technology

* Administration

* Core competencies

– Integrating the target: melding the two organizations so that they can perform effectively together, while mitigating risk, volatility and confusion to the greatest extent possible

Q: Is an acquisition strategy a core competency of your company … can you execute such a transaction successfully?

Due Diligence Performed on any Acquisition Target: A Critical Activity on the Strategic and Tactical Levels

– Valuation, impact on future financial results

– Management/staff

– Profitability of new (potential), existing business

– Competitive market position; product management, distribution capabilities

– Synergies: strategic, operational, financial, market/product/distribution

– Investments

– Expense structure (opportunities for increasing efficiency and/or cost reduction)

– Technological capabilities or possible lack of fit

– Contractual obligations

– Areas of risk or uncertainty

Many acquisitions are viewed retrospectively as failures. A lack of accurate evaluation of/objectivity about prospective acquisition targets (using ‘rose-colored glasses’ leads many (most?) acquirers to have unrealizable goals for their transactions, and as a consequence the end results (strategic, financial or otherwise) do not meet expectations.  There is a considerable level of risk to the acquirer if the due diligence process is not conducted with sufficient accuracy and objectivity.

Evaluating the Capabilities of an Organization to Execute Successful Acquirer: Being a successful acquirer requires a number of skills and mind-sets:

– Knowing one’s own corporate vision, mission, strategy and operating model, and how  acquisitions complement them

– Having a disciplined approach: evaluating fit, paying an appropriate price based on economic value, both current and future

– Performing careful, accurate and objective due diligence on the target company and management counterparts … caveat emptor!

– Executing timely, well planned and orchestrated integration activities focus on achieving a favorable operational model and attaining a satisfactory level of cost savings; a number of  companies that acquired positive reputations as acquirers were in fact poor at integrating their acquisition(s), causing their organizations to implode

– Managing the staffs and corporate cultures sensitively. There is considerable amount of research that identifies human resource related issues as the most prevalent causes for acquisition failure; personalities (egos), conflicting management styles and cultures, and different compensation structures are all too common. Proactive conflict resolution is critical to steer the resulting entity past these pratfalls. Open and continuous communication is critical.

The General Lack of Success from Acquisitions is Attributed to Mismanaging One or More Critical Aspects of the Transaction with Material Risk

Strategy

– Incompatible cultures

– Incompatible business models

– Synergy non-existent or overestimated

Due Diligence

– Acquirer overpaid

– Foreseeable problems overlooked

– Acquired firm too unhealthy

– Overlooking aspects of the target where excessive divestiture or liquidation might be required

Implementation

– Inability to manage target

– Inability to implement change

– Clash of management styles/egos

Conclusion

An acquisition is arguably the most difficult business endeavor a company can undertake. This report discussed a considerable number of elements involved in acquisition activity; they are all complex, and there are many junctures in the process where a number of these elements can go awry or reach adverse conclusions, either derailing transactions that could have otherwise been successful or ‘proving’ the efficacy of transactions that upon closer scrutiny could not have succeeded and should have been avoided.

Studies of acquisition activity across all industries (not just insurance) have consistently  found that approximately two-thirds of these transactions yielded unsatisfactory results. One could observe that this is not surprising, as there are so many steps along the way that can turn into insurmountable roadblocks. Considering the myriad of factors that must be performed well, it is clear than sound, pragmatic risk management throughout the process and beyond is critical in order for acquisition activity to succeed

Visions of Risk

October 5, 2009

How do you see risk?

One of the most difficult issues for many risk managers is the fact that people do not all see risk the same way.  No matter how hard they try, they cannot get some people to take risk management seriously.  On the other hand some people are eager to eliminate all risk.  Why cannot people just see risk the way that Enterprise Risk Managers have learned to see it?

1.  Do you see risk as something that could lead to severe problems, but if treated properly using well developed risk management techniques, then it can be controlled?

2.  Do you see risk as something that we have almost too much of – if we take any more risk then we will suffer dire consequences?  We need to work to lessen the risk that we are taking at all costs.

3.  Do you think that risk comes and goes, but in the end it all works out?  That periods of risk and loss are always followed by periods of low risk and large gains, so that over the cycle, it all works out.

4.  Or do you think that risk is unpredictable, that it is almost impossible to tell whether risks will turn into losses, so it is best not to bother with risk management?

Those are four views of risk that you probably have seen in your life and work.  As a risk manager, you need to figure out how to work with all four views, because there is little likelihood that you will convert everyone over to your view of risk.


%d bloggers like this: