Risk Capital Standard

Insurers in the US and Canada are required to state their own internal Risk Capital Standard in their ORSA Summary Report. From RISKVIEWS observations over the years of actual insurer actions, insurers have actually operated  with four levels of Risk Capital Standards:

• Solvency – enough capital to avoid take-over by regulators
• Viable – enough capital to avoid reaching Solvency level with “normal” volatility
• Secure – enough capital to satisfy sophisticated commercial buyers that you will pay claims in most situations
• Robust – enough capital to maintain a Secure level of capital after a major loss

In many cases, this is not necessarily a clear conscious decision, but insurers do seem to pick one of those four levels and stick with it.

Insurers operating at the Solvency levels are usually in constant contact with their regulator.  They are almost always very small insurers who are operating on the verge of regulatory takeover.  They operate in markets where there is no concern on the part of their customers for the security of their insurer.  Sometimes these insurers are government sponsored and are permitted to operate at this level for as long as they are able because the government is unwilling to provide enough capital and the company is not able to charge enough premiums to build up additional capital, possibly because of government restrictions to rates.  This group of insurers is very small in most times.  Any adverse experience will mean the end of the line for these companies.

Many insurers operate at the Viable level.  These insurers are usually operating in one or several personal/individual insurance lines where their customers are not aware of or are not sensitive to security concerns.  Most often these insurers write short term coverages such as health insurance, auto insurance or term insurance.  These insurers can operate in this manner for decades or until they experience a major loss event.  They do not have capital for such an event so their are three possible outcomes:  insolvency and breakup of the company, continued operation at the Solvency level of capital with or without gradual recovery of capital to the Viable level.

The vast bulk of the insurance industry operates at the Secure level of capital.  Companies with a Secure capital level are able to operate in commercial/group lines of business, reinsurance or the large amount individual products where there is a somewhat knowledgeable assessment of security as a part of the due diligence process of the insurance buyer.   With capital generally at the level of a major loss plus the Viable capital level, these companies can usually withstand a major loss event on paper, but if their business model is dependent upon those products and niches where high security is required, a major loss will likely put them out of business because of a loss of confidence of their customer base.  After a large loss, some insurers have been able to shift to operating with a Viable capital level and gradually rebuild their capital to regain the Secure position and re-engage with their original markets.  But most commonly, a major loss causes these insurers to allow themselves to be acquired so that they can get value for the infrastructure that supports their high end business model.

A few insurers and reinsurers have the goal of retaining their ability to operate in their high end markets in the event of a major loss by targeting a Robust capital level.  These insurers are holding capital that is at least as much as a major loss plus the Secure capital level.  In some cases, these groups are the reinsurers who provide risk relief to other Robust insurers and to the more cautious insurers at the Secure level.  Other firms in this groups include larger old mutual insurers who are under no market pressure to shed excess capital to improve Return on Capital.  These firms are easily able to absorb moderate losses without significant damage to their level of security and can usually retain at least the Secure level of capital after a major loss event.  If that major loss event is a systematic loss, they are able to retain their market leading position.  However, if they sustain a major loss that is less broadly shared, they might end up losing their most security conscious customers.  Risk management strategy for these firms should focus on avoiding such an idiosyncratic loss.  However, higher profits are often hoped for from concentrated, unique (re)insurance deals which is usually the temptation that leads to these firms falling from grace.

One of the goals of Solvency II in Europe has been to outlaw operating an insurer at the Solvency or Viable levels of capital.  This choice presents two problems:

• It has led to the problem regarding the standard capital formula.  As noted above, the Solvency level is where most insurers would choose to operate.  Making this the regulatory minimum capital means that the standard formula must be near perfectly correct, a daunting task even without the political pressures on the project.  Regulators tendency would be to make all approximations rounding up.  That is likely to raise the cost of the lines of insurance that are most effected by the rounding.
• It is likely to send many insurers into the arms of the regulators for resolution in the event of a significant systematic loss event.  Since there is not ever going to be regulatory capacity to deal with resolution of a large fraction of the industry, nor is resolution likely to be needed (since many insurers have been operating in Europe just fine with a Viable level of capital for many years).  It is therefore likely that the response to such an event will be to adjust the minimum capital requirement in one way or another, perhaps allowing several years for insurers to regain the “minimum” capital requirement.  Such actions will undermine the degree to which insurers who operate in markets that have traditionally accepted a Viable capital level will take the capital requirement completely seriously.

It is RISKVIEWS impression that the Canadian regulatory minimum capital is closer to the Viable level. While the US RBC action level is at the Solvency level.

It is yet to be seen whether the US eventually raises the RBC requirement to the Viable level or if Canada raises its MCCSR to the Secure level because of pressure to comply with the European experiment.

If asked, RISKVIEWS would suggest that the US and Canada waits until (a) the Europeans actually implement Solvency II (which is not expected to be fully inforce for many years after initial implementation due to phase in rules) and (b) the European industry experiences a systematic loss event.  RISKVIEWS is not likely to be asked, however.

It is RISKVIEWS prediction that the highly theoretical ideas that drive Solvency II will need major adjustment and that those adjustments will need to be made at that time when there is a major systematic loss event.  So the ultimate nature of Solvency II will remain a complete mystery until then.

Risk Culture doesn’t come from a memo

Nor from a policy, nor from a speech, nor from a mission statement nor a value statement.

Like all of corporate culture, Risk Culture comes from experiences.  Risk Culture comes from experiences with risk.  Corporate Culture is fundamentally the embedded, unspoken assumptions that underlie behaviors and decisions of the management and staff of the firm.  Risk Culture is fundamentally the embedded, unspoken assumptions and beliefs about risk that underlie behaviors and decisions of the management and staff of the firm.

Corporate culture is formed initially when a company is first started.  The new company tries an approach to risk, usually based upon the prior experiences of the first leaders of the firm.  If those approaches are successful, then they become the Risk Culture.  If they are unsuccessful, then the new company often just fails.

In his book, Fooled by Randomness, Nassim Taleb points out that there is a survivor bias involved here.  Some of the companies that survive the early years are managing their risk correctly and some are simply lucky.  Taleb tells the story of mutual fund managers who either beat the market or not each year.  Looking back over 5 years, a fund manager who was one of 30 out of 1000 who beat the market every one of those five years might believe that their performance and therefore their ability was far above average.  However, Taleb points out that if whether a manager beat the market or not each year was determined by a coin toss, statistics tells us to expect 31 to beat the market.

That was for a situation where we assume that the good results were likely 50% of the time.  For risk management, the event that is being managed is often a 1/100 likelihood.  There is a 95% chance of avoiding a 1/100 loss in any five year period, just by showing up with average risk management.  That makes it fairly likely that poor risk management can be easily overcome by just a little bit of luck.

So by the natural process of experience, Risk Culture is formed based upon what worked in the past.

In banks and hedge funds and other financial firms where risk taking is a fundamental part of the business, the Risk Culture often supports those who take risks and win.  Regardless of whether the amount of risk is within limits or tolerances or risk appetite.

You see, all of those ideas (limits, tolerances, appetites) are based upon an opinion about the future.  And the winner just has a different opinion about the future of his/her risk.  The fact that the winner’s opinion proves itself as experience shows that the bad outcome that those worrying risk people said was the future is not the case.  When the winner suddenly makes a bad call (see London Whale), that shows that their ability to see the future better than the risk department’s models may be done.  You see, there are very very few people who can keep the perspective needed to consistently beat the market.  (RISKVIEWS thinks that the fall off might well follow an exponential decay pattern as predicted by statistics!)

The current ideas of a proper Risk Culture (see FSB consultation paper) are doubtless not what most firms set up as their initial response to risk. That paper focuses on four specific aspects of Risk Culture.

• Tone from the top: The board of directors11 and senior management are the starting point for setting the financial institution’s core values and risk culture, and their behaviour must reflect the values being espoused. As such, the leadership of the institution should systematically develop, monitor, and assess the culture of the financial institution.
• Accountability: Successful risk management requires employees at all levels to understand the core values of the institutions’ risk culture and its approach to risk, be capable of performing their prescribed roles, and be aware that they are held accountable for their actions in relation to the institution’s risk-taking behaviour. Staff acceptance of risk-related goals and related values is essential.
• Effective challenge: A sound risk culture promotes an environment of effective challenge in which decision-making processes promote a range of views, allow for testing of current practices, and stimulate a positive, critical attitude among employees and an environment of open and constructive engagement.
• Incentives: Performance and talent management should encourage and reinforce maintenance of the financial institution’s desired risk management behaviour. Financial and non-financial incentives should support the core values and risk culture at all levels of the financial institution.

(These descriptions are quotes from the paper)

These practices are supported by the Risk Culture for a few very new firms.  As well as a very few other firms (and we will mention why that is in a few paragraphs).  But for at least 80 percent of financial firms, these items, if they are happening, are not at all supported by the Risk Culture.  The true Risk Culture of a successful firm has evolved based upon the original choices of the firm and the decisions and actions taken by the firm that have been successful over the life of the firm.

These aspects of Risk Culture are a part of one of the three layers of culture (see Edgar Schein, The Corporate Culture Survival Guide).  He calls those layers:

• Artifacts
• Espoused Values
• Shared Assumptions

The four aspects of Risk Culture featured by the FSB can all be considered to be “artifacts”.  Those are the outward signs of the culture, but not the whole thing.  Espoused Values are the Memos, policies, speeches, mission and value statements.

Coercion from outside the organization, such as through regulator edict, can force management to change the Espoused Values.  But the real culture will ignore those values.  Those outside edicts can force behaviors, just as prison guards can force prisoners to certain behaviors.  But as soon as the guards are not looking, the existing behavioral standards based upon the shared assumptions will re-emerge.

When the insiders, including top management of an organization, want to change the culture, they are faced with a difficult and arduous task.

That will be the topic of the next post.

Heads Banks Win, Tails Taxpayers Lose

Moody’s says that era is over.

Based on Moody’s updated views on US government support and standalone bank considerations, Moody’s lowered by one notch the senior holding company ratings of Morgan Stanley, Goldman Sachs, JPMorgan, and Bank of New York Mellon.

“We believe that US bank regulators have made substantive progress in establishing a credible framework to resolve a large, failing bank,” said Robert Young, Managing Director. “Rather than relying on public funds to bail-out one of these institutions, we expect that bank holding company creditors will be bailed-in and thereby shoulder much of the burden to help recapitalize a failing bank.”

Two Fundamental Flaws of Solvency II

Many people in Europe have worked very hard for many years, attempting to perfect solvency oversight for insurers. The concepts underlying Solvency II are the best thinking about risk regulation that the world has ever seen.

However, there are two fundamental flaws that are drivers of the problems that Solvency II is having in getting to the point of actual implementation.

The first flaw is the targeted level of required capital.  When Solvency II was first imagined, banks seemed to be well run and well regulated.  And under that system banks were reporting returns in the high 20’s.  Insurer returns rarely hit the perennial 15% target.  Banks tended to operate right at their level of regulatory required capital.  Insurers looked at that and suggested that the capital requirement for Solvency II should be at a level that the largest insurers would be comfortable operating at.  There was also a big push for a single set of books.  So with a solvency requirement at the level where a rational insurer would want to operate that would mean that in addition to having only one set of books, there would only be one important capital target.  (for discussion of the flaw in the idea of “one number” management, see Risk and Light.)   But the reason why setting the required capital at that high of a level is that it then leaves no room for error or for disagreement.  (Disagreement is absolutely inevitable.  See Plural Rationalities.) The capital calculation needed to be just right.  A capital requirement that was at say 2/3 of the level a prudent company would want to operate at would leave room for errors and disagreements.  If for some risks the requirements were even 50% higher than what some would feel is the correct number, then companies could in fact live with that.  It would become known in the marketplace that companies that write that risk are likely to have tighter solvency margins, and everyone would be able to go about their business.  But with a target that is so very high, if some risk is set too high, then there would be firms who are forced to hold higher capital than makes sense in their minds for their risks.  That completely destroys the idea of management relying upon a model that is calibrated to what they believe is the wrong result.  It also encourages firms to find ways to get around the rules to only hold what they believe is the right level of capital.  What we are seeing now is the inevitable differences in opinions about riskiness of some activities.  The differences of opinion mean the difference between being in business and not for companies concentrated in those activities.  Or for being in those businesses or not for more diversified groups.  If the Solvency II target was set at, for instance, a 1 in 100 loss level, then there might be room for compromise that would allow that activity to continue for firms willing to run a little tight on solvency margin.

==========================================

The second flaw, that surprisingly has only been raised very recently is to total lack of any cost benefit criteria for the process.  If further refinement of Solvency II could prevent one insolvency over a 10 year period, yet would cost other insurers $100 million in expenses and $1 billion in additional capital, is that a good trade-off?  This is the exact sort of thinking that Solvency II REQUIRES of insurers.  EIOPA ought to have a complex model of the insurance industry in Europe so that they can show the risk reward relationship of all of their rules.  What?  You say that is terribly difficult and complicated and would not provide reliable guidance?  EIOPA should  live in the same world that they are requiring of insurers.  Without even a simple minded cost benefit requirement, anything can make it into Solvency II.  The exposure process allows questions to be raised about cost/benefit, but in many cases, that has not happened.  Besides, with no stated criteria for cost benefit, the question is ultimately solved by judgment.  So now we have insurers saying that they will withdraw from parts of the Solvency II process because they are too expensive.  Those insurers have not put forward an objective criteria under which they reached that conclusion either.

It seems unlikely at this point that either of these flaws of Solvency II will be fixed.  A lower standard would seem to too many to be a retreat, a dilution of the power of Solvency II.  Imposing a risk reward or cost benefit rule would result in crazy inconsistencies between decisions made after the rule with those made before or else a very long wait as all of the parts of Solvency II are examined under such a rule.

So it is yet to be seen whether those faults will in the end be fatal.  Solvency II could be tied up in arguments until it is abandoned, it could limp into practice with very mixed support and then be pulled after a few years and enough unanticipated implementation issues, or it could soar for a long run of effective prudential oversight as its designers originally hoped.

I am sure that someone in London can quote you odds.

Should we be concentrating regulatory attention on Systemic Risk?

Think of it somewhat like the town that just suffered a very bad winter season with huge snowfalls that they were unprepared for clogging up everything for weeks on end. They spend the spring fixing up and deciding what to do. Their conclusion is to have all town employees carry snowshovels at all times and to keep snow plow trucks patrolling the streets all day and all night through the entire summer. Sometime in early fall, they decide that was a waste of time and sell all the shovels and trucks by the end of the fall.

RISKVIEWS does not think that our situation will include any systemic risks that we will anticipate. We will not repeat the exact same mistakes. Systemic risk oversight will in the end be a fixed Maginot Line defense.

What we need is

1. to figure out how to distinguish between creation of wealth by new innovation and by extraction from past innovation so that we can encourage the former and discourage the later. The former widely distributes increases in wealth while the latter concentrates it.  The former creates growth while the latter captures the benefits of future growth now – which means that we will not have them later.
2. to understand leverage better. Look at the Minsky Financial Instability Model myself. Often, we are not honest with ourselves on the extent of debt. RISKVIEWS favors full disclosure over regulations. For example, firms should disclose the amount of debt that is implicit in derivative positions. And disclose the counterparties for that debt.
3. to figure out how we are going to find the next big thing that will employ all of the people who are now permanently, structurally unemployed. We can keep hoping for something that increases wealth, something that merely decreases wealth less than the current situation or something that decreases wealth but employs people.
4. to orient research into how to operate an economy in the long term with much less or no growth. Most of our economic expectations are built off of a constantly growing economy. With population about to start falling, we will necessarily experience much less growth. We don’t collectively even have any idea of what the shift to large retired populations will do to our economies.

The regulators need to focus on whatever is within their purview that gets in the way to accomplishing those things.

For the town above, that means storing the snow shovels to the winter and looking at the problems of the summer heat. They still need to keep an eye out for the next winter. But that does not mean it needs to be a primary focus NOW.

Systemic Risk Metrics for Insurers

The US and Global banking regulators have been tasked with regulating systemic risk.  One area where they admit that they are unprepared is with the insurance sector.  In the recent Global Financial Crisis, several insurance companies played a pivotal role, specifically AIG and the US Financial Guarantee insurers.  Most insurers do not consider their activities that helped to build up the bubble and precipitate the crisis to be insurance activities and therefore persist in saying to regulators that insurance is not a systemically important sector.  However, the political facts are that AIG and the Financial Guarantors are/were insurers and the idea of leaving insurance completely out of the efforts to prevent a future systemic crisis is simply not a possible.

Last week, the American Academy of Actuaries provided a letter to the US Financial Stability Council titled, “Metrics to Enable FSOC to Monitor Insurance Industry Systemic Risk”.  That letter provides a good starting point for discussion of the issues involved in bringing the insurance sector into the discussion. For example, the letter provides the following list of ways that an insurer might have systemically significant risks:

1. Risk assumption services provided to the insurance companies through reinsurers, foreign and domestic (e.g. mortality risk in excess of a company’s risk management limit).
2. Risk assumption services provided by the non-insurance financial services companies to the insurance industry, (e.g. hedging of financial risk, catastrophe bonds).
3. The interconnectedness of the insurance industry when part of a financial services group.
4. The interconnectedness of a U.S. insurance company that is owned by a foreign financial services company.
5. The insurance industry as a lender to the US economy (e.g. through its purchase of corporate bonds).
6. The interconnectedness of risk assumption services external to the insurance industry when part of a financial services group.

Riskviews cautions the participants in this discussion to realize that it is most likely that the next systemic crisis will take a different form than the past crises.  So setting up measures and regulatory structures that will prevent a recurrence of past crises is no guarantee of preventing a future crisis.

This letter, with its emphasis on setting down broad principles for Systemic Risk in the insurance industry is a good step in the right direction.  Much broad based discussion is needed to take this further to produce a truly dynamic, principles based monitoring and regulating structure that will be imaginative and flexible enough to actually be of future good, not just short term political cover.

The Cost of Risk Management

PNC Chairman and Chief Executive Officer James E. Rohr is quoted in the Balitomore Sun as saying that Dodd Frank would raise costs and that those costs would ultimately be passed along to the customers.

Now Riskviews is not trying to suggest that Dodd Frank is necessarily good risk management.

But risk management, like regulation, usually has a definite cost and indefinite benefits.

The opponents of Dodd Frank, like the opponents of risk management will always point to those sure costs and a reason not to do regulations or risk management.

But with Dodd Frank, looking backwards, it is quite easy to imagine that more regulation of banks could have a pennies to millions cost – benefit relationship.  The cost of over light regulation of the banks was in the trillions in terms of the losses in the banks plus the bailout costs to the government PLUS the costs to the economy.  Everyone who has lost a job or lost profits or lost bonuses or who will ultimately pay for the government deficit that resulted from the decreased economic activity have or will pay the cost of underregulated banks.

The same sort of argument can be made for risk management.  The cost of good risk management is usually an increase to costs or a decrease to revenues in good times.  This is offset by a reduction to losses that might have been incurred in bad times.  This is a view that is REQUIRED by our accounting systems.  A hedge position MUST be reported as something with lower revenues than an unhedged position.  Lack of Risk Management is REQUIRED to be reported as superior to good risk management except when a loss occurs.

Unless and until someone agrees to a basis for reporting risk adjusted financials, this will be the case.

Someone who builds a factory on cheap land by the river that floods occasionally but who does not insure their factory MUST report higher profits than the firm next door that buys expensive flood insurance, except in the year that the flood occurs.

A firm that operates in a highly regulated industry may look less profitable than a firm that is able to operate without regulation AND that is able to shed most of their extreme losses to the government or to third parties.

Someone always bears those risk costs.  But it is a shame when someone like Rohr tries to make that look as if the cost of regulation are the only possible costs.

Systemic Risk, Financial Reform, and Moving Forward from the Financial Crisis

A second series of essays from the actuarial profession about the financial crisis.  Download them  HERE.

A Tale of Two Density Functions
By Dick Joss

The Systemic Risk of Risk Capital (Or the "No Matter What" Premise)
By C. Frytos &I.Chatzivasiloglou

Actuaries and Assumptions
By Jonathan Jacobs

Managing Financial Crises, Today and Beyond
By Vivek Gupta

What Did We Learn from the Financial Crisis?
By Shibashish Mukherjee

Financial Reform: A Legitimate Function of Government
By John Wiesner

The Economy and Self-Organized Criticality
By Matt Wilson

Systemic Risk Arising from a Financial System that Required Growth in a World with Limited Oil Supply
By Gail Tverberg

Managing Systemic Risk in Retirement Systems
By Minaz Lalani

Worry About Your Own Systemic Risk Exposures
By Dave Ingram

Systemic Risk as Negative Externality
By Rick Gorvette

Who Dares Oppose a Boom?
By David Merkel

Risk Management and the Board of Directors–Suggestions for Reform
By Richard Leblanc

Victory at All Costs
By Tim Cardinal and Jin Li

The Financial Crisis: Why Won't We Use the F(raud) Word?
By Louise Francis

PerfectSunrise–A Warning Before the Perfect Storm
By Max Rudolph

Strengthening Systemic Risk Regulation
By Alfred Weller

It's Securitization Stupid
By Paul Conlin

I Want You to Feel Your Pain
By Krzysztof Ostaszewski

Federal Reform Bill and the Insurance Industry
By David Sherwood

Not About Capital

The reality is that regulatory capital requirements, no matter how much we try to refine them, will always be a blunt tool.  Certainly they should not create the wrong incentives, but we cannot micromanage firm behavior through regulatory capital requirements.  There are diminishing returns to pursuing precision in regulatory capital requirements.

Terri Vaughan, NAIC

These remarks were made in Europe recently by the lead US regulator of the insurance industry.  In Europe, there has never been a regulatory capital requirement that was risk related.  But the Europeans have been making the discussion all about capital for about 10 years now in anticipation of their first risk based capital regime, Solvency II.

The European assumption is that if they follow as closely as possible the regulatory regime that has failed so spectacularly to control the banking system, Basel II, then everything will be under control.

The idea seems to be that if you concentrate, really concentrate, on measuring risk, then insurance company management will really take seriously the idea of managing risk.   Of course, that conclusion is also based upon the assumption that if you really, really concentrate on measuring risk that you will get it right.

But the Law of Risk and Light tells us that our risk taking systems will lead us to avoid the risk in the light and to load up on the risk in the dark.

That means the risks that are properly measured by the risk based capital regulatory system will be managed.

But whatever risks that are not properly measured will come to predominate the system.  The companies that take those risks will grow their business and their profits faster than the companies that do not take those poorly measured risks.

And if everyone is required to use the same expensive risk measurement system, very, very few will invest the additional money to create alternate measures that will see the flaws in the regulatory regime.

The banking system had a flaw.  And many banks concentrated on risks that looked good in the flawed system but that were actually rotten.

What is needed instead is a system that concentrates on risk controlling.  A firm first needs a risk appetite and second needs a system that makes sure that their risks stay within their appetite.

Under a regulatory risk capital system, the most common risk appetite is that a firm will maintain capital above the regulatory requirement.  This represents a transfer of the duty of management and the board onto the regulator.  They never need to say how much risk that they are willing to take.  They say instead that they are in business to satisfy the regulator with regard to their risk taking.

The capital held by the firm should depend upon the firm’s risk appetite.  The capital held should support the risk limits allowed by the board.

And the heart of the risk control system should be the processes that ensure that the risk stays within the limits.

And finally, the limits should not be a part of a game that managers try to beat.  The limits need to be an extremely clear expression of the fundamental way that the firm wants to conduct business.  So any manager that acts in a way that is contrary to the fundamental goals of the firm should not continue to have authority to direct the activities of the firm.

Crossroad of ERM

The ninth ERM Symposium in Chicago was the crossroads of ERM for a few days.

Heard there:

• The Financial crisis was not the failure of regulators, except perhaps the OTS.
• Compliance culture of risk management in banks contributed to the crisis
• 85% of bank losses were from the structured finance area.
• Securitization was 30 years old, but there was a quantum jump of complexity.
• Banks were supposed to have been sophisticated enough to control their risks.
• Discussion of subsidization of housing was broadly blamed.
• Riskviews suggests that only a tiny part of the fault is with housing policy.  Rest is simply finger pointing at best and deliberate misdirection at worst.  Losses and problems in banks were 400% or more higher than actual losses in mortgages, possibly 1000% or more higher.  Severe losses resulted from using housing as the basis for gambling.  They could have just as easily have bet on rainfall.  Then would they blame the weather for the losses?  Securities in play far exceeded the amount of mortgages.  And the multiple layers of bets concentrated on the worst stuff.
• Regulators need to keep up with innovation and excessive leverage from innovation.
• Riskviews:  No evidence that regulators have even started to deal with excessive leverage except in the crudest manner.  It is still possible to derivatives to skip right past leverage rules.  If you can replicated a highly levered position with a derivative position, then the derivative position IS A HIGHLY LEVERED POSITION.
• German regulator requires that banks have a Risk Controller who reports directly to the board.
• ERM is not an EASY button from Staples.
• Energy firms that had excessive trading losses were allowed to fail.
• Banking suffered from concentrated opacity.
• The board has to challenge management about risk.  Masters of the Universe approach or the smartest guys in the room tries to intimidate the board into feeling too stupid if they ask any questions.
• There will need to be major cultural changes for ICAAP/ORSA to be effective.
• Many banks and insurers should be failing the use test for ERM regulation to be effective.
• Stress testing is becoming a major tool for regulators.
• European regulators could not apply real stress tests because that would have meant publicly asking banks to look at a scenario of major sovereign defaults in Europe.
• Regulators need to be able to pay competitive market salaries
• Cross boarder collaboration among regulators has broken out.
• Difficult for risk managers to operate under multiple constraints of multiple regulators, accounting systems.
• Riskviews: It would be much faster to reach wrong conclusions if there were only one system to worry about.  That is not the way to go if there is really a concern about risk.  The multiple points of view encourage true understanding of the underlying risks.
• Banks are natural oligopolies
• Nice tree/forest story:  Small trees take resources from the forest.  Large trees shade smaller trees making it harder for them to get sunlight.  Old trees die and fall crashing through the forest taking out smaller trees.
• Riskviews:  This story illustrates to me that there is too much worry and manipulation to try to fix short term issues.  Natural processes work fairly well.  But interference has allowed a few trees to grow so large that little else can gro making the forest unhealthy.  Solution is to trim largest trees and plant/encourage new smaller trees.
• Things that people say will never go wrong will go wrong.
• Compliance should be the easy part of ERM, not the whole thing
• Asking dumb questions should be seen as good for firm.  10th dumb question might reveal something that no one else saw.
• There is a lack of imagination of adverse events.  US has cultural optimism.  Culture is risk seeking.
• Swiss approach to regulating banks is for their banks to hold the most capital.  Credit Swisse has signaled that they will seek lower return on capital.  Using that as marketing advantage – they are the most secure banks.
• 90% of Risk Management professionals believe that Dodd Frank will push the risks of the financial system out of regulated banks into unregulated financial enterprises. (Hedge Funds)
• Trade-off between liquidity and transparency is not true
• Requirements to post collateral may not increase costs at all for non-financial firms.  The dealers were changing them for the lack of collateral.  Prices may go down net of all costs.
• Bear Stearns was well capitalized.
• People understand and prefer principles based regulation.  But when trust is gone everything moves towards rules.
• Riskviews:  MTM should be adjusted for illiquidity.  Much larger adjustment than being contemplated for illiquid insurance liabilities.  Need to compare position size to trading volume.  If position is much larger than trading volume then liquidity adjustment needs to reflect possible price movements during the time needed to liquidate.
• Many CROs have been given the role of minimizing capital required for the firm.
• Insurers are moving rapidly to the bank model for this.
• The range of ERM practices are narrowing
• Riskviews: Narrow range of practices is only a good thing if the next large risk event is cooperative with practices that everyone is using.  Diversity is much, much healthier.
• Need to get rid of arb between trading and banking books in banks.
• FSA wants the whole world on one standard
• Riskviews: Solves one problem.  Creates another that is doubtless much, much larger.
• Difficult to explain decisions when there are multiple accounting and regulatory systems.
• Investors need to do their own due diligence
• Counterparties are not your friends.
• Supervisors need to learn to say no.
• Caveat Emptor
• Riskviews: Modern US society has moved in the opposite direction of Caveat Emptor.  It is always someone else’s fault.  Risk Management needs to overcome this tendency.
• Businesses need to learn to say no to non-core activities, no matter how good they look.  They usually do not have the expertise to really examine them, not to manage them.
• A risk metric that makes you more effective makes you special.
• Do we overtrade?
• Reduction of ROE target would take off pressure to take excessive risks.
• Regulators put 80% weight on model and 20% weight on judgment.  Should be the other way around.
• We have shifted to being too focused on risk, need to balance business need for returns.
• There will be unintended consequences from the major shifts in regulation.
• Must not freeze in a crisis.  Need to act and act approximately correctly.
• Moral Hazard was a major issue.  Some people should be put in jail because of the crisis.
• Riskviews: The losses to bank executives and employees were enormous.  People look at salaries of remaining bankers, forgetting that there are now 10% to 20% less of them.  Shareholders of Citi are still off 90% from the peak.  Execs whose net worth was largely in stock holdings and stock options are still out quite a large amount of money.  Riskviews has trouble understanding the moral hazard argument.  It does not match up well with any facts except the bail outs.  Moral hazard ONLY seems to have impact on creditors of banks.  Not unimportant but not the largest driver in bank activities.
• SIFI do get GSE level cost of borrowing.
• Riskviews: My question is why it is good public policy for monetary policy to transfer so much money to the shareholders and employees of banks?  They have been able operate at approximately zero cost of goods sold for four years now.  Their lending rates do not pass all of those savings along.  Why does it make sense for the banks to find themselves to be so smart and well paid when they are being totally supported by monetary policy.  In any other business you would have to be totally brain dead to not succeed if someone gave you your raw materials for free.
• More market discipline is needed.
• Riskviews:  AMEN

Liquidity Risk Management for a Bank

A framework for estimating liquidity risk capital for a bank

From Jawwad Farid

Capital estimation for Liquidity Risk Management is a difficult exercise. It comes up as part of the internal liquidity risk management process as well as the internal capital adequacy assessment process (ICAAP). This post and the liquidity risk management series that can be found at the Learning Corporate Finance blog suggests a framework for ongoing discussion based on the work done by our team with a number of regional banking customers.

By definition banks take a small Return on asset (1% – 1.5%) and use leverage and turnover to scale it to a 15% – 18% Return on Equity. When market conditions change and a bank becomes the subject of a name crisis and a subsequent liquidity run, the same process becomes the basis for a death chant for the bank.  We try to de-lever the bank by selling assets and paying down liabilities and the process quickly turns into a fire sale driven by the speed at which word gets out about the crisis.

Figure 1 Increasing Cash Reserves

Reducing leverage by distressed asset sales to generate cash is one of the primary defense mechanisms used by the operating teams responsible for shoring up cash reserves. Unfortunately every slice of value lost to the distressed sale process is a slice out of the equity pool or capital base of the bank. An alternate mechanism that can protect capital is using the interbank Repurchase (Repo) contract to use liquid or acceptable assets as collateral but that too is dependent on the availability of un-encumbered liquid securities on the balance sheet as well as availability of counterparty limits. Both can quickly disappear in times of crisis. The last and final option is the central bank discount window the use of which may provide temporary relief but serves as a double edge sword by further feeding the name and reputational crisis.  While a literature review on the topic also suggest cash conservation approaches by a re-alignment of businesses and a restructuring of resources, these last two solutions assume that the bank in question would actually survive the crisis to see the end of re-alignment and re-structuring exercise.

Liquidity Reserves: Real or a Mirage

A questionable assumption that often comes up when we review Liquidity Contingency Plans is the availability or usage of Statutory Liquidity and Cash Reserves held for our account with the Central Bank.  You can only touch those assets when your franchise and license is gone and the bank has been shut down. This means that if you want to survive the crisis with your banking license intact there is a very good chance that the 6% core liquidity you had factored into your liquidation analysis would NOT be available to you as a going concern in times of a crisis. That liquidity layer has been reserved by the central bank as the last defense for depositor protection and no central bank is likely to grant abuse of that layer.

Figure 2 Liquidity Risk and Liquidity Run Crisis

As the Bear Stearns case study below illustrate the typical Liquidity crisis begins with a negative event that can take many shapes and forms. The resulting coverage and publicity leads to pressure on not just the share price but also on the asset portfolio carried on the bank’s balance sheet as market players take defensive cover by selling their own inventory or aggressive bets by short selling the securities in question. Somewhere in this entire process rating agencies finally wake up and downgrade the issuer across the board leading to a reduction or cancellation of counterparty lines.  Even when lines are not cancelled given the write down in value witnessed in the market, calls for margin and collateral start coming in and further feed liquidity pressures.

What triggers a Name Crisis that leads to the vicious cycle that can destroy the inherent value in a 90 year old franchise in less than 3 months.  Typically a name crisis is triggered by a change in market conditions that impact a fundamental business driver for the bank. The change in market conditions triggers either a large operational loss or a series of operation losses, at times related to a correction in asset prices, at other resulting in a permanent reduction in margins and spreads.  Depending on when this is declared and becomes public knowledge and what the bank does to restore confidence drives what happens next. One approach used by management teams is to defer the news as much as possible by creative accounting or accounting hand waving which simply changes the nature of the crisis from an asset price or margin related crisis to a much more serious regulatory or accounting scandal with similar end results.

Figure 3 What triggers a name crisis?

The problem however is that market players have a very well established defensive response to a name crisis after decades of bank failures. Which implies that once you hit a crisis the speed with which you generate cash, lock in a deal with a buyer and get rid of questionable assets determined how much value you will lose to the market driven liquidation process. The only failsafe here is the ability of the local regulator and lender of last resort to keep the lifeline of counterparty and interbank credit lines open.  As was observed at the peak of the crisis in North America, UK and a number of Middle Eastern market this ability to keep market opens determines how low prices will go, the magnitude of the fire sale and the number of banks that actually go under.

Figure 4 Market response to a Name Crisis and the Liquidity Run cycle.

The above context provides a clear roadmap for building a framework for liquidity risk management. The ending position or the end game is a liquidity driven asset sale. A successful framework would simply jump the gun and get to the asset sale before the market does. The only reason why you would not jump the gun is if you have cash, a secured contractually bound commitment for cash, a white knight or any other acceptable buyer for your franchise and an agreement on the sale price and shareholders’ approval for that sale in place.  If you are missing any of the above, your only defense is to get to the asset sale before the market does.

The problem with the above assertion is the responsiveness of the Board of directors and the Senior executive team to the seriousness of the name crisis. The most common response by both is a combination of the following

a)     The crisis is temporary and will pass. If there is a need we will sell later.

b)    We can’t accept these fire sale prices.

c)     There must be another option. Please investigate and report back.

This happens especially when the liquidity policy process was run as a compliance checklist and did not run its full course at the board and executive management level.  If a full blown liquidity simulation was run for the board and the senior management team and if they had seen for themselves the consequences of speed as well as delay such reaction don’t happen. The board and the senior team must understand that illiquid assets are equivalent of high explosives and delay in asset sale is analogous to a short fuse. When you combine the two with a name crisis you will blow the bank irrespective of its history or the power of its franchise. When the likes of Bear, Lehman, Merrill, AIG and Morgan failed, your bank and your board is not going to see through the crisis to a different and pleasant fate.

(more…)

ERM News comes in Threes

There are three news items about changes to approach by two rating agencies and a regulator.

1. AM Best announced that they were adding two pages of ERM questions to their Supplemental Ratings Questionnaire (SRQ)
2. S&P announced that they are now going forward with reviewing internal capital models for consideration in their view of capital adequacy.
3. The IAIS has adopted an Insurance Core Principal (ICP 16) that requires that all insurance regulators adopt requirements that insurers should perform an Own Risk and Solvency Assessment (ORSA) and the NAIC will be starting to announce their plans for compliance with this in mid-February.

The place for insurers to stand and ignore ERM is shrinking quickly.

But Riskviews has noticed that when you talk people in the insurance industry about ERM, there are at least three different topics that they think about:

• Economic Capital Modeling – a large fraction of people think that ERM means Economic Capital modeling.  So when they hear that rating agency or regulator wants to hear about ERM, they might say that they do not have one, so there is nothing to talk about.  The S&P announcement confirms their belief.  They read the Best SRQ questions and only see the spots that require numbers, completley ignoring as unimportant the parts about culture.
• Compliance with rating agency or regulatory requirements.  These three news items are strong motivators for those who think that ERM is compliance.  These folks had heard AM Best asking about ERM, but saw no outcome from that process so they eventually lost interest in ERM themselves.  Now they are back to being interested.  The ORSA idea is confusing to these folks, because they already are doing their compliance regarding capital adequacy.  The ORSA seems like redundant regulation to them.  They do not see the shift of responsibility from the regulator to the board and management that is fundamental to the ORSA idea.
• Management decision making.  These firms are using ERM to enhance their decision making processes.  They hear these announcements and are annoyed at the additional distraction from the real risk management.  Some of them will not change what they are doing at all to enhance their “score” with the rating agencies or regulators.  There is too much of the firm;s real value at stake to risk changing their risk management program to suit these outsiders who do not know much about the company or its risks.

The news comes in threes and the reactions comes in threes as well.

Global Convergence of ERM Requirements in the Insurance Industry

Role of Own Risk and Solvency Assessment in Enterprise Risk Management

Insurance companies tend to look backwards to see if there was enough capital for the risks that were present then. It is important for insurance companies to be forward looking and assess whether enough capital is in place to take care risks in the future. Though it is mandatory for insurance firms to comply with solvency standards set by regulatory authorities, what is even more important is the need for top management to be responsible for certifying solvency. Performing Own Risk and Solvency Assessment (ORSA) is the key for the insurance industry.

• Global Convergence of ERM Regulatory requirements with NAIC adoption of ORSA regulations
• Importance of evaluating Enterprise Risk Management for ORSA
• When to do an ORSA and what goes in an ORSA report?
• Basic and Advanced ERM Practices
• ORSA Plan for Insurers
• Role of Technology in Risk Management

Join this MetricStream webinar

Date: Wednesday February 16, 2011
Time: 10 am EST | 4 pm CET | 3pm GMT
Duration: 1 hour

Why ORSA?

At first glance, the Own Risk and Solvency Assessment (ORSA) seems like an unnecessary redundancy.  For some firms, they will have looked at the Standard formula for capital adequacy and then looked again at the Internal Model and the Economic Capital.  And on all of those views, the firm has sufficient solvency margin.

But the problem that ORSA solves is a problem that is so very fundamental that we have almost completely forgotten that it exists.  That problem is that all of the traditional ways of looking at capital adequacy look at the wrong thing.  Yes, you heard that right, we have always and will continue to focus on the wrong thing when we assess capital adequacy.

The basis for capital assessment is the wrong view because it looks backwards.  We already know that the firm survived the past year.  What we really need to know is whether the firm can survive the next year and probably the one after that.

The traditional backwards looking solvency assessment tradition started when there was no viable alternative.  It is a good basis for looking at solvency under only a few possible futures.  Fortunately, many firms broadly operate within the range of futures.

For the backwards looking approach to solvency to have any validity, the future of the firm needs to be very much like the past of the firm.  Firms need capital more for the future than for the past and the balance sheet is more about the past of the firm than the future.  So a capital regime that is tied to the balance sheet is useful only to the firms whose future does not materially change their balance sheet.

But wait, the only time when that capital is needed is when the balance sheet DOES change materially.

So ORSA shifts the question of solvency from the past to the future.

The second thing that ORSA does is to shift the burden of determining adequacy of capital from the regulator to the board and management.  With the ORSA, the board and management will never again have the excuse that they thought everything was fine because they met the standards of the regulators.  The ORSA requires the board and management to assert, IN THEIR OWN OPINION, that the firm has sufficient capital for its own risks AND its own risk management systems.  Prior regimes allowed management to pass a test set by the regulator and thereby show adequacy of capital.  Even if the test did not pick up on some new risk that management was totally aware of but which was not at all recognized by the regulatory formula.

Now that is a game changer.

What is Too Big to Fail?

There seems to be various discussions going around about who needs to be considered Systemically important to qualify for “Special Attention” from regulators. Very large money managers are saying that they are not systemically important.

But it seems to me that there are quite a number of considerations. And everyone seems to be arguing solely from the part of that list that exempts them.

When thinking about money managers, I would think of the following:

1. How is their liquidity managed? Can they really raise funds fast enough to satisfy a run on the bank?
2. If they were to try to liquidate their funds, what would that do to the financial markets?
3. How interconnected are they to other financial firms? Do regulators now have information about that?
4. What about the future? (Isn’t that our concern, not the past or even the current situation?)

• Could they shift their liquidity practices to become much more illiquid?
• Their argument revolves around leverage, how much could they change their leverage under their current regulations? They can quickly leverage through derivatives as well as borrowing.
• Could they become the center of new risky financial behavior that would endanger the financial sector?

That last point is a major concern of regulators regarding the Insurance industry. And they have history on their side. The insurance industry helped the financial sector to blow the mortgage business up to 4 or 5 times the underlying.

All you need to do that is a big balance sheet and a willingness to take one side of a trade without balancing it with the other side. And the money managers as well as the insurance companies both have exactly those characteristics.

ERM, not just a good idea, Its the Law

IAIS Adopts ICP 16 on ERM

The International Association of Insurance Supervisors (IAIS) has adopted ERM as an Insurance Core Principle (ICP).

ERM is an acknowledged practice and has become an established discipline and separately identified function assuming a much greater role in many insurers’ everyday business practices. Originally, risk management only facilitated the identification of risks, and was not fully developed to provide satisfactory methods for measuring and managing risks, or for determining related capital requirements to cover those risks.
ERM processes being developed today by insurers increasingly use internal models and sophisticated risk metrics to translate risk identification into management actions and capital needs. Internal models are recognised as powerful tools that may be used, where it is proportionate to do so, to enhance company risk management and to better embed risk culture in the company. They can be used to provide a common measurement basis across all risks (e.g. same methodology, time horizon,  risk measure, level of confidence, etc.) and enhance strategic decision-making, for example capital allocation and pricing.

By this time next year, they expect to have revised the full set of ICPs.  All insurance supervisors are expected to reflect the revised ICPs in their legal frameworks and supervisory practices.  All G20 insurance supervisors will be expected to undertake a self-assessment against the new ICPs by early 2012.

Link to ICP 16

Europeans will notice that ICP 16 is very similar to Pillar 2 of Solvency 2.  Folks in the US will notice that this is very similar to documents that the NAIC has exposed for comment in the last year.

Riskviews has visited a number of non-G20 countries in the past six months and insurers there have all said that their regulators are starting to talk about ERM requirements or have already put them in place.

Financial Reform & Risk Management (2)

An AP summary of the negotiated consolidated Financial Reform act of 2010, there are 9 major provisions.  These posts will feature commentary on the Risk Management implications of each.

2. CONSUMER PROTECTION A Consumer Financial Protection Bureau within the Federal Reserve would police lending, taking powers now exercised by various bank regulators.

The current financial crisis is not unique in the financial history in that the major banks took it on the chin.

But while there are many troubling stories of consumers who are suffering hardships as a result of transactions that they entered into during the run up to the crisis, Roger Lowenstein admitted in a recent Sunday New York Times magazine article that try as they might, journalists have not been able to find a story of a truly innocent consumer who was taken advantage of.  In fact, if you look at most situations where folks seem to have been hurt, they either went into the situation with their own greedy motives to get something for nothing (house flippers) or were able to live in much better housing often at a lower price than before the crisis.  As the crisis hit and housing prices fell and refinancing opportunities evaporated, many consumers lost the houses that they could not afford in the first place.  But in fact if you look at the details of what happened, they usually got more than their money’s worth in terms of housing during the time they had a house.  What they lost were their unrealistic expectations.

To be brutally honest, the consumers did ok not well, but ok, and the bankers got hosed.

So as a result, Congress has decided to protect the consumers from any such future abuse.

And to again be brutally honest,  the motives of this “consumer” protection seems to be to protect banks from themselves.

But motives and consequences will doubtless be different.  The consequences of this part of the financial reform act will likely be the erosion of the margins of banks and other financial organizations that deal with consumers.

The margins that banks and others were getting from the sub prime mortgage business were so great that they generated their own myth of the actual viability of that business.  That self justifying myth can be thought of as the actual driver of the crisis.  To anyone who was not caught up in the wave of activity of the housing market, the myth may have seemed as somewhat unrealistic and benign.  But belief in the myth of unending appreciation of real estate enabled people at all levels to justify the behavior that now can be seen to be clearly outrageous.

But getting back to consumer protection, the new Consumer Protection Bureau will clamp down on abuses large and small that have helped to drive the bloated profitability of banks over the past 10 years.

The Risk Management consequences of this are that banks will not stand still and watch their earnings get savaged.  If they did that, then their stock values would either stay low or erode further.  So their reaction will be to seek other sources of revenue to replace the loss of the various fees and charges to consumers that are now found to be abusive.

And why is that a Risk Management concern?  It is because the new activity that will be undertaken to replace the lost revenues adds uncertainty to the system.  Some of that activity will fall inbetween the cracks of the regulatory system.  It will create risks that are not recognized in Basel III.   Some banks will act as if they believe Basel III and run these new activities as if there is no need for capital and end up adding significantly to their actual leverage.

So beware the unintended consequences of this new regulation.  The danger will only pass when banks have accepted the fact that they are fundamentally only 5% to 10% ROE businesses.  As long as they believe that they are 20% to 25% ROE businesses, they will end up finding the risks that will allow them to post those ROEs.

Financial Reform & Risk Management – Financial Services Oversight Council

According to an AP summary of the negotiated consolidated Financial Reform act of 2010, there are 9 major provisions.  These posts will feature commentary on the Risk Management implications of each.

1. OVERSIGHT A 10-member Financial Services Oversight Council made up of the treasury secretary, Federal Reserve chairman, a presidential appointee with insurance expertise, heads of regulatory agencies and a new consumer protection bureau would monitor financial markets and watch for threats.

Does that make you feel safe?  An Oversight Council?  Not me.

Each of the 10 members will be busy protecting their turf.  Any action or proposed action that will damage “their” part of the financial services business more than the rest of the sector will be fought tooth and nail.

Or else, the group will be out to prove that they are really watching.  They will protect us from 10 of the next two financial crises.

More protection might seem like a good idea right now, but no one has any idea how disruptive it will be to the economy to have an committee of 10 fighting to be the one who drives the car of the economy.

And in addition, to date there has been no indication that any of these folks will protect us from the NEXT crisis.  Instead they will be watching out for a repeat of the last crisis.

The next crisis will come from whatever part of the world economy that they are not paying attention to.  Almost by definition.

So my advice is to watch out for yourself.  Do not rely on these folks.  Do your own homework.  Mind your own risks.

How to do that?  Start HERE.

Death by Solvency

Another great post by  Maggid.

It seems that Solvency II is perfectly designed to reproduce the conditions that led US banks to believe that they were impervious to risks.  They and the regulators believed that they knew what they were doing with regard to Risks and Risk Management.

In 2004, the US Federal Reserve allowed investment banks to cut their capital levels by 2/3, tripling their potential leverage!  Not to worry, they knew how to manage risk.

European insurers are all being told that they need to have economic capital models to manage risks.  A few firms have had these models for more than five years now.  Those models tell us that those firms can reduce their capital by a third or more.

But everyone leaves out of their thinking two important things that will always happen.

The first is called the Peltzman effect by economists.  John Adams calls it the Risk Thermostat effect.  In both cases, it means that when people feel risk decreasing due to safety measures, they often respond by increasing the riskiness of their behaviors.  So the success of Solvency II will make some firms feel safer and some of them will take additional risks because of that.

The second effect is what I call the Law of Risk and Light.  That says that you will accumulate risks wherever you are not looking out for them.  So anywhere that there is a flaw in the Economic Capital model, the activity that accentuates that flaw will look like the best, most desirable business to be in.

But read Maggid’s post.  He provides some actual analysis to support his argument.

Regulatory Risk Management

There are at least two fundamental problems with risk management that is driven by regulators:

1. All risk management activities that would go beyond what the regulator requires usually cease.  Firms will not do the chaotic process of making their own decisions about how risky their activities are.  They will know because the regulator tells them.
2. Everyone will work under the same exact view of risk measurement and risk management.  If there are flaws, those flaws will have systemic ripples.  Where the regulators set the capital requirements too high, then businesses will either cease that activity or will engage in regulatory arbitrage.  Where the regulators set the risk capital requirements too low, businesses will over leverage their risks and some businesses will participate in risks that they might not have were the risks properly assessed.

And if the regulators take the step of creating a world wide system where there is no place to go to get regulatory relief, or arbitrage of risks with excessive capital requirements, then the entire world will fall all at once when what ever risk they have set the requirement too low is over used by the firms to get the profits that they believe that they need.

So there are no happy endings for a regulatory driven risk management regime.  None unless the regulators are absolutely perfect in their work.

One of the many roots of the financial crisis was a regulatory driven risk management system used by banks, Basel 2.  The system was so wrong headed that the two largest banks that were stricken by the crisis, Bear Stearns and Lehman both were in fine health according to the Basel measures of risk taking capacity, right up until the time that they failed (or were taken over).

In the June 24, 2010 WSJ, an article entitled BP Relied on Faulty U.S. Data, it says that the regulators REQUIRED the oil drillers to use a specified model of risk of oil spill damage.  According to the article, the model set the risk very close to zero, making it not sensible to spend any money on safety of the rigs or on preparation for a spill.  So that was the way that the drillers leveraged up their risk.  By taking fewer and fewer precautions against a problem, until one did occur.  And the wrong model from the regulators resulted in the situation where none of the firms were prepared for a spill, and furthermore, it probably led to much of the complacency the immediately followed the rig exploding.

So if you find yourself in a business where the regulators are specifying the risk management floor, beware.  It is quite likely that sooner or later that floor will collapse from under all who are standing on it.

Radical Collaboration

There are situations that require collaboration if they are going to be resolved in a manner that produces the largest combined benefit or the smallest combined loss.  This is not the “greatest good for the greatest number” objective of socialism – it is simple efficiency.  Collaborative results can be greater than competitive results.  It is the reason that a sports team where everyone is playing the same strategy does better than the team where each individual seeks to do their personal best regardless of what everyone else is doing.

There are also situations where the application of individual and separate and uncoordinated actions will result in a sub optimal conclusion and where the famous Invisible Hand points in the wrong direction.

You see, the reason why the Invisible Hand ever works is because by the creative destruction of wrong turns, the individual actions find a good way to proceed and eventually all resources are marshaled in following that optimal way of proceeding.  But for the Invisible Hand to be efficient, the destruction part of creative destruction needs to be small relative to the creative part.  For the Collaborative effort to be efficient, the collaboration needs to result in selection of an efficient approach without the need for destruction through a collaborative decision making process.  For the Collaborative effort to be necessary, the total cost of the risk management effort needs to exceed the amount that single firms could afford.

Remember the story of the Iliad. It is the story of armies that worked entirely on the Invisible Hand principle. Each warrior decided on his own what he would do, how and when he would fight.  It was the age of Heroes.

The stories of the success of Alexander and later the Roman armies was the success of an army that was collaborative.  The age of Heroes was over.   The efficiencies of the individual Heroes each finding their own best strategy and tactics was found to be inferior to the collaborative efforts of a group of soldiers who were all using the same strategy and tactics in coordination.

There are many situations in risk management were some sort of collaboration needs to be considered.

The Gulf Oil leak situation seems like it might be one of those.  BP is now admitting that it did not have the resources available or even the expertise to do what needs to be done.  And perhaps, this leak is a situation where the collective cost of their failure is much higher than society’s tolerance for this sort of loss.  But the frequency of this sort of problem has to date been so very low that having BP provide those capabilities may not have made economic sense.

However, there are hundreds of wells in the Gulf.  With clear hindsight, the cost of developing and maintaining the capacity to deal with this sort of emergency could have been borne jointly by all of the drillers in the Gulf.

There are many situations in risk management where collaboration would produce much better results than separate actions.  Mostly in cases where a common threat faces many where to overcome the threat would take more resources than any one could muster.

Remember the situation with LTCM?  No one bank could have helped LTCM alone, they would have gone down with LTCM.  But by the forced collaborative action, a large group of banks were able to keep the situation from generating large losses.  Now this action rankles many free marketeers, but it is exactly the sort of Radical Collaboration that I am talking about.  It did not involve any direct government funding.  It used the balance sheets of the group of banks to stabilize the situation and allow for an orderly disposition of LTCMs positions.  In the end, I beleive that it was reported that the banks did not end up taking a loss either.  (That was mostly an artifact of depressed market prices at the time of the rescue, I would guess.)

The exact same sort of thinking does NOT seem to have been tried with Lehman.  If Paulson could not find a single firm to rescue Lehman, he was not going to do anything.  But looking back and remembering LTCM, Paulson could have arranged an LTCM style rescue for Lehman.  In hindsight, that, even with government guarantees to sweeten the pot would have been better then the financial carnage that ensued.

Perhaps Paulson was one of the free marketeers that hated the LTCM “bailout”.  But in the end, he trampled the free market much worse than his predecessors did with LTCM when he bailed out AIG without even giving any thought to terms of the bailout.

Collaboration might have seemed radical to Paulson.  But it is sometimes needed for risk management.

The Most Successful Financial System the World has Ever Known

Chris Whalen in his June 1 Commentary for RiskCenter reproduces an excerpt from a piece by Peter Wallison.  In that, Peter makes the statement that

“the United States is well on its way to taking down the most innovative and successful financial system the world has ever known.”

And I want to react to the conclusion that he starts with that the financial system is “the most successful”. 

There are two issues that I have with that conclusion. 

1. The main evidence of success of the financial system is that it has been successful in collecting a major share of the US economy’s profits.  In 1980, the share of the financial sector of total US corporate profits was under 10%.  In the 30 years before that time, the sector had averaged about 12% of profits.  From 1980 to 2006, the financial sector was extremely succesful.  Its share of total US profits grew to over 40%.  A more than four fold leap in share. 
2. The destruction of value in 2008 in both the financial sector and in the “real economy” was enormous.  In the financial sector, that destruction amounted to over 10 years of profits. 

So first I would question whether the “success” of the financial sector is first of all real?  Shouldn’t we take into account both the losses and the gains when determining success? 

And second, I would question whether even just looking at the “up side” experiences prior to the financial crisis, whether the financial sector success was of any benefit to the economy as a whole, or just to the bankers.  (and many have commented that the bankers did much better than the owners of banks, since the owners had both upside and downside exposures, while the bankers had mostly upside exposures.)

When we decide what sort of regulations that should be applied to the banks, we have concentrated upon the second item above.  The bankers have been concentrating on the first item.  They want to make sure that a system is maintained where their ability to take profits is not constrained by our attempts to limit the possibilities of the second situation reoccurring. 

But I would suggest that in the regulatory discussion, we ought to be thinking about the first situation as well.  Is it possible to run a healthy economy while the bankers are taking over 40% of the profits?  Unless we know the answer to that, we do not know whether we ought to be encouraging the bankers to shoot for 60% of profits or limiting them somehow to under 20% (the pre-1990 maximum level). 

This question is the elephant in the room that is motivating the bankers and that is funding their enormous contributions to politicians.  And the recent Supreme Court decision that allows unlimited political contributions from corporations makes that a much more important question to the politicians than ever before.

Common Terms for Severity

In the US, firms are required to disclose their risks.  This has led to an exercize that is particularly useless.  Firms obviously spend very little time on what they publish under this part of their financial statement.  Most firms seem to be using boilerplate language and a list of risks that is as long as possible.  It is clearly a totally compliance based CYA activity.  The only way that a firm could “lose” under this system is if they fail to disclose something that later creates a major loss.  So best to mention everything under the sun.  But when you look across a sector at these lists, you find a startling degree to which the risks actually differ.  That is because there is absolutely no standard that is applied to tell what is a risk and if something is a risk, how significant is it.  The idea of risk severity is totally missing.  

Bread Box

 

What would help would be a common set of terms for Severity of losses from risks.  Here is a suggestion of a scale for discussing loss severity for an individual firm: 

1. A Loss that is a threat to earnings.  This level of risk could result in a loss that would seriously impair or eliminate earnings. 
2. A Loss that could result in a significant reduction to capital.  This level of risk would result in a loss that would eliminate earnings and in addition eat into capital, reducing it by 10% to 20%
3. A Loss that could result in severe reduction of business activity.  For insurers, this would be called “Going into Run-off”.  It means that the firm is not insolvent, but it is unable to continue doing new business.  This state often lasts for several years as old liabilities of the insurer are slowly paid of as they become due.  Usually the firm in this state has some capital, but not enough to make any customers comfortable trusting them for future risks. 
4. A Loss that would result in the insolvency of the firm. 

Then in addition, for an entire sector or sub sector of firms: 

1. Losses that significantly reduce earnings of the sector.  A few firms might have capital reductions.
2. Losses that significantly impair capital for the sector.  A few firms might be run out of business from these losses.
3. Losses that could cause a significant number of firms in the sector to be run out of business.  The remainder of the sector still has capacity to pick up the business of the firms that go into run-off.  A few firms might be insolvent. 
4. Losses that are large enough that the sector no longer has the capacity to do the business that it had been doing.  There is a forced reduction in activity in the sector until capacity can be replaced, either internally or from outside funds.  A large number of firms are either insolvent or will need to go into run-off. 

These can be referred to as Class 1, Class 2, Class 3, Class 4 risks for a firm or for a sector.  

Class 3 and Class 4 Sector risks are Systemic Risks.  

Care should be taken to make sure that everyone understands that risk drivers such as equity markets, or CDS can possibly produce Class 1, Class 2, Class 3 or Class 4 losses for a firm or for a sector in a severe enough scenario.  There is no such thing as classifying a risk as always falling into one Class.  However, it is possible that at a point in time, a risk may be small enough that it cannot produce a loss that is more than a Class 1 event.  

For example, at a point in time (perhaps 2001), US sub prime mortgages were not a large enough class to rise above a Class 1 loss for any firms except those whose sole business was in that area.  By 2007, Sub Prime mortgage exposure was large enough that Class 4 losses were created for the banking sector.  

Looking at Sub Prime mortgage exposure in 2006, a bank should have been able to determine that sub primes could create a Class 1, Class 2, Class 3 or even Class 4 loss in the future.  The banks could have determined the situations that would have led to losses in each Class for their firm and determined the likelihood of each situation, as well as the degree of preparation needed for the situation.  This activity would have shown the startling growth of the sub prime mortgage exposure from a Class 1 to a Class 2 through Class 3 to Class 4 in a very short time period.  

Similarly, the prudential regulators could theoretically have done the same activity at the sector level.  Only in theory, because the banking regulators do not at this time collect the information needed to do such an exercize.  There is a proposal that is part of the financial regulation legislation to collect such information.  See CE_NIF.

Window Dressing

The Wall Street Journal reported today that banks are again very actively doing significant amounts of end out the quarter clean-up that is otherwise known as “window dressing“.

This is a practice that works well, allowing banks to hold capital (figured on their quarter end balance sheets) that is much lower than the risk levels that they are using to create their profits.  This makes them look safer to investors in addition to boosting their ROE.

And while it probably is within the rules of Basel II, it violates the underlying idea behind Pillar 1 and Pillar 3.

The idea behind Pillar 1 is that the banks should hold capital for their risks.  This window dressing practice clearly illustrates one of the major logical flaws in the application of Pillar 1.

To understand the flaw, you need to think for a minute about what the capital is for.  It is not actually for the risks that the bank held during the quarter, nor is it mostly for the risks that happen to be on the balance sheet as of the end of the quarter.  It is primarily to protect the bank in the event of losses form the risks that the banks will be exposed to during the next quarter.  The beginning of quarter balance sheet is being used as a proxy for the risks over the coming quarter.

For a firm that has a highly disciplined risk management process, it would actually make more sense for the firm to hold capital for the RISK LIMITS that it has extended for the coming quarter.  That would be a firm where you could rely upon them to keep their risks within their risk limits for the most part. This makes more sense than holding capital for some arbitrary point in time.  The window dressing proves that point better than any possible theoretical argument.  Besides being the wrong idea, it is subject to easy manipulation.

For firms that are not disciplined in keeping their risks within their risk limits, something higher than the level of capital on their risk limits would be the logical level.  For these firms it would make sense to keep track of the degree to which they exceed their limits (at maximum) and charge them for capital at a level above that.  Say for example 200%.  So if a firm exceeds its risk limits by 10% at maximum in a quarter, their capital for the next quarter would be 120% of the capital needed to support their risk limits for the following quarter.

This check on risk discipline would have several benefits.  It moves the easy possibility of manipulation away from the capital level.  The “legal” window dressing would have to be replaced by fraudulent manipulation of risk reports to fix the capital level.  In addition, disclosure of the degree to which a bank exceeds its risk limit could be disclosed under Pillar 3 and then investors and counterpraties could give their reaction to a bank that cannot control its risks exposures.

In addition, this same logic could be applied to insurers under Solvency II.  There is no reason why insurance regulators need to follow the flawed logic of the banking regulators.

Addendum:  Above I say that the window dressing works well.  That is only partly true.  Sometimes, it does not work at all.  And banks can become stuck with risks and losses from those risks that are far larger than what they had been disclosing.  That happens when markets freeze up.

You see, if many banks are doing the same sorts of window dressing, they all run the risk that there will be too many sellers and not enough buyers for those couple of days at the end of the quarter.  Or maybe just for that one night.  And the freeze is likeliest when the losses are about tho strike.

So in reality, window dressing is not a good plan if you believe that things can ever go poorly.

Comprehensive Actuarial Risk Evaluation

The new CARE report has been posted to the IAA website this week.CARE_EN

It raises a point that must be fairly obvious to everyone that you just cannot manage risks without looking at them from multiple angles.

Or at least it should now be obvious. Here are 8 different angles on risk that are discussed in the report and my quick take on each:

1. MARKET CONSISTENT VALUE VS. FUNDAMENTAL VALUE   –  Well, maybe the market has it wrong.  Do your own homework in addition to looking at what the market thinks.  If the folks buying exposure to US mortgages had done fundamental evaluation, they might have noticed that there were a significant amount of sub prime mortgages where the Gross mortgage payments were higher than the Gross income of the mortgagee.
2. ACCOUNTING BASIS VS. ECONOMIC BASIS  –  Some firms did all of their analysis on an economic basis and kept saying that they were fine as their reported financials showed them dying.  They should have known in advance of the risk of accounting that was different from their analysis.
3. REGULATORY MEASURE OF RISK  –  vs. any of the above.  The same logic applies as with the accounting.  Even if you have done your analysis “right” you need to know how important others, including your regulator will be seeing things.  Better to have a discussion with the regulator long before a problem arises.  You are just not as credible in the middle of what seems to be a crisis to the regulator saying that the regulatory view is off target.
4. SHORT TERM VS. LONG TERM RISKS  –  While it is really nice that everyone has agreed to focus in on a one year view of risks, for situations that may well extend beyond one year, it can be vitally important to know how the risk might impact the firm over a multi year period.
5. KNOWN RISK AND EMERGING RISKS  –  the fact that your risk model did not include anything for volcano risk, is no help when the volcano messes up your business plans.
6. EARNINGS VOLATILITY VS. RUIN  –  Again, an agreement on a 1 in 200 loss focus is convenient, it does not in any way exempt an organization from risks that could have a major impact at some other return period.
7. VIEWED STAND-ALONE VS. FULL RISK PORTFOLIO  –  Remember, diversification does not reduce absolute risk.
8. CASH VS. ACCRUAL  –  This is another way of saying to focus on the economic vs the accounting.

Read the report to get the more measured and complete view prepared by the 15 actuaries from US, UK, Australia and China who participated in the working group to prepare the report.

Will History Repeat?

In the 1980’s a dozen or more firms in the US and Canadian Life Insurance sector created and used what were commonly called required surplus systems.  Dale Hagstrom wrote a paper that was published in 1981, titled Insurance Company Growth .  That paper described the process that many firms used of calculating what Dale called Augmented Book Profits.  An Augmented Book Profit later came to be called Distributable Earnings in insurance company valuations.  If you download that paper, you will see on page 40, my comments on Dale’s work where I state that my employer was using the method described by Dale.

In 1980, in the first work that I was able to affix my newly minted MAAA, I documented the research into the risks of Penn Mutual Life Insurance Company that resulted in the recommendation of the Required Surplus, what we would now call the economic capital of the firm.  By the time that Dale’s paper was published in 1981, I had documented a small book of memos that described how the company would use a capital budgeting process to look at the capital utilized by each line of business and each product.  I was the scribe, the ideas come mostly from the Corporate Actuary, Henry B. Ramsey. We created a risk and profit adjusted new business report that allowed us to show that with each new product innovation, our agents immediately shifted sales into the most capital intensive or least profitable product.  It also showed that more and more capital was being used by the line with the most volatile short term profitability.  Eventually, the insights about risk and return caused a shift in product design and pricing that resulted in a much more efficient use of capital.

Each year, throughout the 1980’s, we improved upon the risk model each year, refining the methods of calculating each risk.  Whenever the company took on a new risk a committee was formed to develop the new required surplus calculation for that risk.

In the middle of the decade, one firm, Lincoln National, published the exact required surplus calculation process used by their firm in the actuarial literature.

By the early 1990’s, the rating agencies and regulators all had their own capital requirements built along the same lines.

AND THEN IT HAPPENED.

Companies quickly stopped allocating resources to the development and enhancement of their own capital models.  By the mid-1990’s, most had fully adopted the rating agency or regulatory models in the place of their own internal models.

When a new risk came around, everyone looked into how the standard models would treat the new risk.  It was common to find that the leading writers of a new risk were taking the approach that if the rating agency and regulatory capital models did not assess any capital to the new risk, then there was NO RISK TO THE FIRM.

Companies wrote more and more of risks such as the guaranteed minimum benefits for variable annuities and did not assess any risk capital to those risks.  It took the losses of 2001/2002 for firms to recognize that there really was risk there.

Things are moving rapidly in the direction of a repeat of that same exact mistake.  With the regulators and rating agencies more and more dictating the calculations for internal capital models and proscribing the ERM programs that are needed, things are headed towards the creation of a risk management regime that focuses primarily on the management of regulatory and rating agency perception of risk management and away from the actual management of risks.

This is not what anyone in the risk management community wants.  But once the regulatory and rating agency visions of economic capital and ERM systems are fully defined, the push will start to limit activity in risk evaluation and risk management to just what is in those visions – away from the true evaluation of and management of the real risks of the firm.

It will be clear that it is more expensive to pursue the elusive and ever changing “true risk” than to satisfy the fixed and closed ended requirements that anyone can read.  Budgets will be slashed and people reassigned.

Volcano Risk

Remarks from Giovanni Bisignani (International Air Transport Association) at the Press Breakfast in Paris

The Volcano

There was one risk that we could not forecast. That is the volcanic eruption which has crippled the aviation sector.  First in Europe, but we saw increasing global implications.  The scale of this crisis is now greater than 9/11 when US air space was closed for three days.  In lost revenue alone, this is costing the industry at least $200 million a day.  On top of that, airlines face added costs of extra fuel for re-routing and passenger care – hotel, food and telephone calls.

For Europe’s carriers – the most seriously impacted – this could not have come at a worse time.  As just mentioned, we already expected the region to have the biggest losses this year.  For each day that planes don’t fly the losses get bigger.  We are now into our fifth day of closed skies.  Let me restate that safety is our number one priority. But it is critical that we place greater urgency and focus on how and when we can safely re-open Europe’s skies.

We are far enough into this crisis to express our dissatisfaction on how governments have managed the crisis:

• With no risk assessment
• No consultation
• No coordination
• And no leadership

In the face of a crisis that some have estimated has already cost the European economy billions of Euros, it is incredible that it has taken five days for Europe’s transport ministers to organize a conference call.

What must be done?

International guidance is weak. The International Civil Aviation Organization (ICAO) is the specialized UN agency for aviation. ICAO has guidance on information dissemination but no clear process for opening or closing airspace. Closing airspace should be the responsibility of the national regulator with the support of the air navigation service provider.  They rely on information from meteorological offices and Volcanic Ash Advisory Centers.

Europe has a unique system.  The region’s decisions are based on a theoretical model for how the ash spreads.  This means that governments have not taken their responsibility to make clear decisions based on fact.  Instead, it has been the air navigation service providers who announced that they would not provide service. These decisions have been taken without adequately consulting the operators—the airlines. This is not an acceptable system, particularly when the consequences for safety and the economy are so large.

I emphasize that safety is our top priority. But we must make decisions based on the real situation in the sky, not on theoretical models. The chaos, inconvenience and economic losses are not theoretical. They are enormous and growing. I have consulted our member airlines who normally operate in the affected airspace. They report missed opportunities to fly safely.  One of the problems with the European system is that the situation is seen as black or white. If there is the possibility of ash then the airspace is closed.  And it remains closed until the possibility disappears with no assessment of the risk.

We have seen volcanic activity in many parts of the world but rarely combined with airspace closures and never at this scale. When Mount St. Helens erupted in the US in 1980, we did not see large scale disruptions because the decisions to open or close airspace were risk managed with no compromise on safety.

Today I am calling for urgent action to safely prepare for re-opening airspace based on risk and fact.  I have personally asked ICAO President Kobeh and Secretary General Benjamin to convene an urgent extra-ordinary meeting of the ICAO Council later today. The first purpose would be to define government responsibility for the decisions to open or close airspace in a coordinated and effective way based on fact—not theory.

Airlines have run test flights to assess the situation.  The results have not shown any irregularities and the data is being passed to governments and air navigation service providers to help with their assessment. Governments must also do their own testing. European states must focus on ways to re-open the airspace based on this real data and on appropriate operational procedures to maintain safety.  Such procedures could include special climb and descent procedures, day time flying, restrictions to specific corridors, and more frequent boroscopic inspections of engines.

We must move away from blanket closures and find ways to flexibly open airspace. Risk assessments should be able to help us to re-open certain corridors if not entire airspaces.  I have also urged Eurocontrol to also take this up. I urge them to establish a volcano contingency center capable of making coordinated decisions.  There is a meeting scheduled for this afternoon that I hope will result in a concrete action plan.

Longer-term, I have also asked the ICAO Council to expedite procedures to certify at what levels of ash concentration aircraft can operate safely.  Today there are no standards for ash concentration or particle size that aircraft can safely fly through. The result is zero tolerance. Any forecast ash concentration results in airspace closure. We are calling on aircraft and engine manufacturers to certify levels of ash that are safe.

Summary

1. Safety is our number one priority
2. Governments must reopen airspace based on data that tell us it is safe. If not all airspace, at least some corridors
3. Governments must improve the decision-making process with facts—not theory
4. Governments must communicate better, consulting with airlines and coordinating among stakeholders
5. And longer-term, we must find a way to certify the tolerance of aircraft for flying in these conditions

Full Press release

You might wonder about your own Volcano Risk.  Check out an explanation of what is covered by State Farm.

Finally, I got a question from the press about companies that I knew that had prepared specifically for this event.  One more example of how the press misses the point.  ERM is not about guessing the future correctly.

For something that is as unique as this event, the best any company could have expected to do would have been to anticipated the broad class of events that would cause extended disruptions of flights, tested the impact of such a disruption on their business operations and made decisions about contingency plans that they might have put in place to prepare for such disruptions.

LIVE from the ERM Symposium

(Well not quite LIVE, but almost)

The ERM Symposium is now 8 years old.  Here are some ideas from the 2010 ERM Symposium…

• Survivor Bias creates support for bad risk models.  If a model underestimates risk there are two possible outcomes – good and bad.  If bad, then you fix the model or stop doing the activity.  If the outcome is good, then you do more and more of the activity until the result is bad.  This suggests that model validation is much more important than just a simple minded tick the box exercize.  It is a life and death matter.
• BIG is BAD!  Well maybe.  Big means large political power.  Big will mean that the political power will fight for parochial interests of the Big entity over the interests of the entire firm or system.  Safer to not have your firm dominated by a single business, distributor, product, region.  Safer to not have your financial system dominated by a handful of banks.
• The world is not linear.  You cannot project the macro effects directly from the micro effects.
• Due Diligence for mergers is often left until the very last minute and given an extremely tight time frame.  That will not change, so more due diligence needs to be a part of the target pre-selection process.

• For merger of mature businesses, cultural fit is most important.
• For newer businesses, retention of key employees is key

• Modelitis = running the model until you get the desired answer
• Most people when asked about future emerging risks, respond with the most recent problem – prior knowledge blindness
• Regulators are sitting and waiting for a housing market recovery to resolve problems that are hidden by accounting in hundreds of banks.
• Why do we think that any bank will do a good job of creating a living will?  What is their motivation?
• We will always have some regulatory arbitrage.
• Left to their own devices, banks have proven that they do not have a survival instinct.  (I have to admit that I have never, ever believed for a minute that any bank CEO has ever thought for even one second about the idea that their bank might be bailed out by the government.  They simply do not believe that they will fail. )
• Economics has been dominated by a religious belief in the mantra “markets good – government bad”
• Non-financial businesses are opposed to putting OTC derivatives on exchanges because exchanges will only accept cash collateral.  If they are hedging physical asset prices, why shouldn’t those same physical assets be good collateral?  Or are they really arguing to be allowed to do speculative trading without posting collateral? Probably more of the latter.
• it was said that systemic problems come from risk concentrations.  Not always.  They can come from losses and lack of proper disclosure.  When folks see some losses and do not know who is hiding more losses, they stop doing business with everyone.  None do enough disclosure and that confirms the suspicion that everyone is impaired.
• Systemic risk management plans needs to recognize that this is like forest fires.  If they prevent the small fires then the fires that eventually do happen will be much larger and more dangerous.  And someday, there will be another fire.
• Sometimes a small change in the input to a complex system will unpredictably result in a large change in the output.  The financial markets are complex systems.  The idea that the market participants will ever correctly anticipate such discontinuities is complete nonsense.  So markets will always be efficient, except when they are drastically wrong.
• Conflicting interests for risk managers who also wear other hats is a major issue for risk management in smaller companies.
• People with bad risk models will drive people with good risk models out of the market.
• Inelastic supply and inelastic demand for oil is the reason why prices are so volatile.
• It was easy to sell the idea of starting an ERM system in 2008 & 2009.  But will firms who need that much evidence of the need for risk management forget why they approved it when things get better?
• If risk function is constantly finding large unmanaged risks, then something is seriously wrong with the firm.
• You do not want to ever have to say that you were aware of a risk that later became a large loss but never told the board about it.  Whether or not you have a risk management program.

The Evidence is all Around

In October 2008, Alan Greenspan had the following exchange during testimony before a Congressional committee:

Representative HENRY WAXMAN (Committee Chairman, Democrat, 30th District of California): You found a flaw in the reality…

Mr. GREENSPAN: Flaw in the model that I perceived is a critical functioning structure that defines how the world works, so to speak.

Rep. WAXMAN: In other words, you found that your view of the world, your ideology was not right. It was not working.

Mr. GREENSPAN: How it – precisely. That’s precisely the reason I was shocked, because I’ve been going for 40 years or more with very considerable evidence that it was working exceptionally well.

One of the things in that model was an assumption that the self interest of the bankers was a more important factor in containing their risks than regulations.

But the evidence that self interest is insufficient to control excessive risk taking is all around us and has been for many, many years.  It takes a massive amount of selective blindness to ignore it.

All it takes it to take your car out of the driveway and drive on the roads.  Driving involves risk management decision making.  For one thing, almost everyone drives a car that is capable of traveling much faster than the speed limit.  And the speed limits are only very occasionally enforced.  So it is an individual risk management decision of how fast to drive a car.

Now, I happen to live in an area of the New York City suburbs where many of the folks who work on Wall Street firms live.  And the evidence is all around.  Many drivers do not put long term safety self interest above short term time advantage of speeding.  In many cases, they are deliberately trying to take advantage of the folks who are trying to be safe and driving extra recklessly under the assumption that they will not run into someone who is driving as recklessly as they are.

Now it is quite possible that none of the reckless drivers are Wall Street executives.  But the reckless drivers are all people.  And the readily available evidence with 50 years or more of accident statistics to back up shows that self interest is NOT sufficient motivation for safety.

Perhaps economists and especially central bankers do not own cars.

To the rest of us who do, the theory seems to be from another planet.  The people that are risk takers and the people who drive safely are two different sets of people.

The Use Test – A Simple Suggestion

Many are concerned about what the “Use Test” will be. Will it be a pop quiz or will companies be allowed to study?

Well, I have a suggestion for a simple and, I believe, fairly foolproof test. That would be for top management (not risk management or modeling staff) to be able to hold a conversation about their risk profile each year.

Now the first time that they can demonstrate that would not be the “Use Test”. It would be the second or third time that would constitute the test.

The conversation would be simple. It would involve explaining the risk profile of the firm – why the insurer is taking each of the major risks, what do they expect to get out of that risk exposure and how are they making sure that the potential losses that they experience are not worse than represented by their risk model. This discussion should include recognition of gross risk before offsets as well as net retained risk.

After the first time, the discussion would include an explanation of the reasons for the changes in the risk profile – did the profile change because the world shifted or did it change due to a deliberate decision on the part of management to take more or less or to retain more or less of a risk.

Finally a third part of the discussion would be to identify the experience of the past year in terms of its likelihood as predicted by the model and the degree to which that experience caused the firm to recalibrate its view of each risk.

To pass the test, management would merely need to have a complete story that is largely consistent from year to year.

Those who fail the test would be making large changes to their model calibration and their story from year to year – stretching to make it look like the model information was a part of management decisions.

Some firms who might have passed before the crisis who should have failed were firms who in successive years told the same story of good intentions with no actions in reducing outsized risks.

For firms who are really using their models, there will be no preparation time needed for this test. Their story for this test will be the story of their firm’s financial management.

Ideally, I would suggest that the test be held publicly at an investor call.

Any Road Will Do

Is what the Cheshire Cat told Alice.  Since she did not know where she was going.

And unfortunately, that is where the European Bank Supervisors seem to be regarding Risk Management.  They just published a short paper entitled “High level principles for risk management”, which despite the lofty title gives very little clear guidance at a high level.   I will instead point you to something along the same lines that WAS well written that DOES represent actual principles of risk management.  I refer you to the BIS report in Interest Rate Risk Management from 1997.  Their 11 top principles are listed below.

A. The role of the board and senior management

Principle 1: In order to carry out its responsibilities, the board of directors in a bank should approve interest rate risk management policies and procedures, and should be informed regularly of the interest rate risk exposure of the bank.

Principle 2: Senior management must ensure that the structure of the bank’s business and the level of interest rate risk it assumes are effectively managed, that appropriate policies and procedures are established to control and limit these risks, and that resources are available for evaluating and controlling interest rate risk.
Principle 3: Banks should have a risk management function with clearly defined duties that reports risk exposures directly to senior management and the board of directors and is sufficiently independent from the business lines of the bank. Larger or more
complex banks should have units responsible for the design and administration of the bank’s interest rate risk management system.

B. Policies and procedures

Principle 4: It is essential that banks’ interest rate risk policies and procedures be clearly defined and consistent with the nature and complexity of their activities. These policies should address the bank’s exposures on a consolidated basis and, as appropriate, also at the level of individual affiliates.

Principle 5: It is important that banks identify the risks inherent in new products and activities and ensure these are subject to adequate procedures and controls before being introduced or undertaken. Major hedging or risk management initiatives should be approved in advance by the board or its appropriate delegated committee.

C. Measurement and monitoring system

Principle 6: It is essential that banks have interest rate risk measurement systems that capture all material sources of interest rate risk and that assess the effect of interest rate changes in ways which are consistent with the scope of their activities. The assumptions underlying the system should be clearly understood by risk managers and bank management.
Principle 7: Banks must establish and enforce operating limits and other practices that maintain exposures within levels consistent with their internal policies.

Principle 8: Banks should measure their vulnerability to loss under stressful market conditions – including the breakdown of key assumptions – and consider those results when establishing and reviewing their policies and limits for interest rate risk.

Principle 9:  Banks must have adequate information systems for monitoring and reporting interest rate exposures to senior management and boards of directors on a timely basis.

D. Independent controls

Principle 10: Banks must have adequate internal controls for their interest rate risk management process and should evaluate the adequacy and integrity of those controls periodically. Individuals responsible for evaluating control procedures must be independent of the function they are assigned to review.

Principle 11: Banks should periodically conduct an independent review of the adequacy and integrity of their risk management processes. Such reviews should be available to relevant supervisory authorities.

These principles are so universal that you will find that if you simply substitute the name of any other risk for the words “interest rate” in the sentences above, you will still have an excellent list of risk management principles.  In fact, just substitute the words “Bank”  or even “Insurer” for interest rate above and you now have a complete and coherent set of PRINCIPLES FOR RISK MANAGEMENT.

The most puzzling thing to me is that this BIS report has long been superseded by something with wording much more like the meandering and fuzzy report of the CEBS.  Don’t take my word for it, the newest version of this BIS interest rate risk management paper is available on their website.  Compare the wording of that report to these crystal clear principles and let me know where you see any improvements.

Take CARE in evaluating your Risks

Risk management is sometimes summarized as a short set of simply stated steps:

1. Identify Risks
2. Evaluate Risks
3. Treat Risks

There are much more complicated expositions of risk management.  For example, the AS/NZ Risk Management Standard makes 8 steps out of that. 

But I would contend that those three steps are the really key steps. 

The middle step “Evaluate Risks” sounds easy.  However, there can be many pitfalls.  A new report [CARE] from a working party of the Enterprise and Financial Risks Committee of the International Actuarial Association gives an extensive discussion of the conceptual pitfalls that might arise from an overly narrow approach to Risk Evaluation.

The heart of that report is a discussion of eight different either or choices that are often made in evaluating risks:

1. MARKET CONSISTENT VALUE VS. FUNDAMENTAL VALUE 
2. ACCOUNTING BASIS VS. ECONOMIC BASIS         
3. REGULATORY MEASURE OF RISK    
4. SHORT TERM VS. LONG TERM RISKS          
5. KNOWN RISK AND EMERGING RISKS        
6. EARNINGS VOLATILITY VS. RUIN    
7. VIEWED STAND-ALONE VS. FULL RISK PORTFOLIO       
8. CASH VS. ACCRUAL 

The main point of the report is that for a comprehensive evaluation of risk, these are not choices.  Both paths must be explored.

All Things Being Equal

is a phrase that is left out more often than left in when it is actually a key and seldom true assumption behind an argument.

If you are talking about risk and risk models, that phrase should be a red flag.  If the phrase is actually stated, the risk manager should immediately challenge it.  Because when a major risk becomes a loss or threatens to become a loss, very rarely are all things equal.

Most, and possibly all, major loss situations have ripple effects.  These ripple effects may be direct or they may be because they affect people who then in turn take actions that cause other unusual things to happen.

Here is a map of how the World Economic Forum thinks that the major risks of the world are interconnected:

Another example of a problem with the “All things Being Equal” assumption is the discussion of inflation.  Few people remember to say it but when they worry that addional money in the system due to direct Fed actions or Stimulus spending will cause inflation – that would be true – ALL THINGS BEING EQUAL.  But in fact, they are not equal, or even close to equal.

What is different is the amount of money that was in the system prior to the crisis other than the money from the Fed and the Stimulus.  The losses suffered by the banks and the shrinkage of loans and the inability of consumers and businesses to get loans – each of those things REDUCES the amount of money in the economy.  So in no stretch of the imagination are all things equal.

So the old rule about government spending being inflationary is only true ALL THINGS BEING EQUAL.

That does not, however, mean that there is not a difficult task ahead for the Fed to try to discern how fast the total money supply catches up with the economy so that they can reel back the money that they have put in.  But the problem with that idea is that because of the amount of economic activity that has been totally privatized, the Fed does not necessarily have the information to do that directly.

So ALL THINGS BEING EQUAL, they will have to try anyway by looking at the pick up in activity from the parts of the economy that they do have information about.

Meanwhile, folks like the NIF are looking to help to improve the information flow so that proper management of the money supply is possible from direct information.

Why the valuation of RMBS holdings needed changing

Post from Michael A Cohen, Principal – Cohen Strategic Consulting

Last November’s decision by the National Association of Insurance Commissioners (NAIC) to appoint PIMCO Advisory to assess the holdings of non-agency residential mortgage-backed securities (RMBS) signaled a marked change in attitude towards the major ratings agencies. This move by the NAIC — the regulatory body for the insurance industry in the US, comprising the insurance commissioners of the 50 states – was aimed at determining the appropriate amount of risk-adjusted capital to be held by US insurers (more than 1,600 companies in both the life and property/casualty segments) for RMBS on their balance sheets.

Why did the NAIC act?

A number of problems had arisen from the way RMBS held by insurers had historically been rated by some rating agencies which are “nationally recognized statistical rating organizations” (NRSROs), though it is important to note that not all rating agencies which are NRSROs had engaged in this particular rating activity.

RMBS had been assigned (much) higher ratings than they seem to have deserved at the time, albeit with the benefit of hindsight. The higher ratings also led to lower capital charges for entities holding these securitizations (insurers, in this example) in determining the risk-adjusted capital they needed to hold for regulatory standards.

Consequently, these insurance organizations were ultimately viewed to be undercapitalized for their collective investment risks. These higher ratings also led to lower prices for the securitizations, which meant that the purchasers were ultimately getting much lower risk-adjusted returns than had been envisaged (and in many cases losses) for their purchases.

The analysis that was performed by the NRSROs has been strenuously called into question by many industry observers during the financial crisis of the past two years, for two primary reasons:

• The level of analytical due diligence was weak and the default statistics used to evaluate these securities did not reflect the actual level of stress in the marketplace; as a consequence ratings were issued at higher levels than the underlying analytics in part to placate the purchasers of the ratings, and a number of industry insiders observed that this was done.
• Once the RMBS marketplace came under extreme stress, the rating agencies subsequently determined that the risk charges for these securities would increase several fold, materially increasing the amount of risk-adjusted capital needed to be held by insurers with RMBS, and ultimately jeopardizing the companies’ financial strength ratings themselves.

Flaws in rating RMBS

Rating agencies have historically been paid for their rating services by those entities to which they assign ratings (that reflect claims paying, debt paying, principal paying, etc. abilities). Industry observers have long viewed this relationship as a potential conflict of interest, but, because insurers and buyers had not been materially harmed by this process until recently, the industry practice of rating agencies assigning ratings to companies who were paying them for the service was not strenuously challenged.

Further, since the rating agencies can increase their profit margins by increasing their overall rating fees while maintaining their expenses in the course of performing rating analysis, it follows that there is an incentive to increase the volume of ratings issued by the staff, which implies less time being spent on a particular analysis. Again, until recently, the rated entities and the purchasers of rated securities and insurance policies did not feel sufficiently harmed to challenge the process.

(more…)

Risk Management in 2009 – Reflections

Perhaps we will look back at 2009 and recall that it is the turning point year for Risk Management.  The year that boards ans management and regulators all at once embraced ERM and really took it to heart.  The year that many, many firms appointed their first ever Chief Risk Officer.  They year when they finally committed the resources to build the risk capital model of the entire firm.

On the other hand, it might be recalled as the false spring of ERM before its eventual relegation to the scrapyard of those incessant series of new business management fads like Management by Objective, Managerial Grid, TQM, Process Re-engineering and Six Sigma.

The Financial Crisis was in part due to risk management.  Put a helmet on a kid on a bicycle and they go faster down that hill.  And if the kid really doesn’t believe in helmets and they fail to buckle to chin strap and the helmet blows off in the wind, so much the better.  The wind in the hair feels exhilarating.

The true test of whether the top management is ready to actually DO risk management is whether they are expecting to have to vhange some of their decisions based upon what their risk assessment process tells them.

The dashboard metaphor is really a good way of thinking about risk management.  A reasonable person driving a car will look at their dashboard periodically to check on their speed and on the amount of gas that they have in the car.  That information will occasionally cause them to do something different than what they might have otherwise done.

Regulatory concentration on Risk Management is. on the whole, likely to be bad for firms.  While most banks were doing enough risk management to satisfy regulators, that risk management was not relevant to stopping or even slowing down the financial crisis.

Firms will tend to load up on risks that are not featured by their risk assessment system.  A regulatory driven risk management system tends to be fixed, while a real risk management system needs to be nimble.

Compliance based risk management makes as much sense for firms as driving at the speed limit regardless of the weather, road conditions or the conditions of the car’s breaks and steering.

Many have urged that risk management is as much about opportunities as it is about losses.  However, that is then usually followed by focusing on the opportunities and downplaying the importance of loss controlling.

Preventing a dollar of loss is just as valuable to the firm as adding a dollar of revenue.  A risk management loss controlling system provides management with a methodology to make that loss prevention a reliable and repeatable event.  Excess revenue has much more value if it is reliable and repeatable.  Loss control that is reliable and repeatable can have the same value.

Getting the price right for risks is key.  I like to think of the right price as having three components.  Expected losses.  Risk Margin.  Margin for expenses and profits.  The first thing that you have to decide about participating in a market for a particular type of risk is whether the market in sane.  That means that the market is realistically including some positive margin for expenses and profits above a realistic value for the expected losses and risk margin.

Most aspects of the home real estate and mortgage markets were not sane in 2006 and 2007.  Various insurance markets go through periods of low sanity as well.

Risk management needs to be sure to have the tools to identify the insane markets and the access to tell the story to the real decision makers.

Finally, individual risks or trades need to be assessed and priced properly.  That means that the insurance premium needs to provide a positive margin for expenses and profits above the realistic provision for expected losses and a reasonable margin for risk.

There were two big hits to insurers in 2009.  One was the continuing problems to AIG from its financial products unit.  The main lesson from their troubles ought to be TANSTAAFL.  There ain’t no such thing as a free lunch.  Selling far out of the money puts and recording the entire premium as a profit is a business model that will ALWAYS end up in disaster.

The other hit was to the variable annuity writers.  In their case, they were guilty of only pretending to do risk management.  Their risk limits were strange historical artifacts that had very little to do with the actual risk exposures of the firm.  The typical risk limits for a VA writer were very low risk retained from equities if the potential loss was due to an embedded guarantee and no limit whatsoever for equity risk that resulted in drops in basic M&E revenue.  A typical VA hedging program was like a homeowner who insured every item of his possessions from fire risk, but who failed to insure the house!

So insurers should end the year of 2009 thinking about whether they have either of those two problems lurking somewhere in their book of business.

Are there any “far out of the money” risks where no one is appropriately aware of the large loss potential ?

Are there parts of the business where risk limits are based on tradition rather than on risk?

Have a Happy New Year!

ReCapitalization Fantasy

Guest Post from Larry Rubin

I question whether sufficient attention is being paid to the definition of risk in most risk measures and in solvency II. In this case the use of 1-year VAR. Insurance companies makes long term promises as compared to other financial institutions. Yet we have seen the inadequacies of this risk measure for these other institutions. 1-year VAR is based on the assumption that if a company can survive a year it can re-capitalize. The credit crisis has shown that in a period of economic distress when it is most likely that many companies will be “in the tail” the ability to re-capitalize is suspect if non-existent. Companies such as, Lehman Brothers, Northern Rock, AIG and INDYMac could not re-capitalize. Bear Stearns, Merrill Lynch and WaMU required government support to facilitate the sale of their liabilities.
I believe one of the lessons of the credit crisis is that is that either the 1-year VAR analysis needs to reflect the potential drying up of capital during a tail event or insurance companies need to re-think the 1-year VAR measure. US Risk Based Capital, while an imperfect measure, has had ruin theory as its fundamental premise. This measure has held up well as most US life insurance operating companies maintained sufficient capital to survive to the point where it was possible to re-capitalize

Larry H. Rubin

Commentary on Timeline of the Global Financial Crisis

Link to Detailed Timeline

The events of the past three years are unprecedented in almost all of our lifetimes.  One needs to go back and look at how much was happening in such a short time to get an appreciation of how difficult it must have been to be in the hot seats of government, central banks and regulators, especially during the fall of 2008.

On the other hand, it is pretty easy, with 20-20 hindsight, to point to events that should have made it clear that something bad was on its way.

The timeline that is posted here on Riskviews is an amalgam from 5 or 6 different sources, including the BBC, Federal Reserve and Wikipedia.  None of them seemed to be very complete.  Not that this one is.  My personal biases left out some items from all of the sources.

Let us know what was left out that is important.  This timeline was created over a one year period and there was little effort to go back and pick up items that did not seem important at the time, but that later were found to be early signals of later big problems.

The reaction that I have had when I used this timeline to make a presentation about the Financial Crisis is that it is pretty unfair to go pointing fingers about actions taken during the fall of 2008.  When you look at the daily earth shaking events that were happening, it is really totally overwhelming, even a year later.  If the events that occured daily were spread out one per month, then perhaps a case could be made that “they” should ahve done better.

Going back much further, I am not willing to be quite so kind.  This crisis was manufactured by collision of two deliberate government policies – home-ownership for all and deregulation of financial markets.  That collision was preventable.  Neither policy had to be taken to the extreme that it was taken – to what looks now like an absurd extreme in both cases.

And in addition, the financial firms themselves are far from blameless.  Greenspan’s belief that the bankers were capable of looking out for their shareholder’s best interest was correct.  They were capable.

Read the history.  See what happened.  Decide for yourself.  Let me know what I missed.

Link to Detailed Timeline

Adaptability is the Key Survival Trait

…different and potentially much more difficult issues arise in the identification and measurement of risks where past experience is an uncertain or potentially misleading guide. When risk materialises, it may do so as a risk previously thought to be understood and managed that turns out to be very different indeed, and may do so quickly, well within normal audit cycles. The valuation of an asset or liability in a stressed market environment and the identification of other potential risks that may not previously have been encountered pose major questions for real-time assessment that are unlikely to have been factored into construction of the pre-existing business model.

Excerpt from the Walker Review

To survive such situations, it seems that the ability to quickly assess new situations, especially ones that look like old tried and true but that are seriously more dangerous, and to change what the organization is doing in response to these risks is key.

But to do that, significant amounts of senior resources must be dedicated to determining whether such risks are NOW in the environment each and every day.  The findings of this review must be taken very seriously and the organization must consider the possibility of changing course – not just a minor correction – a major change of business activity.

In addition to the discernment to identify such situations, the organization must cultivate the capacity to make such changes quickly and effectively.

An organization that can do those things have true adaptability and have a much better chance of survival.

However, for a business to be very profitable, it needs to be very focused, very efficient.  Everyone in the organization needs to be pointed in the same direction.  Doubt will undermine.

Within capitalism, the conflict is resolved by allowing individual businesses to maximize profits and relying on an assumption that there will be enough diversity of businesses that enough businesses will have chosen the right business model for the new environment.  Some of the most successful businesses from the old environment will fail to adapt, but some of the laggards will now thrive.

And therefore, the system survives.

But, that is not always so.  In some circumstances, too many firms choose the exact same strategy.  If the environment stays unchanging for too long, individual firms lose any adaptability that they might have had, they all become specialists in that one “most profitable thing”.  A major change in the environment and too many businesses fail too fast.

How does that happen?

Regulators play a large role.  The central bankers work very hard to keep the environment on a steady course, moderating the bumps that encourage diversity.

Prudential and risk management regulation also play a large role, forcing everyone to pay attention to the exact same risks and encouraging similar risk treatments through capital regime incentives.

So for the system to remain healthy, it needs adaptability and adaptability comes from diversity.  And diversity will not exist unless the environment is more variable.  There needs to be diversity in terms of both business strategy and interms of risk management approaches.

So improving the prudential regulation will have the effect of driving everyone to have the same risk management – it will have the perverse effect of diminishing the likelihood of survival of the system.

The Future of Risk Management – Conference at NYU November 2009

Some good and not so good parts to this conference.  Hosted by Courant Institute of Mathematical Sciences, it was surprisingly non-quant.  In fact several of the speakers, obviously with no idea of what the other speakers were doing said that they were going to give some relief from the quant stuff.

Sad to say, the only suggestion that anyone had to do anything “different” was to do more stress testing.  Not exactly, or even slightly, a new idea.  So if this is the future of risk management, no one should expect any significant future contributions from the field.

There was much good discussion, but almost all of it was about the past of risk management, primarily the very recent past.

Here are some comments from the presenters:

• Banks need regulator to require Stress tests so that they will be taken seriously.
• Most banks did stress tests that were far from extreme risk scenarios, extreme risk scenarios would not have been given any credibility by bank management.
• VAR calculations for illiquid securities are meaningless
• Very large positions can be illiquid because of their size, even though the underlying security is traded in a liquid market.
• Counterparty risk should be stress tested
• Securities that are too illiquid to be exchange traded should have higher capital charges
• Internal risk disclosure by traders should be a key to bonus treatment.  Losses that were disclosed and that are within tolerances should be treated one way and losses from risks that were not disclosed and/or that fall outside of tolerances should be treated much more harshly for bonus calculation purposes.
• Banks did not accurately respond to the Spring 2009 stress tests
• Banks did not accurately self assess their own risk management practices for the SSG report.  Usually gave themselves full credit for things that they had just started or were doing in a formalistic, non-committed manner.
• Most banks are unable or unwilling to state a risk appetite and ADHERE to it.
• Not all risks taken are disclosed to boards.
• For the most part, losses of banks were < Economic Capital
• Banks made no plans for what they would do to recapitalize after a large loss.  Assumed that fresh capital would be readily available if they thought of it at all.  Did not consider that in an extreme situation that results in the losses of magnitude similar to Economic Capital, that capital might not be available at all.
• Prior to Basel reliance on VAR for capital requirements, banks had a multitude of methods and often used more than one to assess risks.  With the advent of Basel specifications of methodology, most banks stopped doing anything other than the required calculation.
• Stress tests were usually at 1 or at most 2 standard deviation scenarios.
• Risk appetites need to be adjusted as markets change and need to reflect the input of various stakeholders.
• Risk management is seen as not needed in good times and gets some of the first budget cuts in tough times.
• After doing Stress tests need to establish a matrix of actions that are things that will be DONE if this stress happens, things to sell, changes in capital, changes in business activities, etc.
• Market consists of three types of risk takers, Innovators, Me Too Followers and Risk Avoiders.  Innovators find good businesses through real trial and error and make good gains from new businesses, Me Too follow innovators, getting less of gains because of slower, gradual adoption of innovations, and risk avoiders are usually into these businesses too late.  All experience losses eventually.  Innovators losses are a small fraction of gains, Me Too losses are a sizable fraction and Risk Avoiders often lose money.  Innovators have all left the banks.  Banks are just the Me Too and Avoiders.
• T-Shirt – In my models, the markets work
• Most of the reform suggestions will have the effect of eliminating alternatives, concentrating risk and risk oversight.  Would be much safer to diversify and allow multiple options.  Two exchanges are better than one, getting rid of all the largest banks will lead to lack of diversity of size.
• Problem with compensation is that (a) pays for trades that have not closed as if they had closed and (b) pay for luck without adjustment for possibility of failure (risk).
• Counter-cyclical capital rules will mean that banks will have much more capital going into the next crisis, so will be able to afford to lose much more.  Why is that good?
• Systemic risk is when market reaches equilibrium at below full production capacity.  (Isn’t that a Depression – Funny how the words change)
• Need to pay attention to who has cash when the crisis happens.  They are the potential white knights.
• Correlations are caused by cross holdings of market participants – Hunts held cattle and silver in 1908’s causing correlations in those otherwise unrelated markets.  Such correlations are totally unpredictable in advance.
• National Institute of Financa proposal for a new body to capture and analyze ALL financial market data to identify interconnectedness and future systemic risks.
• If there is better information about systemic risk, then firms will manage their own systemic risk (Wanna Bet?)
• Proposal to tax firms based on their contribution to gross systemic risk.
• Stress testing should focus on changes to correlations
• Treatment of the GSE Preferred stock holders was the actual start of the panic.  Leahman a week later was actually the second shoe to drop.
• Banks need to include variability of Vol in their VAR models.  Models that allowed Vol to vary were faster to pick up on problems of the financial markets.  (So the stampede starts a few weeks earlier.)
• Models turn on, Brains turn off.

Black Swan Free World (9)

On April 7 2009, the Financial Times published an article written by Nassim Taleb called Ten Principles for a Black Swan Free World. Let’s look at them one at a time…

9. Citizens should not depend on financial assets or fallible “expert” advice for their retirement. Economic life should be definancialised. We should learn not to use markets as storehouses of value: they do not harbour the certainties that normal citizens require. Citizens should experience anxiety about their own businesses (which they control), not their investments (which they do not control).

The treatment of retirement in many countries has been drastically marred by a fundamental lack of understanding of risk and of risk pooling.  Taleb’s suggestion here seems drastically radical, especially here in the US where we came very close just a few years ago to shifting all retirement programs over to market based.

Whether or not you believe in the “socialization” of social security, no one seems to be thinking of the risk management aspect of retirement.  One of the fundamental concepts of risk management is to take specific risk and to use diversification to minimize the relative impact of any specific adverse event.  What the planned market based alternatives to Social Security did was to maximize two specific risks.  Those are the risk of the level of the market at point of retirement and the risk of outliving the funds.  An individual can avoid one of the two, but never both as savings plans are currently run.

This would have been one more step in the direction away from any recognition that there is any risk whatsoever in the idea of providing pensions.  In 1974, the US Congress, in effect, drove the insurance industry out of the business of providing guarantees of pensions in any form.  They did that by telling businesses that they were fully funded if they put up an amount that was sufficient to pre-fund their promices and made sure that the amount was determined without any risk margin whatsoever.  You see, when insurers were in the business of guaranteeing pension benefits, they included a risk margin.  So if you compare an actuarial projection of costs WITHOUT a risk margin to an actuarial projection of costs WITH a risk margin, the projection WITHOUT a risk margin will always seem more economical.

So looking at an individual retirement savings plan without regard to risk is just one more step in this same wrong direction.

So I believe that Taleb has a point, but I would not agree that it is necessarily the best solution to remove the retirement issue entirely from the markets.  That is because I firmly believe that with the entirely unrealistic way that government approaches financial issues that extend into the far future (meaning after lunch), some relationship to the market provides discipline and transparency around the adequacy of the funding.

I would suggest two simple adjustments to the normal features of the personal retirement savings programs.  These can be additional options that are required for all qualified retirement vehicles (US term for plans that meet regulatory standards – there must be similar terms for any other countries where there are personal retirement accounts), or they can be required for all plans – if you are the type that prefers making people do things for their own good.  For investing, the single date dependency of the current system can be repaired with a fund that bases its earnings on an average of 5 prior years and that can only be cashed out over 5 years.

For the longevity risk, my suggestion is to offer an annuity payout option that can be purchased piecemeal at any time prior to retirement.  This option should appear very competitive to younger workers since their cost for an annuity unit deferred until their retirement will appear very inexpensive.  The annuity option can be provided through purchasing additional units of Social Security benefits or through private insurers.  Since the lack of income for elderly people in the countries like the US where lack of lifetime annuity ownership by retired individuals (like the US) will become an extremely serious issue within 20 years when most of the baby boomers who had retirement savings will have spent that savings long before half of us expire, some amount of annuity purchase should be required.  I would favor the gradual elimination of tax advantage to any funds withdrawn as a lump sum or as any form that has no lifetime guarantee.

In the end, to do this right with individual accounts may just be too much trouble for all.  Perhaps what would be better would be to require all employers to provide defined benefit plans and to fund them with risk adjusted premiums.  Now that would make sense.

Black Swan Free World (8)

Black Swan Free World (7)

Black Swan Free World (6)

Black Swan Free World (5)

Black Swan Free World (4)

Black Swan Free World (3)

Black Swan Free World (2)

Black Swan Free World (1)

RISK USA Conference – October 2009

Many, many good questions and good ideas at the RISK USA conference in New York.  Here is a brief sampling:

• Risk managers are spending more time showing different constituencies that they really are managing risk.
• May want to change the name to “Enterprise Uncertainty Management”
• Two risk managers explained how their firms did withdraw from the mortgage market prior to the crisis and what sort of thinking by their top management supported that strategy
• Now is the moment for risk management – we are being asked for our opinion on a wide range of things – we need to have good answers
• Availability of risk management talent is an issue.  At both the operational level and the board level. 
• Risk managers need to move to doing more explaining after better automating the calculating
• Group think is one of the major barriers of good risk management
• Regulators tend to want to save too many firms.  Need to have a middle path that allows a different sort of resolution of a troubled firm than bankrupcy.
• Collateral will not be a sufficient solution to risks of derivatives.  Collateral covers only 30 – 50% of risk
• No one has ever come up with a theory for the level of capital for financial firms.  Basel II is based upon the idea of keeping capital at about the same level as Basel I. 
• Disclosure of Stress tests of major banks last Spring was a new level of transparency. 
• Banking is risky. 
• Systemic Risk Regulation is impossibly complicated and doomed to failure. 
• Systemic Risk Regulation can be done.  (Two different speakers)
• In Q2 2007, the Fed said that the sub-prime crisis is contained.  (let’s put them in charge)
• Having a very good system for communicating was key to surviving the crisis.  Risk committees met 3 times per day 7 days per week in fall 2008. 
• Should have worked out in advance what do do after environmental changes shifted exposures over limits
• One firm used ratings plus 8 additional metrics to model their credit risk
• Need to look through holdings in financial firms to their underlying risk exposures – one firm got red of all direct exposure to sub prime but retained a large exposure to banks with large sub prime exposure
• Active management of counterparties and information flow to decision makers of the interactions with counter parties provided early warning to problems
• Several speakers said that largest risk right now is regulatory changes
• One speaker said that the largest Black Swan was another major terrorist attack
• Next major systemic risk problem will be driven primarily by regulators/exchanges
• Some of structured markets will never come back (CDO squareds)
• Regret is needed to learn from mistakes
• No one from major firms actually went physically to the hottest real estate markets to get an on the ground sense of what was happening there – it would have made a big difference – Instead of relying solely on models. 

Discussions of these and other ideas from the conference will appear here in the near future.

Optimizing ERM & Economic Capital

The above was the title of a conference in London that I attended this week.  Here are some random take-aways:

• Sometimes it makes sense to think of risk indicators instead of risk limits.

• Should MVM reflect diversification?  But who’s diversification?

• Using a Risk and Control Self Assessment as the central pillar to an Operational Risk program

• Types of Operational Losses:  Financial, Reputation, Opportunity, Inefficiency

• Setting low thresholods for risk indicators/KRIs provides an early warning of the development of possible problems

• Is your risk profile stable?  Important question to consider.

• Number of employees correlates to size of operational risk losses.  May be a simple way to start thinking about how to assign different operational risk capital to different operations.  Next variable might be experience level of employees – might be total experience or task specific experience.  If a company goes into a completely new business, there are likely to be operational issues if they do not hire folks with experience from other firms.

• Instead of three color indicators, use four – Red, Orange(Amber), Yellow, Green.  Allows for elevating situations out of green without raising alarm.

• Should look at CP33

• Controls can encourage more risk taking.  (See John Adams work on seatbelts)

• Disclosures of safety margin in capital held might create market expectations that would make it impossible to actually use those margins as a buffer without market repercussions.

• Serious discussions about a number of ways that firms want to deviate from using pure market values.  Quite a shift from the discussions I heard 2 -3 years ago when strict adherence to market values was a cornerstone of good financial and risk management.  As Solvency 2 is getting closer to reality, firms are discovering some ways that the MTM regime would fundamentally change the insurance business.  People are starting to wonder how important it is to adhere to MTM for situations where liquidity needs are very low, for example.

All in all a very good conference.

ERM: Law of Unintended Consequences [2]

From Neil Bodoff

One of the reasons that so many counterparties bought CDS protection [from the same counterparty, precipitating a crisis] was their desire to reduce their regulatory capital requirements. So the regulatory framework had high capital requirements for credit risk, but low capital requirements when the credit risk was hedged. Basically the regulatory framework created a strong incentive for all banks to simultaneously execute the same strategy of hedging risk via CDS. Lessons are: [1] Whereas individual firms in a competitive market may pursue various strategies, the government’s monopoly on regulation might create a homogenizing effect on firms’ behavior, thus concentrating risk. Thus the regulatory framework itself becomes a systemic risk and thus requires extra scrutiny and care. [2] For any regulatory framework, the designers ought to choose someone to “roleplay” the part of firms trying to minimize regulatory capital requirements, so as to understand the behaviors and countermeasures the firms might take in response to the regulatory demands. [3] Beware of unintended consequences.