Archive for the ‘Risk and Light’ category

Must have more than one View of Risk

May 14, 2012

Riskviews finds the headline Value-at-Risk model masked JP Morgan $2 bln loss to be totally appalling. JP Morgan is of course famous for having been one of the first large banks to use VaR for daily risk assessment.

During the late 1980’s, JP Morgan developed a firm-wide VaR system. This modeled several hundred risk factors. A covariance matrix was updated quarterly from historical data. Each day, trading units would report by e-mail their positions’ deltas with respect to each of the risk factors. These were aggregated to express the combined portfolio’s value as a linear polynomial of the risk factors. From this, the standard deviation of portfolio value was calculated. Various VaR metrics were employed. One of these was one-day 95% USD VaR, which was calculated using an assumption that the portfolio’s value was normally distributed.
With this VaR measure, JP Morgan replaced a cumbersome system of notional market risk limits with a simple system of VaR limits. Starting in 1990, VaR numbers were combined with P&L’s in a report for each day’s 4:15 PM Treasury meeting in New York. Those reports, with comments from the Treasury group, were forwarded to Chairman
Weatherstone.                        from History of Value-at-Risk:1922-1998 by Glyn Holten

JP Morgan went on to spin off a group, Riskmetrics, who sold the capability to do VaR calculations to all comers.

Riskviews had always assumed that JP Morgan had felt safe selling the VaR technology because they had moved on to something better.

But the story given about the $2 billion loss suggests that they were flubbing the measurement of their exposure because of a new risk measurement system.

Riskviews would suggest two ideas to JP Morgan:

  1. A firm that makes its money taking risks should never rely upon a single measure of risk.  See Risk and Light and the CARE Report for further information.
  2. The folks responsible for risk evaluation need to apply some serious standards for their work.  Take a look at the first attempt of the actuarial profession of standards for professionals performing risk evaluation in ERM programs.  This proposed standard suggests many things, but the most important idea is that a professional who is evaluating risk should look at three things: the risk taking capacity of the firm, the risk environment and the risk management program of the firm.

These are fundamental principles of risk management.  Not the only ones, but principles that speak to the problem that JP Morgan claims to have.

Advertisements

The Danger of Optimization

November 21, 2011

RISKVIEWS was recently asked “How do insurers Optimize Risk and Reward?”

The response was “That is dangerous. Why do you want to know that?” You see, a guru must always answer a question with a question. And in this case, RISKVIEWS was being treated as a guru.

Optimizing risk and reward is dangerous because it is done with a model.  Not all things that use a model are dangerous.  But Optimizing is definitely dangerous.

One definition of optimizing is

“to make as perfect as possible.”

Most often, optimization means taking maximum possible advantage of the diversification effect.  You will often hear someone talking about the ability to add risk without adding capital.  Getting a free ride on risk.

There are two reasons that optimizing ends up being dangerous…

  1. The idea of adding risk without adding capital is a misunderstanding.  Adding risk always adds risk.  It may well not add to a specific measure of risk because of either size or correlation or both, but the risk is there.  The idea that adding a risk that is low correlation with the firm’s predominant risk is a free ride will sooner or later seep into the minds of the people who ultimately set the prices.  They will start to think that it is just fine to give away some or all of the risk premium and eventually to give up most of the risk margin because there is thought to be no added risk.  This free risk idea will also lead to possibly taking on too much of that uncorrelated risk.  More than one insurer has looked at an acquisition of a large amount of the uncorrelated risk where the price for the acquisition only makes sense with a diminished risk charge.  But with the acquisition, the risk becomes a major concentration of loss potential and suddenly, the risk charge is substantial.
  2. In almost all cases, the best looking opportunities, based on the information that you are getting out of the model are the places where the model is in error, where the model is missing one or more of the real risks.  Those opportunities will look to have unusually fat risk premiums. To the insurer with the incorrect model, those look like extra margin.  This is exactly what happened with the super senior tranches of sub prime mortgage securities.  If you believed the standard assumption that house prices would never go down, there was no risk in the super senior, but they paid 5 – 10 bps more than a risk free bond.

The reliance on a model for optimization is dangerous.

That does not mean that the model is always dangerous.  The model only becomes dangerous when there is undue reliance is placed upon the exact accuracy of the model, without regard for model error and/or parameter uncertainty.

The proper use of the model is Risk Steering.  The model helps to determine the risks that should be held steady, which risks would be good to grow (as long as the environment stays the same as what the model assumes) and which risk to reduce.

Time to Ban RISK FREE!

October 25, 2011

Perhaps the very act of declaring something a RISK FREE ASSET guarantees that it will not be such. 

Underneath that declaration of RISK FREE is a presumption that the RISK FREE entity can absorb an unlimited amount of debt.  When in fact, the thing that we are seeing over and over again is that it is the debt itself that causes the risk!

In insurance, if insurers allowed someone to insure a building that they own for five times its value in the event of a fire, we all understand that a fire becomes highly likely.

In banking, it is also a basic tenet of lending that if you lend someone much, much more than they could ever possibly repay, that they will not repay.  But in banking, we have let the concept of RISK FREE creep into our heads and let that overcome the basic tenet about lending and repayment.  Banks are actually encouraged to put more of their money into RISK FREE securities to make them more secure.  But in the case of both the sub prime and the sovereign crises, the problem comes from assets that were improperly designated RISK FREE.

But what if it is the designation of RISK FREE itself that leads to the problems?

In the US Life insurance sector, the regulators provide a Risk Based Capital (RBC) regime.  It assigns a level of capital based upon the regulators understanding of the risk of various activities.  Most life insurance products at the time of the creation of the RBC regime in the early 1990’s involved a guarantee from the general account of the insurer to the beneficiaries of the insureds.  Life insurers traditionally took large amounts of credit risk to support those guarantees.  The RBC originally was focused first on the largest risk of the life insurers, credit.

Variable Annuities did not involve a guarantee from the general account and were therefore considered RISK FREE.  Many insurers wrote that business and did not attribute any capital because the products were RISK FREE.  From the start, insurers paid a fixed commission to brokers who wrote the business.  Insurers did not directly charge the customers for those commissions, but instead recovered those payments from the accounts over time.  Later, life insurers started to also add guarantees from the general account of the benefits from the variable annuities.  The variable annuities were still considered to be RISK FREE so there was still no RBC charge.

It was not a surprise that valuable risk protection that was highly underpriced was attractive to buyers and these products became very heavy sellers for a dozen or more companies.  So much so that attempts to later change the RBC to require proper capital amounts for the product were potentially critically damaging to some of those firms. Eventually, when the financial crisis hit, some of those dozen insurers that wrote large amounts of these products were looking for help from the TARP program

So perhaps we should be rethinking this concept of RISK FREE.   When the activity deemed as RISK FREE starts to become risky, it starts (or in the case of the sub prime backed CDOs always) pays a higher return than the lowest risk activities.  When the denominator for RISK FREE is zero or very near zero, very tiny amounts of excess returns from growing risk of the activity which is now designated RISK FREE in error will look to be fantastically profitable.  A firm that is trying to optimize its return on capital will shift as much activity as possible into the improperly designated assets class.

As long as there is a RISK FREE class, there will be an incentive to shift as much activity as possible into any security in that class that is misclassified. 

And because the capital requirements for risk free are zero, there is no limit to how much banks can move into that class.  They actually look good if they leverage up to increase activity in RISK FREE.

We need to stop even saying that any class of investments is RISK FREE.  As we see where that idea has led us, we need to leave it in the universities where it belongs and keep it out of the business world.  They can keep it on a shelf right next to their bottles of perfect vacuum and along side their frictionless surfaces.  That is where it belongs.

In the real world, there are no RISK FREE assets.  The capital requirements need to be floored with a positive number and graded up with the level of returns.  The market really is telling us something about risk when returns are higher, not about the brilliance of the companies that are able to find the misclassified RISK FREE investments.

 

You Must Abandon All Presumptions

August 5, 2011

If you really want to have Enterprise Risk Management, then you must at all times abandon all presumptions. You must make sure that all of the things to successfully manage risks are being done, and done now, not sometime in the distant past.

A pilot of an aircraft will spend over an hour checking things directly and reviewing other people’s checks.  The pilot will review:

  • the route of flight
  • weather at the origin, destination, and enroute.
  • the mechanical status of the airplane
  • mechanical issues that may have been improperly logged.
  • the items that may have been fixed just prior to the flight to make certain that system works
  • the flight computer
  • the outside of the airplane for obvious defects that may have been overlooked
  • the paperwork
  • the fuel load
  • the takeoff and landing weights to make sure that they are within limits for the flight

Most of us do not do anything like this when we get into our cars to drive.  Is this overkill?  You decide.

When you are expecting to fly somewhere and there is a last minute delay because of something that seems like it should have really been taken care of, that is likely because the pilot finds something that someone might normally PRESUME was ok that was not.

Personally, as someone who takes lots and lots of flights, RISKVIEWS thinks that this is a good process.  One that RISKVIEWS would recommend to be used by risk managers.

THE NO PRESUMPTION APPROACH TO RISK MANAGEMENT

Here are the things that the Pilot of the ERM program needs to check before taking off on each flight.

1.  Risks need to be diversified.  There is no risk management if a firm is just taking one big bet.

2.  Firm needs to be sure of the quality of the risks that they take.  This implies that multiple ways of evaluating risks are needed to maintain quality, or to be aware of changes in quality.  There is no single source of information about quality that is adequate.

3.  A control cycle is needed regarding the amount of risk taken.  This implies measurements, appetites, limits, treatment actions, reporting, feedback

4.  The pricing of the risks needs to be adequate.  At least if you are in the risk business like insurers, for risks that are traded.  For risks that are not traded, the benefit of the risk needs to exceed the cost in terms of potential losses.

5.  The firm needs to manage its portfolio of risks so that it can take advantage of the opportunities that are often associated with its risks.  This involves risk reward management.

6.   The firm needs to provision for its retained risks appropriately, in terms of set asides (reserves) for expected losses and capital for excess losses.

A firm ultimately needs all six of these things.  Things like a CRO, or risk committees or board involvement are not on this list because those are ways to get these six things.

The Risk Manager needs to take a NO PRESUMPTIONS approach to checking these things.  Many of the problems of the financial crisis can be traced back to presumptions that one or more of these six things were true without any attempt to verify.

Looking at Risk through a Telescope, Reading Glasses or a Wide Angle Lens

May 12, 2011

Risk managers need to be looking at the risks that may nibble away at the firm, risks that may deliver swift killing blows as well as risks that will slowly strangle the firm.

Risk managers need to use the Telescope to look for risks that are remote.  The Emerging Risks.  Those risks may be tiny specks in the far distance.  The risk manager may need to use their imagination to see what harm those tiny specs might do.  They need to arrange things appropriately to prepare for the day when the speck might turn into a real threat.  The firms who use the telescope to view those risks will be able to take the actions far in advance that will make their eventual defense against the risk more effective and economical.

Risk managers also need to use the Reading Glasses to look at the fine details of the things that go by each and every day.  By a careful detailed review, the risk manager may find cracks in the structure or activity that appeared very sturdy up until then.  They can take actions to patch those cracks and to look for alternatives.

Risk managers should also look with a wide angle lens for risks coming at them.  The wide angle lens allows them to see risks coming at them from every direction.  When the risk manager crosses the one way street, they will often quickly look in the “wrong” direction to make sure that nothing is coming from that direction either.  They know that risk is not bound by any rules.  In fact, risk is often most dangerous when it moves directly in the opposite direction that the rules would have you think to look.

Risk managers who have built up processes with a fixed focus that look in only the directions that are required will find that the largest risks are not going to congregate in the spots where they have focused.

Risks will move out of those bright spots where the risk managers are focusing into the dark.  And they will move closer and closer and get larger and larger as long as no one looks at them.

Leave Something on the Table

April 19, 2011

What was the difference between the banks and insurers with high tech risk management programs that did extremely poorly in the GFC from those with equally high tech risk management programs who did less poorly?

One major difference was the degree to which they believed in their models.  Some firms used their models to tell them exactly where the edge of the cliff was so that they could race at top speed right at the edge of the cliff.  What they did not realie was that they did not know, nor could they know the degree to which the edge of that cliff was sturdy enough to take their weight.  Their intense reliance on their models, most often models that focused like a lazer on the most important measure of risk, left other risks in the dark.  And those other risks undermined the edge of the cliff.

Others with equally sophisticated models were not quite so willing to believe that it was perfectly safe right at the edge of the cliff.  They were aware that there were things that they did not know.  Things that they were not able to measure.  Risks in the dark.  They took the information from their models about the edge of the cliff and they decided to stay a few steps away from that edge.

They left something on the table.  They did not seek to maximize their risk adjusted returns.  Maximizing risk adjusted return in the ultimate sense involved identifying the opportunity with the highest risk adjusted return and taking advantage of that opportunity to the maximum extent possible, then looking to deploy remaining resources to the second highest risk adjusted return and so on.

The firms who had less losses in the crisis did not seek to maximize their risk adjusted return.

They did not maximize their participation in the opportunity with the highest risk adjusted return.  They spread their investments around with a variety of opportunities.  Some with the highest risk adjusted return choice and other amounts with lesser but usually acceptable return opportunities.

So when it came to pass that everyone found that their models were totally in error regarding the risk in that previously top opportunity, they were not so concentrated in that possibility.

They left something on the table and therefore had something left at the end of that round of the game.

Not About Capital

April 13, 2011

The reality is that regulatory capital requirements, no matter how much we try to refine them, will always be a blunt tool.  Certainly they should not create the wrong incentives, but we cannot micromanage firm behavior through regulatory capital requirements.  There are diminishing returns to pursuing precision in regulatory capital requirements.

Terri Vaughan, NAIC

These remarks were made in Europe recently by the lead US regulator of the insurance industry.  In Europe, there has never been a regulatory capital requirement that was risk related.  But the Europeans have been making the discussion all about capital for about 10 years now in anticipation of their first risk based capital regime, Solvency II.

The European assumption is that if they follow as closely as possible the regulatory regime that has failed so spectacularly to control the banking system, Basel II, then everything will be under control.

The idea seems to be that if you concentrate, really concentrate, on measuring risk, then insurance company management will really take seriously the idea of managing risk.   Of course, that conclusion is also based upon the assumption that if you really, really concentrate on measuring risk that you will get it right.

But the Law of Risk and Light tells us that our risk taking systems will lead us to avoid the risk in the light and to load up on the risk in the dark.

That means the risks that are properly measured by the risk based capital regulatory system will be managed.

But whatever risks that are not properly measured will come to predominate the system.  The companies that take those risks will grow their business and their profits faster than the companies that do not take those poorly measured risks.

And if everyone is required to use the same expensive risk measurement system, very, very few will invest the additional money to create alternate measures that will see the flaws in the regulatory regime.

The banking system had a flaw.  And many banks concentrated on risks that looked good in the flawed system but that were actually rotten.

What is needed instead is a system that concentrates on risk controlling.  A firm first needs a risk appetite and second needs a system that makes sure that their risks stay within their appetite.

Under a regulatory risk capital system, the most common risk appetite is that a firm will maintain capital above the regulatory requirement.  This represents a transfer of the duty of management and the board onto the regulator.  They never need to say how much risk that they are willing to take.  They say instead that they are in business to satisfy the regulator with regard to their risk taking.

The capital held by the firm should depend upon the firm’s risk appetite.  The capital held should support the risk limits allowed by the board.

And the heart of the risk control system should be the processes that ensure that the risk stays within the limits.

And finally, the limits should not be a part of a game that managers try to beat.  The limits need to be an extremely clear expression of the fundamental way that the firm wants to conduct business.  So any manager that acts in a way that is contrary to the fundamental goals of the firm should not continue to have authority to direct the activities of the firm.


%d bloggers like this: