The Joint Risk Management Section of the Canadian Institute of Actuaries, the Casualty Actuarial Society, and the Society of Actuaries will oversee an online survey to help understand individual risk managers’ perspectives on emerging risks. We value insights from all levels of experience and background and invite you to participate in this annual survey. Please complete this survey by Nov. 22nd. It should take about 15 minutes to complete. We hope you will share your thoughts and experiences in comment boxes. Responses from more than one risk manager within the same company are encouraged. All responses are anonymous. Thanks to the SOA Reinsurance and Financial Reporting Sections for supporting this research. If you have questions about the survey, please contact Jan Schuh at the SOA Research Institute, jschuh@soa.org.
Risk Identification is widely acknowledged at the very first step in forming a new ERM program. What is not so widely known is that the risk identification process needs to be repeated and refreshed to keep ERM alive. In this regard, ERM is like a lawn. Initially, the ground is prepared, it is seeded and fertilized and watered until a bed of green grass emerges. But the lawn will eventually deteriorate if it is not reseeded and fertilized and weeded and watered regularly. Repeating the risk identification process is one of the key steps to keeping the ERM program alive and green!
Companies considering the risk identification process should be aware that it is not a solution in itself and can only add value if the results are used as the first step in a risk control cycle.
This is an iterative process that refines managements’ understanding of the exposures that it is managing, and measures the effectiveness of the mitigation strategies employed in controlling risk:
For the risk identification process to be effective it is essential that senior management is directly involved from the outset. Regulators may give little or less credibility to an ORSA report if this ownership of ERM isn’t in place.
A brainstorming session involving the leaders of all risk taking functions across the business provides an effective starting point in compiling a list of significant risks.
This often results in a list containing 30 or more risks; if the process involves a broad range of people at many levels in the organization, it is not uncommon to have a list of 100 to 150 risks.
By considering each risk individually and quantifying its potential impact on the business, management can work towards a shorter list of high priority risks which should be the starting point of the risk control cycle.
Risk Control Cycle
Step 1: Identify All Significant Risks
Risks must be identified in order to:
>Ensure that the full range of significant risks is encompassed within the risk management process >Develop processes to measure exposure to those risks >Begin to develop a common language for risk management with the company
Some companies prefer to start with a comprehensive but generic list of risks. The company should then aim to select its own list by considering the following criteria:
Relevance to the insurer’s activities
Impact on the insurers financial condition
Ability to manage separately from other risks
The risk output from the ERM program may be used in strategic capital allocation decisions within the on-going business planning process.
The final “risk list” should be checked for completeness and consistency with this intended use. A final check can be done by looking at the lists once separated into categories. Most risks can be classified into one of several categories.
For example:
Underwriting Risk
Market Risk
Operational Risk
Credit/Default Risk
Management can review the range of risks that appear in each category to make sure that they are satisfied with the degree to which they have addressed key exposures within each major category.
The remaining steps in the risk identification process are then used to narrow down this initial risk list to a set of high priority risks that can be the focus of ERM discussions among and with senior management and ultimately with the board.
Step 2: Understand Each Risk Exposure
It is necessary to develop a broad understanding of each of the risks selected from Step 1; this includes determining whether the risk is driven by internal or external events.
In some situations, it may prove helpful to actually plot the exact sequence of events leading to a loss situation. This could result in the identification of intermediate intervention points where losses can be prevented or limited.
Existing risk measurement and control processes should be documented, and if the loss sequence has been plotted, the location of each control process in the sequence can be identified.
The final step in understanding the risks is to study recent events related to risks, including loss events, successful risk control or mitigation, and near misses both in the wider world and inside the company. Such events should be studied and lessons can be learned and shared.
Step 3: Evaluate
The next step in the risk identification process is to evaluate the potential impact of each risk. This involves:
>Estimating the frequency of loss events, e.g., low, medium, and high >Estimating potential severity of loss events, e.g., low, medium, and high >Considering offsetting factors to limit frequency or severity of losses and understand potential control processes
Some insurers also include an additional aspect of the risks, velocity, which is defined as the rate at which the risk can develop into a major loss situation
Step 4: Prioritize
The evaluations of risk frequency, severity, and velocity from Step 3 are then combined into a single factor and the risks ranked.
The risks are ranked according to a combined score incorporating all three assessments. The ranking starts with the risk with the worst combination of frequency, severity, and velocity scores.
From this ranked list of risks, 10 to 15 risks are chosen to be the key risk list that will be the focus of senior management discussions. From that list, ultimately 4 – 6 risks are chosen to feature with the board.
This need not be a complex or time consuming task. Often a simple heat map approach provides an effective way for management to identify their highest priority risks:
The rest of the risks should not be ignored. Those risks may ultimately be addressed at another level within the insurer.
Regulatory Emphasis
Regulators have developed Own Risk and Solvency Assessment (ORSA) regimes which require re/insurers to demonstrate their use of appropriate enterprise risk management (ERM) practices to support their ability to meet prospective solvency requirements over the business planning period.
Regulators are providing only high-level guidelines and will expect companies to decide what “appropriate” means for them. There are a number of common threads linking the ORSA guidelines; one of these is the fundamental importance of risk identification.
ORSA Guidance Manual
This ORSA process is being applied in all parts of the globe. In the U.S., the National Association of Insurance Commissioners (NAIC) ORSA Guidance Manual names risk identification as one of the five key aspects of the insurer’s ERM program that should be described in the ORSA report.
That document provides a definition for risk identification and prioritization:
[a] process that is key to the organization; responsibility for this activity is clear; the risk management function is responsible for ensuring that the process is appropriate and functioning properly at all organizational levels
For the EU, the Solvency II ORSA requires that solo undertakings provide:
[a] qualitative description of risks [and] should subject the identified risks to a sufficiently wide range of stress test / scenario analyses to provide an adequate basis for the assessment of overall solvency needs.
In the case of groups, the ORSA should adequately identify, measure, monitor, manage and report all group specific risks.
Insurance Core Principles (ICP)
The risk identification process is key to all insurers, not just those required to prepare an ORSA. This wider relevance is underlined by the Financial Stability Board’s endorsement of the International Association of Insurance Supervisors (IAIS) Insurance Core Principles (ICPs); ICP 16 highlights the importance of ERM as a process of identifying, assessing, measuring, monitoring, controlling and mitigating risks.
Perhaps the most attractive feature of the risk identification process is its low cost, high-impact introduction to risk management that builds upon the existing infrastructure and risk knowledge in the company.
It does not require a large commitment to capital expenditures and, if done appropriately, will provide a valuable first step in rolling out risk management across the company.
The ICPs are guidance for the insurance regulators in all jurisdictions. The ORSA, or an equivalent process with an equally odd name, may well be eventually adopted in all countries.
The short story “The Most Dangerous Game” has always fascinated. Wikipedia lists dozens of adaptations for Radio, Movies and TV. The story is about the most dangerous quarry for a hunter.
Insurers are not hunters, they do not exactly seek out risk. Well, maybe they do seek risks. But insurers should be aware that some risks are more dangerous than others.
In late 2017, RISKVIEWS polled 200 insurance executives and they provided their opinion of how to rank a long list of risks that threaten insurers. The polling software, found at allourideas.com, asks participants to rank pairs of items and uses a complex algorithm to create a ranking of the entire list. These 200 executives, on the average, chose to rank about 80 pairs making a total of over 16,000 rankings performed.
The results were published on the web here. The Top 10 risks were:
1 Cybersecurity & Cybercrime
2 IT/Systems & Tech Gap
3 Strategic Direction & Opportunities Missed
4 Pricing & Product Line Profit
5 Runaway frequency or severity of claims
6 Disruptive Technology
7 Customer needs not served by traditional approaches
8 Emerging Risks
9 Competition
10 Underwriting
And in mid 2018, RISKVIEWS looked around to find out what news there had been regarding each of the top risks and published the findings here.
It is quite easy for an ERM program to become irrelevant. All it takes is for it to stay the same for several years. After just a few years, you will find that you risk management processes are focused upon the issues of several years ago. You may be missing new wrinkles to your risks and also repeating mitigation exercises that are no longer effective or needed.
That is because the risk environment is constantly changing. Some risks are become more dangerous while for others the danger is receding. No firm anywhere has an unlimited budget for risk management. So to remain effective, you need to constantly reshuffle priorities.
One place where that reshuffling is very much needed is in the risk register. That is a hard message to sell. Risk Identification is seen by most as the first baby step in initiating and ERM program. How could a well developed, sophisticated ERM program need to go back to the first baby step.
But we do need to go back and somehow get people to seriously re-evaluate the Risks on the Risk Register. That is because risk management is fundamentally a cycle rather than a a one way development process. We are all brainwashed that constant growth and steady improvement is the fundamental nature of human enterprise. For risk management to really work, we need that cycle model where we go back and do all of the same steps as last year all over again.
One way to freshen up the process of reviewing the risk register is to bring in outside information. The link below provides some good outside information that you can use to stimulate your own review.
Willis Re took the top 15 risks from a dozen insurer risk registers and combined them to get 50+ unique risks. Then over 100 insurer executives and risk management staff helped to rank those 50 risks.
We took a list of over 50 risks commonly found on insurer risk registers, and asked, “Which risks present the most danger to your firm in 2017?”
Take a look. How does the resulting ranking look compared to your risk register? Do any of the top 10 risks show up as middling priority in your program? Are any of the bottom ten risks near the top of your priority ranking? So your review can focus on a discussion of the most significant deviations between your ranking and the ranking from the link above. You need to convince yourself that you have good reasons for different priorities or change your priorities.
Project managers constantly think about risks, both threats and opportunities. What if the requirements are late? What if the testing environment becomes unstable? How can we exploit the design skills of our developers?
Let’s consider a simple but powerful tool to capture and manage your risks – the Risk Register. What is it? What should it include? What tools may be used to create the register? When should risk information be added?
The Risk Register is simply a list of risk related information including but not limited to:
Risk Description. Consider using this syntax: Cause -> Risk -> Impact. For example: “Because Information Technology is updating the testing software, the testing team may experience an unstable test environment resulting in adverse impacts to the schedule.”
Risk Owner. Each risk should be owned by one person and that person should have the knowledge and skills to plan and execute risk responses.
Triggers. Triggers indicate when a risk is about to occur or that the risk has occurred.
Category. Assigning categories to your risks allows you to filter, group, analyze, and respond to your risks by category. Standard project categories include schedule, cost, and quality.
Probability Risk Rating. Probability is the likelihood of risk occurring. Consider using a scale of 1 to 10, 10 being the highest.
Impact Risk Rating. Impact, also referred to as severity or consequence, is the amount of impact on the project. Consider using a scale of 1 to 10, 10 being the highest.
Risk Score. Risk score is calculated by multiplying probability x impact. If the probability is 8 and the impact is 5, the risk score is 40.
Risk Response Strategies. Strategies for threats include: accept the risk, avoid the risk, mitigate the risk, or transfer the risk. Strategies for opportunities include: accept the risk, exploit the risk, enhance the risk, or share the risk.
Risk Response Plan or Contingency Plan. The risk owner should determine the appropriate response(s) which may be executed immediately or once a trigger is hit. For example, a risk owner may take immediate actions to mitigate a threat. Contingency plans are plans that are executed if the risk occurs.
Fallback Plans. For some risks, you may wish to define a Fallback Plan. The plan outlines what would be done in the event that the Contingency Plan fails.
Residual Risks. The risk owner may reduce a risk by 70%. The remaining 30% risk is the residual risk. Note the residual risk and determine if additional response planning is required.
Trends. Note if each risk is increasing, decreasing, or is stable.
The Risk Register may be created in a spreadsheet, database, risk management tool, SharePoint, or a project management information system. Make sure that the Risk Register is visible and easy to access by your project team members.
The risk management processes include: 1) plan risk management, 2) identify risks, 3) evaluate/assess risks, 4) plan risk responses, and 5) monitor and control risks.
The initial risk information is entered when identifying risks in the planning process. For example, PMs may capture initial risks while developing the Communications Plan or the project schedule. The initial risk information may include the risks, causes, triggers, categories, potential risk owners, and potential risk responses.
As you evaluate your risk in the planning process, you should assign risk ratings for probability and impact and calculate the risk scores.
Next, validate risk owners and have risk owners complete response plans.
Lastly, review and update your risks during your team meetings (i.e., monitoring and control). Add emerging risks. Other reasons for updating the risk register include change requests, project re-planning, or project recovery.
Both the COSO and ISO risk management frameworks describe many excellent practices. However, in practice, insurers need to make two major changes from the typical COSO/ISO risk management process to achieve real ERM.
RISK MEASUREMENT – Both COSO and ISO emphasize what RISKVIEWS calls the Risk Impressions approach to risk measurement. That means asking people what their impression is of the frequency and severity of each risk. Sometimes they get real fancy and also ask for an impression of Risk Velocity. RISKVIEWS sees two problems with this for insurers. First, impressions of risk are notoriously inaccurate. People are just not very good at making subjective judgments about risk. Second, the frequency/severity pair idea does not actually represent reality. The idea properly applies to very specific incidents, not to risks, which are broad classes of incidents. Each possible incident that makes up the class that we call a risk has a different frequency severity pair. There is no single pair that represents the class. Insurers risks are in one major way different from the risks of non-financial firms. Insurers almost always buy and sell the risks that make up 80% or more of their risk profile. That means that to make those transactions they should be making an estimate of the expected value of ALL of those frequency and severity pairs. No insurance company that expects to survive for more than a year would consider setting its prices based upon something as lacking in reality testing as a single frequency and severity pair. So an insurer should apply the same discipline to measuring its risks as it does to setting its prices. After all, risk is the business that it is in.
HIERARCHICAL RISK FOCUS – Neither COSO nor ISO demand that the risk manager run to their board or senior management and proudly expect them to sit still while the risk manager expounds upon the 200 risks in their risk register. But a highly depressingly large number of COSO/ISO shops do exactly that. Then they wonder why they never get a second chance in front of top management and the board. However, neither COSO nor ISO provide strong enough guidance regarding the Hierarchical principal that is one of the key ideas of real ERM. COSO and ISO both start with a bottoms up process for identifying risks. That means that many people at various levels in the company get to make input into the risk identification process. This is the fundamental way that COSO/ISO risk management ends up with risk registers of 200 risks. COSO and ISO do not, however, offer much if any guidance regarding how to make that into something that can be used by top management and the board. In RISKVIEWS experience, the 200 item list needs to be sorted into no more than 25 broad categories. Then those categories need to be considered the Risks of the firm and the list of 200 items considered the Riskettes. Top management should have a say in the development of that list. It should be their chooses of names for the 25 Risks. The 25 Risks then need to be divided into three groups. The top 5 to 7 Risks are the first rank risks that are the focus of discussions with the Board. Those should be the Risks that are most likely to cause a financial or other major disruption to the firm. Besides focusing on those first rank risks, the board should make sure that management is attending to all of the 25 risks. The remaining 18 to 20 Risks then can be divided into two ranks. The Top management should then focus on the first and second rank risks. And they should make sure that the risk owners are attending to the third rank risks. Top management, usually through a risk committee, needs to regularly look at these risk assignments and promote and demote risks as the company’s exposure and the risk environment changes. Now, if you are a risk manager who has recently spent a year or more constructing the list of the 200 Riskettes, you are doubtless wondering what use would be made of all that hard work. Under the Hierarchical principle of ERM, the process described above is repeated down the org chart. The risk committee will appoint a risk owner for each of the 25 Risks and that risk owner will work with their list of Riskettes. If their Riskette list is longer than 10, they might want to create a priority structure, ranking the risks as is done for the board and top management. But if the initial risk register was done properly, then the Riskettes will be separate because there is something about them that requires something different in their monitoring or their risk treatment. So the risk register and Riskettes will be an valuable and actionable way to organize their responsibilities as risk owner. Even if it is never again shown to the Top management and the board.
These two ideas do not contradict the main thrust of COSO and ISO but they do represent a major adjustment in approach for insurance company risk managers who have been going to COSO or ISO for guidance. It would be best if those risk managers knew in advance about these two differences from the COSO/ISO approach that is applied in non-financial firms.
ERM programs all start out with a suggestion that you must identify your risks.
Many folks take this as a trivial exercize. But it is not. There are two important reasons why not:
Everyone has risks in the same major categories, but the way that those categories are divided into the action level is important. All insurers have UNDERWRITING RISK. But almost all insurers should be subdividing their UDERWRITING RISK into major subcategories, usually along the lines that they manage their insurance business. Even the very smallest single line single state insurers sub divide their insurance business. Risks should also be subdivided.
Names are important. Your key risks must have names that are consistent with how everyone in the company talks.
Best practice companies will take the process of updating very seriously. They treat it as a discovery and validation process.
To read more about Risk identification, see the WillisWire post
This is a Risk Control Cycle. It includes Thinking/Observing steps and Action Steps. The only reason a sane organization would spend the time on the Assessing, Planning and Monitoring steps is so that they could be more effective with the Risk Taking, Mitigating and Responding steps.
A process capable of limiting losses can be referred to as a complete risk control process, which would usually include the following:
Identification of risks—with a process that seeks to find all risks inherent in a insurance product, investment instrument, or other situation, rather than simply automatically targeting “the usual suspects.”
Assess Risks – This is both the beginning and the end of the cycle. As the end, this step is looking back and determining whether your judgment about the risk and your ability to select and manage risks is as good as you thought that it would be. As the beginning, you look forward to form a new opinion about the prospects for risk and rewards for the next year. For newly identified risks/opportunities this is the due diligence phase.
Plan Risk Taking and Risk Management – Based upon the risk assessment, management will make plans for how much of each risk that the organization will plan to accept and then how much of that risk will be transferred, offset and retained. These plans will also include the determination of limits
Take Risks – organizations will often have two teams of individuals involved in risk taking. One set will identify potential opportunities based upon broad guidelines that are either carried over from a prior year or modified by the accepted risk plan. (Sales) The other set will do a more detailed review of the acceptability of the risk and often the appropriate price for accepting the risk. (Underwriting)
Measuring and monitoring of risk—with metrics that are adapted to the complexity and the characteristics of the risk as well as Regular Reporting of Positions versus Limits/Checkpoints— where the timing needed to be effective depends on the volatility of the risk and the rate at which the insurer changes their risk positions. Insurers may report at a granular level that supports all specific decision making and actions on a regular schedule.
Regular risk assessment and dissemination of risk positions and loss experience—with a standard set of risk and loss metrics and distribution of risk position reports, with clear attention from persons with significant standing and authority in the organization.
Risk limits and standards—directly linked to objectives. Terminology varies widely, but many insurers have both hard “Limits” that they seek to never exceed and softer “Checkpoints” that are sometimes exceeded. Limits will often be extended to individuals within the organization with escalating authority for individuals higher in the organizational hierarchy.
Response – Enforcement of limits and policing of checkpoints—with documented consequences for limit breaches and standard resolution processes for exceeding checkpoints. Risk management processes such as risk avoidance for risks where the insurer has zero tolerance. These processes will ensure that constant management attention is not needed to assure compliance. However, occasional assessment of compliance is often practiced. Loss control processes to reduce the avoidable excess frequency and severity of claims and to assure that when losses occur, the extent of the losses is contained to the extent possible. Risk transfer processes, which are used when an insurer takes more risk than they wish to retain and where there is a third party who can take the risk at a price that is sensible after accounting for any counterparty risk that is created by the risk transfer process. Risk offset processes, which are used when insurer risks can be offset by taking additional risks that are found to have opposite characteristics. These processes usually entail the potential for basis risk because the offset is not exact at any time or because the degree of offset varies as time passes and conditions change, which is overcome in whole or in part by frequent adjustment to the offsetting positions. Risk diversification, which can be used when risks can be pooled with other risks with relatively low correlation. Risk costing / pricing, which involves maintaining the capability to develop appropriate views of the cost of holding a risk in terms of expected losses and provision for risk. This view will influence the risks that an insurer will take and the provisioning for losses from risks that the insurer has taken (reserves). This applies to all risks but especially to insurance risk management. Coordination of insurance profit/loss analysis with pricing with loss control (claims) with underwriting (risk selection), risk costing, and reserving, so that all parties within the insurer are aware of the relationship between emerging experience of the risks that the insurer has chosen to retain and the expectations that the insurer held when it chose to write and retain the risks.
Embedded assumptions are dangerous. That is because we are usually unaware and almost always not concerned about whether those embedded assumptions are still true or not.
One embedded assumption is that looking backwards, at the last year end, will get us to a conclusion about the financial strength of a financial firm.
We have always done that. Solvency assessments are always about the past year end.
But the last year end is over. We already know that the firm has survived that time period. What we really need to know is whether the firm will have the resources to withstand the next period. We assess the risks that the firm had at the last year end. Without regard to whether the firm actually is still exposed to those risks. When what we really need to know is whether the firm will survive the risks that it is going to be exposed to in the future.
We also apply standards for assessing solvency that are constant. However, the ability of a firm to take on additional risk quickly varies significantly in different markets. In 2006, financial firms were easily able to grow their risks at a high rate. Credit and capital were readily available and standards for the amount of actual cash or capital that a counterparty would expect a financial firm to have were particularly low.
Another embedded assumption is that we can look at risk based upon the holding period of a security or an insurance contract. What we fail to recognize is that even if every insurance contract lasts for only a short time, an insurer who regularly renews those contracts is exposed to risk over time in almost exactly the same way as someone who writes very long term contracts. The same holds for securities. A firm that typically holds positions for less than 30 days seems to have very limited exposure to losses that emerge over much longer periods. But if that firm tends to trade among similar positions and maintains a similar level of risk in a particular class of risk, then they are likely to be all in for any systematic losses from that class of risks. They are likely to find that exiting a position once those systematic losses start is costly, difficult and maybe impossible.
There are embedded assumptions all over the place. Banks have the embedded assumptions that they have zero risk from their liabilities. That works until some clever bank figures out how to make some risk there.
Insurers had the embedded assumption that variable products had no asset related risk. That embedded assumption led insurers to load up with highly risky guarantees for those products. Even after the 2001 dot com crash drove major losses and a couple of failures, companies still had the embedded assumption that there was no risk in the M&E fees. The hedged away their guarantee risk and kept all of their fee risk because they had an embedded assumption that there was no risk there. In fact, variable annuity writers faced massive DAC write-offs when the stock markets tanked. There was a blind spot that kept them from seeing this risk.
Many commentators have mentioned the embedded assumption that real estate always rose in value. In fact, the actual embedded assumption was that there would not be a nationwide drop in real estate values. This was backed up by over 20 years of experience. In fact, everyone started keeping detailed electronic records right after…… The last time when there was an across the board drop in home prices.
The blind spot caused it to take longer than it should have for many to notice that prices actually were falling nationally. Each piece of evidence was fit in and around the blind spots.
So a very important job for the risk manager is to be able to identify all of the embedded assumptions / blind spots that prevail in the firm and set up processes to continually assess whether there is a danger lurking right there – hiding in a blind spot.
Framing is of vital importance in identifying risks.
Risks need to be framed in a way that you CAN actually control them. If you say that your major risk is a drop in the stock market, then you are framing that risk as something that you cannot control.
If instead, if you frame it as a sudden drop in the value of your investments, then you are very highly in control of your risk. You can choose your investments. Your choice to manage the risk becomes a tractable risk reward trade-off. You can buy hedges to mitigate the amount of your losses.
The same goes for Hurricanes or other acts of nature. If you say that your risk is hurricanes, then you cannot control hurricanes and you are done. The risk management committee can go home early. But if you say that your risk is “damage caused by hurricanes”, suddenly you are in charge. You have options and you have responsibilities. You have the option to move some of your activities out of the path of hurricanes. You have the option to make sure that the construction of your building can withstand some or all hurricanes and the concurrent storm surge. You have the option of buying insurance to make sure that your damages are reimbursed.
So look at your list of risks. Make sure that even if it says Hurricane, that you are treating it as a manageable risk. As if it said “damage caused by hurricanes” that you can manage and you are not just throwing up your hands because you cannot stop a hurricane.
Riskviews was once asked by an insurance sector equity analyst for 10 questions that they could ask company CEOs and CFOs about ERM. Riskviews gave them 10 but they were trick questions. Each one would take an hour to answer properly. Not really what the analyst wanted.
Where have your risk experts disagreed with your risk models in the past year?
What are the areas where you see the firm being able to achieve better risk adjusted returns over the near term and long term?
They never come back and asked for the answer key. Here it is:
1. The first step in real risk management is to be able to think of the firm from a risk point of view. Any CEO can do that from a sales point of view and from a profits point of view. They know that 40% of the revenues come from the pumpkin business in South Florida and 25% of the profits from the Frozen Beet Juice Pops product line. Those statistics are a part of the sales profile and the profits profile. A first step to having a real ERM system is for the CEO to have an equal command of the Risk Profile. Any firm where the CEO does not have an equal command of risk as they do for sales does not have ERM yet. So this question is first and most important. The CEOs who are most likely to be unable to answer this question are the leaders of larger more complex companies. The investor need to make sure that top management of those firms has actual command of all of the key issues regarding the firm and its business. Risk really is a key issue. A vague or slow answer to this question indicates that Risk has not really been an issue that the CEO has attended to. That may work out fine for the company and the investors. If they are lucky.
#2 Higher Interest Rates and Tighter Money in Emerging Markets
#3 Political Crises in the Middle East
#4 Surging Oil Prices
#5 An Increase in Interest Rates in Developed Markets
#6 The End of QE2
#7 Fiscal Cuts and Sovereign Debt Crises
#8 The Japanese Disaster
How should ideas like these impact on ERM systems? Is it at all reasonable to say that they should not? Definitely not.
These potential shocks illustrate the need for the ERM system to be reflexive. The system needs to react to changes in the risk environment. That would mean that it needs to reflect differences in the risk environment in three possible ways:
In the calibration of the risk model. Model assumptions can be adjusted to reflect the potential near term impact of the shocks. Some of the shocks are certain and could be thought to impact on expected economic activity (Japanese disaster) but have a range of possible consequences (changing volatility). Other shocks, which are much less certain (end of QE2 – because there could still be a QE3) may be difficult to work into model assumptions.
With Stress and Scenario Tests – each of these shocks as well as combinations of the shocks could be stress or scenario tests. Riskviews suggest that developing a handful of fully developed scenarios with 3 or more of these shocks in each would be the modst useful.
In the choices of Risk Appetite. The information and stress.scenario tests should lead to a serious reexamination of risk appetite. There are several reasonable reactions – to simply reduce risk appetite in total, to selectively reduce risk appetite, to increase efforts to diversify risks, or to plan to aggressively take on more risk as some risks are found to have much higher reward.
The last strategy mentioned above (aggressively take on more risk) might not be thought of by most to be a risk management strategy. But think of it this way, the strategy could be stated as an increase in the minimum target reward for risk. Since things are expected to be riskier, the firm decides that it must get paid more for risk taking, staying away from lower paid risks. This actually makes quite a bit MORE sense than taking the same risks, expecting the same reward for risks and just taking less risk, which might be the most common strategy selected.
The final consideration is compensation. How should the firm be paying people for their performance in a riskier environment? How should the increase in market risk premium be treated?
SimErgy ERM Boot Camp
June 6-8, 2011
This practical hands-on program is designed to give participants tangible skills that can be applied immediately to successfully implement ERM. It uses a stimulating and dynamic combination of lectures, individual and group exercises, and case studies. The program is led by Sim Segal, FSA, CERA, and is based on his new book, Corporate Value of Enterprise Risk Management, his consulting experience, and his MBA/EMBA course at Columbia Business School.
The 10 Key ERM Criteria (Webinar)
May 25, 2011, 12:15pm – 1:15pm Eastern
A persistent issue in ERM is the lack of accepted ERM standards. This webinar presents 10 key criteria that define best practices and which can be used as a standard benchmark to evaluate the robustness of any ERM program. We will discuss common industry practices and evaluate them against each of these criteria. Speaker: Sim Segal, President, SimErgy Consulting
Five Keys to Successful Risk Identification (Webinar)
June 22, 2011, 12:15pm – 1:15pm Eastern
Risk identification is the first step in the ERM process cycle. Most assume that by now common practice must have evolved into best practice. However, this is not so. This webinar reveals the critical mistakes routinely made in risk identification that can derail the ERM process, and the five keys to successfully avoiding them. Speaker: Sim Segal, President, SimErgy Consulting
Risk Radio™
Thursdays, 12:15pm Eastern
SimErgy introduces an innovative medium for ERM discourse: a weekly radio program. Premiering March 31st, Risk Radio, airs Thursdays at 12:15pm Eastern. Hosted by SimErgy president Sim Segal, Risk Radio follows a talk radio format with 30 minutes of topical discussions on ERM. Occasional guests are featured and listeners may call in.
My suggestion it that rather than starting with someone else’s idea of ERM, you start with what YOUR COMPANY is already doing.
In that spirit, I offer up these eight Fundamental ERM Practices. So to follow my suggestion, you would start in each of these eight areas with a self assessment. Identify what you already have in these eight areas. THEN start to think about what to build. If there are gaping holes, plan to fill those in with new practices. If there are areas where your company already has a rich vein of existing practice build gently on that foundation. Much better to use ERM to enhance existing good practice than to tear down existing systems that are already working. Making significant improvement to existing good practices should be one of your lowest priorities.
Risk Identification: Systematic identification of principal risks – Identify and classify risks to which the firm is exposed and understand the important characteristics of the key risks
Risk Language: Explicit firm-wide words for risk – A risk definition that can be applied to all exposures, that helps to clarify the range of size of potential loss that is of concern to management and that identifies the likelihood range of potential losses that is of concern. Common definitions of the usual terms used to describe risk management roles and activities.
Risk Measurement: What gets measured gets managed – Includes: Gathering data, risk models, multiple views of risk and standards for data and models.
Policies and Standards: Clear and comprehensive documentation – Clearly documented the firm’s policies and standards regarding how the firm will take risks and how and when the firm will look to offset, transfer or retain risks. Definitions of risk-taking authorities; definitions of risks to be always avoided; underlying approach to risk management; measurement of risk; validation of risk models; approach to best practice standards.
Risk Organization: Roles & responsibilities – Coordination of ERM through: High-level risk committees; risk owners; Chief Risk Officer; corporate risk department; business unit management; business unit staff; internal audit. Assignment of responsibility, authority and expectations.
Risk Limits and Controlling: Set, track, enforce – Comprehensively clarifying expectations and limits regarding authority, concentration, size, quality; a distribution of risk targets
and limits, as well as plans for resolution of limit breaches and consequences of those breaches.
Risk Management Culture: ERM & the staff – ERM can be much more effective if there is risk awareness throughout the firm. This is accomplished via a multi-stage training program, targeting universal understanding of how the firm is addressing risk management best practices.
Risk Learning: Commitment to constant improvement – A learning and improvement environment that encourages staff to make improvements to company practices based on unfavorable and favorable experiences with risk management and losses, both within the firm and from outside the firm.
Another way to differentiate risks and loss situations is to distinguish between systematic losses and losses where your firm ends up in the bottom quartile of worst losses.
You can get to that by way of having a higher concentration of a risk exposure than your peers. Or else you can lose more in proportion to your exposure than your peers.
The reason it can be important to distinguish these situations is that there is some forgiveness from the market, from your customers and from your distributors if you lose money when everyone else is losing it. But there is little sympathy for the firm that manages to lose much more than everyone else.
And worst of all is to lose money when no one else is losing it.
So perhaps you might want to go through each of your largest risk exposures and imagine how either of these three scenarios might hit you.
One company had a loss of 50% of capital during the credit crunch of the early 1990’s. Their largest credit exposure was over 50% of capital and it went south. Average recoveries were 60% to 80% in those days, but this default had a 10% recovery. That 60% to 80% was an average, not a guaranteed recovery amount. Most companies lost less than 5% of capital in that year.
Another company lost well over 25% of capital during the dot com bust. They had concentrated in variable annuities. No fancy guarantees, just guaranteed death benefits. But their clientele was several years older than their average competitors. And the difference in mortality rate was enough that they had losses that were much larger than their competitors, who were also not so concentrated in variable annuities.
Explaining their claims for Hurricane Katrina that were about 50% higher as a percent of their expected total claims, one insurer found that they had failed to reinsure a large commercial customer whose total loss from the hurricane made up almost 75% of the excess. Had they followed their own retention rules on that one case, that excess would have been reduced by half.
So go over your risks. Create scenarios for each major risk category that might send your losses far over the rest of the pack. Then look for what needs to be done to prevent those extraordinary losses.
ERM programs all start out with a suggestion that you must identify your risks.
Risks should be identified within several major categories. Here is a typical list of categories for an insurer:
Insurance Risks
Underwriting
Reserving
Investment RIsks
Interest
Credit
Equity
Foreign Exchange
Other Counterparty Risks
Operational Risks
Legal/Compliance
IT
Distribution
Human Resources
Operations
Strategic Risks
Group Risks
Sounds simple enough. But there are two ways to do this that give very different results.
Top Down
Bottom Up
The bottom up process is urged by COSO and requires volumes of documentation and hours and hours of meetings and discussions. The result is a list of as many as 100 or more risks for a major sized organization. This process requires at least a year to accomplish. However, at the end of that year, the top executives of the firm will find that the product may well not be ready for them to get any use out of it.
That is because risk identification and in fact risk management takes on very different character at different levels of the organization. There almost needs to be three different risk management programs at any larger organization. One that is oriented to the top management, one that is oriented to the middle management and one that is oriented to the supervisory levels.
The COSO type risk identification process is designed to serve the supervisory and middle management. The initial risk identification process is done at the supervisory level, which at a very large organization can mean hundreds of people. The findings are eventually summarized and ranked, but the summary is at a level that is appropriate for middle management attention.
The top management is better served by a risk identification process that is more top down. If top management is unable or unwilling to do the risk identification work themselves, then it can be a middle up process.
Regardless of how the process is started or ended, there will need to be guidelines for for the significance of risks. A typical bottoms up risk identification can end up with well over 100 risks often as many as 200.
Prioritization is the second half of this basic risk management step. And the prioritization will depend upon the significance of the risks and significance will be based upon a measurement of the risks. Which is the second fundamental practice of ERM.
The thresholds should be established for significance of risks that should get board attention, a lower threshold that should get top management attention, then a lower threshold for middle management attention and a lower threshold for risks to get attention from supervisors.
None of the risks identified by the detailed bottoms up process are unimportant, but it is important to determine WHO they should be important to.
Risks can be mapped in a frequency severity matrix.
The third step of this practice is to classify the significant risks between those risks that are known by management to be well controlled and those that are less well controlled.
Immediate attention can then be focused on those risks that were shown to be of high significance and lower control, providing an immediate valuable product out of this very first stage of ERM.
This post is the first in a series to discuss the 8 ERM Fundamental Practices. There is more material for starting ERM programs at Introduction to ERM.
Latent Risks are those risks that you have that you are not aware of.
When you start out with a risk management program, you may find that you have many Latent Risks. One of the most important outcomes of the early stages of an ERM program is to drastically reduce the number of important Latent Risks. The “Enterprise” part of ERM means that you are making an effort to find and manage your previously Latent Risks no matter where they are in your organization.
Reality is that your Latent Risks will find you if you do not find them first.
The market is sometimes forgiving, especially if everyone misses some risk. So avoiding risk management is, in effect, taking a bet a bet that your competitors are not finding and dealing with their Latent Risks either.
The idea of Latent Risks is also important for existing ERM programs. That is because the world keeps changing and firms will develop new risks and risks that they did identify earlier but dismissed as insignificant have now grown. And those Latent Risks are the risks that are most likely to grow. (see Risk & Light)
So it would be a good practice for firms with a well developed ERM program to regularly conduct a review of their Latent Risks to determine whether there are any that should be included more prominently in their ERM program.
That is where the risk manager really earns their money.
The risks that are coming straight down the road, well that is important to pay attention to them. But those are the obvious risks. I would not pay very much for help in avoiding serious accidents from those risks.
But those round the corner risks, that would be very valuable, to have someone who can help to make sure that those out of sight risks do not ruin things.
However, what any risk manager who has tried to focus attention on the Around the Corner Risks has learned is that attending to such risks is often seen as spoiling the game.
In the Black Swan, Nassim Taleb talks about the degree to which businesses are in effect selling out of the money puts and pocketing the risk premium as if it is pure profits.
And that is often the case. Risk managers should extend their view to include analysis of the actual source of profits of the various endeavors of their firms. Any place where the profits are larger than can be explained is a place where the firm might well be getting paid for selling those puts.
The risk manager needs to be able to take that analysis of sources of profits back to top management to have a frank discussion of those unexplained sources of profits.
In most cases, those situations are risks to the firm, either because they represent risk premium for out of the money puts or because they represent temporary inefficiencies. The risk from the temporary inefficiencies is that if management mistakenly assumes that those inefficiencies are permanent, then the firm may over-invest in that activity. That over-investment may then eventually lead to the creation of those our of the money puts as a way to sustain profits when the inefficiencies are extinguished by the market.
An example of this situation is the Variable Annuity market in the US. In the early 1990’s firms were able to achieve good profits from this business largely because there were too few companies in the market. Every market participant could show good profits and growth in this new market without resorting to price competition. This situation attracted many additional insurers into the market, flattening the profitability. The next phase in the market was to offer additional benefits to customers at prices below market cost. These additional benefits were in the form of out of the money puts – guarantees against adverse experience of the investments underlying the product. And the risk premium charged for these benefits was often booked as a profit.
One of the reasons for the confusion between risk premium and profit is the way in which we recognize profits on risks where the period of the risk occurrence is much longer than the period for financial reporting.
The analysis of source of profits can be a powerful tool to help risk managers to both see those around the corner risks and to communicate the possible around the corner risks before them become immanent.
In many cases, companies survive the first bout of adversity.
It is the second bout that kills.
And more often than not, we are totally unprepared for that second hit.
Totally unprepared because of how we misunderstand statistics.
First of all, we believe that large loss events are unlikely and two large loss events are extremely unlikely. So we decide not to prepare for the extremely unlikely event that we get hit by two large losses at the same time. And in this case, “at the same time” may mean in subsequent years. Some who look at correlation, only use an arbitrary calendar year split out of experience data. So that they would consider losses in the third and fourth quarter to be happening at the same time but fourth quarter and first quarter of the next year would be considered different periods and therefore might show low correlations!
Second, we fail to deal with our reduced capacity immediately after a major loss event. We still think of our capacity as it was before the first hit. A part of our risk management plans for a major loss event should have been to immediately initiate a process to rationalize our risk exposures with our newly reduced capacity. This may in part be due to the third issue.
Third, we misunderstand that the fact of the first event does not reduce the likelihood of the other risk events. Those joint probabilities that made the dual event, no longer apply. In fact, with the reduced capacity, the type of even that would incapacitate the firm has suddenly become much more likely.
Most companies that experience one large loss event do not experience a second shortly thereafter, but many companies that fail do.
So if your interest is to reduce the likelihood of failure, you should consider the two loss event situation as a scenario that you prepare for.
But those preparations will present a troubling alternative. If, after the first major loss event, the actions needed include a sharp reduction in retained risk position, that will severely reduce the likelihood of growing back capacity.
Management is faced with a dilemma – that is two choices, neither of which are desirable. But as with most issues in risk management, better to face those issues in advance and to make a reasoned plan, rather than looking away and hoping for the best.
But on further reflection, this issue can be seen to be one of over concentration in a single risk. Some firms have reacted to this whole idea by setting their risk tolerance such that any one loss event will be limited to their excess capital. Their primary strategy for this type of concentration risk is in effect a diversification strategy.
Understand the probability of loss, adjusted for the severity of its impact, and you have a sure-fire method for measuring risk.
Sounds familiar and seems on point; but is it? This actuarial construct is useful and adds to our understanding of many types of risk. But if we had these estimates down pat, then how do we explain the financial crisis and its devastating results? The consequences of this failure have been overwhelming.
Enter “risk velocity,” or how quickly risks create loss events. Another way to think about the concept is in terms of “time to impact” a military phrase, a perspective that implies proactively assessing when the objective will be achieved. While relatively new in the risk expert forums I read, I would suggest this is a valuable concept to understand and more so to apply.
It is well and good to know how likely it is that a risk will manifest into a loss. Better yet to understand what the loss will be if it manifests. But perhaps the best way to generate a more comprehensive assessment of risk is to estimate how much time there may be to prepare a response or make some other risk treatment decision about an exposure. This allows you to prioritize more rapidly, developing exposures for action. Dynamic action is at the heart of robust risk management.
After all, expending all of your limited resources on identification and assessment really doesn’t buy you much but awareness. In fact awareness, from a legal perspective, creates another element of risk, one that can be quite costly if reasonable action is not taken in a timely manner. Not every exposure will result in this incremental risk, but a surprising number do.
Right now, there’s a substantial number of actors in the financial services sector who wish they’d understood risk velocity and taken some form of prudent action that could have perhaps altered the course of loss events as they came home to roost; if only.
In the US, firms are required to disclose their risks. This has led to an exercize that is particularly useless. Firms obviously spend very little time on what they publish under this part of their financial statement. Most firms seem to be using boilerplate language and a list of risks that is as long as possible. It is clearly a totally compliance based CYA activity. The only way that a firm could “lose” under this system is if they fail to disclose something that later creates a major loss. So best to mention everything under the sun. But when you look across a sector at these lists, you find a startling degree to which the risks actually differ. That is because there is absolutely no standard that is applied to tell what is a risk and if something is a risk, how significant is it. The idea of risk severity is totally missing.
Bread Box
What would help would be a common set of terms for Severity of losses from risks. Here is a suggestion of a scale for discussing loss severity for an individual firm:
A Loss that is a threat to earnings. This level of risk could result in a loss that would seriously impair or eliminate earnings.
A Loss that could result in a significant reduction to capital. This level of risk would result in a loss that would eliminate earnings and in addition eat into capital, reducing it by 10% to 20%
A Loss that could result in severe reduction of business activity. For insurers, this would be called “Going into Run-off”. It means that the firm is not insolvent, but it is unable to continue doing new business. This state often lasts for several years as old liabilities of the insurer are slowly paid of as they become due. Usually the firm in this state has some capital, but not enough to make any customers comfortable trusting them for future risks.
A Loss that would result in the insolvency of the firm.
Then in addition, for an entire sector or sub sector of firms:
Losses that significantly reduce earnings of the sector. A few firms might have capital reductions.
Losses that significantly impair capital for the sector. A few firms might be run out of business from these losses.
Losses that could cause a significant number of firms in the sector to be run out of business. The remainder of the sector still has capacity to pick up the business of the firms that go into run-off. A few firms might be insolvent.
Losses that are large enough that the sector no longer has the capacity to do the business that it had been doing. There is a forced reduction in activity in the sector until capacity can be replaced, either internally or from outside funds. A large number of firms are either insolvent or will need to go into run-off.
These can be referred to as Class 1, Class 2, Class 3, Class 4 risks for a firm or for a sector.
Class 3 and Class 4 Sector risks are Systemic Risks.
Care should be taken to make sure that everyone understands that risk drivers such as equity markets, or CDS can possibly produce Class 1, Class 2, Class 3 or Class 4 losses for a firm or for a sector in a severe enough scenario. There is no such thing as classifying a risk as always falling into one Class. However, it is possible that at a point in time, a risk may be small enough that it cannot produce a loss that is more than a Class 1 event.
For example, at a point in time (perhaps 2001), US sub prime mortgages were not a large enough class to rise above a Class 1 loss for any firms except those whose sole business was in that area. By 2007, Sub Prime mortgage exposure was large enough that Class 4 losses were created for the banking sector.
Looking at Sub Prime mortgage exposure in 2006, a bank should have been able to determine that sub primes could create a Class 1, Class 2, Class 3 or even Class 4 loss in the future. The banks could have determined the situations that would have led to losses in each Class for their firm and determined the likelihood of each situation, as well as the degree of preparation needed for the situation. This activity would have shown the startling growth of the sub prime mortgage exposure from a Class 1 to a Class 2 through Class 3 to Class 4 in a very short time period.
Similarly, the prudential regulators could theoretically have done the same activity at the sector level. Only in theory, because the banking regulators do not at this time collect the information needed to do such an exercize. There is a proposal that is part of the financial regulation legislation to collect such information. See CE_NIF.
The ERM Symposium is now 8 years old. Here are some ideas from the 2010 ERM Symposium…
Survivor Bias creates support for bad risk models. If a model underestimates risk there are two possible outcomes – good and bad. If bad, then you fix the model or stop doing the activity. If the outcome is good, then you do more and more of the activity until the result is bad. This suggests that model validation is much more important than just a simple minded tick the box exercize. It is a life and death matter.
BIG is BAD! Well maybe. Big means large political power. Big will mean that the political power will fight for parochial interests of the Big entity over the interests of the entire firm or system. Safer to not have your firm dominated by a single business, distributor, product, region. Safer to not have your financial system dominated by a handful of banks.
The world is not linear. You cannot project the macro effects directly from the micro effects.
Due Diligence for mergers is often left until the very last minute and given an extremely tight time frame. That will not change, so more due diligence needs to be a part of the target pre-selection process.
For merger of mature businesses, cultural fit is most important.
For newer businesses, retention of key employees is key
Modelitis = running the model until you get the desired answer
Most people when asked about future emerging risks, respond with the most recent problem – prior knowledge blindness
Regulators are sitting and waiting for a housing market recovery to resolve problems that are hidden by accounting in hundreds of banks.
Why do we think that any bank will do a good job of creating a living will? What is their motivation?
We will always have some regulatory arbitrage.
Left to their own devices, banks have proven that they do not have a survival instinct. (I have to admit that I have never, ever believed for a minute that any bank CEO has ever thought for even one second about the idea that their bank might be bailed out by the government. They simply do not believe that they will fail. )
Economics has been dominated by a religious belief in the mantra “markets good – government bad”
Non-financial businesses are opposed to putting OTC derivatives on exchanges because exchanges will only accept cash collateral. If they are hedging physical asset prices, why shouldn’t those same physical assets be good collateral? Or are they really arguing to be allowed to do speculative trading without posting collateral? Probably more of the latter.
it was said that systemic problems come from risk concentrations. Not always. They can come from losses and lack of proper disclosure. When folks see some losses and do not know who is hiding more losses, they stop doing business with everyone. None do enough disclosure and that confirms the suspicion that everyone is impaired.
Systemic risk management plans needs to recognize that this is like forest fires. If they prevent the small fires then the fires that eventually do happen will be much larger and more dangerous. And someday, there will be another fire.
Sometimes a small change in the input to a complex system will unpredictably result in a large change in the output. The financial markets are complex systems. The idea that the market participants will ever correctly anticipate such discontinuities is complete nonsense. So markets will always be efficient, except when they are drastically wrong.
Conflicting interests for risk managers who also wear other hats is a major issue for risk management in smaller companies.
People with bad risk models will drive people with good risk models out of the market.
Inelastic supply and inelastic demand for oil is the reason why prices are so volatile.
It was easy to sell the idea of starting an ERM system in 2008 & 2009. But will firms who need that much evidence of the need for risk management forget why they approved it when things get better?
If risk function is constantly finding large unmanaged risks, then something is seriously wrong with the firm.
You do not want to ever have to say that you were aware of a risk that later became a large loss but never told the board about it. Whether or not you have a risk management program.
On the same theme as Chief Ignorance Officer I was inspired by a review I just read of the book Invisible by Hughes de Montalembert. That book tells the autobiography of an artist who is blinded 30 years earlier. I was struck by the repeated references to things that the blind man was able to learn or notice that might not have been noticed by the sighted.
So take that idea to risk management and you end up with a very simple but potentially highly powerful exercize. The idea would be to see what you could learn about one of your risks if you totally exclude the information and anaylysis that you usually use – your eyesight.
If you rely totally on rating agency opinions for credit analysis, try to see whether you could reach similar information by a process that does not refer in any way to the ratings.
If you use a one year market consistent economic capital calculation to determine your capital adequacy, could you come to a similar conclusion about your security totally independently from the information and calculations of that model?
If you develop your underwriting risk view based upon your firm’s experience over the past 15 years, what sort of assumptions would you need to apply to industry history to get to your opinion about your firm’s risk?
Goldman Sachs famously decided to start hedging their sub prime exposures because an alternate analysis of their experience was just not as consistent with their primary information as it had been in the past. Notice that they started out with a track record of previous such exercizes and an expectation for the degree of deviation from their different sources. It is often the case with this alternate analysis that the absolute outcome might not be significant , but divergence in trend might be the key information that can lead to an avoidance of major loss.
So think about how to put the blinders on to your usual way of looking at your risks.
The idea is that person would protect the ability of the firm to be open minded. To consider both options and adverse possibilities. The CIO would be the person who does not ever believe the claims on the outside of the box. They would be the person who breaks the new toy immediately because they hold it the wrong way (hopefully while still in the store.) The CIO would be the person who is not so sure even when “everyone knows” that there is no risk in that new and growing area.
The CIO would also remind everyone that just because they have more information about one alternative it is not necessarily the best choice. Sometimes, the best choice is to go ahead with something that is not necessarily known for sure to work.
The CIO would also provide the childlike ability to see old things in a new light and possibly see new solutions for old problems that utilize tools that are right there on the worktable but that we always thought were only to be used for something else.
The CIO will be willing to try lots and lots of different solutions because they will not know in advance which one will work.
The CRO definitely should have a lieutenant who is their CIO. Someone who will actually see the road ahead because they have not been down it so many times that they no longer look.
I have been thinking about the the forces distorting the global economy. In the long run, the distortions don’t matter, because economies are bigger than governments, and eventually economies prevail over governments. Here are my dozen problems in the global economy.
1) China’s mercantilism — loans and currency. The biggest distortionary force in the world now is China. They encourage banks to loan to enterprises in order to force growth. They keep their currency undervalued to favor exports over imports. What was phrased to me as a grad student in development economics as a good thing is now malevolent. The only bright side is that when it blows, it might take the Chinese Communist Party with it.
2) US Deficits, European Deficits — In one sense, this reminds me of the era of the Rothschilds; governments relied on borrowing because other methods of taxation raised little. Well, this era is different. Taxes are high, but not high enough for governments that are trying to create the unachievable “permanent prosperity.” In the process they substitute public for private leverage, and in the process add to the leverage of their societies as a whole.
3) The Eurozone is a mess — Greece, Portugal, Spain, etc. I admit that I got it partially wrong, because I have always thought that political union is necessary in order to have a fiat currency. I expected inflation to be the problem, and the real problem is deflation. Will there be bailouts? Will the troubled nations leave? Will the untroubled nations leave that are the likely targets for bailout money?
4) Many entities that are affiliated with lending in the US Government, e.g., FDIC, GSEs, FHA are broke. The government just doesn’t say that, because they can still make payments.
5) The US Government feels it has to “do something” — so it creates more lending programs that further socialize lending, leading to more dumb loans.
6) Residential real estate is still in the tank. Residential delinquencies are at all-time highs. Strategic default is rising. The shadow inventory of homes that will come onto the market is large. I’m not saying that prices will fall for housing; I am saying that it will be tough to get them to rise.
7) Commercial real estate — there is too much debt supporting commercial real estate, and too little equity. There will be losses here; the only question is how deep the losses will go.
8 ) I have often thought that analyzing the strength of the states is a better measure for US economic strength, than relying on the statistics of the Federal Government. The state economies are weak at present. Part of that comes from the general macroeconomy, and part from the need to fund underfunded benefit plans. Life is tough when you can’t print your own money.
9) The US, UK, and Japan are force feeding liquidity into their economies. Thus the low short-term interest rates. Also note the Federal Reserve owning MBS in bulk, bloating their balance sheet.
10) Yield greed. The low short term interest rates touched off a competition to bid for risky debt. The only question is when it will reverse. Current yield levels do not fairly price likely default losses.
11) Most Western democracies are going into extreme deficits, because they can’t choose between economic stimulus and deficit reduction. Political deadlock is common, because no one is willing to deliver any real pain to the populace, lest they not be re-elected.
12) Demographics is one of the biggest pressures, but it is hidden. Many of the European nations and Japan face shrinking populations. China will be there also, in a decade. Nations that shrink are less capable of carrying their debt loads. In that sense, the US is in good shape, because we don’t discourage immigration.
This post is produced by David Merkel CFA, a registered representative of Finacorp Securities as an outside business activity. As such, Finacorp Securities does not review or approve materials presented herein. By viewing or participating in discussion on this blog, you understand that the opinions expressed within do not reflect the opinions or recommendations of Finacorp Securities, but are the opinions of the author and individual participants. Neither the information nor any opinion expressed constitutes a solicitation for the purchase or sale of any security or other instrument. Before investing, consider your investment objectives, risks, charges and expenses. Any purchase or sale activity in any securities instrument should be based upon your own analysis and conclusions. Past performance is not indicative of future results. Finacorp Securities is a member FINRA and SIPC.
Riskviews 