Archive for the ‘risk transfer’ category

Controlling with a Cycle

April 3, 2013

Helsinki_city_bikes

No, not that kind of cycle… This kind:

CycleThis is a Risk Control Cycle.  It includes Thinking/Observing steps and Action Steps.  The only reason a sane organization would spend the time on the Assessing, Planning and Monitoring steps is so that they could be more effective with the Risk Taking, Mitigating and Responding steps.

A process capable of limiting losses can be referred to as a complete risk control process, which would usually include the following:

  • Identification of risks—with a process that seeks to find all risks inherent in a insurance product, investment instrument, or other situation, rather than simply automatically targeting “the usual suspects.”
  • Assess Risks – This is both the beginning and the end of the cycle.  As the end, this step is looking back and determining whether your judgment about the risk and your ability to select and manage risks is as good as you thought that it would be.  As the beginning, you look forward to form a new opinion about the prospects for risk and rewards for the next year.  For newly identified risks/opportunities this is the due diligence phase.
  • Plan Risk Taking and Risk Management – Based upon the risk assessment, management will make plans for how much of each risk that the organization will plan to accept and then how much of that risk will be transferred, offset and retained.  These plans will also include the determination of limits
  • Take Risks – organizations will often have two teams of individuals involved in risk taking.  One set will identify potential opportunities based upon broad guidelines that are either carried over from a prior year or modified by the accepted risk plan.  (Sales) The other set will do a more detailed review of the acceptability of the risk and often the appropriate price for accepting the risk.  (Underwriting)
  • Measuring and monitoring of risk—with metrics that are adapted to the complexity and the characteristics of the risk as well as Regular Reporting of Positions versus Limits/Checkpoints— where the timing needed to be effective depends on the volatility of the risk and the rate at which the insurer changes their risk positions. Insurers may report at a granular level that supports all specific decision making and actions on a regular schedule.
  • Regular risk assessment and dissemination of risk positions and loss experience—with a standard set of risk and loss metrics and distribution of risk position reports, with clear attention from persons with significant standing and authority in the organization.
  • Risk limits and standards—directly linked to objectives. Terminology varies widely, but many insurers have both hard “Limits” that they seek to never exceed and softer “Checkpoints” that are sometimes exceeded. Limits will often be extended to individuals within the organization with escalating authority for individuals higher in the organizational hierarchy.
  • Response – Enforcement of limits and policing of checkpoints—with documented consequences for limit breaches and standard resolution processes for exceeding checkpoints. Risk management processes such as risk avoidance for risks where the insurer has zero tolerance. These processes will ensure that constant management attention is not needed to assure compliance. However, occasional assessment of compliance is often practiced. Loss control processes to reduce the avoidable excess frequency and severity of claims and to assure that when losses occur, the extent of the losses is contained to the extent possible. Risk transfer processes, which are used when an insurer takes more risk than they wish to retain and where there is a third party who can take the risk at a price that is sensible after accounting for any counterparty risk that is created by the risk transfer process. Risk offset processes, which are used when insurer risks can be offset by taking additional risks that are found to have opposite characteristics. These processes usually entail the potential for basis risk because the offset is not exact at any time or because the degree of offset varies as time passes and conditions change, which is overcome in whole or in part by frequent adjustment to the offsetting positions. Risk diversification, which can be used when risks can be pooled with other risks with relatively low correlation. Risk costing / pricing, which involves maintaining the capability to develop appropriate views of the cost of holding a risk in terms of expected losses and provision for risk. This view will influence the risks that an insurer will take and the provisioning for losses from risks that the insurer has taken (reserves). This applies to all risks but especially to insurance risk management. Coordination of insurance profit/loss analysis with pricing with loss control (claims) with underwriting (risk selection), risk costing, and reserving, so that all parties within the insurer are aware of the relationship between emerging experience of the 
risks that the insurer has chosen to retain and the expectations that the insurer held when it chose to write and retain the risks.
  • Assess Risks – and the cycle starts again.

This is one of the seven ERM Principles for Insurers

Advertisements

Lessons for Insurers (5)

April 26, 2010

In late 2008,  the The CAS, CIA, and the SOA’s Joint Risk Management Section funded a research report about the Financial Crisis.  This report featured nine key Lessons for Insurers.  Riskviews will comment on those lessons individually…

5. It is important to develop a counterparty risk management system and establish counterparty limits.

Insurers need to fully understand several things about both credit and reinsurance to get this right.

First of all, in a credit or reinsurance situation, the insurer is usually trading uncertainty in the “expected” range of probabilities for a potential loss at a very high attachment point, the failure point for the counterparty.

Second of all, the insurer needs to recognize that the failure of their counterparty usually does not in any way change their obligation.  When an insurer buys a bond, they are usually responsible to make payments to their policyholder regardless of whether the bond is good.  When an insurer buys reinsurance they are still responsible to pay claims whether or not the reinsurer is able to meet its obligations.

Recognize that in almost all cases, the standard risk management terminology is flawed.  Risk is usually not transferred.

The other consideration that is important to insurers is that they need to look for counterparty exposures everywhere in their operations.  In each of their insurance lines as well as in every part of their investment portfolio.  In firms where traditionally insurance and investments are treated as completelyt separate silos, risk managers are finding that both sides of the house are sometimes dealing with the exact same counterparties.  Aggregation and management of these concentrations is key.

And finally to scare you completely, a good way to think of counterparty risk is that you are bring a fraction of the entire balance sheet on to your balance sheet in return for a contingent payment.  So that should make you very interested in transparency.  Or maybe not.  Maybe you close your eyes when you drive around sharp curves also.

Lessons for Insurers (1)

Lessons for Insurers (2)

Lessons for Insurers (3)

Lessons for Insurers (4)

Lessons for Insurers (5)

Lessons for Insurers (6)

Skating Away on the Thin Ice of the New Day

April 23, 2010

The title of an old Jethro Tull song.  It sounds like the theme song for the economy today!

Now we all know.  The correlations that we used for our risk models were not reliable in the one instance where we really wanted an answer.

In times of stress, correlations go to one.

That is finally, after only four or five examples with the exact same result, become accepted wisdom.

But does that mean that Diversification is dead as a strategy?

I would argue that it certainly puts a hurt to diversification as a strategy for finding risk free returns.  Which is how it was being (mis) used in the Sub Prime markets.

But Diversification should still reign as the king of risk management strategies.  But it needs to be real diversification.  Not tiny diversification that is observable only under a mathematical microscope.  Real Diversification is where risks have completely different drivers.  Not slightly different statistical histories.

So in Uncertain Times, and these days must be labeled Uncertain Times (or the thin ice age), diversification is the best risk management strategy.  Along with its mirror image twin, avoidance of concentrations.

The banks had given up on diversification as a risk strategy.  Instead they believed that they were making risk free returns by taking lots and lots of concentrated risk that they were either fully hedging or moving the risk off their balance sheets very quickly.

Both ideas failed.  Hedging failed when the counter party was Lehman Brothers.  It succeeded when the counter party was any of the other institutions that were bailed out, but there was an extended period of severe uncertainty about that before the bailouts were finally put into place.  Moving the risks off the balance sheet failed in two ways.  First it failed because they were really playing hot potato without admitting it.  When the music stopped, someone was holding the potato.  And some banks were holding many potatoes.  It also failed because some banks had been offloading the risks to hedge funds and other investors who they were lending funds to finance the purchase.  When the CDOs soured, the loans secured by the CDOs were underwated and the CDOs came back onto the bank balance sheets.

The banks that were hurt the least were the banks who were not so very concentrated in just one major risk.

The cost of the simple diversification strategy is that those banks with real diversification showed lower returns during the build up of the bubble.

So that is the risk reward trade off of real diversification – it will often produce lower returns than the mathematical diversification but it will also show lower losses in proportion to total revenue than a strategy that concentrates in the most profitable risk choices according to a model that is tuned to the accounting or performance bonus system.

Diversification is the risk management strategy for the Thin Ice Age.

LIVE from the ERM Symposium

April 17, 2010

(Well not quite LIVE, but almost)

The ERM Symposium is now 8 years old.  Here are some ideas from the 2010 ERM Symposium…

  • Survivor Bias creates support for bad risk models.  If a model underestimates risk there are two possible outcomes – good and bad.  If bad, then you fix the model or stop doing the activity.  If the outcome is good, then you do more and more of the activity until the result is bad.  This suggests that model validation is much more important than just a simple minded tick the box exercize.  It is a life and death matter.
  • BIG is BAD!  Well maybe.  Big means large political power.  Big will mean that the political power will fight for parochial interests of the Big entity over the interests of the entire firm or system.  Safer to not have your firm dominated by a single business, distributor, product, region.  Safer to not have your financial system dominated by a handful of banks.
  • The world is not linear.  You cannot project the macro effects directly from the micro effects.
  • Due Diligence for mergers is often left until the very last minute and given an extremely tight time frame.  That will not change, so more due diligence needs to be a part of the target pre-selection process.
  • For merger of mature businesses, cultural fit is most important.
  • For newer businesses, retention of key employees is key
  • Modelitis = running the model until you get the desired answer
  • Most people when asked about future emerging risks, respond with the most recent problem – prior knowledge blindness
  • Regulators are sitting and waiting for a housing market recovery to resolve problems that are hidden by accounting in hundreds of banks.
  • Why do we think that any bank will do a good job of creating a living will?  What is their motivation?
  • We will always have some regulatory arbitrage.
  • Left to their own devices, banks have proven that they do not have a survival instinct.  (I have to admit that I have never, ever believed for a minute that any bank CEO has ever thought for even one second about the idea that their bank might be bailed out by the government.  They simply do not believe that they will fail. )
  • Economics has been dominated by a religious belief in the mantra “markets good – government bad”
  • Non-financial businesses are opposed to putting OTC derivatives on exchanges because exchanges will only accept cash collateral.  If they are hedging physical asset prices, why shouldn’t those same physical assets be good collateral?  Or are they really arguing to be allowed to do speculative trading without posting collateral? Probably more of the latter.
  • it was said that systemic problems come from risk concentrations.  Not always.  They can come from losses and lack of proper disclosure.  When folks see some losses and do not know who is hiding more losses, they stop doing business with everyone.  None do enough disclosure and that confirms the suspicion that everyone is impaired.
  • Systemic risk management plans needs to recognize that this is like forest fires.  If they prevent the small fires then the fires that eventually do happen will be much larger and more dangerous.  And someday, there will be another fire.
  • Sometimes a small change in the input to a complex system will unpredictably result in a large change in the output.  The financial markets are complex systems.  The idea that the market participants will ever correctly anticipate such discontinuities is complete nonsense.  So markets will always be efficient, except when they are drastically wrong.
  • Conflicting interests for risk managers who also wear other hats is a major issue for risk management in smaller companies.
  • People with bad risk models will drive people with good risk models out of the market.
  • Inelastic supply and inelastic demand for oil is the reason why prices are so volatile.
  • It was easy to sell the idea of starting an ERM system in 2008 & 2009.  But will firms who need that much evidence of the need for risk management forget why they approved it when things get better?
  • If risk function is constantly finding large unmanaged risks, then something is seriously wrong with the firm.
  • You do not want to ever have to say that you were aware of a risk that later became a large loss but never told the board about it.  Whether or not you have a risk management program.

ERM: Law of Unintended Consequences [2]

September 25, 2009

From Neil Bodoff

One of the reasons that so many counterparties bought CDS protection [from the same counterparty, precipitating a crisis] was their desire to reduce their regulatory capital requirements. So the regulatory framework had high capital requirements for credit risk, but low capital requirements when the credit risk was hedged. Basically the regulatory framework created a strong incentive for all banks to simultaneously execute the same strategy of hedging risk via CDS. Lessons are: [1] Whereas individual firms in a competitive market may pursue various strategies, the government’s monopoly on regulation might create a homogenizing effect on firms’ behavior, thus concentrating risk. Thus the regulatory framework itself becomes a systemic risk and thus requires extra scrutiny and care. [2] For any regulatory framework, the designers ought to choose someone to “roleplay” the part of firms trying to minimize regulatory capital requirements, so as to understand the behaviors and countermeasures the firms might take in response to the regulatory demands. [3] Beware of unintended consequences.

Counterparties

September 3, 2009

When you substitute counterparty risk for another risk, you are essentially bringing their entire balance sheet proportionately onto yours.  Counterparty due diligence is key.  Collateral agreements are important.  Some would say that collateral agreements brought down the banks that failed and AIG that was rescued, but from the counterparty point of view…  In addition to traditional credit analysis that is mostly backward looking, insurers should try to understand the approach to risk taking of their counterparties so that they can become comfortable with the risks that they may take in the future.  The counterparty exposure that exists right now may not be representative of the size of the exposures right after a major loss event.  Examination of those potential exposures and the potential losses to the reinsurer in a major loss event should be studied and factored into risk and reinsurance decisions.

This means plotting the level of obligation from the counterparty in the event of an extremely adverse scenario.  That is when the idea of taking on a proportionate share of the counterparties balance sheet takes on significant importance.  The degree to which the counterparty is concentrated in that particular risk becomes key.  That is not information that is available from just looking at the rating of the counterparty.  You must know and understand the other obligations of the counterparty to know the degree to which they are at risk from the type of event that you are offsetting (not transferring see Bad Labels ).

This means that a stress test becomes most important.  The stress test will look at (1) the amount of gross loss, (2) the amount due from the counterparty under the stress scenario in the form of a claim, a reserve credit, or collateral and (3) the degree to which the stress scenario impacts the ability of the counterparty to make good on their obligations.  As was seen during the financial crisis, the liquidity of the counterparty under stress may well be the constraint.  If your firm does not have the liquidity to easily pay the gross losses under that are due in cash, then you are relying on the counterparty as a source of liquidity.

ERM only has value to those who know that the future is uncertain.

August 26, 2009

Businesses have three key needs.

First they need to have a product or service that people will buy. They need revenues.

Second they need to have the ability to provide that product or service at a cost less than what their customers will pay. They need profits.

Once they have revenues and profits, their business is a valuable asset. So third, they need to have a system to avoid losing that asset because of unforeseen adverse experience. They need risk management.

So Risk Management is the third most important need of a firm.

And there is often a conflict between risk management and the other two goals. Risk management will sometimes say that a business activity that produces revenue is too risky and must be curtailed or modified in such a way that it produces less revenues. Risk Management often costs money or otherwise depresses profits. For example, an insurance policy covering fire of a building owned by the firm will cost money and depress profits.

So Risk Management needs to defend its value to the firm. Many risk management proponents have been asked to tell the value added of their activities. This is difficult to explain. Not because risk management does not have a value, but because the cost of risk management in terms of reduced revenues or increased costs are usually tangible and definite, while the benefits are probabilistic. Often the person asking the question is looking for a traditional spreadsheet answer that shows two columns adding up and perhaps the difference between the two is the benefit of risk management.

It does not work that way. For Risk Management to have value, one must understand that the future is uncertain. The value of risk management comes from the way that it shapes that uncertainty.

The next time you are asked about the value of risk management, ask the questioner what value they would put on the airbags and seat belts in their car. If they have no uncertainty about their ability to avoid accidents, then they will put a zero value on the safety devices – the personal risk management systems. If they resist answering, ask them if they will agree to have them removed for $20? Or for $2000? What value do they place on that risk management?

Most people will agree that the demise of a company is less serious than the demise of a person, but it is not difficult to see that there is some value to activities that increase the chance that a company will not expire in the next business cycle or windstorm.

So risk management decreases the uncertainty about the survival of the firm. There is a way to quantitatively value that reduction in uncertainty and compare it to the reduced revenues or increased costs of the risk management activities.


%d bloggers like this: