Top 10 ERM Podcasts of 2023

Have you listened to these ten popular Crossing Thin Ice Podcasts of 2023?

https://crossingthinice.podbean.com/

Title	Released	Downloads
Spillover Diseases	Apr 07, 2023	207
Telling Your ERM Story to Rating Agency	Jul 10, 2023	186
Concentration	Aug 07, 2023	163
Inflation – Most Dangerous Risk of 2023	May 08, 2023	159
Six Futures for ERM	Sep 11, 2023	156
Super Volcano	Aug 21, 2023	153
Three Levels of Stress	Jun 07, 2023	150
Risk and Capital	Nov 06, 2023	136
Fear vs. Danger	Apr 24, 2023	134
Microplastics	Jun 19, 2023	126

Spillover Diseases – As humans encroach on new ecosystems diseases found in animals and birds can jump to a new home inside us. We think about coronavirus and influenza but should monitor closely diseases like bird flu and Ebola.
Risk Reporting to Rating Agencies – Insurers view interactions with rating agencies with trepidation, but a strategy can be implemented for your presentation that gives the rating agency what they need to know to give a fair review.
Concentration Risk – Concentration is added by doubling down on things you do well. This two-part article considers strategic drivers that add to concentration and tactical methods to mitigate these risks.
Inflation – Emerging risks sometimes seem like they come out of a science fiction movie. Solar storms are more than just pretty northern lights. An impactful solar storm happened as recently as 1859. While some problems with telegraph wires were reported, just imagine how much more we depend upon electronics now than we did then.
Six Futures for ERM – Scenario based planning is good for forming company strategy and it can also be good for planning risk management. There are a number of ways that the future might play out for risk management and the likelihood of each of the six possibilities mentioned here has probably changed significantly because of our experiences over the past two years. Which future will you be prepared for and which would have been a total surprise if you hadn’t read this article?
Super volcano – A volcano erupts somewhere, on average, every week. Eruptions large enough to impact the global environment happen much less frequently, but they have happened. The “Year without a Summer” in 1815 affected crops and immigration, and similar events will happen again. These Super Volcanoes tend to have numerous knock-on effects.
Stress Testing – Three levels of Stress – Stress tests come in various levels of adversity; normal volatility, realistic disasters and worst case scenarios. Aligning the situation to the appropriate stress test is very important when managing an insurer. Regulators are less interested in how you manage day-to-day, more in scenarios that might result in insolvency.
Risk and Capital – Stakeholder perception about the appropriate level of risk and the corresponding capital level varies. Some insurers focus on optimizing income and disbursements, while others find their goals aligned by holding redundant capital. Here we consider the available options and the pros and cons of each.
“Fear vs. Danger” – Using rational thought to balance fear and danger, with an appropriate response, is hard. Having a process to think about how to react improves the likelihood of success.”
Microplastics – Tiny pieces of plastic are found in the ocean, soils and the human body. This can’t be good. Scientists are still learning about the implications of microplastics, but it’s clear that better recycling and reduced use of plastic bottles, fishing nets, micro beads and nurdles are a start.

Risk Measurement & Reporting

Peter Drucker is reported to have once said “what gets measured, gets managed.” That truism of modern management applied to risk as well as it does to other more commonly measured things like sales, profits and expens es .

Regulators take a similar view; what gets measured should get managed. ORSA f rameworks aim to support prospective solvency by giving management a clear view of their on-going corporate risk positions.

This in turn should reduce the likelihood of large unanticipated losses if timely action can be taken when a risk limit is breached.

From a regulatory perspective, each identified risk should have at least one measurable metric that is reported upwards, ultimately to the board.

The Need to Measure Up

Many risk management programs build up extensive risk registers but are stymied by this obvious next step – that of measuring the risks that have been identif ied.

Almost every CEO can cite the company’s latest f igures f or sales, expenses and profits, but very few know what the company’s risk position might be.

Risks are somewhat more difficult to measure than profits due to the degree to which they depend upon opinions.

Insurance company profits are already seen as opaque by many non-industry observers because profits depend on more than just sales and expenses:profits depend upon claims estimates, which are based on current (and often incomplete) information about those transactions.

Risk, on the other hand, is all about things that might happen in the f uture: specif ically, bad things that might happen in the f uture.

Arisk measure reflects an opinion about the size of the exposure to f uture losses. All risk measures are opinions; there are no f acts about the f uture. At least not yet.

Rationalizing Risk

There are, however, several ways that risk can be measured to facilitate management in the classical sense that Drucker was thinking of.

That classic idea is the management control cycle, where management sets a plan and then monitors emerging experience in comparison to that plan.

To achieve this objective, risk measures need to be consistent from period to period. They need to increase when volume of activity increases, but they also need to reflect changes in the riskiness of activities as time passes and as the portfolio of the risk taker changes .

Good risk measures provide a projected outcome; but in some
cases, such calculations are not available and risk indicators must be used instead.

Risk indicators measure something that is closely related to the risk and so can be expected to vary similarly to an actual risk measure, if one were available.

For insurers, current state-of-the-art risk measures are based upon computer models of the risk taking act ivit ies .

With these models, risk managers can determine a broad range of possible outcomes for a risk taking activity and then define the risk measure as some subset of those outcomes.

Value at Risk

The most common such measure is called value at risk (VaR). If the risk model is run with a random element, usually called a Monte Carlo or stochastic model, a 99% VaR would be the 99th worst result in a run of 100 outcomes, or the 990th worst out of 1000.

Contingent Tail Expectation

This value might represent the insurer’s risk capital target.Asimilar risk measure is the contingent tail expectation (CTE), which is also called the tail value at risk (TVaR).

The 99% CTE is the average of all the values that are worse than the 99% VaR. You can think of these two values in this manner: if a company holds capital at the 99% VaR level, then the 99% CTE minus the 99% VaR is the average amount of loss to policyholders should the company become insolvent.

Rating agencies, and increasingly regulators, require companies to provide results of risk measures from stochastic models of natural catastrophes.

Stochastic models are also used to estimate other risk exposures, including underwriting risk from other lines of insurance coverage and investment risk.

In addition to stochastic models, insurers also model possible losses under single well-defined adverse scenarios. The results are often called stress tests.

Regulators are also increasingly calling for stress tests to provide risk measures that they feel are more easily understood and compared among companies.

Key Risk Indicators

Most other risks, especially strategic and operational risks, are monitored by key risk indicators (KRIs). For these risks, good measures are not available and so we must rely on indicators.

For example, an economic downturn could pose risk to an insurer’s growth strategy. While it may be dif f icult to measure the likelihood of a downturn or the extent to which it would impair growth, the insurer can use economic f orecasts as risk indicators.

Of course,simplymeasuringriskisinsufficient.Theresultsof themeasurementmustbecommunicatedto people who can and will use the risk information to appropriately steer the future activity of the company.

Risk Dashboard

Simple charts of numbers are sufficient in some cases, but the state of the art approach to presenting risk measurement information is the risk dashboard.

With a risk dashboard, several important charts and graphs are presented on a single page, like the dashboard of a car or airplane, so that the user can see important information and trends at a glance.

The risk dashboard is often accompanied by the charts of numbers, either on later pages of a hard copy or on a click-through basis for on-screen risk dashboards.

Dashboard Example

Knowing the results from Stress Tests in Advance

Insurers and regulators need to adopt the idea of characterizing stress tests scenario frequency as:

 

Normal Volatility

Realistic Disaster

Worst Case

 

Or something equivalent.

 

With the idea that it is reasonable for an insurer to prepare for a Realistic Disaster Scenario, but not practical to be prepared for all Worst Case scenarios. Not practical because the insurance would cost too much and less insurance would be sold.

 

With such a common language about frequency relating to stress tests, the results of the stress testing and the response to those results can make much more sense.

 

The outcomes of stress testing then fall into a pattern as well.

 

• An insurer should be able to withstand normal volatility without any lasting reduction to capital.

 

• An insurer should be able to withstand a Realistic Disaster for most of their risks without a game changing impairment of capital, i.e. it would be realistic for them to plan to earn their way back to their desired level of capital. For the most significant one or two risks, a Realistic Disaster may result in Capital impairment that requires special actions to repair. Special actions may include a major change to company strategy.

 

• An insurer can usually withstand a Worst Case scenario for most of their risks with the likelihood that for some, there will be an impairment to capital that requires special actions to repair. For the largest one or two risks, the insurer is unlikely to be able to withstand the Worst Case scenario.

 

Those three statements are in fact a requirement for an insurer to be said to be effectively managing their risks.

So the ORSA and any other stress testing process should result in the development of the story of what sorts of stresses require special management actions and what types result in failure of the insurer.  And for an insurer with a risk management program that is working well, those answers should be known for all but one or two of their risks.  Those would the second and third largest risks.  An insurer with a perfect risk management program will not have very much daylight between their first, second and third largest risks and therefore may well be able to survive some worst case scenarios for even their largest risks.

Top 10 RISKVIEWS Posts of 2014 – ORSA Heavily Featured

RISKVIEWS believes that this may be the best top 10 list of posts in the history of this blog.  Thanks to our readers whose clicks resulted in their selection.

• Instructions for a 17 Step ORSA Process – Own Risk and Solvency Assessment is here for Canadian insurers, coming in 2015 for US and required in Europe for 2016. At least 10 other countries have also adopted ORSA and are moving towards full implementation. This post leads you to 17 other posts that give a detailed view of the various parts to a full ORSA process and report.
• Full Limits Stress Test – Where Solvency and ERM Meet – This post suggests a link between your ERM program and your stress tests for ORSA that is highly logical, but not generally practiced.
• What kind of Stress Test? – Risk managers need to do a better job communicating what they are doing. Much communications about risk models and stress tests is fairly mechanical and technical. This post suggests some plain English terminology to describe the stress tests to non-technical audiences such as boards and top management.
• How to Build and Use a Risk Register – A first RISKVIEWS post from a new regular contributor, Harry Hall. Watch for more posts along these lines from Harry in the coming months. And catch Harry on his blog, http://www.pmsouth.com
• ORSA ==> AC – ST > RCS – You will notice a recurring theme in 2014 – ORSA. That topic has taken up much of RISKVIEWS time in 2014 and will likely take up even more in 2015 and after as more and more companies undertake their first ORSA process and report. This post is a simple explanation of the question that ORSA is trying to answer that RISKVIEWS has used when explaining ORSA to a board of directors.
• The History of Risk Management – Someone asked RISKVIEWS to do a speech on the history of ERM. This post and the associated new permanent page are the notes from writing that speech. Much more here than could fit into a 15 minute talk.
• Hierarchy Principle of Risk Management – There are thousands of risks faced by an insurer that do not belong in their ERM program. That is because of the Hierarchy Principle. Many insurers who have followed someone’s urging that ALL risk need to be included in ERM belatedly find out that no one in top management wants to hear from them or to let them talk to the board. A good dose of the Hierarchy Principle will fix that, though it will take time. Bad first impressions are difficult to fix.
• Risk Culture, Neoclassical Economics, and Enterprise Risk Management – A discussion of the different beliefs about how business and risk work. A difference in the beliefs that are taught in MBA and Finance programs from the beliefs about risk that underpin ERM make it difficult to reconcile spending time and money on risk management.
• What CEO’s Think about Risk – A discussion of three different aspects of decision-making as practiced by top management of companies and the decision making processes that are taught to quants can make quants less effective when trying to explain their work and conclusions.
• Decision Making Under Deep Uncertainty – Explores the concepts of Deep Uncertainty and Wicked Problems. Of interest if you have any risks that you find yourself unable to clearly understand or if you have any problems where all of the apparent solutions are strongly opposed by one group of stakeholders or another.

ORSA ==> AC – ST > RCS

The Own Risk and Solvency Assessment (or Forward Looking Assessment of Own Risks based on ORSA principles) initially seems daunting.  But the simple formula in the title of this post provides a guide to what is really going on.

1. To preform an ORSA, an insurer must first decide upon its own Risk Capital Standard.
2. The insurer needs to develop the capacity to project the financial and risk exposure statistics forward for several years under a range of specified conditions.
3. Included in the projection capacity is the ability to determine (a) the amount of capital required under their own risk capital standard and (b) the projected amount of capital available.
4. The insurer needs to select a range of Stress Tests that will be used for the projections.
5. If, under a projection based upon a Stress Test, the available capital exceeds the Risk Capital Standard, then that Stress Test is a pass.                   AC – ST >RCS
6. If, under a projection based upon a Stress Test, the available capital is less than the Risk Capital Standard, then that Stress Test is a fail and requires an explanation of intended management actions.                            AC – ST < RCS  ==> MA

RISKVIEWS suggests that Stress Tests should be chosen so that the company can demonstrate that they can pass (AC – ST >RCS) the tests under a wide range of scenarios AND in addition, that one or several of the Stress Tests are severe enough to produce a fail (AC – ST < RCS  ==> MA) condition so that they can demonstrate that management has conceptualized the actions that would be needed in extreme loss situations.

RISKVIEWS also guesses that an insurer that picks a low Risk Capital Standard and Normal Volatility Stress Tests will get push back from the regulators reviewing the ORSA.

RISKVIEWS also guesses that an insurer that picks a high Risk Capital Standard will fail some or all of the more severe Stress Tests.

Furthermore, RISKVIEWS predicts that many insurers will fail the real Future Worst Case Stress Tests.  Only firms that hold themselves to a Robust Risk Capital Standard are likely to have sufficient capital to potentially maintain solvency.  In RISKVIEWS opinion, these Future Worst Case Stress Tests are useful mainly as the starting point for a Reverse Stress Test process.  In financial markets, we have experienced a real life worst case stress with the 2008 Financial Crisis and the following events.  Imaging insurance worst case scenarios that are as adverse as those events seems useful to promoting insurer survival.  Imagining events that are much worse than those – which is what is meant by the Future Worst Case Scenario idea – seems to be overkill.  But, in fact,  the history of adverse events in the recent past seems to indicate that each new major loss is at least twice the previous record.

A Reverse Stress Test is a process under which an insurer would determine the adverse scenario that drives the insurer to insolvency.  Under the NAIC ORSA, Reverse Stress Tests are required, but it is not specified whether those tests should be based upon a condition of failing to meet the insurer’s own Risk Capital Standard or the regulators solvency standard.  RISKVIEWS would recommend both types of tests be performed.

This discussion is the heart of the ORSA.  The full ORSA requires many other elements.  See the recent post INSTRUCTIONS FOR A 17 STEP ORSA PROCESS for the full discussion.

What kind of Stress Test?

What kind of future were you thinking of when you constructed your stress tests?  Here are six different visions of the stressed future that have been the basis for stress tests.

• Historical Worst Case – Worst experience in the past 20 – 25 years
• Normal Variability – Stress falls within expected range for a normal five year period
• Adverse Environment Variability – Stress falls within expected range for a five year period that includes general deterioration such as recession or major weather/climate deviation
• Future Realistic Disaster – Worst experience that is reasonably expected in the future (even if it has never happened)
• Adverse Environment Disaster – Worst experience that is reasonably expected in the future if the future is significantly worse than the past
• Future Worst Case – Maximum plausible loss that could occur even if you believe that likelihood is extremely remote

Here are a long list of stress scenarios that comes from the exposure draft of the NAIC document for ORSA reviewers:

1. Credit

• Counterparty exposure (loss of specified amount to reinsurer, derivatives party, supplier)
• Equity securities (40%/50% drop, no growth in stocks in 3 years)
• General widening of credit spreads (increase in defaults)
• Other risk assets

2. Market

• 300 basis point pop up in interest rates
• Prolonged low interest rates (10 year treasury of 1%)
• Material drop in GDP & related impacts
• Stock market crash or specific extreme condition (Great Depression)
• Eurozone collapse
• U.S. Treasury collapse
• Foreign currency shocks (e.g. percentages)
• Municipal bond market collapse
• Prolonged multiple market downturn (e.g. 2008/2009 crisis/or 1987 stock market drop-or 50% drop in equities, 150bp of realized credit losses)

3. Pricing/Underwriting

• Significant drop in sales/premiums due to varying reasons
• Impact of 20% reduction in mortality rates on annuities
• Material product demonstrates specific losses (e.g. 1 in 20 year events)
• Severe pandemic (e.g. Avian bird flu based upon World Health Organization mortality assumption)
• California and New Madrid earthquakes, biological, chemical or nuclear terrorist attacks in locations of heaviest coverage (consider a specified level of industry losses)
• Atlantic hurricane (consider a specified level of industry losses previously unseen/may consider specified levels per different lines of coverage) in different areas (far northeast, northeast, southeast, etc.)
• U.S. tornado over major metropolitan area with largest exposure
• Japanese typhoon/earthquake (consider a specified level of industry losses previously unseen)
• Major aviation/marine collision
• Dirty bomb attack
• Drop in rating to BB

4. Reserving

• Specified level of adverse development (e.g. 30%)
• Regulatory policy change requires additional reserves (e.g. 30%)

5. Liquidity • Catastrophe results in material immediate claims of 3X normalized amounts
• Call on any existing debt
• Material spike in lapses (e.g. 3X normal rates)
• Drop in rating to BB

6. Operational

• Loss of systems for 30 days
• Terrorist act
• Cybercrime
• Loss of key personnel
• Specified level of fraud within claims

7. Legal

• Material adverse finding on pending claim
• Worst historical 10 year loss is multiplied at varying levels

8. Strategic

• Product distribution breakup

9. Reputational

• PR crisis
• Drop in rating to BB

These seem to RISKVIEWS to fall into all six of the categories.  Many of these scenarios would fall into the “Normal Volatility” category for some companies and into the worst historical for others.  A few are in the area of “Future Worst Case” – such as the Treasury Collapse.

RISKVIEWS suggests that when doing Stress Testing, you should decide what sort of Stress you are intending.  You may not agree with RISKVIEWS categories, but you should have your own categories.  It might be a big help to the reader of your Stress Test report to know which sort of stress you think that you are testing.  They may or may not agree with you on which category that your Stress Scenario falls into, and that would be a valuable revealing discussion.

Full Limits Stress Test – Where Solvency and ERM Meet

We can know, looking back at last year, how much risk that an insurer was exposed to. And we can simply look at the balance sheet to see how much capital that they held. So that is the way we have tended to look at solvency. Backwards. Was the insurer solvent last year end? Not really useful information. Unless…

That is, unless you make some potentially heroic assumptions about the future.  Not an unusual assumption.  Just that common assumption that the future will be just like the past.

That assumption is usually ok.  Let’s see.  In the past 15 years, it has been correct four or five times.  But is that good enough for solvency work – a system that might give the right answer a third of the time?!?

But there is a solution.  Regulators have led us right up to that solution but they haven’t yet dared to say what it is. Perhaps they do not know, or even that they are not thinking that the backward looking problem has two aspects.  We are making two of the heroic assumptions:

1. We are assuming that the environment will be the same in the near future as the recent past.
2. We are assuming that the company activity will be the same in the near future as the recent past.

The regulatory response to these two shaky assumptions is:

1. Stress Scenarios
2. Look forward using company plans

Solution 1 can help, but solution 2 can be significantly improved by using the ERM program and risk appetite.  You may have noticed that regulators have all said that ERM is very important.  And that Risk Appetite is a very, very important part of ERM.  But they have never, ever, explained why it is important.

Well, the true answer is that it can be important.  It can be the solution to one part of the backward looking problem.  The idea of looking forward with company plans is a step in the right direction.  But only a half step. The full step solution is the FULL LIMIT STRESS TEST.

That test looks forward to see how the company will operate based upon the risk appetite and limits that management has set.  ERM and risk appetite provide provide a specific vision of how much risk is allowed by management and the board.  The plan represents a target, but the risk appetite represents the most risk that the company is willing to take.

So the FULL LIMIT STRESS TEST would involve looking at the company with the assumption that it chooses to take the full amount of risk that the ERM program allows.  That can then be combined with the stress scenarios regarding the external environment.

Now the FULL LIMIT STRESS TEST will only actually use the risk appetite for firms that have a risk appetite and an ERM program that clearly functions to maintain the risk of he firm within the risk appetite.  For firms that do not have such a system in place, the FULL LIMIT STRESS TEST needs to substitute some large amount of growth of risk that is what industry experience tells us that can happen to a firm that has gone partially or fully out of control with regard to its risk taking.

That makes the connection between ERM and Solvency very substantial and realistic.

• A firm with a good risk management program and tight limits and overall risk appetite will need the amount of capital that would support the planned functioning of the ERM program.  The overall risk appetite will place a limit on the degree to which ALL individual risk limits can be reached at the same time.
• An otherwise similar firm with a risk management program and loose risk appetite will need to hold higher capital.
• A similar firm with individual risk limits but no overall risk appetite will need to hold capital to support activity at the limit for every single risk.
• A firm without a risk management program will need to hold capital to support the risks that history tells us that a firm with uncontrolled growth of risk might take on in a year.  A track record of informal control of risk growth cannot be used as a predictor of the range of future performance.  (It may be valuable to ask all firms to look at an uncontrolled growth scenario as well, but for firms with a good risk control process will be considered to prepare for that scenario with their ERM program.)
• A firm without any real discipline of its risk management system will be treated similarly to a firm without an ERM program.

With this FULL LIMIT STRESS TEST, ERM programs will then be fully and directly connected to Solvency in an appropriate manner.

 

Stress to reduce Distress

Distress lurks. Just out of sight. Perhaps around a corner, perhaps down the road just past your view.
For some their rule is “out of sight, out of mind”. For them, worry and preparation can start when, and if, distress comes into sight.

But risk managers see it as our jobs to look for and prepare for distress. Whether it is in sight or not. Especially because some sorts of distress come on so very quickly and some methods of mitigation take effect so slowly.
Stress testing is one of the most effective tools, both for imagining the potential magnitude of distresses, but almost more importantly, in developing compelling stories to communicate about that distress potential.

This week, Willis Wire is featuring a piece about Stress Testing in the “ERM Practices” series;

ERM Practices:  Stress Testing

RISKVIEWS has features many posts related to Stress Testing:

RISKVIEWS Archive of Posts related to Stress Testing

Preparing for the Zombie Apocalypse

The CDC now has a page with preparedness tips for the next Zombie Apocalypse.

If you read that closely, you might notice that the preparedness tips are exactly the same as their tips for Hurricanes or Pandemics.

So maybe this is a good way to get folks to pay attention to disaster preparedness?

Must be better than the way that that some office buildings make preparedness into a mind numbing drill that is certain to take the edge off of any possible hint of preparedness.

Perhaps a suggestion for your next fire drill – have zombies show up and find out how many people were ready and how many got eaten by the zombies.

What’s Next?

Turbulent Times are Next.

At BusinessInsider.com, a feature from Guillermo Felices tells of 8 shocks that are about to slam the global economy.

#1 Higher Food Prices in Emerging Markets

#2 Higher Interest Rates and Tighter Money in Emerging Markets

#3 Political Crises in the Middle East

#4 Surging Oil Prices

#5 An Increase in Interest Rates in Developed Markets

#6 The End of QE2

#7 Fiscal Cuts and Sovereign Debt Crises

#8 The Japanese Disaster

How should ideas like these impact on ERM systems?  Is it at all reasonable to say that they should not? Definitely not.

These potential shocks illustrate the need for the ERM system to be reflexive.  The system needs to react to changes in the risk environment.  That would mean that it needs to reflect differences in the risk environment in three possible ways:

1. In the calibration of the risk model.  Model assumptions can be adjusted to reflect the potential near term impact of the shocks.  Some of the shocks are certain and could be thought to impact on expected economic activity (Japanese disaster) but have a range of possible consequences (changing volatility).  Other shocks, which are much less certain (end of QE2 – because there could still be a QE3) may be difficult to work into model assumptions.
2. With Stress and Scenario Tests – each of these shocks as well as combinations of the shocks could be stress or scenario tests.  Riskviews suggest that developing a handful of fully developed scenarios with 3 or more of these shocks in each would be the modst useful.
3. In the choices of Risk Appetite.  The information and stress.scenario tests should lead to a serious reexamination of risk appetite.  There are several reasonable reactions – to simply reduce risk appetite in total, to selectively reduce risk appetite, to increase efforts to diversify risks, or to plan to aggressively take on more risk as some risks are found to have much higher reward.

The last strategy mentioned above (aggressively take on more risk) might not be thought of by most to be a risk management strategy.  But think of it this way, the strategy could be stated as an increase in the minimum target reward for risk.  Since things are expected to be riskier, the firm decides that it must get paid more for risk taking, staying away from lower paid risks.  This actually makes quite a bit MORE sense than taking the same risks, expecting the same reward for risks and just taking less risk, which might be the most common strategy selected.

The final consideration is compensation.  How should the firm be paying people for their performance in a riskier environment?  How should the increase in market risk premium be treated?

See Risk adjusted performance measures for starters.

More discussion on a future post.

Sins of Risk Measurement

.

Read The Seven Deadly Sins of Measurement by Jim Campy

Measuring risk means walking a thin line.  Balancing what is highly unlikely from what it totally impossible.  Financial institutions need to be prepared for the highly unlikely but must avoid getting sucked into wasting time worrying about the totally impossible.

Here are some sins that are sometimes committed by risk measurers:

1.  Downplaying uncertainty.  Risk measurement will always become more and more uncertain with increasing size of the potential loss numbers.  In other words, the larger the potential loss, the less certain you can be about how certain it might be.  Downplaying uncertainty is usually a sin of omission.  It is just not mentioned.  Risk managers are lured into this sin by the simple fact that the less that they mention uncertainty, the more credibility their work will be given.

2.  Comparing incomparables.  In many risk measurement efforts, values are developed for a wide variety of risks and then aggregated.  Eventually, they are disaggregated and compared.  Each of the risk measurements are implicitly treated as if they were all calculated totally consistently.  However,  in fact, we are usually adding together measurements that were done with totally different amounts of historical data, for markets that have totally different degrees of stability and using tools that have totally different degrees of certitude built into them.  In the end, this will encourage decisions to take on whatever risks that we underestimate the most through this process.

3.  Validate to Confirmation.  When we validate risk models, it is common to stop the validation process when we have evidence that our initial calculation is correct.  What that sometimes means is that one validation is attempted and if validation fails, the process is revised and tried again.  This is repeated until the tester is either exhausted or gets positive results.  We are biased to finding that our risk measurements are correct and are willing to settle for validations that confirm our bias.

4.  Selective Parameterization.  There are no general rules for parameterization.  Generally, someone must choose what set of data is used to develop the risk model parameters.  In most cases, this choice determines the answers of the risk measurement.  If data from a benign period is used, then the measures of risk will be low.  If data from an adverse period is used, then risk measures will be high.  Selective paramaterization means that the period is chosen because the experience was good or bad to deliberately influence the outcome.

5.  Hiding behind Math.  Measuring risk can only mean measuring a future unknown contingency.  No amount of fancy math can change that fact.  But many who are involved in risk measurement will avoid ever using plain language to talk about what they are doing, preferring to hide in a thicket of mathematical jargon.  Real understanding of what one is doing with a risk measurement process includes the ability to say what that entails to someone without an advanced quant degree.

6.  Ignoring consequences.  There is a stream of thinking that science can be disassociated from its consequences.  Whether or not that is true, risk measurement cannot.  The person doing the risk measurement must be aware of the consequences of their findings and anticipate what might happen if management truly believes the measurements and acts upon them.

7.  Crying Wolf.  Risk measurement requires a concentration on the negative side of potential outcomes.  Many in risk management keep trying to tie the idea of “risk” to both upsides and downsides.  They have it partly right.  Risk is a word that means what it means, and the common meaning associated risk with downside potential.  However, the risk manager who does not keep in mind that their risk calculations are also associated with potential gains will be thought to be a total Cassandra and will lose all attention.  This is one of the reasons why scenario and stress tests are difficult to use.  One set of people will prepare the downside story and another set the upside story.  Decisions become a tug of war between opposing points of view, when in fact both points of view are correct.

There are doubtless many more possible sins.  Feel free to add your favorites in the comments.

But one final thought.  Calling it MEASUREMENT might be the greatest sin.

Momentum Risk

How many times have you heard this

If it isn’t broken don’t fix it.

As a risk manager, momentum risk is one of the most difficult risk to overcome.  (I wonder how many times on these posts I have claimed this?)

But this is the aspect of the Horizon disaster that led to millions and millions of barrels of oil spilling into the Gulf.  Before that the oil companies claimed that there had never been a failure of an oil rig in the Gulf.  So that was the Momentum assumption.  It had never failed so it never would fail.

Standing against that is the seemly endlessly negative point of view of the risk manager:

If anything can go wrong, it will.

Murphy‘s Law is usually taken as the ultimate statement of negative pessimism.  But instead you the risk manager need to use Murphy’s law as he did.  As a mantra to keep repeating to yourself as you look for ways to stress test a system.

Looking to engineering (Murphy was an engineer you know) for some thinking about stress to failure, we find this post:

When a component is subject to increasing loads it eventually fails.   It is comparatively easy to determine the point of failure of a component subject to a single tensile force. The strength data on the material identifies this strength.   However when the material is subject to a number of loads in different directions some of which are tensile and some of which are shear, then the determination of the point of failure is more complicated…

Some of your stress to failure tests will have to be tensile, some compressive, some shear, in different directions and in different combinations.  You should do this sort of testing to know the weakest points of your system.

But there is no guarantee that the system will fail at the weakest points either.  In fact, you may put in place methods to reduce stresses to those weakest points.  Remember that now elevates other points to be the new stresses.

And do not let Momentum thinking define your approach to likelihood of these stresses.  In physical systems, the engineer knows how the system is supposed to be used and can plan for the stresses of those uses.  But in many cases, the systems designed and tested by engineers are not used in the conditions planned for or even for the exact uses that the engineer anticipated.

Sound familiar?

Human systems are not so fixed as physical systems.  Humans react to the system that they are experiencing and adjust their actions according to the feedback that they are receiving from the system.  So human systems will almost always change as they are used.

Human systems will almost always change as they are used.

That is what makes it so much more difficult to be a risk manager for a financial firm than for a firm that deals mainly with physical risks.  As noted above the humans that interface with the physical risks system do change and adapt, but there are usually a larger portion of possibilities that are fixed by the constraints of the physical systems.

With financial risks, the idea of adapting and using a type of transaction or financial structure for alternate purposes has become the occupation of a large number of folks who command a large amount of resources.

So if, for example, you are using a particular type of derivative to accomplish a fairly straightforward risk management purpose, it is quite possible that the market for that instrument will suddenly be taken over by folks with lots and lots of money, fast computers and turnover averages in the thousands per week.  Their entry into a market will change pricing and the speed of changes in pricing and then one day, suddenly, they will decide, perhaps little by little, but possibly all at once, to abandon that trade and the market will snap to being something different still.

The same sort of thing happens in insurance, but at a different speed.  Lawyers are always out there looking to “perfect” an argument to create a new class of claimants against different businesses and their insurers. THis results in a sudden jump in claims costs.

Interestingly, the strategies for those two examples might be the exact opposite.  It might be best to move on from the market that is suddenly overtaken by high speed hedge fund traders.  But the only way to recover extra losses from a newly discovered and “perfected” cause of tort is to stay with the coverage.

But in all cases, the risk manager is faced with the problem of overcoming Momentum Risk.  Convincing others that something that is not broken needs attention and possibly even fixing.

Regime Change

If something happens more or less the same way for any extended period of time, the normal reaction of humans is consider that phenomena as constant and to largely filter it out.  We do not then even try to capture new information about changes to that phenomena because our senses tell us that that input is “pure noise” with no signal.  Hence the famous story about boiling frogs.  Which may or may not be actually true about frogs, but it definitely reveals something about the way that humans take in information about the world.

But things can and do actually change.  Even things that are more or less the same for a very long time.

In the book, “This Time It’s Different”, the authors state that

“The median inflation rates before World War I were well below those of the more recent period: 0.5% per annum for 1500 – 1799 and 0.71% for 1800 – 1913, in contrast with 5% for 1914 – 2006.”

Imagine that.  Inflation averaged below 0.75% for about 300 years.  Since there is no history of extended periods of negative inflation, to get an average that low, there must be a very low standard deviation as well.  Inflation at a level of 3 or 4% is probably a one in a million situation.  Or so intelligent financial analysts before WWI must have thought that they could make plans without any concern for inflation.

But in the years following WWI, governments found a new way to default on their debts, especially their internal debts.  Reinhart and Rogoff point out that almost all of the discussion by economists regarding sovereign default is about external debt.  But they show that internal debt is very important to the situations of sovereign defaults.  Countries with high levels of internal debt and low external debt will usually not default, but countries with high levels of both internal and external debt will often default.

So as we contemplate the future of the aging western economies, we need to be careful that we do not exclude the regime changes that could occur.  And which regime changes that we should be concerned about becomes clearer when we look at all of the entitlements to retirees as debt (is there any effective difference between debt and these obligations?).  When we do that we see that there are quite a few western nations with very, very large internal debt.  And many of those countries have indexed much of that debt, taking the inflation option off of the table.

Reinhart and Rogoff also point out the sovereign default is usually not about ability to pay, it is about willingness to make the sacrifices that repayment of debt would entail.

So Risk Managers need to think about possible drastic regime changes, in addition to the seemingly highly unlikely scenario that the future will be more or less like the past.

It’s Usually the Second Truck

In many cases, companies survive the first bout of adversity.

It is the second bout that kills.

And more often than not, we are totally unprepared for that second hit.

Totally unprepared because of how we misunderstand statistics.

First of all, we believe that large loss events are unlikely and two large loss events are extremely unlikely.  So we decide not to prepare for the extremely unlikely event that we get hit by two large losses at the same time.  And in this case, “at the same time” may mean in subsequent years.  Some who look at correlation, only use an arbitrary calendar year split out of experience data.  So that they would consider losses in the third and fourth quarter to be happening at the same time but fourth quarter and first quarter of the next year would be considered different periods and therefore might show low correlations!

Second, we fail to deal with our reduced capacity immediately after a major loss event.  We still think of our capacity as it was before the first hit.  A part of our risk management plans for a major loss event should have been to immediately initiate a process to rationalize our risk exposures with our newly reduced capacity.  This may in part be due to the third issue.

Third, we misunderstand that the fact of the first event does not reduce the likelihood of the other risk events.  Those joint probabilities that made the dual event, no longer apply.  In fact, with the reduced capacity, the type of even that would incapacitate the firm has suddenly become much more likely.

Most companies that experience one large loss event do not experience a second shortly thereafter, but many companies that fail do.

So if your interest is to reduce the likelihood of failure, you should consider the two loss event situation as a scenario that you prepare for.

But those preparations will present a troubling alternative.  If, after the first major loss event, the actions needed include a sharp reduction in retained risk position, that will severely reduce the likelihood of growing back capacity.

Management is faced with a dilemma – that is two choices, neither of which are desirable.   But as with most issues in risk management, better to face those issues in advance and to make a reasoned plan, rather than looking away and hoping for the best.

But on further reflection, this issue can be seen to be one of over concentration in a single risk.  Some firms have reacted to this whole idea by setting their risk tolerance such that any one loss event will be limited to their excess capital.  Their primary strategy for this type of concentration risk is in effect a diversification strategy.

Common Terms for Severity

In the US, firms are required to disclose their risks.  This has led to an exercize that is particularly useless.  Firms obviously spend very little time on what they publish under this part of their financial statement.  Most firms seem to be using boilerplate language and a list of risks that is as long as possible.  It is clearly a totally compliance based CYA activity.  The only way that a firm could “lose” under this system is if they fail to disclose something that later creates a major loss.  So best to mention everything under the sun.  But when you look across a sector at these lists, you find a startling degree to which the risks actually differ.  That is because there is absolutely no standard that is applied to tell what is a risk and if something is a risk, how significant is it.  The idea of risk severity is totally missing.  

Bread Box

 

What would help would be a common set of terms for Severity of losses from risks.  Here is a suggestion of a scale for discussing loss severity for an individual firm: 

1. A Loss that is a threat to earnings.  This level of risk could result in a loss that would seriously impair or eliminate earnings. 
2. A Loss that could result in a significant reduction to capital.  This level of risk would result in a loss that would eliminate earnings and in addition eat into capital, reducing it by 10% to 20%
3. A Loss that could result in severe reduction of business activity.  For insurers, this would be called “Going into Run-off”.  It means that the firm is not insolvent, but it is unable to continue doing new business.  This state often lasts for several years as old liabilities of the insurer are slowly paid of as they become due.  Usually the firm in this state has some capital, but not enough to make any customers comfortable trusting them for future risks. 
4. A Loss that would result in the insolvency of the firm. 

Then in addition, for an entire sector or sub sector of firms: 

1. Losses that significantly reduce earnings of the sector.  A few firms might have capital reductions.
2. Losses that significantly impair capital for the sector.  A few firms might be run out of business from these losses.
3. Losses that could cause a significant number of firms in the sector to be run out of business.  The remainder of the sector still has capacity to pick up the business of the firms that go into run-off.  A few firms might be insolvent. 
4. Losses that are large enough that the sector no longer has the capacity to do the business that it had been doing.  There is a forced reduction in activity in the sector until capacity can be replaced, either internally or from outside funds.  A large number of firms are either insolvent or will need to go into run-off. 

These can be referred to as Class 1, Class 2, Class 3, Class 4 risks for a firm or for a sector.  

Class 3 and Class 4 Sector risks are Systemic Risks.  

Care should be taken to make sure that everyone understands that risk drivers such as equity markets, or CDS can possibly produce Class 1, Class 2, Class 3 or Class 4 losses for a firm or for a sector in a severe enough scenario.  There is no such thing as classifying a risk as always falling into one Class.  However, it is possible that at a point in time, a risk may be small enough that it cannot produce a loss that is more than a Class 1 event.  

For example, at a point in time (perhaps 2001), US sub prime mortgages were not a large enough class to rise above a Class 1 loss for any firms except those whose sole business was in that area.  By 2007, Sub Prime mortgage exposure was large enough that Class 4 losses were created for the banking sector.  

Looking at Sub Prime mortgage exposure in 2006, a bank should have been able to determine that sub primes could create a Class 1, Class 2, Class 3 or even Class 4 loss in the future.  The banks could have determined the situations that would have led to losses in each Class for their firm and determined the likelihood of each situation, as well as the degree of preparation needed for the situation.  This activity would have shown the startling growth of the sub prime mortgage exposure from a Class 1 to a Class 2 through Class 3 to Class 4 in a very short time period.  

Similarly, the prudential regulators could theoretically have done the same activity at the sector level.  Only in theory, because the banking regulators do not at this time collect the information needed to do such an exercize.  There is a proposal that is part of the financial regulation legislation to collect such information.  See CE_NIF.

The Future of Risk Management – Conference at NYU November 2009

Some good and not so good parts to this conference.  Hosted by Courant Institute of Mathematical Sciences, it was surprisingly non-quant.  In fact several of the speakers, obviously with no idea of what the other speakers were doing said that they were going to give some relief from the quant stuff.

Sad to say, the only suggestion that anyone had to do anything “different” was to do more stress testing.  Not exactly, or even slightly, a new idea.  So if this is the future of risk management, no one should expect any significant future contributions from the field.

There was much good discussion, but almost all of it was about the past of risk management, primarily the very recent past.

Here are some comments from the presenters:

• Banks need regulator to require Stress tests so that they will be taken seriously.
• Most banks did stress tests that were far from extreme risk scenarios, extreme risk scenarios would not have been given any credibility by bank management.
• VAR calculations for illiquid securities are meaningless
• Very large positions can be illiquid because of their size, even though the underlying security is traded in a liquid market.
• Counterparty risk should be stress tested
• Securities that are too illiquid to be exchange traded should have higher capital charges
• Internal risk disclosure by traders should be a key to bonus treatment.  Losses that were disclosed and that are within tolerances should be treated one way and losses from risks that were not disclosed and/or that fall outside of tolerances should be treated much more harshly for bonus calculation purposes.
• Banks did not accurately respond to the Spring 2009 stress tests
• Banks did not accurately self assess their own risk management practices for the SSG report.  Usually gave themselves full credit for things that they had just started or were doing in a formalistic, non-committed manner.
• Most banks are unable or unwilling to state a risk appetite and ADHERE to it.
• Not all risks taken are disclosed to boards.
• For the most part, losses of banks were < Economic Capital
• Banks made no plans for what they would do to recapitalize after a large loss.  Assumed that fresh capital would be readily available if they thought of it at all.  Did not consider that in an extreme situation that results in the losses of magnitude similar to Economic Capital, that capital might not be available at all.
• Prior to Basel reliance on VAR for capital requirements, banks had a multitude of methods and often used more than one to assess risks.  With the advent of Basel specifications of methodology, most banks stopped doing anything other than the required calculation.
• Stress tests were usually at 1 or at most 2 standard deviation scenarios.
• Risk appetites need to be adjusted as markets change and need to reflect the input of various stakeholders.
• Risk management is seen as not needed in good times and gets some of the first budget cuts in tough times.
• After doing Stress tests need to establish a matrix of actions that are things that will be DONE if this stress happens, things to sell, changes in capital, changes in business activities, etc.
• Market consists of three types of risk takers, Innovators, Me Too Followers and Risk Avoiders.  Innovators find good businesses through real trial and error and make good gains from new businesses, Me Too follow innovators, getting less of gains because of slower, gradual adoption of innovations, and risk avoiders are usually into these businesses too late.  All experience losses eventually.  Innovators losses are a small fraction of gains, Me Too losses are a sizable fraction and Risk Avoiders often lose money.  Innovators have all left the banks.  Banks are just the Me Too and Avoiders.
• T-Shirt – In my models, the markets work
• Most of the reform suggestions will have the effect of eliminating alternatives, concentrating risk and risk oversight.  Would be much safer to diversify and allow multiple options.  Two exchanges are better than one, getting rid of all the largest banks will lead to lack of diversity of size.
• Problem with compensation is that (a) pays for trades that have not closed as if they had closed and (b) pay for luck without adjustment for possibility of failure (risk).
• Counter-cyclical capital rules will mean that banks will have much more capital going into the next crisis, so will be able to afford to lose much more.  Why is that good?
• Systemic risk is when market reaches equilibrium at below full production capacity.  (Isn’t that a Depression – Funny how the words change)
• Need to pay attention to who has cash when the crisis happens.  They are the potential white knights.
• Correlations are caused by cross holdings of market participants – Hunts held cattle and silver in 1908’s causing correlations in those otherwise unrelated markets.  Such correlations are totally unpredictable in advance.
• National Institute of Financa proposal for a new body to capture and analyze ALL financial market data to identify interconnectedness and future systemic risks.
• If there is better information about systemic risk, then firms will manage their own systemic risk (Wanna Bet?)
• Proposal to tax firms based on their contribution to gross systemic risk.
• Stress testing should focus on changes to correlations
• Treatment of the GSE Preferred stock holders was the actual start of the panic.  Leahman a week later was actually the second shoe to drop.
• Banks need to include variability of Vol in their VAR models.  Models that allowed Vol to vary were faster to pick up on problems of the financial markets.  (So the stampede starts a few weeks earlier.)
• Models turn on, Brains turn off.

Whose Loss is it?

As we look at the financial system and contemplate what makes sense going forward, it should be important to think through what we plan to do with losses going forward.

There are at least seven possibilities.  As a matter of public policy, we should be discussing where the attachment should be for each layer of losses.  Basel 2 tries to set the attachment for the fourth layer from the bottom, without directly addressing the three layers below.

So for major loss scenarios, we should have a broad idea of how we expect the losses to be distributed.  Recent practices have focused on just a few of these layers, especially the counterparty layer.  The “skin in the game” idea suggests that the counterparties, when they are intermediaries, should have some portion of the losses. Other counterparties are the folks who are taking the risks via securitizations and hedging transactions.

However, we do not seem to be discussing a public policy about the degree to which the first layer, the borrowers, needs to absorb some of the losses.  In all cases, absorbing some of the losses means that that layer really needs to have the capacity to absorb those losses.  Assigning losses to a layer with no resources is not an useful game.  Having resources means having valuable collateral or dependable income that can be used to absorb the loss.  It could also mean having access to credit to pay the loss, though hopefully we have learned that access to credit today is not the same as access to credit when the loss comes due.

+    +    +   +

This picture might be a useful one for risk managers to use as well to clarify things about how losses will be borne that are being taken on by their firm.  The bottom layer does not have to be a borrower, it can also be an insured.

This might be a good way to talk about losses with a board.  Let them know for different frequency/severity pairs who pays what.  This discussion could be a good part of a discussion on Risk Appetite and Risk Limits as well as a discussion of the significance of each different layer to the risk management program of the firm.

The “skin in the game” applies at the corporate level as well.  If you are the reinsurer or another counterparty, you might want to look at this diagram for each of your customers to make sure that they each have enough “skin” where it counts.

Counterparties

When you substitute counterparty risk for another risk, you are essentially bringing their entire balance sheet proportionately onto yours.  Counterparty due diligence is key.  Collateral agreements are important.  Some would say that collateral agreements brought down the banks that failed and AIG that was rescued, but from the counterparty point of view…  In addition to traditional credit analysis that is mostly backward looking, insurers should try to understand the approach to risk taking of their counterparties so that they can become comfortable with the risks that they may take in the future.  The counterparty exposure that exists right now may not be representative of the size of the exposures right after a major loss event.  Examination of those potential exposures and the potential losses to the reinsurer in a major loss event should be studied and factored into risk and reinsurance decisions.

This means plotting the level of obligation from the counterparty in the event of an extremely adverse scenario.  That is when the idea of taking on a proportionate share of the counterparties balance sheet takes on significant importance.  The degree to which the counterparty is concentrated in that particular risk becomes key.  That is not information that is available from just looking at the rating of the counterparty.  You must know and understand the other obligations of the counterparty to know the degree to which they are at risk from the type of event that you are offsetting (not transferring see Bad Labels ).

This means that a stress test becomes most important.  The stress test will look at (1) the amount of gross loss, (2) the amount due from the counterparty under the stress scenario in the form of a claim, a reserve credit, or collateral and (3) the degree to which the stress scenario impacts the ability of the counterparty to make good on their obligations.  As was seen during the financial crisis, the liquidity of the counterparty under stress may well be the constraint.  If your firm does not have the liquidity to easily pay the gross losses under that are due in cash, then you are relying on the counterparty as a source of liquidity.

Models & Manifesto

Have you ever heard anyone say that their car got lost? Or that they got into a massive pile-up because it was a 1-in-200-year event that someone drove on the wrong side of a highway? Probably not.

But statements similar to these have been made many times since mid-2007 by CEOs and risk managers whose firms have lost great sums of money in the financial crisis. And instead of blaming their cars, they blame their risk models. In the 8 February 2009 Financial Times, Goldman Sachs’ CEO Lloyd Blankfein said “many risk models incorrectly assumed that positions could be fully hedged . . . risk models failed to capture the risk inherent in off-balance sheet activities,” clearly placing the blame on the models.

But in reality, it was, for the most part, the modellers, not the models, that failed. A car goes where the driver steers it and a model evaluates the risks it is designed to evaluate and uses the data the model operator feeds into the model. In fact, isn’t it the leadership of these enterprises that are really responsible for not clearly assessing the limitations of these models prior to mass usage for billion-dollar decisions?

But humans, who to varying degrees all have a limit to their capacity to juggle multiple inter-connected streams of information, need models to assist with decision-making at all but the smallest and least complex firms.

These points are all captured in the Financial Modeler’s Manifesto from Paul Wilmott and Emanuel Derman.

But before you use any model you did not build yourself, I suggest that you ask the model builder if they have read the manifesto.

If you do build models, I suggest that you read it before and after each model building project.

The Black Swan Test

Many commentators have suggested that firms need to do stress tests to examine their vulnerability to adverse situations that are not within the data set used to parameterize their risk models. In the article linked below, I suggest the adoption of a terminology to describe stress tests and also a methodology that can be adopted by any risk model user to test and
communicate a test of the stability of model results. This method can be called a Black Swan test. The terminology would be to set one Black Swan equal to the most adverse data point. A one Black Swan stress test would be a test of a repeat of the worst event in the data set. A two Black Swan stress test would
be a test of experience twice as adverse as the worst data point.

So for credit losses for a certain class of bonds, if the historical period worst loss was 2 percent, then a 1BLS stress test would be a 2 percent loss, a 4 percent loss a 2BLS stress test, etc.

Article

Further, the company could state their resiliency in terms of Black Swans. For example:

Tests show that the company can withstand a 3.5BLS stress test for credit and a 4.2BLS for equity risk and a simultaneous 1.7BLS credit and equity stress.

Similar terminology could be used to describe a test of model stability. A 1BLS model stability test would be performed by adding a single additional point to the data used to parameterize the model. So a 1BLS model stability test would involve adding a single data point equal to the worst point in the data set. A 2BLS test would be adding a data point that is twice as bad as the worst point.