Archive for the ‘VaR’ category

What Do Your Threats Look Like?

December 6, 2012

Severe and intense threats are usually associated with dramatic weather events, terrorist attacks, earthquakes, nuclear accidents and such like.  When one of these types of threats is thought to be immanent, people will often cooperate with a cooperative ERM scheme, if one is offered.  But when the threat actually happens, there are four possible responses:  cooperation with disaster plan, becoming immobilized and ignoring the disaster, panic and anti-social advantage taking.  Disaster planning sometimes goes no further than developing a path for people with the first response.  A full disaster plan would need to take into account all four reactions.  Plans would be made to deal with the labile and panicked people and to prevent the damage from the anti-social.  In businesses, a business continuity or disaster plan would fall into this category of activity.

When businesses do a first assessment, risks are often displayed in four quadrants: Low Likelihood/Low Severity; Low Likelihood/High Severity; High Likelihood/Low Severity; and High Likelihood/High Severity.  It is extremely difficult to survive if your risks are High Likelihood/High Severity, so few businesses find that they have risks in that quadrant.  So businesses usually only have risks in this category that are Low Likelihood.

Highly Cooperative mode of Risk Management means that everyone is involved in risk management because you need everyone to be looking out for the threats.  This falls apart quickly if your threats are not Severe and Intense because people will question the need for so much vigilance.

Highly Complex threats usually come from the breakdown of a complex system of some sort that you are counting upon.  For an insurer, this usually means that events that they thought had low interdependency end up with a high correlation.  Or else a new source of large losses emerges from an existing area of coverage.  Other complex threats that threaten the life insurance industry include the interplay of financial markets and competing products, such as happened in the 1980’s when money market funds threatened to suck all of the money out of insurers, or in the 1990’s the variable products that decimated the more traditional guaranteed minimum return products.

In addition, financial firms all create their own complex threat situations because they tend to be exposed to a number of different risks.  Keeping track of the magnitude of several different risk types and their interplay is itself a complex task.  Without very complex risk evaluation tools and the help of trained professionals, financial firms would be flying blind.  But these risk evaluation tools themselves create a complex threat.

Highly Organized mode of Risk Management means that there are many very different specialized roles within the risk management process.  May have different teams doing risk assessment, risk mitigation and assurance, for each separate threat.  This can only make sense when the rewards for taking these risks is large because this mode of risk management is very expensive.

Highly Unpredictable Threats are common during times of transition when a system is reorganizing itself.  “Uncertain” has been the word most often used in the past several years to describe the current environment.  We just are not sure what will be hitting us next.  Neither the type of threat, the timing, frequency or severity is known in advance of these unpredictable threats.

Businesses operating in less developed economies will usually see this as their situation.  Governments change, regulations change, the economy dips and weaves, access to resources changes abruptly, wars and terrorism are real threats.

Highly Adaptable mode of Risk Management means that you are ready to shift among the other three modes at any time and operate in a different mode for each threat.  The highly adaptable mode of risk management also allows for quick decisions to abandon the activity that creates the threat at any time.  But taking up new activities with other unique threats is less of a problem under this mode.  Firms operating under the highly adaptive mode usually make sure that their activities do not all lead to a single threat and that they are highly diversified.

Benign Threats are things that will never do more than partially reduce earnings.  Small stuff.  Not good news, but not bad enough to lose any sleep over.

Low Cooperation mode of Risk Management means that individuals within their firm can be separately authorized to undertake activities that expand the threats to the firm.  The individuals will all operate under some rules that put boundaries around their freedom, but most often these firms police these rules after the action, rather than with a process that prevents infractions.  At the extreme of low cooperation mode of risk management, enforcement will be very weak.

For example, many banks have been trying to get by with a low cooperation mode of ERM.  Risk Management is usually separate and adversarial.  The idea is to allow the risk takers the maximum degree of freedom.  After all, they make the profits of the bank.  The idea of VaR is purely to monitor earnings fluctuations.  The risk management systems of banks had not even been looking for any possible Severe and Intense Threats.  As their risk shifted from a simple “Credit” or “Market” to very complex instruments that had elements of both with highly intricate structures there was not enough movement to the highly organized mode of risk management within many banks.  Without the highly organized risk management, the banks were unable to see the shift of those structures from highly complex threats to severe and intense threats. (Or the risk staff saw the problem, but were not empowered to force action.)  The low cooperation mode of risk management was not able to handle those threats and the banks suffered large losses or simply collapsed.

Advertisements

The End of ERM

October 16, 2012

In essence, if ERM is to be implemented in a way which helps an entity get to where it wants to go, it needs to have a bias toward action which many applications currently lack.   “The End of Enterprise Risk Management”  David Martin and Michael Power

In 2007, Martin and Power argued that the regulatory based Enterprise Risk Management programs that were COSO based provided the illusion of control, without actually achieving anything.  Now if you are an executive of a firm and you believe that things are being done just fine, thank you very much, then an ineffective ERM program is just what you want.  But if you really want ERM, the something else is needed.  Martin and Power suggest that the activities of ERM are focused much too much on activities that do not reault in actions to actually change the risks of the firm.  This is a favorite topic of RISKVIEWS as well.  See Beware the Risk Management Entertainment System

RISKVIEWS always tells managers who are interested in developing ERM systems that if some part of an ERM program cannot be clearly linked to decisions to take actions that would not have been taken without ERM, then they are better off without that part of ERM. 

Martin and Power go on to suggest that ERM that uses just one risk measure (usually VAR) is difficult to get right because of limitations of VAR.  RISKVIEWS would add that an ERM program that uses only one risk measure, no matter what that measure is, will be prone to problems.  See Law of Risk and Light. 

It is very nice to find someone who says the same things that you say.  Affirming.  But even better to read something that you haven’t said.  And Martin and Power provide that. 

Finally, there is a call for risk management that is Reflexive.  That reacts to the environment.  Most ERM systems do not have this Reflexive element.  Risk limits are set and risk positions are monitored most often assuming a static environment.  The static environment presumption in a risk management system works if you are operating in an environment that changes fairly infrequently.  In fact, it works best if the frequency of change to your environment is less then the frequency of your update to the risk factors that you use.  That is, if your update includes studying the environment and majing environment driven changes. 

RISKVIEWS has worked in ERM systems that were based upon risk assessment based upon “eternal” risk factors.  Eternal Risk factors are assumed to be good “for all time”.  The US RBC factors are such.  Those factors are changed only when there is a belief that the prior factors were inadequate in representing the full range of risk “for all time”. 

But firms would be better off looking at their risks in the light of a changing risk environment.  Plural Rationality theory suggests that there are four different risk environments.  If a company adopts this idea, then they need to look for signs that the environment is shifting and when it seems to be likely to be shifting, to consider how to change their risk acceptance and risk mitigation in the light of the expected new risk environment.  The idea of repeatedly catching this wave and correctly shifting course is called Rational Adaptability

So RISKVIEWS also strongly agrees with Martin and Powers that a risk management system needs to be reflexive. 

In “The End of ERM” Martin and Powers really mean the end of static ERM that is not action oriented and not reflexive with the environment.  With that RISKVIEWS can heartily agree.

Assumptions Embedded in Risk Analysis

April 28, 2010

The picture below from Dour VanDemeter’s blog gives an interesting take on the embedded assumptions in various approaches to risk analysis and risk treatment.

But what I take from this is a realization that many firms have activity in one or two or three of those boxes, but the only box that does not assume away a major part of reality is generally empty.

In reality, most financial firms do experience market, credit and liability risks all at the same time and most firms do expect to be continuing to receive future cashflows both from past activities and from future activities.

But most firms have chosen to measure and manage their risk by assuming that one or two or even three of those things are not a concern.  By selectively putting on blinders to major aspects of their risks – first blinding their right eye, then their left, then by not looking up and finally not looking down.

Some of these processes were designed that way in earlier times when computational power would not have allowed anything more.  For many firms their affairs are so very complicated and their future is so uncertain that it is simply impractical to incorporate everything into one all encompassing risk assessment and treatment framework.

At least that is the story that folks are most likely to use.

But the fact that their activity is too complicated for them to model does not seem to send them any flashing red signal that it is possible that they really do not understand their risk.

So look at Doug’s picture and see which are the embedded assumptions in each calculation – the ones I am thinking of are the labels on the OTHER rows and columns.

For Credit VaR – the embedded assumption is that there is no Market Risk and that there is no new assets or liabilities (business is in sell-off mode)

For Interest risk VaR – the embedded assumption is that there is no credit risk nor new assets or liabilities (business is in sell-off mode)

For ALM – the embedded assumption is that there is no credit risk and business is in run-off mode.

Those are the real embedded assumptions.  We should own up to them.

Take CARE in evaluating your Risks

February 12, 2010

Risk management is sometimes summarized as a short set of simply stated steps:

  1. Identify Risks
  2. Evaluate Risks
  3. Treat Risks

There are much more complicated expositions of risk management.  For example, the AS/NZ Risk Management Standard makes 8 steps out of that. 

But I would contend that those three steps are the really key steps. 

The middle step “Evaluate Risks” sounds easy.  However, there can be many pitfalls.  A new report [CARE] from a working party of the Enterprise and Financial Risks Committee of the International Actuarial Association gives an extensive discussion of the conceptual pitfalls that might arise from an overly narrow approach to Risk Evaluation.

The heart of that report is a discussion of eight different either or choices that are often made in evaluating risks:

  1. MARKET CONSISTENT VALUE VS. FUNDAMENTAL VALUE 
  2. ACCOUNTING BASIS VS. ECONOMIC BASIS         
  3. REGULATORY MEASURE OF RISK    
  4. SHORT TERM VS. LONG TERM RISKS          
  5. KNOWN RISK AND EMERGING RISKS        
  6. EARNINGS VOLATILITY VS. RUIN    
  7. VIEWED STAND-ALONE VS. FULL RISK PORTFOLIO       
  8. CASH VS. ACCRUAL 

The main point of the report is that for a comprehensive evaluation of risk, these are not choices.  Both paths must be explored.

Economic Risk Capital

December 1, 2009

Guest Post from Chitro Majumdar

Economic capital models can be complex, embodying many component parts and it may not be immediately obvious that a complex model works satisfactorily. Moreover, a model may embody assumptions about relationships between variables or about their behaviour that may not hold in all circumstances (e.g under periods of stress). We have developed an algorithm for Dynamic Financial Analysis (DFA) that enables the creation of a comprehensive framework to manage Enterprise Risk’s Economic Risk Capital. DFA is used in the capital budgeting decision process of a company to launch a new invention and predict the impact of the strategic decision on the balance sheet in the horizon. DFA gives strategy for Enterprise Risk Management in order to avoid undesirable outcomes, which could be disastrous.

“The Quants know better than anyone how their models can fail. The surest way to replicate this adversity is to trust the models blindly while taking large-scale advantage of situations where they seem to provide ERM strategies that would yield results too superior to be true”

Dynamic Financial Analysis (DFA) is the most advance modelling process in today’s property and casualty industry-allowing us to develop financial forecasts that integrate the variability and interrelationships of critical factors affecting our results. Through the modeling of DFA, we see the company’s relevant random variables is based on the categorization of risks which is generated solvency testing where the financial position of the company is evaluated from the perspective of the customers. The central idea is to quantify in probabilistic terms whether the company will be able to meet its commitments in the future.  DFA is in the capital budgeting decision process of a company launching a new invention and predicting the impact of the strategic decision on the balance sheet in a horizon of few years.

 

The validation of economic capital models is at a very preliminary stage. There exists a wide range of validation techniques, each of which provides corroboration for (or against) only some of the desirable properties of a model. Moreover, validation techniques are powerful in some areas such as risk sensitivity but not in other areas such as overall absolute accuracy or accuracy in the tail of the loss distribution. It is advisable that validation processes are designed alongside development of the models rather than chronologically following the model building process. There is a wide range of validation processes and each one provides evidence for only some of the desirable properties of a model. Certain industry validation practices are weak with improvements needed in benchmarking, industry wide exercises, back-testing, profit and loss analysis and stress testing and followed by other advanced simulation model. For validation we adhere to the below mentioned method to calculate.

 

Calculation of risk measures

In their internal use of risk measures, banks need to determine an appropriate confidence level for their economic capital models. It generally does not coincide with the 99.9% confidence level used for credit and operational risk under Pillar 1 of Basel II or with the 99% confidence level for general and specific market risk. Frequently, the link between a bank’s target rating and the choice of confidence level is interpreted as the amount of economic capital necessary to prevent the bank from eroding its capital buffer at a given confidence level. According to this view, which can be interpreted as a going concern view, capital planning is seen more as a dynamic exercise than a static one, in which banks want to hold a capital buffer “on top” of their regulatory capital and where it is the probability of eroding such a buffer (rather than all available capital) that is linked to the target rating. This would reflect the expectation (by analysts, rating agencies and the market) that the bank operates with capital that exceeds the regulatory minimum requirement. Apart from considerations about the link to a target rating, the choice of a confidence level might differ based on the question to be addressed. On the one hand, high confidence levels reflect the perspective of creditors, rating agencies and regulators in that they are used to determine the amount of capital required to minimise bankruptcy risk. On the other hand,  use of lower confidence levels for management purposes in order to allocate capital to business lines and/or individual exposures and to identify those exposures that are critical for profit objectives in a normal business environment. Another interesting aspect of the internal use of different risk measures is that the choice of risk measure and confidence level heavily influences relative capital allocations to individual exposures or portfolios. In short, the farther out in the tail of a loss distribution, the more relative capital gets allocated to concentrated exposures. As such, the choice of the risk measure as well as the confidence level can have a strategic impact since some portfolios might look relatively better or worse under risk-adjusted performance measures than they would based on an alternative risk measure.

 

Chitro Majumdar CSO – R-square RiskLab

 

 

More details: http://www.riskreturncorp.com

The Future of Risk Management – Conference at NYU November 2009

November 14, 2009

Some good and not so good parts to this conference.  Hosted by Courant Institute of Mathematical Sciences, it was surprisingly non-quant.  In fact several of the speakers, obviously with no idea of what the other speakers were doing said that they were going to give some relief from the quant stuff.

Sad to say, the only suggestion that anyone had to do anything “different” was to do more stress testing.  Not exactly, or even slightly, a new idea.  So if this is the future of risk management, no one should expect any significant future contributions from the field.

There was much good discussion, but almost all of it was about the past of risk management, primarily the very recent past.

Here are some comments from the presenters:

  • Banks need regulator to require Stress tests so that they will be taken seriously.
  • Most banks did stress tests that were far from extreme risk scenarios, extreme risk scenarios would not have been given any credibility by bank management.
  • VAR calculations for illiquid securities are meaningless
  • Very large positions can be illiquid because of their size, even though the underlying security is traded in a liquid market.
  • Counterparty risk should be stress tested
  • Securities that are too illiquid to be exchange traded should have higher capital charges
  • Internal risk disclosure by traders should be a key to bonus treatment.  Losses that were disclosed and that are within tolerances should be treated one way and losses from risks that were not disclosed and/or that fall outside of tolerances should be treated much more harshly for bonus calculation purposes.
  • Banks did not accurately respond to the Spring 2009 stress tests
  • Banks did not accurately self assess their own risk management practices for the SSG report.  Usually gave themselves full credit for things that they had just started or were doing in a formalistic, non-committed manner.
  • Most banks are unable or unwilling to state a risk appetite and ADHERE to it.
  • Not all risks taken are disclosed to boards.
  • For the most part, losses of banks were < Economic Capital
  • Banks made no plans for what they would do to recapitalize after a large loss.  Assumed that fresh capital would be readily available if they thought of it at all.  Did not consider that in an extreme situation that results in the losses of magnitude similar to Economic Capital, that capital might not be available at all.
  • Prior to Basel reliance on VAR for capital requirements, banks had a multitude of methods and often used more than one to assess risks.  With the advent of Basel specifications of methodology, most banks stopped doing anything other than the required calculation.
  • Stress tests were usually at 1 or at most 2 standard deviation scenarios.
  • Risk appetites need to be adjusted as markets change and need to reflect the input of various stakeholders.
  • Risk management is seen as not needed in good times and gets some of the first budget cuts in tough times.
  • After doing Stress tests need to establish a matrix of actions that are things that will be DONE if this stress happens, things to sell, changes in capital, changes in business activities, etc.
  • Market consists of three types of risk takers, Innovators, Me Too Followers and Risk Avoiders.  Innovators find good businesses through real trial and error and make good gains from new businesses, Me Too follow innovators, getting less of gains because of slower, gradual adoption of innovations, and risk avoiders are usually into these businesses too late.  All experience losses eventually.  Innovators losses are a small fraction of gains, Me Too losses are a sizable fraction and Risk Avoiders often lose money.  Innovators have all left the banks.  Banks are just the Me Too and Avoiders.
  • T-Shirt – In my models, the markets work
  • Most of the reform suggestions will have the effect of eliminating alternatives, concentrating risk and risk oversight.  Would be much safer to diversify and allow multiple options.  Two exchanges are better than one, getting rid of all the largest banks will lead to lack of diversity of size.
  • Problem with compensation is that (a) pays for trades that have not closed as if they had closed and (b) pay for luck without adjustment for possibility of failure (risk).
  • Counter-cyclical capital rules will mean that banks will have much more capital going into the next crisis, so will be able to afford to lose much more.  Why is that good?
  • Systemic risk is when market reaches equilibrium at below full production capacity.  (Isn’t that a Depression – Funny how the words change)
  • Need to pay attention to who has cash when the crisis happens.  They are the potential white knights.
  • Correlations are caused by cross holdings of market participants – Hunts held cattle and silver in 1908’s causing correlations in those otherwise unrelated markets.  Such correlations are totally unpredictable in advance.
  • National Institute of Financa proposal for a new body to capture and analyze ALL financial market data to identify interconnectedness and future systemic risks.
  • If there is better information about systemic risk, then firms will manage their own systemic risk (Wanna Bet?)
  • Proposal to tax firms based on their contribution to gross systemic risk.
  • Stress testing should focus on changes to correlations
  • Treatment of the GSE Preferred stock holders was the actual start of the panic.  Leahman a week later was actually the second shoe to drop.
  • Banks need to include variability of Vol in their VAR models.  Models that allowed Vol to vary were faster to pick up on problems of the financial markets.  (So the stampede starts a few weeks earlier.)
  • Models turn on, Brains turn off.

Turn VAR Inside Out – To Get S

November 13, 2009

S

Survival.  That is what you really want to know.  When the Board meeting ends, the last thing that they should hear is management assuring them that the company will be in business still when the next meeting is due to be held.

S

But it really is not in terms of bankruptcy, or even regulatory take-over.  If your firm is in the assurance business, then the company does not necessarily need to go that far.  There is usually a point, that might be pretty far remote from bankruptcy, where the firm loses confidence of the market and is no longer able to do business.  And good managers know exactly where that point lies.  

S

So S is the likelihood of avoiding that point of no return.  It is a percentage.  Some might cry that no one will understand a percentage.  That they need dollars to understand.  But VAR includes a percentage as well.  Just because no one says the percentage, that does not mean it is there.  It actually means that no one is even bothering to try to help people to understand what VAR is.  The VAR nuber is really one part of a three part sentence:

The 99% VAR over one-year is $67.8 M.  By itself, VAR does not tell you whether the firm has trouble.  If the VAR doubles from one period to the next, is the firm in trouble?  The answer to that cannot be determined without further information.

S

Survival is the probability that, given the real risks of the firm and the real capital of the firm, the firm will sustain a loss large enough to put an end to their business model.  If your S is 80%, then there is about  50% chance that your firm will not survive three years! But if your S is 95%, then there is a 50-50 chance that your firm will last at least 13 years.  This arithmetic is why a firm, like an insurer, that makes long term promises, need to have a very high S.  An S of 95% does not really seem high enough.

S

Survival is something that can be calculated with the existing VAR model.  Instead of focusing on a arbitrary probability, the calculation instead focuses on the loss that management feels is enough to put them out of business.  S can be recalculated after a proposed share buy back or payment of dividends.  S responds to management actions and assists management decisions.

If your board asks how much risk you are taking, try telling them the firm has a 98.5% Survival probability.  That might actually make more sense to them than saying that the firm might lose as much as $523 M at a 99% confidence interval over one year.

So turn your VAR inside out – to get S 


%d bloggers like this: