Risk Management Failures

I had compiled the attached list of “Risk Management Failures” originally for use in ERM training seminars in 2001. The original version was a list from an article on banking risk management failures (that I can no longer find to credit) combined with a list of insurer failures from my memory.

When I first showed this slide, one seminar participant said that at their Risk Committee meetings, the participants took turns giving a 1 minute summary of the story of various risk management failures. Others have said that they have used a list like this as part of a justification for risk management development.

Over the years, I have sporadically updated the list, adding both more current examples as well as some more historic events as I became aware of them.

There are doubtless many important examples that I am missing. Probably will no longer fit on one slide. (the original version used much larger font size)

So please share your suggestions for additional items that should be added.

1973: Equity Funding Fraud
1983: Baldwin United Shell Game
1984: Continental Illinois Bank Run
1986: The ZZZ Best Carpet Scandal.
1988: Equitable (NY) GIC losses.
1989: The US S&L Crisis.
1991: Salomon Brothers Bond Scandal.
1991: BCCI Scandal.
1991: Executive Life / First Capital Life Junked
1991: Mutual Benefit Liquidity Squeeze
1991 – 1996: Lloyd’s Asbestos Liabilities
1994 – 2002: Japanese Real Estate & Banking
1994: Orange County Default
1994: Kidder Peabody Fiasco.
1994: Confederation Life Failure
1994: Monarch Life Seizure
1995: The Barings Derivatives Scandal.
1996: Sumitomo Copper Scandal.
1997: The Natwest Hole.
1997: The Bre-X Mining Scandal.
1997: Smith Barney Investor Fraud.
1997: Bank of Tokyo-Mitsubishi Derivatives Loss.
1997: UBS Derivatives Model Problems.
1997: Prudential Insurance US Market Conduct
1997: Nissan Mutual ALM Failure
1998: Griffin Trading Bond Futures losses.
1998: Russian Bond Debacle.
1998: The LTCM Risk Model Failure.
1998: Asian Economic Flu Crisis
1999: Toho Mutual & Daihyaju Mutual
1999: General American Liquidity Failure
1999: Korea Life ALM Losses & Failure
1999: Unicover Fiasco
2000: Equitable UK Pension guarantees
2001: American Express CBO Losses
2001: World Trade Center
2002: Enron & Worldcom
2002: Conseco chokes on Green Tree
2002: HIH Surprise
2002: Amer Skandia VA problems
2003: Parmalat Accounting Scandal
2003: Allmerica VA reserving
2003: Annuity & Life Re Overgrowth
2004: Marsh Contingent Commissions
2005: AIG Finite Re
2006: Scottish Re Tax Asset
2006: Hurricane Katrina
2007: Bear Stearns/Countrywide/??? Sub Primes

David Ingram

21 Comments on “Risk Management Failures”

  1. riskviews Says:

    2009 Dubai Sovereign Debt Crisis

  2. riskviews Says:

    2012 – MF Global goes bust and cannot find all of the customer’s money
    2012 – JP Morgan and the London Whale

  3. riskviews Says:

    Phillip Kingston Carver, managed to buy two insurance companies in 1990 without laying down a cent. He had stripped out $1 million from Occidental and Regal Insurance before the former owners realised they had been had.

    In a sad postscript, Carver took the booty in cash and went around paying off his many creditors from a suitcase before the cops caught up with him…

  4. riskviews Says:

    Report from Lehman Bankrupcy Examiner. http://lehmanreport.jenner.com/

  5. I found reading the input on this thread very interesting, and appreciated your views.

    I don’t want to drag this thread too far off its core purpose, but wanted to add a few thoughts.

    Defining all of the failures as failures of Risk Management, is probably correct in the broadest of contexts – whether through a misunderstanding of the risk, failure to implement adequate controls or a system or process failure.

    The challenges I see most commonly are:

    1. The subjective nature of risk – whereby the group think pressure (consciouly or otherwise) an individual to assume a risk is not a risk simply by the nature of group or herd consent. This is seen in Banks buying triple A rated bonds, which were actually worthless – and nobody investigated or really got to the bottom of the true risk because everyone assumed they were fine, simply because everyone else was doing it. This safety in numbers assumption is founded on the often overly subjective nature of risk.

    2. Risk awareness is heavily tied to the overall awareness of organisational objectives. Failures often occure because the organisation identifies a risk too late in the game, and therefore cannot respond in time. One primary driver of this is recorded here with the research findings from Epiphany. Less than 3% of personnel typically aware of the organisations objectives presents a significant challenge to effective risk management. Identifying risks at an early stage becomes less likely. It almost requires the risk team to see everything themselves, as even with a risk process in place, if the objectives are not communicated, risks cannot be paired to identify the threat.

    This does broaden the scope to some extent on what constitutes a business failure because of poor risk management.

    Just my 2 cents.

  6. riskviews Says:

    there are six types of risk management failures:
    1) Mismeasurement of known risks.
    2) Failure to take risks into account.
    3) Failure in communicating the risks to top management.
    4) Failure in monitoring risks.
    5) Failure in managing risks.
    6) Failure to use appropriate risk metrics.

    Rene Stulz

  7. riskczar Says:

    How about BMO USD 641m commodity trading losses?



    According to a report on Bloomberg, BMO expanded trading in natural gas options after prices rose in 2005 following Hurricane Katrina. The bank relied on one broker to price contracts as the portfolio grew, resulting in an “inappropriate level” of options that lost value when there was a decline in the volatility of gas prices, chief executive William Downe said to the wire service. “The steep level of loss was largely a result of incorrect valuation of the commodity portfolio, which masked the rapid escalation of risk and the real cost of the positions. Our commodity trading team did not operate according to standard BMO business practices. Leadership oversight of the business was not as disciplined or rigorous as it could have been,” Downe added.

  8. riskviews Says:

    2008 Lehman Bros, AIG, Wachovia, Northern Rock

  9. riskviews Says:

    Managing Risk: Practical Lessons from Recent ‘Failures’ Of EU Insurers
    William McDonnell, FSA Occasional Papers, December 2002
    In this report a working group of supervisors from 15 European countries dissect recent experiences of failed insurance companies and ‘near misses’across the life and non-life sectors since 1996. The report also assesses supervisory practices aimed at prevention and advance detection. It concludes that internal management problems appear to be the root cause of every failure or near failure; firms need to anticipate how risks can interact in complex ways, including causal links between different types of risk (for instance operational risks and underwriting risk or claims evaluation risk) and unexpected correlations (particularly between certain asset and underwriting risks); and that it is important to strike the right balance between prescriptive rules, principles, incentives and diagnostic tools.


  10. riskviews Says:

    Here is a link to PRMIA case studies of risk management problems at these firms:



    NAB – FX Options

    Bankgesellschaft Berlin

    Riggs Bank

    Continental Illinois / Penn Square

    Credit Lyonnais

    US S&L Crisis


    Bankers Trust

    Orange County


    California Power Crisis


    World Com


    Submitted by Lorenzo Fattibene

  11. riskviews Says:

    From a S&P article published May 7, 2008

    We see ERM as:

    * An approach to assure the firm is attending to all risks;
    * A set of expectations among management, shareholders, and the board about which risks the firm will and will not take;
    * A set of methods for avoiding situations that might result in losses that would be outside the firm’s tolerance;
    * A method to shift focus from “cost/benefit” to “risk/reward”;
    * A way to help fulfill a fundamental responsibility of a company’s board and senior management;
    * A toolkit for trimming excess risks and a system for intelligently selecting which risks need trimming; and
    * A language for communicating the firm’s efforts to maintain a manageable risk profile.

    Alternatively, we feel ERM is not:

    * A method to eliminate all risks;
    * A guarantee that the firm will avoid losses;
    * A crammed-together collection of longstanding and disparate practices;
    * A rigid set of rules that must be followed under all circumstances;
    * Limited to compliance and disclosure requirements;
    * A replacement for internal controls of fraud and malfeasance;
    * Exactly the same for all firms in all sectors;
    * Exactly the same from year to year; nor
    * A passing fad.

    Dave Ingram

  12. riskviews Says:

    I want to pick up on an earlier point in this thread. These are not all risk management failures. We should be careful not to call every business failure a risk management failure. I think that the desire to do that comes from the mistaken perspective that the risk management function should either 1) be a sort of “super” risk-taker, whose decisions about vetoing risk overrides that of those in the business function or 2) be responsible for all losses since it is risk management’s responsibility, and risk management’s alone, to avoid losses.

    The role of risk management should be to define, highlight, and (possibly) quantify the risks of an organization. A risk management failure is where the risk management function fails to perform this task, and *not* where the business decision made based on the information available at the time is incorrect.

    For example, the Barings case seems to fall for #1. The risk management function should have informed senior management about the risks involved with rogue traders, and possibly had some input into determining what the appropriate level of controls are over trader authorizations, but ultimately, the restrictions decided on, which would balance control versus other business factors (e.g., system ease of use, cost, etc) is not a risk management function, and the actual carrying out of the controls is a control function, not a risk management function. Even if risk management had determined that operational controls were insufficient, it is not the role of risk management to override the business decision makers and implement the control system that they believe is adequate.

    And putting Enron and Worldcom on the list seems to fall for #2. Why are these losses the responsibility of risk management? Maybe the risk management function at an investor who incurred losses was failing, but I’m not sure how risk management is responsible for finding fraud within a company – again, that is a control function.

  13. riskviews Says:

    Last week, UBS published a 50 page report on its subprime losses.


    I haven’t read it carefully yet, but after skimming it does not appear to have any completely new stuff, but this takes the reader step by step through what was done at UBS from mid 2005 through the end of 2007.

    So this gives the story in detail in terms of one institution that was in the middle of the subprime situation. Should become a reference to students of risk management failures.

    Dave Ingram

  14. riskviews Says:

    A few near failures we may want to consider adding:

    Are there any major stock market crashes missing that were primarily caused by specific events?

    The Northridge Earthquake led to a near-failure for 21st Century (was 20th Century) Insurance Company and lead to the creation of CA EQ Authority.

    Hurricane Hugo had a big impact too but was more of a wake up call with what ifs such as if Hugo had hit Miami directly.

    If we consider including severe cyclical markets, medical malpractice has had several dramatic cycles which have lead to several failures/takeovers and state owned facilities. If we do add it, I suggest it twice. The first major crisis was about 1975. There are several “loss leaders” who imploded or exited that niche that could be listed for the most recent cycle (St. Paul!?).

    Workers compensation (pre-Unicover!) and reinsurance might be other areas with risk management “cyclical” failures to consider for the list.

    I read this sentence in an article on the net just now. Certainly a risk management model gone bad:

    Intense competition between California workers’ comp insurers in the late 1990s – – combined with spiraling medical costs, fraud and abuse — caused more than 20 firms to go bust or leave the state from 2000 to 2003.

  15. riskviews Says:

    Just to add to the list of Risk Management Failures – find attached a
    short report on such a failure.

    Basically, a con man managed to use the statutory funds of two life
    office to buy the life office. This is a close point for me, as the
    gentleman apparently lived down the road from me. Companies were
    Occidental and Regal.

    On the life office guarantee funds of some time ago in Australia, it was
    an interesting case. This is all from memory. The products were not
    available at call, but had an ‘up to’ five year lock in period or
    thereabouts. Due to competitive pressure this lock in period was
    generally not enforced.

    The CEO made a big fanfare when they became the largest insurance
    company in Australia (by premium income).
    When earning rates fell they were forced to change asset mix to 100%
    cash, and enforce the lock in period. In effect, it offered a cash rate
    on a product sold to pension plans, with a theoretical lock in period of
    five years.

    The company was not the largest company by premium income for very long,
    and was taken over a couple of years later.


  16. riskviews Says:

    If risk policies existed but were not enforced, I would see that as a risk management failure, since “enforcement” is an important component of the the risk management function. On the other hand, if there are no risk management policies, or no risk management function, I think that “operational risk” could certainly make sense as a category as you suggest, but would perfer it categorized simply as a risk management failure, since it is a failure in the recognition of risk, and this is the first step to effective risk management.
    My other reason for not distinguishing this latter group is that my guess is that there won’t be many “clean” examples in this latter category, since today, virtually everyone at least “talks” the risk management language, and has at least a modest level of investment and effort in the function, if for no other reason than to survive a Board discussion. But as most of us know, such modest efforts are doomed to fail and will ultimately be statistics that is appropriately categorized as a risk management failures, which is to say, failures to recognize and/or adequately address risk.
    Robert R. Reitano
    Professor of the Practice in Finance
    International Business School
    Brandeis University

  17. riskviews Says:

    Just a point of clarification. I titled the original list “Risk Management Failures” not company failures or insolvencies or whatever.

    I never tried to produce a crisp definition of a risk management failure, but it would be along the lines of a major losses that might have been preventable by better risk management.

    In many of the cases, risk management wasn’t tried. In a few of the cases risk management was in place but risk measures were not adequate to properly inform the risk takers of the exposures or risk policies were not adequately enforced.

    I have had an interesting side conversation with one person who wants to classify all of the situations where risk management was not really used as Operational RIsks.

    What do you think?

    Dave Ingram

  18. riskviews Says:

    I think you have been discussing two different issues.

    HIH was a general insurance (P&C) company that failed.

    There were some issues with mutual life companies offering guaranteed
    policies within the superannuation (pension) system. These policies were
    backed by a mix of assets including equities, but the funds were effectively
    at call, so there was a very substantial ALM issue. Cash rates at the time
    were very high, and so the rates provided under these policies were likewise
    quite high, and at the same time the mutual life companies were competing on
    rates. No failures resulted, but the balance sheet of one of the companies
    was weakened quite considerably when markets moved adversely.

    Ian Laughlin

  19. riskviews Says:

    I would add the “Piper Alpha” oil-platform disaster, which knocked out some reinsurers (e.g. a UK PC rein surer belonging to the newly-formed ING) who didn’t have a good understanding of their risk accumulations due spiraling retrocessions.

    Richard Wofford
    Allianz SE
    Group Planning & Controlling, E 04 018
    Koeniginstr. 28
    80802 Munich, Germany

  20. riskviews Says:

    I notice that you don’t have any failures for 1990. Find attached a brief summary of the failure of Occidental and Regal (two Australian life companies). Basically, a con-man (Phillip Carver) used the statutory funds of one of the life companies to buy the two companies. Search the doc for ‘Occidental’ for a brief summary.



    BTW – commodities houses have also had difficulties – Metallgeschaft for example, to complement ENRON.

    Finally, the list contains both events (Asian Flu) and insolvencies (LTCM). I would argue that events will always happen – they are not the failure of a firm’s risk management capability. The exposure to the event, leading to insolvency of an organisation, represents a failure.


  21. riskviews Says:

    I would add to Dave’s list the failure of UK insurers Vehicle and General (in 1971) and Independent (in 2001). The former is well chronicled (there was a Government inquiry) while the latter is the subject of a current fraud trial.

    One could also add to the list the well-chronicled Maxwell pension scheme scandal of 1991-92.

    From Ireland there could be the failures of Insurance Corporation of Ireland (1985) and Private Motorists’ Protection Association (1983).

    While I sympathise with the desire to classify by nature of risk, I think some failure of management control tends to be a common element in most of these stories!

    Seamus Creedon
    Consultant, KPMG LLP

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: