Posted tagged ‘Risk’

2019 Most Dangerous Risks

March 1, 2019

top5

For 2019, a new poll on 180 insurance executives ranks four out of five of last year’s top risks again in the top 5.

See more details at https://blog.willis.com/2019/02/2019-most-dangerous-risks-to-insurers/ 

 

Risk Intelligence II

February 28, 2019

Somehow it worked.

Several psychologists stated that economists were rational and those who didn’t know what economists knew were irrational.

They collected data on how irrational folks are and analyzed that data and grouped it and gave cute names to various groups.

But I think that you could do the same thing with long division. Certainly with calculus. Compare answers of rubes on the sidewalk to math PhD s on a bunch of math questions and how well do you think the rubes would do?

Some of the questions that the psychologists asked were about risk. They proved that folks who rely solely on their gut to make decisions about risk were not very good at it.

I am sure that no-one with any Risk Intelligence would have bet against that finding.

Because Risk Intelligence consists of more than just trusting your gut. It also requires education regarding the best practices for risk management and risk assessment along with stories of how well (and sometimes ill) intentioned business managers went wrong with risk. It also requires careful analysis. Often statistical analysis. Analysis that is usually not particularly intuitive even with experience.

But Risk Intelligence still needs a well developed gut. Because history doesn’t repeat, analysis always requires simplification and assumptions to fill out a model where data is insufficient.

Only with all of Education, Experience and Analysis is Risk Intelligence achievable and even then it is not guaranteed.

And in addition, Education, Experience and Analysis are the cure for the irrational biases found by the psychologists. I would bet that the psychologists systematically excluded any responses from a person with Risk Intelligence. That would have invalidated their investigation.

Their conclusion could have been that many of us need basic financial and risk education, better understanding of how to accumulate helpful experiences and some basic analytical skills. Not as much fun as a long list of cutely names biases, but much more helpful.

Did the Three Pigs have different Risk Tolerances?

March 21, 2018

Or did they just have a different view of the degree of risk in their environment?

3 PigsBy Alex Proimos from Sydney, Australia – Three Little Pigs

Think about it?  Is there any evidence that the first pig, whose house was made off straw, was fine with the idea of losing his house?  Not really.  More likely, he thought that the world was totally benign.  He thought that there was no way that his straw house wouldn’t be there tomorrow and the next day.  He was not tolerant of the risk of losing his house.  He just didn’t think it would happen.  But he was wrong.  It could and did happen.

The second pig used sticks instead of straw.  Did that mean that the second pig had less tolerance for risk than the first pig?  Probably not.  The second pig probably thought that a house of sticks was sturdy enough to withstand whatever the world would send against it.  This pig thought that the world was more dangerous than the first pig.  He needed sticks, rather than straw to make the house sturdy enough to last.  He also was wrong.  Sticks were not enough either.

That third pig has a house of bricks.  That probably cost much more than sticks or straw and took longer to build as well.  The third pig thought that the world was pretty dangerous for houses.  And he was right.  Bricks were sturdy enough to survive.  At least on the day that the wolf came by.

The problem here was not risk tolerance, but inappropriate parameters for the risk models of the first two pigs.  When they parameterized their models, the first pig probably put down zero for the number of wolves in the area.  After all, the first pig had never ever seen a wolf.  The second pig, may have put down 1 wolf, but when he went to enter the parameter for how hard could the wolf blow, he put down “not very hard”.  He had not seen a wolf either.  But he had heard of wolves.  He didn’t know about the wind speed of a full on wolf huff and puff.  His model told him that sticks could withstand whatever a wolf could do to his house.  When the third pig built his risk model, he answered that there were “many” wolves around.  And when he filled in the parameter for how hard the wolf could blow, he put “very”.  When he was a wee tiny pig, he had seen a wolf blow down a house built of sticks that had a straw roof.  He was afraid of wolves for a reason.

 

 

No Reward without Risk

September 29, 2015

Is that so? Well, only if you live in a textbook. And RISKVIEWS has not actually checked whether there really are text books that are that far divorced from reality.

Actually, in the world that RISKVIEWS has inhabited for many years, there are may real possibilities, for example:

  • Risk without reward
  • Reward without risk
  • Risk with too little Reward
  • Risk with too much Reward
  • Risk with just the right amount of reward

The reason why it is necessary to engage nearly everyone in the risk management process is that it is very difficult to distinguish among those and other possibilities.

Risk without reward describes many operational risks.

Reward without risk is the clear objective of every capitalist business.  Modern authors call it a persistent competitive advantage, old school name was monopoly.  Reward without risk is usually called rent by economists.

Risk with too little reward is what happens to those who come late to the party or who come without sufficient knowledge of how things work.  Think of the poker saying “look around the table and if you cannot tell who is the chump, it is you.”  If you really are the chump, then you are very lucky if your reward is positive.

Risk with too much reward happens to some first comers to a new opportunity.  They are getting some monopoly effects.  Perhaps they were able to be price setters rather than price takers, so they chose a price higher than what they eventually learned was needed to allow for their ignorance.  Think of Apple in the businesses that they created themselves.  Their margins were huge at first, and eventually came down to …

Risk with just the right amount of reward happens sometimes, but only when there is a high degree of flexibility in a market – especially no penalty for entry and exit.  Sort of the opposite of the airline industry.

No Reward Without Risk

The Big C is behind every great Risk

March 30, 2015

Concentration, defined broadly, is the source of all risk.

In an unconcentrated pool of activities, all with potential for positive and negative outcomes, provides the Big D – Diversification.

So it seems simple to avoid C – just do D.

But we have so many ways to concentrate.  And concentration is particularly tempting.

  • When things are going well, it makes sense to do more of whatever it is that is working best.  That increases concentration. 
  • Once we learn how to do something right, it makes sense to do more.  That increases concentration.
  • One supplier is almost always the cheapest, fastest and best quality.  So we give them more business.  That increases concentration. 
  • That one product has better margins than the rest and it sells better too.  So we plan to increase our capacity to make that product.  That increases concentration. 
  • Our best distributor runs rings around the rest.  We are working on giving her a larger territory.  That increases concentration. 

The alternative, the diversifying alternative just doesn’t sound so smart.

  • Hold back when things are going well.
  • Do more of the things that you haven’t quite mastered.
  • Buy from the second and third best suppliers.
  • Keep up capacity for the lower margin lower selling products.
  • Restrict your best distributor from selling too much.

Remember Blockbuster?  There were Blockbuster stores everywhere fifteen years ago.  They did that one thing, rent physical videos through physical stores and did it so well that they drove out most of their competition.  But they were totally Concentrated.  When they were faced with a new competitor, Netflix, the CEO proposed changes to their business practices, including diversifying into online rentals.  Their board decided against going into a new lower margin product and fired the CEO.  Five years later, Blockbuster was toast.

Concentration risk is often strategic.

In the financial crisis, we found a new sort of concentration risk.  It was a network risk.  The banks were all highly concentrated in the financial sector – in exposure to other banks.  This network risk is now often called systemic risk.  But this risk is necessary because of the strategic choices of business models of the banks.  They all choose to do business in such a way to take up each other’s slack on a daily basis.  They all think that is much more efficient than operating with an irregular amount of slack resources.  In times running up to the financial crisis, the interdependency changed from just taking up each other’s overnight slack to some banks using that overnight facility from other banks to fund major fraction of their business activity.  (And woe is all that much of that business activity was fundamentally a loser. But that lack of underwriting by the banks of each other is a different story.)

Why is concentration risk so deadly?  The answer to that is pretty simple arithmetic.  If your conglomerate amounts to four similar sized separate divisions that do not interact so much, it is quite possible that if one of those businesses fails, that the conglomerate will be able to continue operating – wounded but fully able to operate the other three divisions.  But if your cousin’s venture has just one highly profitable, highly successful business, then his venture will either live or die with that one business.

In insurance, we see this concentration risk all of the time.  If you are an insurer that only writes business throughout the Pacific islands in the 1700’s, but you find that your best salesperson is on Easter Island and your highest margin product is business interruption insurance for the businesses that do the carving of the massive Moai statues.  So you do more and more business with your best salesperson selling your best product, until you are essentially a one product, one location insurer.  And then the last tree is used (or rats eat the roots).  All of your customers make claims at once.  You thought that you were diversified because you had 300 separate customers.  But those 300 customers all acted like just one when the trees were gone.

So diversification is not just about counting.  It is about understanding the differences or similarities of your risks.  And failure to understand those drivers will often lead to dangerous concentration.  Just ask those banks or that Easter Island insurer.

Berkshire Hathaway Risk Appetite

March 20, 2015
“we are far more conservative in avoiding risk than most large insurers. For example, if the insurance industry should experience a $250 billion loss from some mega-catastrophe – a loss about triple anything it has ever experienced – Berkshire as a whole would likely record a significant profit for the year because of its many streams of earnings. We would also remain awash in cash and be looking for large opportunities in a market that might well have gone into shock. Meanwhile, other major insurers and reinsurers would be far in the red, if not facing insolvency.”
Warren Buffett, Berkshire Hathaway Letter to Shareholders, 2014
So Berkshire is prepared to pay out claims on an event that is three times as large as anything that has ever happened.
What are Berkshire’s competitors prepared for?
Here is an excerpt from the Swiss Re 2013 Annual Report:

Risk tolerance and limit framework

Swiss Re’s risk tolerance is an expression of the extent to which the Board of Directors has authorised the Group and Business Units’ executive management to assume risk. It represents the maximum amount of risk that Swiss Re is willing to accept within the constraints imposed by its capital and liquidity resources, its strategy, its risk appetite, and the regulatory and rating agency environment within which it operates. Risk tolerance criteria are specified for the Group and Business Units, as well as for the major legal entities.

A key responsibility of Risk Management is to ensure that Swiss Re’s risk tolerance is applied throughout the business. As part of this responsibility, Risk Management ensures that our risk tolerance targets are a key basis for our business planning processes. Furthermore, both our risk tolerance and risk appetite – the types and level of risk we seek to take within our risk tolerance – are clearly reflected in a limit framework across all risk categories. The limit framework is approved at the Group EC level through the Group Risk and Capital Committee. The individual limits are established through an iterative process to ensure that the overall framework complies with our Group-wide policies on capital adequacy and risk accumulation.

So they have a number but they are not saying what it is.  But they are telling us what they do with that number.

Now here is the Risk Limit Framework from the 2013 Partner Re annual report.

Partner Re

They have a number and here it is.  But look at how much more Buffet has disclosed.  He told that for Berkshire, an event that is three times the largest event experienced by the insurance industry, the loss would be significantly less than the earnings from the investments of Berkshire’s insurance and reinsurance companies plus the earnings of its non-insurance businesses.

Partner Re, whose disclosure is light years more specific than almost any other (re)insurer, is not quite so helpful.  It is good to know that they have the disclosed limits, but they have not provided any information to tell us how much that this adds up to in their mind.  If RISKVIEWS adds them up, these limits come to $21.5B.  Adding like that is the same as assuming that they all happen at once.  If we make the opposie assumption, that they are totally independent, we get a little more than $10B.  Partner Re’s capital is $7.5B.  So when they accept these risks, they must not think that it is likely to pay out their full limit, even on a fully diversified independent risk scenario.

So even with more specific disclosure than almost any other insurer, Partner Re has not revealed how they think of their risk appetite.

On the other hand, while Berkshire has given a better sense of their risk appetite, Buffett hasn’t revealed any number.

But this seems to RISKVIEWS to be real progress.  Perhaps some combination of these three disclosures would be the whole story of risk appetite at a (re) insurer.

We shall wait and see if somehow this evolution continues until investors and policyholders can get the information to understand how well prepared a (re) insurer is to pay its claims and remain in business in a extreme situation.

 

 

Risk Reporting Conflict of Interest

March 2, 2015

We give much too little consideration to potential for conflict of interest in risk reporting.

Take for instance weather risk reporting.

Lens: Tamron 28-80mmScanned with Nikon CoolScan V ED

"Sneeuwschuiver". Licensed under CC BY-SA 2.5 via Wikimedia Commons

Many of the people who report on Weather Risk have a financial interest in bad weather.  Not that they own snow plowing services or something.  But take TV stations for example.  Local TV station revenue is largely proportional to their number of viewers.  Local news and weather are often the sole part of their schedule that they produce themselves and therefore get all or almost all of the revenue.  And viewership for local news programs may double with an impending snowstorm.  So they have a financial interest in predicting more snow.  The Weather Channel has the same dynamic, but a wider area from which to draw to find extreme weather situations.  But if there is any hint of a possible extreme weather situation in a major metropolitan area with millions of possible viewers, they have a strong incentive to report the worst case possibility.

This past January, there were some terrible snow forecasts for New York and Philadelphia:

For the Big Apple, the great Blizzard of 2015 was forecast to rival the paralyzing 1888 storm, dubbed the White Hurricane. Up to three feet of snow was predicted. Reality: About 10 inches fell.

The forecast in Philadelphia wasn’t any better – and arguably worse. Up to 14 inches of snow were forecast. The City of Brotherly Love tallied roughly 2 inches, about the same as Washington, D.C.

Washington Post,  January 27, 2015

In other cases, we go to the experts to get information about possible disasters from diseases.  But their funding depends very much on how important their specialty is seen to be to the politicians who approve their funding.

In 2005, the Bird Flu was the scare topic of the year.

“I’m not, at the moment, at liberty to give you a prediction on numbers, but I just want to stress, that, let’s say, the range of deaths could be anything from 5 to 150 million.”

David Nabarro, Senior United Nations system coordinator for avian and human influenza

Needless to say, the funding for health systems can be strongly impacted by the fear of such a pandemic.  At them time that statement was made, worldwide Bird Flu deaths were slightly over 100.  Not 100 thousand, 100 – the number right after 99.

But the purpose of this post is not writing this to disparage weather reporters or epidemiologists.  It is to caution risk managers.

Sometimes risk managers get the idea that they are better off if everyone had more concern for risk.  They take on the roll of Dr. Doom, pointing out the worst case potential in every situation.

This course of action is usually not successful. Instead of building respect for risk, the result is more often to create a steady distrust of statements from the risk manager.  The Chicken Little effect results.

Instead, the risk manager needs to focus on being painstakingly realistic in reporting about risk.  Risk is about the future, so it is impossible to get it right all of the time.  That is not the goal.  The goal should be to make reports on risk that consistently use all of the information available at the time the report is made.

And finally, a suggestion on communicating risk.  That is that risk managers need to develop a consistent language to talk about the likelihood and severity of a risk.  RISKVIEWS suggests that risk managers use three levels of likelihood:

  • Normal Volatility (as in within).  Each risk should have a range of favorable and unfavorable outcomes within the range of normal volatility.  This could mean within one standard deviation, or with a 1 in 10 likelihood. So normal volatility for the road that you drive to work might be for there to be one accident per month.
  • Realistic Disaster Scenario.  This might be the worst situation for the risk that has happened in recent memory, or it might be a believable bad scenario that hasn’t happened for risks where recent experience has been fairly benign.  For that road, two accidents in a week might be a realistic disaster.  It actually happened 5 years ago.  For the similar road that your spouse takes to work, there haven’t been any two accident weeks, but the volume of traffic is similar, so the realistic disaster scenario for that road is also two accidents in a week.
  • Worst case scenario.  This is usually not a particularly realistic scenario.  It does not mean worst case, like the sun blowing up and the end of the solar system.  It does mean something significantly worse than what you expect can happen. For the risk of car accidents on your morning commute, the worst case might be a month with 8 accidents.

So the 150 million number above for flu deaths is a worst case scenario.  As were the Great Blizzard predictions.  What actually happened was in line with normal volatility for a winter storm in those two cities.

If you, the risk manager, learn to always use language like the above, first of all, it will slow you down and make you think about what you are saying.  Eventually, your audience will get to learn what your terminology means and will be able to form their own opinion about your reliability.

And you will find that credibility for your risk reporting has very favorable impact on your longevity and compensation as a risk manager.

 

Decision Making Under Deep Uncertainty

October 20, 2014

The above is a part of the title of a World Bank report.  The full title of that report is

Investment Decision Making Under Deep Uncertainty – Application to Climate Change

While that report focuses upon that one specific activity – Investing, and one area of deep uncertainty – Climate Change, there are some very interesting suggestions contained there that can be more broadly applied.

First, let’s look at the idea of Deep Uncertainty.  They define it as:

deep uncertainty is a situation in which analysts do not know or cannot agree on (1) models that relate key forces that shape the future, (2) probability distributions of key variables and parameters in these models, and/or (3) the value of alternative outcomes.

In 1973, Horst W.J. Rittel and Melvin M. Webber, two Berkeley professors, published an article in Policy Sciences introducing the notion of “wicked” social problems. The article, “Dilemmas in a General Theory of Planning,” named 10 properties that distinguished wicked problems from hard but ordinary problems.

1. There is no definitive formulation of a wicked problem. It’s not possible to write a well-defined statement of the problem, as can be done with an ordinary problem.

2. Wicked problems have no stopping rule. You can tell when you’ve reached a solution with an ordinary problem. With a wicked problem, the search for solutions never stops.

3. Solutions to wicked problems are not true or false, but good or bad. Ordinary problems have solutions that can be objectively evaluated as right or wrong. Choosing a solution to a wicked problem is largely a matter of judgment.

4. There is no immediate and no ultimate test of a solution to a wicked problem. It’s possible to determine right away if a solution to an ordinary problem is working. But solutions to wicked problems generate unexpected consequences over time, making it difficult to measure their effectiveness.

5. Every solution to a wicked problem is a “one-shot” operation; because there is no opportunity to learn by trial and error, every attempt counts significantly. Solutions to ordinary problems can be easily tried and abandoned. With wicked problems, every implemented solution has consequences that cannot be undone.

6. Wicked problems do not have an exhaustively describable set of potential solutions, nor is there a well-described set of permissible operations that may be incorporated into the plan. Ordinary problems come with a limited set of potential solutions, by contrast.

7. Every wicked problem is essentially unique. An ordinary problem belongs to a class of similar problems that are all solved in the same way. A wicked problem is substantially without precedent; experience does not help you address it.

8. Every wicked problem can be considered to be a symptom of another problem. While an ordinary problem is self-contained, a wicked problem is entwined with other problems. However, those problems don’t have one root cause.

9. The existence of a discrepancy representing a wicked problem can be explained in numerous ways. A wicked problem involves many stakeholders, who all will have different ideas about what the problem really is and what its causes are.

10. The planner has no right to be wrong. Problem solvers dealing with a wicked issue are held liable for the consequences of any actions they take, because those actions will have such a large impact and are hard to justify.

These Wicked Problems sound very similar to Deep Uncertainty.

The World Bank report suggests that “Accepting uncertainty mandates a focus on robustness”.

A robust decision process implies the selection of a project or plan which meets its intended goals – e.g., increase access to safe water, reduce floods, upgrade slums, or many others– across a variety of plausible futures. As such, we first look at the vulnerabilities of a plan (or set of possible plans) to a field of possible variables. We then identify a set of plausible futures, incorporating sets of the variables examined, and evaluate the performance of each plan under each future. Finally, we can identify which plans are robust to the futures deemed likely or otherwise important to consider.

That sounds a lot like a risk management approach.  Taking your plans and looking at how your plans work under a range of scenarios.

This is a different approach from what business managers are trained to take.  And it is a clear example of the fundamental conflict between risk management thinking and the predominant thinking of company management.

What business managers are taught to do is to predict the most likely future scenario and to make plans that will maximize the results under that scenario.

And that approach makes sense when faced with a reliably predictable world.  But in those situations when you are faced with Deep Uncertainty or Wicked Problems, the Robust Approach should be the preferred approach.

Risk managers need to understand that businesses mainly need to apply the Robust/risk management techniques to these Wicked Problems and Deep Uncertainty.  It is a major waste of time to seek to apply the Robust Approach when the situation is not that extreme.  Risk managers need to develop skills and processes to identify these situations.  Risk managers need to “sell” this approach to top management.  Risks need to be divided into two classes – “normal” and “Deep Uncertain/Wicked” and the Robust Approach used for planning what to do regarding the business activities subject to that risk.  The Deep Uncertainty may not exist now, but the risk manager needs to have the credibility with top management when they bring their reasoning for identifying a new situation of Deep Uncertainty.

Too Much Risk

August 18, 2014

Risk Management is all about avoiding taking Too Much Risk.

And when it really comes down to it, there are only a few ways to get into the situation of taking too much risk.

  1. Misunderstanding the risk involved in the choices made and to be made by the organization
  2. Misunderstanding the risk appetite of the organization
  3. Misunderstanding the risk taking capacity of the organization
  4. Deliberately ignoring the risk, the risk appetite and/or the risk taking capacity

So Risk Management needs to concentrate on preventing these four situations.  Here are some thoughts regarding how Risk Management can provide that.

1. Misunderstanding the risk involved in the choices made and to be made by an organization

This is the most common driver of Too Much Risk.  There are two major forms of misunderstanding:  Misunderstanding the riskiness of individual choices and Misunderstanding the way that risk from each choice aggregates.  Both of these drivers were strongly in evidence in the run up to the financial crisis.  The risk of each individual mortgage backed security was not seriously investigated by most participants in the market.  And the aggregation of the risk from the mortgages was misunderestimated as well.  In both cases, there was some rationalization for the misunderstanding.  The Misunderstanding was apparent to most only in hindsight.  And that is most common for misunderstanding risks.  Those who are later found to have made the wrong decisions about risk were most often acting on their beliefs about the risks at the time.  This problem is particularly common for firms with no history of consistently and rigorously measuring risks.  Those firms usually have very experienced managers who have been selecting their risks for a long time, who may work from rules of thumb.  Those firms suffer this problem most when new risks are encountered, when the environment changes making their experience less valid and when there is turnover of their experienced managers.  Firms that use a consistent and rigorous risk measurement process also suffer from model induced risk blindness.  The best approach is to combine analysis with experienced judgment.

2.  Misunderstanding the risk appetite of the organization

This is common for organizations where the risk appetite has never been spelled out.  All firms have risk appetites, it is just that in many, many cases, no one knows what they are in advance of a significant loss event.  So misunderstanding the unstated risk appetite is fairly common.  But actually, the most common problem with unstated risk appetites is under utilization of risk capacity.  Because the risk appetite is unknown, some ambitious managers will push to take as much risk as possible, but the majority will be over cautious and take less risk to make sure that things are “safe”.

3.  Misunderstanding the risk taking capacity of the organization

 This misunderstanding affects both companies who do state their risk appetites and companies who do not.  For those who do state their risk appetite, this problem comes about when the company assumes that they have contingent capital available but do not fully understand the contingencies.  The most important contingency is the usual one regarding money – no one wants to give money to someone who really, really needs it.  The preference is to give money to someone who has lots of money who is sure to repay.  For those who do not state a risk appetite, each person who has authority to take on risks does their own estimate of the risk appetite based upon their own estimate of the risk taking capacity.  It is likely that some will view the capacity as huge, especially in comparison to their decision.  So most often the problem is not misunderstanding the total risk taking capacity, but instead, mistaking the available risk capacity.

4.  Deliberately ignoring the risk, the risk appetite and/or the risk taking capacity of the organization

A well established risk management system will have solved the above problems.  However, that does not mean that their problems are over.  In most companies, there are rewards for success in terms of current compensation and promotions.  But it is usually difficult to distinguish luck from talent and good execution in a business about risk taking.  So there is a great temptation for managers to deliberately ignore the risk evaluation, the risk appetite and the risk taking capacity of the firm.  If the excess risk that they then take produces excess losses, then the firm may take a large loss.  But if the excess risk taking does not result in an excess loss, then there may be outsized gains reported and the manager may be seen as highly successful person who saw an opportunity that others did not.  This dynamic will create a constant friction between the Risk staff and those business managers who have found the opportunity that they believe will propel their career forward.

So get to work, risk managers.

Make sure that your organization

  1. Understands the risks
  2. Articulates and understands the risk appetite
  3. Understands the aggregate and remaining risk capacity at all times
  4. Keeps careful track of risks and risk taking to be sure to stop any managers who might want to ignore the risk, the risk appetite and the risk taking capacity

Risk Appetite is the Boundary

June 18, 2014

Actually, it is two boundaries.

First, it is the boundary between Management and the Board with regard to risk.

  • If risk taking is within the risk appetite, then Management can tell the board about that activity after the fact.
  • If risk taking is outside the risk appetite, then Management needs to talk to the board in advance and get agreement with the risk taking plans.  (We say outside, rather than above, because for firms in the risk taking business, risk appetite should involve a minimum AND a maximum.)

 

Second, it is the boundary between everyday risk mitigation practices and extraordinary mitigations.

  • Everyday mitigations are the rules for accepting risk (underwriting) and the rules for trimming risk (ALM, hedging and reinsurance)
  • Extraordinary mitigations are those special actions that are taken when risk is seen to be out of acceptable bounds (stopping or limiting new risk taking, bulk divestitures or acquisitions of risks, capital raising, etc.)

Firms that struggle with naming their risk appetite might try to think of where these two boundaries lie.  And set their risk appetite to be near or even at those boundaries.

Cavalcade of Risk – Aristotle and Risk

April 30, 2014

The WC Roundup is  hosting the 207th Cavalcade of Risk.  This bi-weekly blog is a collection of risk-related posts covering topics from finance, to insurance, to health.

http://blog.reduceyourworkerscomp.com/2014/04/cavalcade-risk-207-collection-top-risk-posts-blogosphere/
Topics this time include Workers Comp, Health, ACA, Life Insurance, Venture Capital and Aristotle.
Check it out.

The biggest Risk is that the rules keep changing

December 27, 2013

RISKVIEWS played the board game Risk Legacy with the family yesterday.  We were playing for the 8th time.  This game is a version of the board game Risk where the rules are changed by the players after each time playing the game.  Most often, the winner is the person who most quickly adapts to the new rules.  Once the other players see how the rules can be exploited, they can adapt to defend against that particular strategy, but at the same time, the rules have changed again, presenting a new way to win.

This game provides a brilliant metaphor for the real world and the problems faced by business and risk managers in constantly having to adapt both to avoid losing and to find the path to winning.  The biggest risk is that the rules keep changing.  But unlike the game, where the changes are public and happen only once per game, in the real world, the changes to the rules are often hidden and can happen at any time.

Regulators are forced to follow a path very much like the Risk Legacy game of making public changes on a clear timetable, but  competitors can change their prices or their products or their distribution strategy at any time.  Customers can change their behaviors, sometimes drastically, most often gradually without notice.  Even the weather seems to change, but we are not really sure how much.

Meanwhile, risk managers have been forced into a universe of their own design with the movement towards heavy metal complex risk models.  Those models are most often based upon the premise that when it comes to risk, things will not change.  That the future will be much like the past and in fact, that even inquiring about changes may be difficult and may therefore be discouraged due to limited resources.

But risk can be thought of as the tail of the cat.  The exact path of the cat is unpredictable.  The rules for what a cat is trying to accomplish at any point in time keep changing.  Not constantly changing, but changing nonetheless without warning.  So imagine trying to model the path of the cat.  Now shift to the tail of the cat representing the risk.  The tail has a much wider and more unpredictable path than the body of the cat.

That is not to suggest that the path of the tail (the risk) is wildly unpredictable.  But keeping up with the tail requires much more than simply extrapolating the path of the cat from the recent past.  It requires keeping up with the ever changing path of the cat.  And the tail movement will often represent the possibilities for changes in the future path.

Some risk models and risk management programs are created with recognition of the likelihood that the rules will change, sometimes even between the time that the model assumptions are set and when the model results are presented.  In those programs, the models are valued for their insights into the nature of risk, but of the risk as it was in the recent past.  And with recognition that the risk that will be will be somewhat different because the rules will change.

Employee Turnover Risk – Update

November 25, 2013

Riskviews reported that Employee Turnover risk was Imminent in 2011.  But it hasn’t happened yet.

QuitsYou can see from this recent US BLS chart that employee quits are very slowly edging up, but they haven’t exactly popped.

But the points made in 2011 are still valid.

  • A large percentage of employees are somewhat dissatisfied with their jobs and would move given the right opportunity.
  • It is very expensive to replace experienced and highly productive employees.

Another factor, retirements of Baby Boomers, will gradually grow over the next twenty years, but will not create any sudden shift in these numbers.  The monthly retirements will gradually double, since the baby boomer cohort births were roughly double the annual number of births pre-1946 gradually adding roughly 150,000 to the monthly quit figures.  People do not generally all retire as soon as they reach eligibility age, and that practice has slowed slightly since a temporary spike in retirements after the Financial Crisis.

Extrapolation of the chart above suggests that it might take another three years for quits to reach the pre-crisis peak.

Lesson to learn from the 2011 statement – the statement that something is a risk is NOT a prediction that a loss event is going to happen.  Employee turnover is still a risk, but the velocity of emergence has proved to be less than expected.

Are you using Enron Accounting?

November 14, 2013

Over 10 years ago the high flying ENRON corporation came crashing down.

enronOne of the things that was responsible for their high flying and for the delayed recognition of their actual underlying troubles was their accounting. Arthur Andersen, their external auditors, went up in smoke 10 years ago also over related issues.

At its heart, Enron’s problems were caused by greed and a 65 multiplier.  Their stock was valued at 65 times earnings at its peak.  So a $1 increase in earnings meant a $65 increase in stock price.

And earnings were determined by accounting rules.

In Enron’s case, they were taking an approach to long term projects that fronted profits to an early stage in the life of the long term contract.  They often reported present value of all future profits from a new project when the project was contracted.  A long term energy delivery contract would have 5 or 10 years of future projected profits reported when the deal was closed.

This was called a mark to market approach.  But in fact it was almost always a mark to model.

But both systems can lead to risk management problems.  The fronted profits may or may not emerge. Some of these contract’s value were subsequently marketed down as market conditions changed in future years.  And in Enron’s case, the later adjustments became more and more on the down side because of optimistic original booking.  This then put pressure on management to find a larger and larger quantity of “new” deals where they could report large up front and possibly inflated pv of future profits.  Eventually it crashed like the ponzi scheme that it was.  They got too big.  They just couldn’t find enough new deals to paper over the losses from write downs adjustments to previously deals.

There are two other choices to accounting for long term transactions.  The profits could be recognized over the life of the deal or the profits can be recognized when the deal is completed.  That later approach seems so, so dated.  How 19th century. Let’s call these three types of accounting Type E, Type L and Type C.

But the risk manager needs to understand the accounting treatment of every deal that is not closed in the same accounting period that it is opened.

  • Type E accounting means that the company probably put up an asset for future profits.  The risk capital that should be associated with that asset may well be very high.  The firm is at high risk that that asset will not be worth what the books say.  Proponents of this approach say that all it takes to get this right is the correct discount rate.  With the right discount rate, the E approach is more or less the same as the L approach.  That discount rate is the rate that makes the activity break even at inception.
  • Type L accounting means that in some cases, the company is still setting up an asset, albeit small, at the inception of the deal, since in many cases there are either more expenses or less revenues at the outset of a long term project than there are over the life o the deal on the average.  That is the usual objective of Type L accounting, to make every year look like an “average” year on an expected basis.  This smoothing also carries some accounting risk, but much less than Type E.
  • Type C accounting means that profits are realized when cumulative revenues exceed cumulative expenses on the deal.  Deals that are expected to be profitable (and what company enters into long term deals that are not?) are usually reported as losers at the outset.  You could argue that this is just another discount rate applied to the future cashflows.  But this discount rate is infinite, making future cashflows worthless until they happen.

RISKVIEWS opinion is that one approach is not necessarily superior to another.  However, if the financial statement contains various projects that are not treating the future consistently, then there will be major distortions of perception about results.  That distortion is itself a major risk.

Ignoring a Risk

October 31, 2013

Ignoring is perhaps the most common approach to large but infrequent risks.

Most people think of a 1 in 100 year event as something so rare as it will never happen.

But just take a second and look at the mortality risk of a life insurer.  Each insured has on average around a 1 – 2 in 1000 likelihood of death in any one year.  However, life insurers do not plan for zero claims.  They plan for 1 -2 in 1000 of their policies to have a death claim in any one year.  No one thinks it odd that something with a 1-2 in 1000 likelihood happens hundreds of times in a year.  No one goes around scoffing at the validity of the model or likelihood estimate because such a rare event has happened.

But somehow, that seemingly totally simple minded logic escapes most people when dealing with other risks.  They scoff at how silly that it is that so many 1 in 100 events happen in a year.  Of course, they say, such estimated of likelihood MUST be wrong.

So they go forth ignoring the risk and ignoring the attempts at estimating the expected frequency of loss.  The cost of ignoring a low frequency risk is zero in most years.

And of course, any options for transferring such a risk will have both an expected frequency and an uncertainty charge built in.  Which make those options much too expensive.

The big difference is that a large life insurer takes on hundreds of thousands and in the largest cases, millions of exposures to the 1-2 in 1000 risks. Of course, the law of large numbers turns these individual ultra low frequency risks into a predictable claims pattern, in many cases one with a fairly tight distribution of possible claims.

But because they are ignored, no one tries to know how many of those 1 in 100 risks that we are exposed to.  But the statistics of 20 or 50 or 100 totally unrelated 1 in 100 risks is exactly the same as the life insurance math.

With 100 totally unrelated independent 1 in 100 risks, the chance of one or more turning into a loss in any one year is 63%!

And the most common reaction to the experience of a 1 in 100 event happening is to decide that the statistics are all wrong!

After Superstorm Sandy, NY Governor Cuomo told President Obama that NY “has a 100-year flood every two years now.”  Cuomo had been governor for less than two full years at that point.

The point is that organizations must go against the natural human impulse to separately decide to ignore each of their “rare” risks and realize that the likelihood of experiencing one of these rare events is not so rare, what is uncertain is which one.

EMERGING RISKS SURVEY

October 24, 2013

 TAKE PART IN THE ANNUAL EMERGING RISKS SURVEY

The Joint Risk Management Section, sponsored by the Casualty Actuarial Society, Canadian Institute of Actuaries, and the Society of Actuaries, is interested in better understanding how risk managers deal with emerging risks. 

This online survey is a follow-up to earlier surveys of emerging risks and will help to provide insight to evolving trends.

We would greatly appreciate you taking the time to complete the survey by November 12. It should take about 10 minutes to complete the basic survey. We hope you will share your thoughts and experiences in comment boxes.
All responses are anonymous.

If you have questions about the survey, please contact Barbara Scott.

Thanks very much for your consideration!
 

Follow this link to the Survey:
Take the Survey

Or copy and paste the URL below into your internet browser:
http://soa.qualtrics.com/WRQualtricsSurveyEngine/?SID=SV_enCCsQQRC69rImF&RID=MLRP_42djj6AnslfxzjT&_=1

Decisions under partial information

October 22, 2013

Yesterday, RISKVIEWS admitted puzzlement regarding the following question from a study about decisions involving risk:

The managers were asked what they did when faced with a problem that involves risk, and they ranked the choices below; in this order:

(1) Collect more information
(2) Check different aspects of the problem
(3) Actively work on the problem to reduce the risk
(4) Delay the decision

(5) Avoid taking risks
(6) Delegate the decision

Did you guess why?  Well the answer is pretty simple.  The six choices here did not include the possibility of actually making a decision!

Risk managers need to realize that the people actually running a business sometimes (often?) need to make decisions with very partial information.  All too often, risk managers act as second guessers.  Making judgements on decisions made with partial information, judgements that are based on much more information and also informed by time consuming and lengthy analysis.

The right answer for business decisions involving risk is not any of these choices:

(1) Collect more information
(2) Check different aspects of the problem
(3) Actively work on the problem to reduce the risk
(4) Delay the decision

(5) Avoid taking risks
(6) Delegate the decision

The risk manager would be much more useful to the organization if instead of the second guessing, they spent time developing ways to incorporate risk into decisions that are made under partial information.

Key to such a process would be the development of methods to estimate risk without full risk model runs, and without full data and without lengthy analysis.

 

Decisions, Decisions

October 20, 2013

Someone did a paper on making decisions under risk.  As part of that study, they did a survey.  Here is one of the questions:

The managers were asked what they did when faced with a problem that involves risk, and they ranked the choices below; in this order:

(1) Collect more information
(2) Check different aspects of the problem
(3) Actively work on the problem to reduce the risk
(4) Delay the decision

(5) Avoid taking risks
(6) Delegate the decision

How would you rank these choices?

RISKVIEWS is puzzled by the question.  Can you guess why?  Answer tomorrow.

Default Scenarios

October 16, 2013

What are the scenarios that you have been thinking about with the US Government Default situation?

NBC News has seven.

1.  Depression and Unemployment

2.  Dollar down, prices and rates up

3.  Down go investments

4.  Social security payments halt

5.  Banking operations freeze

6.  Money market funds break

7.  Global markets walloped

If you are a risk manager, you have probably already worked through your nightmare scenario and have at least some ide of what you might do.

But if you are like the rest of us, you are probably just betting the they will work it out in the end.

Deep in our hearts, we would all choose a scenario with no surprises.  Peter Wack, the father of scenario planning at Shell

My personal scenario is a muddle through.  Just like in the situation of the Lehman default, where the decision was not to act until they saw the repercussions of the default ripple through global financial markets, the US Congress fails to reach a deal until some payments are delayed.  The Treasury goes forward with the deferral process – paying bills in order of when they were due once they have the money.  This goes on for a week or two and several of the NBC scenarios start to happen all at once.  Then Congress finally acts and extends the debt ceiling.

They are still all wrapped up in their own world though and they only pass an extension that will work for several months.  This turns out to be not enough to calm the markets and the chaos continues, even though the US is now paying its bills.

Ultimately, it results in the development of an alternate structure for the global reserve currency.  This results in a permanent rise in the cost of funds for the US government.  Which is itself catastrophic given the historically high debt levels and the long term government funding crisis.

But wait, discounting to the rescue.  With interest rates higher, the future value of many long term obligations, especially at the state and local level suddenly shifts downwards.  The funds that did the least to immunize themselves to interest rate shifts are saved by the power of compound interest as pension obligations magically shrink.

In the end, we – that is the developed countries that depend upon the modern financial system for our wealth – are all poorer by a third or more.  And the US eventually votes one party or the other into a majority position and we try one of their solutions for a time.

But that drop in wealth is only recovered over a generation.

What is the definition of RISK?

July 8, 2013

The word risk is a common English word with a definition that has been well established for hundreds of years.  There is no need for risk managers to redefine the word to mean something else.  In fact, redefining a word so that its meaning would incorporate the exact opposite of the common definition is a precess that George Orwell called DOUBLETHINK.

Imagine what you would think if you hired someone to paint your house and when they showed up they told you that in their minds the word “paint” meant repaving your driveway in addition to applying a colored covering to your house?  Sounds crazy doesn’t it.  But there are many, many risk managers who will heatedly argue about this point.  For example, see The ISO 31000 group discussion here.

The Definition of risk

noun

a situation involving exposure to danger:flouting the law was too much of a risk all outdoor activities carry an element of risk

[in singular] the possibility that something unpleasant or unwelcome will happen:reduce the risk of heart disease [as modifier]:a high consumption of caffeine was suggested as a risk factor for loss of bone mass

[usually in singular with adjective] a person or thing regarded as likely to turn out well or badly, as specified, in a particular context or respect:Western banks regarded Romania as a good risk

[with adjective] a person or thing regarded as a threat or likely source of danger:she’s a security risk gloss paint can burn strongly and pose a fire risk

(usually risks) a possibility of harm or damage against which something is insured.

the possibility of financial loss: [as modifier]:project finance is essentially an exercise in risk management

verb

[with object]

expose (someone or something valued) to danger, harm, or loss:he risked his life to save his dog

act or fail to act in such a way as to bring about the possibility of (an unpleasant or unwelcome event):unless you’re dealing with pure alcohol you’re risking contamination from benzene

incur the chance of unfortunate consequences by engaging in (an action):he was far too intelligent to risk attempting to deceive her

Phrases

at risk

exposed to harm or danger:23 million people in Africa are at risk from starvation

at one’s (own) risk

used to indicate that if harm befalls a person or their possessions through their actions, it is their own responsibility:they undertook the adventure at their own risk

at the risk of doing something

although there is the possibility of something unpleasant resulting:at the risk of boring people to tears, I repeat the most important rule in painting

at risk to oneself (or something)

with the possibility of endangering oneself or something:he visited prisons at considerable risk to his health

risk one’s neck

put one’s life in danger.

run the risk (or run risks)

expose oneself to the possibility of something unpleasant occurring:she preferred not to run the risk of encountering his sister

Origin:

mid 17th century: from French risque (noun), risquer (verb), from Italian risco ‘danger’ and rischiare ‘run into danger’

from Oxford dictionary of American English

Redefining the word risk to include its opposite (i.e. gain) is a perfect example of what Orwell called DOUBLETHINK.

DOUBLETHINK:  The power of holding two contradictory beliefs in one’s mind simultaneously, and accepting both of them… To tell deliberate lies while genuinely believing in them, to forget any fact that has become inconvenient, and then, when it becomes necessary again, to draw it back from oblivion for just as long as it is needed, to deny the existence of objective reality and all the while to take account of the reality which one denies – all this is indispensably necessary. Even in using the word doublethink it is necessary to exercise doublethink. For by using the word one admits that one is tampering with reality; by a fresh act of doublethink one erases this knowledge; and so on indefinitely, with the lie always one leap ahead of the truth.  From 1984 George Orwell (1949)

The Five F’s of Risk

May 30, 2013

Most people have heard of the human reflex when threatened:

Fight or Flee

But in fact, studies show that the most common reaction is:

Freeze

There are two additional reflexive reactions after an adverse event that have a big impact in Risk Management:

Forgive and Forget

“War does not determine who is right – only who is left.” — George Bernard Shaw

Risk Managers can start at the end of that list.

Forgetting can be part of an unhealthy process of putting the past behind us without dealing with or learning from it.  One important task for the risk manager is to make sure that the organization forms appropriate memories of adverse events.

Organizations can be too forgiving or too punitive.  Being too forgiving sends the wrong message.   It gives the message that there are no consequences.  Being too punitive puts a scare on folks so that they will fear to take any risk.  It is best if management can have some ideas of possible responses to problems before they happen.  That way, they can communicate their intentions, so that employees are aware of the types of things that do have serious consequences and the sorts that will be quickly forgiven.

One of the main benefits of organized risk management is that it has the potential to reduce the degree to which people will freeze in the face of a crisis.  The freeze reflex is the brain waiting for the memory to find a pattern that can be applied to the current situation.  If the problem is truly a Black Swan or Unknown Unknown, then there is no pattern in memory.  One objective of risk management it to create a bank of such patterns so that when the BS/UU happens, the brain finds something and does not go into an infinite loop, commonly known as freezing in place.

Risk Management is also supposed to be able to inform the Fight or Flee choice.  Risk management for trading desks was invented for exactly that purpose.  The people who were the best traders have a very high tendency towards fighting.  In their world, the heroes are the people who never flee in the face of adverse market trends.  They always know when they are right and the market is temporarily wrong and hold their ground until the market gets it head on straight.  Risk managers are supposed to be able to step in and ring the bell that says that it is time to take your losses and FLEE the position, before it loses $6 Billion or then entire firm as it has several places.

So there it is.  The Five F’s of Risk.

Why some think that there is No Need for Storm Shelters

May 22, 2013

The BBC featured a story about the dearth of storm shelters in the area hit last week by tornadoes.

Why so few storm shelters in Tornado Alley hotspot?

The story goes on to discuss the fact that Americans, especially in red states like Oklahoma, strongly prefer keeping the government out of the business of providing things like storm shelters, allowing that to be an individual option.  Then reports that few individuals opt to spend their money on shelters.

The answer might well be in the numbers…

Below, from the National Oceanic and Atmospheric Administration (NOAA) is a list of the 25 deadliest tornadoes in US history:

1. Tri-State (MO, IL, IN) – March 18, 1925 – 695 deaths
2. Natchez, MS – May 6, 1840 – 317 deaths
3. St. Louis, MO – May 27, 1896 – 255 deaths
4. Tupelo, MS – April 5, 1936 – 216 deaths
5. Gainesville, GA – April 6, 1936 – 203 deaths
6. Woodward, OK – April 9, 1947 – 181 deaths
7. Joplin, MO – May 22, 2011 – 158 deaths
8. Amite, LA, Purvis, MS – April 24, 1908 – 143 deaths
9. New Richmond, WI – June 12, 1899 – 117 deaths
10. Flint, MI – June 8, 1953 – 116 deaths
11. Waco, TX – May 11, 1953 – 114 deaths
12. Goliad, TX – May 18, 1902 – 114 deaths
13. Omaha, NE – March 23, 1913 – 103 deaths
14. Mattoon, IL – May 26, 1917 – 101 deaths
15. Shinnston, WV – June 23, 1944 – 100 deaths
16. Marshfield, MO – April 18, 1880 – 99 deaths
17. Gainesville, GA – June 1, 1903 – 98 deaths
18. Poplar Bluff, MO – May 9, 1927 – 98 deaths
19. Snyder, OK – May 10, 1905 – 97 deaths
20. Comanche, IA & Albany, IL – June 3, 1860 – 92 deaths
21. Natchez, MS – April 24, 1908 – 91 deaths
22. Worcester, MA – June 9, 1953 – 90 deaths
23. Starkville, MS to Waco, AL -April 20, 1920 – 88 deaths
24. Lorain & Sandusky, OH – June 28, 1924 – 85 deaths
25. Udall, KS – May 25, 1955 – 80 deaths

Looks scary and impressively dangerous.  Until you look more carefully at the dates.  Most of those events are OLD.  In fact, if you look at this as a histogram, you see something interesting…

Deadly Tornadoes

You see from this chart, why there are few storm shelters.  Between the 1890’s and 1950’s, there were at least two very deadly tornadoes per decade.  Enough to keep people scared.  But before the last week, there had not been a decade in over 50 years with any major events.  50  years is a long time to go between times when someone somewhere in the US needed a storm shelter to protect them from a very deadly storm.

This is not to say that there have not been storms in the past 50 years.  The chart below from the Washington Post, shows the losses from tornadoes for that same 50 year period and the numbers are not small.

It is RISKVIEWS’ guess that in the face of smaller, less deadly but destructive storms, people are much more likely to attribute their own outcome to some innate talent that they have and the losers do not have.  Sort of like the folks who have had one or several good experiences at the slot machines who believe that they have a talent for gambling.

Another reason is that almost 45% of storm fatalities are folks who live in trailers.  They often will not even have an option to build their own storm shelter.  There it is probably something that could be addressed by regulations regarding zoning of trailer parks.

Proper risk management can only be done in advance.  The risk management second guessing that is done after the fact helps to create a tremendous drag on society.  We are forced into spending money to prevent recurrence of the last disaster, regardless of whether that expenditure makes any sense at all on the basis of frequency and severity of the potential adverse events or not.

We cannot see the future as clearly as we can see the past.  We can only prepare for some of the possible futures. 

The BBC article stands on the side of that discussion that looks back after the fact and finds fault with whoever did not properly see the future exactly as clearly as they are now able to see the past.

A simple recent example of this is the coverage of the Boston Marathon bombers.  Much has been made of the fact that there were warnings about one or more members of the family before the event.  But no one has chosen to mention how many others who did not commit bombings were there similar or even much more dire warnings about.  It seems quite likely, that the warnings about these people were dots in a stream of hundreds of thousands of similar warnings.

Future Uncertainty

April 16, 2013

Often called emerging risks. Going back to Knight’s definitions of Risk and Uncertainty, there is very little risk contained in these potential situations.  Emerging risks are often pure uncertainty.  Humans are good at finding patterns.  Emerging risks are breaks in patterns.

What to Do about Emerging Risks…

Emerging risks are defined by AM Best as “new or evolving risks that are difficult to manage because their identification, likelihood of occurrence, potential impacts, timing of occurrence or impact, or correlation with other risks, are highly uncertain.” An example from the past is asbestos; other current examples could be problems deriving from nanotechnology, genetically modified food, climate change, etc. Lloyd’s, a major sufferer from the former emerging risk of asbestos, takes emerging risks very seriously. They think of emerging risks as “an issue that is perceived to be potentially significant but which may not be fully understood or allowed for in insurance terms and conditions, pricing, reserving or capital setting”.

What do the rating agencies expect?

AM Best says that insurers need “sound risk management practices relative to its risk profile and considering the risks inherent in the liabilities it writes, the assets it acquires and the market(s) in which it operates, and takes into consideration new and emerging risks.” In 2013, Best has added a question asking insurers to identify emerging risks to the ERM section of the SRQ. Emerging Risks Management has been one of the five major pillars of the Standard & Poor’s Insurance ERM ratings criteria since 2006.

How do you identify emerging risks?

A recent report from the World Economic Forum, The Global Risks 2012 report is based on a survey of 469 experts from industry, government, academia and civil society that examines 50 global risks. Those experts identified 8 of those 50 risks as having the most significance over the next 10 years:

  •   Chronic fiscal imbalances
  •   Cyber attacks
  •   Extreme volatility in energy and agriculture prices
  •   Food shortage crises
  •   Major systemic financial failure
  •   Rising greenhouse gas emissions
  •   Severe income disparity
  •   Water supply crises

This survey method for identifying or prioritizing risks is called the Delphi method and can be used by any insurer. Another popular method is called environmental scanning which includes simply reading and paying attention for unusual information about situations that could evolve into future major risks.

What can go wrong?

Many companies do not have any process to consider emerging risks.  At those firms, managers usually dismiss many possible emerging risks as impossible.  It may be the company culture to scoff at the sci fi thinking of the emerging risks process.  The process Taleb describes of finding ex post explanation for emerging Black Swan risks is often the undoing of careful plans to manage emerging risk.  In addition, lack of imagination causes some managers to conclude that the past worst case is the outer limit for future losses.

What can you do about emerging risks?

The objectives for emerging risks management are just the same as for other more well-known risks: to reduce the frequency and severity of future losses. The uncertain nature of emerging risks makes that much more difficult to do cost effectively. Insurers can use scenario testing to examine potential impact of emerging risks and to see what actions taken in advance of their emergence might lessen exposures to losses. This scenario testing can also help to identify what actions might lessen the impact of an unexpected loss event that comes from a very rapidly emerging risk. Finally, insurers seek to identify and track leading indicators of impending new risk emergence.

Reinsurance is one of the most effective ways to protect against emerging risks, second only to careful drafting of insurance contract terms and conditions

Many of the largest insurers and reinsurers have developed very robust practices to identify and to prepare for emerging risks.  Other companies can learn from the insurers who practice emerging risk management and adapt the same processes to their emerging risks.

Normal risk control processes focus on everyday risk management, including the management of identifiable risks and/or risks where uncertainty and unpredictability are mitigated by historical data that allow insurers to estimate loss distribution with reasonable confidence. Emerging risk management processes take over for risks that do not currently exist but that might emerge at some point due to changes in the environment. Emerging risks may appear abruptly or slowly and gradually, are difficult to identify, and may for some time represent an ill formed idea more than factual circumstances. They often result from changes in the political, legal, market, or physical environment, but the link between cause and effect is fully known in advance. An example from the past is asbestos; other examples could be problems deriving from nanotechnology, genetically modified food, climate change, etc. 
For these risks, normal risk identification and monitoring will not work because the likelihood is usually completely unknown. Nevertheless, past experience shows that when they materialize, they have a significant impact on the insurers and therefore cannot be excluded from a solid risk management 
program. So insurers have implemented unique specific strategies and approaches to cope with them properly.

Identifying emerging risks

Emerging risks have not yet materialized or are not yet clearly defined and can appear abruptly or very slowly. Therefore, having some sort of early warning system in place, methodically identified either through internal or external sources, is very important. To minimize the uncertainty surrounding these risks, insurers will consistently gather all existing relevant information to amass preliminary evidence of emerging risks, which would allow the insurer to reduce or limit growth of exposure as the evidence becomes more and more certain.  However, Insurers practicing this discipline will need to be aware of the cost of false alarms.

Assessing their significance

Assess the relevance (i.e. potential losses) of the emerging risks linked to a company’s commitment— which classes of business and existing policies would be affected by the materialization of the risk—and continue with the assessment of the potential financial impact, taking into account potential correlation with other risks already present in the firm. For an insurer, the degree of concentration and correlation of the risks that they have taken on from their customers are two important parameters to be considered; the risk in question could be subject to very low frequency/high intensity manifestations, but if exposure to that particular risk is limited, then the impact on the company may not be as important. On the other hand, unexpected risk correlations should not be underestimated; small individual exposures can coalesce into an extreme risk if underlying risks are highly interdependent. When developing extreme scenarios, some degree of imagination to think of unthinkable interdependencies could be beneficial.

A further practice of insurers is to sometimes work backwards from concentrations to risks. Insurers might envision risks that could apply to their concentrations and then track for signs of risk emergence in those areas. Some insurers set risk limits for insurance concentrations that are very similar to investment portfolio credit limits, with maximum concentrations in specific industries in geographic or political regions. In addition, just as investment limits might restrict an insurer’s debt or equity position as a percentage of a company’s total outstanding securities, some insurers limit the percentage of coverage they might offer in any of the sectors described above.

Define appropriate responses

Responses to emerging risks might be part of the normal risk control process, i.e., risk mitigation or transfer, either through reinsurance (or retrocession) in case of insurance risks, through the financial markets for financial risks, or through general limit reduction or hedging. When these options are not available or the insurer decides not to use them, it must be prepared to shoulder significant losses, which can strain a company’s liquidity.  Planning access to liquidity is a basic part of emerging risk management.  Asset-selling priorities, credit facilities with banks, and notes programs are possible ways of managing a liquidity crisis.

Apart from liquidity crisis management, other issues exist for which a contingency plan should be identified in advance. The company should be able to quickly estimate and identify total losses and the payments due. It should also have a clear plan for settling the claims in due time so as to avoid reputation issues. Availability of reinsurance is also an important consideration: if a reinsurer were exposed to the same risks, it would be a sound practice for the primary insurer to evaluate the risk that the reinsurer might delay payments.

Advance Warning Process

For the risks that have identified as most significant and where the insurer has developed coherent contingency plans, the next step is to create and install an advanced warning process.  To do that, the insurer identifies key risk indicators that provide an indication of increasing likelihood of a particular emerging risk.

Learn

Finally, sound practices for managing emerging risks include establishing procedures for learning from past events. The company will identify problems that appeared during the last extreme event and identify improvements to be added to the risk controls.  In addition, expect to get better at each step of the emerging risk process with time and experience.

But emerging risk management costs money.  And the costs that are most difficult to defend are the emerging risks that never emerge.  A good emerging risk process will have many more misses than hits.  Real emerged risks are rare.  A company that is really taking emerging risks seriously will be taking actions on occasion that cost money to perform and possibly include a reduction in the risks accepted and the attendant profits.  Management needs to have a tolerance for these costs.  But not too much tolerance.

 

This is one of the seven ERM Principles for Insurers

Getting Paid for Risk Taking

April 15, 2013

Consideration for accepting a risk needs to be at a level that will sustain the business and produce a return that is satisfactory to investors.

Investors usually want additional return for extra risk.  This is one of the most misunderstood ideas in investing.

“In an efficient market, investors realize above-average returns only by taking above-average risks.  Risky stocks have high returns, on average, and safe stocks do not.”

Baker, M. Bradley, B. Wurgler, J.  Benchmarks as Limits to Arbitrage: Understanding the Low-Volatility Anomaly

But their study found that stocks in the top quintile of trailing volatility had real return of -90% vs. a real return of 1000% for the stocks in the bottom quintile.

But the thinking is wrong.  Excess risk does not produce excess return.  The cause and effect are wrong in the conventional wisdom.  The original statement of this principle may have been

“in all undertakings in which there are risks of great losses, there must also be hopes of great gains.”
Alfred Marshall 1890 Principles of Economics

Marshal has it right.  There are only “hopes” of great gains.  These is no invisible hand that forces higher risks to return higher gains.  Some of the higher risk investment choices are simply bad choices.

Insurers opportunity to make “great gains” out of “risks of great losses” is when they are determining what consideration, or price, that they will require to accept a risk.  Most insurers operate in competitive markets that are not completely efficient.  Individual insurers do not usually set the price in the market, but there is a range of prices at which insurance is purchased in any time period.  Certainly the process that an insurer uses to determine the price that makes a risk acceptable to accept is a primary determinant in the profits of the insurer.  If that price contains a sufficient load for the extreme risks that might threaten the existence of the insurer, then over time, the insurer has the ability to hold and maintain sufficient resources to survive some large loss situations.

One common goal conflict that leads to problems with pricing is the conflict between sales and profits.  In insurance as in many businesses, it is quite easy to increase sales by lowering prices.  In most businesses, it is very difficult to keep up that strategy for very long as the realization of lower profits or losses from inadequate prices is quickly realized.  In insurance, the the premiums are paid in advance, sometimes many years in advance of when the insurer must provide the promised insurance benefits.  If provisioning is tilted towards the point of view that supports the consideration, the pricing deficiencies will not be apparent for years.  So insurance is particularly susceptible to the tension between volume of business and margins for risk and profits,
and since sales is a more fundamental need than profits, the margins often suffer.
As just mentioned, insurers simply do not know for certain what the actual cost of providing an insurance benefit will be.  Not with the degree of certainty that businesses in other sectors can know their cost of goods sold.  The appropriateness of pricing will often be validated in the market.  Follow-the-leader pricing can lead a herd of insurers over the cliff.  The whole sector can get pricing wrong for a time.  Until, sometimes years later, the benefits are collected and their true cost is know.

“A decade of short sighted price slashing led to industry losses of nearly $3 billion last year.”  Wall Street Journal June 24, 2002

Pricing can also go wrong on an individual case level.  The “Winners Curse”  sends business to the insurer who most underimagines riskiness of a particular risk.

There are two steps to reflecting risk in pricing.  The first step is to capture the expected loss properly.  Most of the discussion above relates to this step and the major part of pricing risk comes from the possibility of missing that step as has already been discussed.  But the second step is to appropriately reflect all aspects of the risk that the actual losses will be different from expected.  There are many ways that such deviations can manifest.

The following is a partial listing of the risks that might be examined:

• Type A Risk—Short-Term Volatility of cash flows in 1 year

• Type B Risk—Short -Term Tail Risk of cash flows in 1 year
• Type C Risk—Uncertainty Risk (also known as parameter risk)
• Type D Risk—Inexperience Risk relative to full multiple market cycles
• Type E Risk—Correlation to a top 10
• Type F Risk—Market value volatility in 1 year
• Type G Risk—Execution Risk regarding difficulty of controlling operational
losses
• Type H Risk—Long-Term Volatility of cash flows over 5 or more years
• Type J Risk—Long-Term Tail Risk of cash flows over 5 years or more
• Type K Risk—Pricing Risk (cycle risk)
• Type L Risk—Market Liquidity Risk
• Type M Risk—Instability Risk regarding the degree that the risk parameters are
stable

See “Risk and Light” or “The Law of Risk and Light

There are also many different ways that risk loads are specifically applied to insurance pricing.  Three examples are:

  • Capital Allocation – Capital is allocated to a product (based upon the provisioning) and the pricing then needs to reflect the cost of holding the capital.  The cost of holding capital may be calculated as the difference between the risk free rate (after tax) and the hurdle rate for the insurer.  Some firms alternately use the difference between the investment return on the assets backing surplus (after tax) and the hurdle rate.  This process assures that the pricing will support achieving the hurdle rate on the capital that the insurer needs to hold for the risks of the business.  It does not reflect any margin for the volatility in earnings that the risks assumed might create, nor does it necessarily include any recognition of parameter risk or general uncertainty.
  • Provision for Adverse Deviation – Each assumption is adjusted to provide for worse experience than the mean or median loss.  The amount of stress may be at a predetermined confidence interval (Such as 65%, 80% or 90%).  Higher confidence intervals would be used for assumptions with higher degree of parameter risk.  Similarly, some companies use a multiple (or fraction) of the standard deviation of the loss distribution as the provision.  More commonly, the degree of adversity is set based upon historical provisions or upon judgement of the person setting the price.  Provision for Adverse Deviation usually does not reflect anything specific for extra risk of insolvency.
  • Risk Adjusted Profit Target – Using either or both of the above techniques, a profit target is determined and then that target is translated into a percentage of premium of assets to make for a simple risk charge when constructing a price indication.

The consequences of failing to recognize as aspect of risk in pricing will likely be that the firm will accumulate larger than expected concentrations of business with higher amounts of that risk aspect.  See “Risk and Light” or “The Law of Risk and Light“.

To get Consideration right you need to (1)regularly get a second opinion on price adequacy either from the market or from a reliable experienced person; (2) constantly update your view of your risks in the light of emerging experience and market feedback; and (3) recognize that high sales is a possible market signal of underpricing.

This is one of the seven ERM Principles for Insurers

During a Crisis – A Lesson from Fire Fighters

December 10, 2012

800px-FIRE_01

The fire cycle: “The action-cycle of a fire from birth to death follows a certain pattern.  The fire itself may vary in proportion from insignificance to conflagration, but regardless of its proportions, origin, propagation or rate of progression, the cycle or pattern of controlling it includes these phases:

1. the period between discovery and the transmittal of the alarm or alerting of the fire forces;

2. the period between receipt of alarm by the fire service and arrival of firemen at the scene of the fire; and, finally,

3. the period between arrival on the fire ground and final extinguishment of the fire itself.

It is important to fire fighting to make sure that the right things happen during each phase and that each step takes as little time as possible.  For the first phase, that means having fire detection equipment in place and working properly that produces a signal that will be noticed and conveyed to the fire forces.  In the second phase, the fire fighters need to be organized to respond appropriately to the alarm.  And the third phase includes the process of diagnosing the situation and taking the necessary steps to put out the fire.

That is a good process model for risk managers to contemplate.  Ask yourself and your staff:

  1. This is about the attitude and preparedness of company staff to accept that there may be a problem.  How long will it be before we know when an actual crisis hits the company?  How do our alarms work?  Are they all in functioning order?  Or will those closest to the problems delay notifying you of a potential problem?  Sometimes with fires and company crises, an alarm sounds and it is immediately turned off.  The presumption is that everything is normal and the alarm must be malfunctioning.  Or perhaps that the alarm is correct, but that it it calibrated to be too sensitive and there is not a significant problem.  As risk manager, you should urge everyone to err on the side of reporting every possible situation.  Better to have some extra responses than to have events, like fires, rage completely out of control before calling for help.
  2.  This is about the preparedness of risk management staff to begin to respond to a crisis.  One problem that many risk management programs face is that their main task seems to be measuring and reporting risk positions.  If that is what people believe is their primary function, then the risk management function will not attract any action oriented people.  If that is the case in your firm, then you as risk manager need to determine who are the best people to recruit as responders and build a rapport with them in advance of the next crisis so that when it happens, you can mobilize their help.  If the risk staff is all people who excel at measuring, then you also need to define their roles in an emergency – and have them practice those roles.   No matter what, you do not want to find out who will freeze in a crisis during the first major crisis of your tenure.  And freezing (rather than panic) is by far the most common reaction.  You need to find those few people whose reaction to a crisis is to go into a totally focuses active survival mode.
  3. This is about being able to properly diagnose a crisis and to execute the needed actions.  Fire Fighters need to determine the source of the blaze, wind conditions, evacuation status and many other things to make their plan for fighting the fire.  They usually need to form that plan quickly, mobilize and execute the plan effectively, making both the planned actions and the unplanned modifications happen as well as can be done.  Risk managers need to perform similar steps.  They need to understand the source of the problem, the conditions around the problem that are outside of the firm and the continuing involvement of company employees, customers and others.  While risk managers usually do not have to form their plan in minutes as fire fighters must, they do have to do so quickly.  Especially when there are reputational issues involved, swift and sure initial actions can make the world of difference.  And execution is key.  Getting this right means that the risk manager needs to know in advance of a crisis, what sorts of actions can be taken in a crisis and that the company staff has the ability to execute.  There is no sense planning to take actions that require the physical prowess  of Navy Seals if your staff are a bunch of ordinary office workers.  And recognizing the limitations of the rest of the world is important also.  If your crisis effects many others, they may not be able to provide the help from outside that you may have planned on.  If the crisis is unique to you, you need to recognize that some will question getting involved in something that they do not understand but that may create large risks for their organizations.

 

Watch Your Back! The Machines are Coming!!!

November 26, 2012

Did you see the 2004 movie I Robot?  Do you remember the scene where the hoards of silver robots came down the streets and started to take over?

Where is Robot Take Over on your risk list?

In Artificial intelligence – can we keep it in the box? two writers from Cambridge argue that the threat from AI is not an “if?” question, but a “when?” question.

The authors are part of a group at Cambridge (actually, there are three members of the group) who are interested in studying threats from technology.  “Many scientists are concerned that developments in human technology may soon pose new, extinction-level risks to our species as a whole.” says their website, The Cambridge Project for Existential Risk.

Go back and watch I Robot again.  The only reason that the robot rebellion was foiled was because there was one robot who was designed to be independent enough to disagree.

If the “group” from Cambridge is correct, we need to get working on designing that robot that will save the day.

But first, we should ask them what they mean by “many scientists”?

How Much Resilience Do We Need?

November 13, 2012

Much too much of what we do relies upon the simplest idea of linear extrapolation.  It must be hard wired into human brains to always think first of that process.  Because we frequently seem to miss when extrapolation does not work.

Risk managers desperately need to understand the idea of system capacity.  The capacity of a system is a point beyond which the system will fail or will start to work completely differently.

The obvious simple example is a cup with a small hole in the bottom.  If you pour water into that cup at a rate that is exactly equal to the rate of the leak from the hole at the bottom, then the water level of the cup will be in equilibrium.  A little slower and the cup will empty.  A little faster and it will fill.  Too long in the fill mode and it will spill.  The capacity will be exceeded.

The highly popular single serving coffee machines are built with a fixed approach to cup capacity.  The more sophisticated will allow for two different capacities, but usually leave it to the human operator to determine which limit to apply.

For the past several years, there have been a number of events, the latest a hurricane that damaged an area the size of Western Europe, that have far exceeded the resilience capacity of our systems.  The resilience capacity is the amount of damage that we can sustain without any significant disruption.  If we exceed our resilience capacity by a small amount, then we end up with a small amount of disruption.  But the amount of disruption seems to grow exponentially as the exceedance of resilience capacity increases.

The disruption to the New York area from Hurricane Sandy far exceeded the resilience capacity.  For one example, the power outages still continue two weeks after the storm.  The repairs that have been done to date have reflected herioc round the clock efforts by both local and regional repair crews.  The size of the problem was so immense that even with the significant outside help, the situation is still out of control for some homes and businesses.

We need to ask ourselves whether we need to increase the resilience capacity of our modern societies?

Have we developed our sense of what is needed during a brief interlude of benign experiences?  In the financial markets, the term “Great Moderation” has been used to describe the 20 year period leading up to the bursting of the dot com bubble.  During that period, lots of financial economics was developed.  The jury is still out about whether those insights have any value if the world is actually much more volatile and unpredictable than that period of time.

Some weather experts have pointed out that hurricanes go in cycles, with high and low periods of activities.  Perhaps we have been moving into a high period.

It is also possible that some of the success that mankind has experienced in the past 50 years might be in part due to a tempory lull in many damaging natural phenomina.  The cost of just keeping even was lower than over the rest of mankind’s history.

What if the current string of catastrophes is just a regression to the mean and we can expect that the future will be significantly more adverse than the mild past that we fondly remember?

We need to come to a conclusion on those questions to determine How Much Resilience Do We Need?

The Risk of Paying too much Attention to your Experience

July 30, 2012

The Drift into Failure idea from the Safety Engineers is quite valuable.

One way that DIF occurs is when an organization listens too well to the feedback that they get from their safety system.

That is right, too much attention.  In the case of a remote risk, the feedback that you will get most days, most weeks, most months is NOTHING HAPPENS.

That is the feedback you are likely to get if you have a good loss prevention system or if you have none.

This ties to the DIF idea because organizations are always under pressure to do more with less.  To streamline and reduce costs.

So what happens?  In Safety and Risk Management, someone studies the risks of a situations and designs a risk mitigation system that reduces the frequency or severity of problem situations to an acceptable level.

Then, at some future time, the company management looks to reduce costs and/or staff.  This particular risk mitigation system looks like a prime candidate.  The company is spending time and money and there has never been a problem.  Doubtless, the same “nothing” could be achieved with less.  So the budget is cut, a position is elimated and they get by with less mitigation.

Then time pass and they collect the feedback, the experience with the reduced risk mitigation process.  And the experience tells them that they still have no problems.  The budget cutters are vindicated.  Things seem to be just fine with a less costly program.

If the risk here is highly remote, then this process might happen several times.

Which may eventually result in a very bad situation if the remote adverse event finally happens.  The company will be inadequately unprepared.  And no one made a clear decision to dilute the defense to an ineffective level.  They just kept making small decisions and eventually they drifted into failure.

And each step was validated by their experience.

A Learning Break

July 16, 2012

Riskviews has been taking a learning break.

Some times we are refreshed and invigorated by getting away from anything relating to their primary occupation.

But other times the most refreshing thing that you can do is to learn about how people faced with seemingly different, but fundamentally similar problems approach their work.

Riskviews has been learning small bits about Resilience.  That topic is usually associated with physical systems failures.  We are fooled into thinking that physical systems failures are all about engineering questions about the failures of metals or breakdown of lubricants.

But just as most failures in financial firms are directly related to human systems issues, so are most physical systems failures.  Studies about resilience are mostly studies of the human systems that are tightly linked to the physical systems that fail.

Here is a definition of resilience:

Resilience is the intrinsic ability of a system
to adjust its functioning prior to, during, or
following changes and disturbances, so that
it can sustain required operations under both
expected and unexpected conditions.

Already, Riskviews is learning something.  In much risk management literature, it is assumed that the system is determined via rules and that there is not necessarily ANY adjusting happening.  But from experience, we know that in almost all cases, systems will adjust to most significant changes and certainly will adjust to “disturbances”.

At the highest level, banks found out that a capital regime under which they held capital for a 1 in x event worked for absorbing the large loss, but it did not work for providing needed capital after the large loss.  They had a plan that worked up until the day after the event.

What both banks and insurers also found in the crisis was that their systems did adjust as things got insanely adverse.  But what they found was that in some cases, their systems adjusted so that they reduced the impact of the crisis and in other cases, made things worse.

One of the concepts that Resilience Engineers have developed is what they call “Drift into Failure.”  What they mean by that is that in many cases, complex systems fail, not because of some single part of person’s failure, but because of a series of small problems that in the end cause an avalanche type failure.

Here are four ideas that were discussed at a Resilience Engineering conference in 2004 from the notes of C Nemeth:

. Get smarter at reporting the next [adverse] event, helping
organizations to better manage the processes by which they decide
to control risk
. Detect drift into failure before breakdown occurs. Large system
accidents have revealed that what is considered to be normal is
highly negotiable. There is no operational model of drift.
. Chart the momentary distance between operations as they are,
versus as they are imagined, to lessen the gap between operations
and management that leads to brittleness.
. Constantly test whether ideas about risk still match reality. Keeping
discussions of risk alive even when everything looks safe can serve
as a broader indicator of resilience than tracking the number of
accidents that have occurred.

Resilience is a big topic and Riskviews will continue to share further learnings.

Why isn’t Strategic Risk included in ERM?

June 22, 2012

Many ERM systems exclude Strategic Risk.   The ERM systems usually include Market, Credit, Insurance and Operational Risk.  But not Strategic Risk.

Perhaps the assumption is that the ERM systems are about managing capital for the fluctuations and extreme losses of the business.

More likely, strategic risk is left out for two reasons.  First of all, the CEO and senior officers probably do not want to delegate this work.  Concerns about strategic risk are quite high in the priorities of a senior management team.  It is also a major concern of boards.

The second reason is that ERM has been highly focused on “measurable” risks and few feel that they can measure things like reputation risk and strategic risk.  So it may well be that risk managers are not asking to be given responsibility for helping with strategic risk.

But CROs need to remember that strategic risk is real, is very large and is not on their list of risks.  Because when they go to the board and top management with their “holistic” risk presentations, they will have a difficult time if the fail to ever even mention strategic risks.

In a the average company, their risk of failure averages between 2% for the largest and most secure firms and 5% for all other firms.  (Based upon studies of corporate longevity.  Fortune 500 firms have an average lifespan of about 40 years and an average firm only14.5 years.)

When other studies look at cause of major problems for firms, strategic risk make up about 70% of the events that result in a stock drop of 20% or more and operational risks, 20% and financial risks only 10%.

While those statistics are not widely known, it seems likely that a risk presentation that totally ignores strategic risk will strike board members who are generally aware of what causes problems for firms to wrinkle their brows with disbelief.

Now insurers, for example, have a different risk profile.  Their Financial and insurance risks are thought to be about 4 times as large as their operational risk.  Making a rough just ice adjustment to the figures above, one migh estimate that Insurance and Financial Risks are perhaps 55% of the total risk profile, Operational risk about 12% and Strategic risk about 33%.

So there is a range for thinking about strategic risk for insurers – between 33% and 70% of total risk.

Think about that before the next time you talk to your board about the firm’s risk profile.

What’s Your Risk Attitude?

June 11, 2012

The HBR Blog has picked up a piece by Ingram and Thompson on the dynamics of Risk Attitudes and Risk Environment.

Check it out HERE.

 RISKVIEWS has featured these ideas many times. 

See https://riskviews.wordpress.com/plural-rationalities/

What do risk officers worry about?

May 19, 2012

Read Max Rudolph’s comments on the Reuters Blog.

“Truth be told, risk management is an ever-evolving discipline. The Great Recession pointed out both the shortcomings of implementation at many companies, as well as the potential for a strong risk culture driving the risk management process. As time passes from this crisis to the next (as there is always another one around the bend), recurring trends are becoming apparent and companies across the world are getting smarter about the essential need to move risk management from the back room to a position influencing strategic decisions.”

Very High cost for Asset Allocation Advice

May 10, 2012

Most investors in hedge funds must be looking at them totally marginally.  Certainly that is the way that hedge fund managers would suggest.

What that means is the ther investor should not look at the details of what the hedge fund is doing, it should only look at the returns.  Those returns should be looked upon as a unit.

Certainly that is the only way to think of it that matches up with the compensation for hedge fund managers.  They get paid their 2 and 20 based solely upon their performance.

But think for a moment about how an investor probably looks at the rest of their portfolio.  They look at the portfolio as a whole, across all asset classes.  The investor will often make their first investment decision regarding their asset allocation.

While hedge fund managers have argued for treating their funds as one or even several asset classes, they are almost always made up of investments, long and short, in other asset classes.  So if you are an investor who already has positions in many asset classes, the hedge fund is merely a series of moves to modify the investors asset mix.

So for example, if the hedge fund is a simple leveraged stock fund, the hedge fund manager is lowering the investor’s bond holdings and increasing the stock holdings.

So if an investor with a 70% 30% Stock bond mix changes their portfolio to 65%, 25%, 10% giving 10% to a hedge fund manager who varies runs a leveraged stock fund that varies from all cash to 4/3 leveraged position in stocks, then they have totally turned their asset mix over to the hedge fund manager.

When the hedge fund is fully levered in stocks then their portfolio is 65% long Stocks, 25% long bonds, plus 40% long stocks and 30% short bonds.  Their net position is 105% stocks with  5% short bonds.  But that is not quite right.  If you only get 80% of your performance, your position is 97% stocks and 1% bonds.  That is right, it is less than 100%.  Only it is really worse than that.  That is the allocation when performance is good.  When the stock market goes really poorly, you get the performance of the 105%/(5%) fund. 

Other funds go long and short large and small stocks.  The same sort of simple arithmetic applies there. 

It is really hard to imagine that anyone who thinks that there is any merit whatsoever to asset allocation would participate in this game.  Because they will no longer have any say in their asset allocation.  What you have done is to switch to being a market timer.  In the levered stock example, you now have a portfolio that is 65% long stocks and 35% market timing.  

So in most cases, what is really happening is that by investing in a hedge fund, the investor is largely abandoning most basic investment principles and shifting a major part of their portfolio asset allocation to a market timer. 

At a very large fee.

Beach Risk

March 19, 2012

The risk that your risk manager will not come back from the beach.

Check back next week to see if Beach Risk has taken over the RISKVIEWS Blog.

The Most Dangerous Idea

February 20, 2012

Enterprise Risk Management is about taking actions to enhance the sustainability of an organization.

No one would think seriously about building their company headquarters on the edge of an active volcano.

But what if one day you are hired to run an organization that is located in the expected path of the volcano lava flow?  To reduce your risk and enhance your organization’s sustainability, you could decide to move.  Sounds fairly sensible doesn’t it?

However, in many cases, the organization that expends its resources to move away from their volcanoes is seen to be LESS valuble than the organization that ignores its volcanoes!

That is the most dangerous idea.

The organization that moved away from their volcano is seen to be making a bet that the volcano will erupt.  And if the volcano does not erupt, they are seen to be losing their bet.  Management is seen to have poor judgment.

Meanwhile, their next door neighbor who did not move away from the volcano is seen to be managed by astute businessmen.  They did not waste the organization’s resources.  They can instead put the money to a share buy back.

Evaluation of organization’s value rarely takes anything into account except upside potential.  There is an implicit assumption that the risk of all firms is similar.  Mostly unfathomable acts of god.  And you can’t blame management for missing those.

But that is mostly a problem with bad framing.  Re-read the short discussion above.  There is a huge framing problem here.  Building on the lip of a volcano is seen to be massively over risky.  No one would do it.  But moving away from a volcano, which involves walking away from a sunk cost, is thought of completely differently.  Almost totally opposite.

That mindset mainfests itself inside an organization as well.  Invariably, anyone who has in the past not done anything about a risk finds that actually treating the risk is too expensive.

There is a conceptual issue about risk here.  Some believe that not recognizing and not managing a risk is the “natural” state of operating and recognizing and managing a risk is unnatural, exceptional behavior.

That is the Most Dangerous Idea.

Price and Value

February 6, 2012

With a house, you always hear that the value is whatever someone is willing to pay for it.  But with a house, that value setting transaction is usually for the whole thing.  Partial shares of houses do not usually trade on the market.  So with a house, there are long periods of time when the actual value of the house is an unknown value.  It is usually reasonable to use a process of comparables to value the house.

Partial shares of companies, on the other hand, are traded on open markets.  That gives us a Price to use to impute a value to the ownership shares that are not traded.  The theory is that the shares are all worth the same amount.

The total reliance of modern finance and accounting on traded Price is credited with major improvements in the way that we understand business activities.

But there are unintended consequences of this shift.  And traded Price has never been a perfect measure.

The major fact that should make users of finance and financial statements pause is that when there is an acquisition of a company, the buyer does not rely upon finance theory about market values to set the final price of the transaction.  They rely upon boots on the ground fundamental analysis of the firm through the process called due diligence.

And at the end of that process, there is almost zero record of any firm selling for anything like the market price that existed before the acquisition process became known.

The buyer of a firm knows more than the market and pays a different price than the market. But if traded Price was really what the proponents of its ubiquitous usage say, then the wisdom of the market crowd should have arrived at the same amount.  But it never does.

You can think of it as the market spinning its own myth of the value of a firm and running around trading small lots of stocks that may not have any real impact on the actual transactions for the control of listed firms.

What does that mean for a risk manager?  It means that reliance on traded price is risky.  Traded price is more like a mock casino night.  Everyone pretends like the traded price is the real value of the firm but everyone knows that at the end of the night it is all just a game.  Why is that risky?  Because, like any game, trading shares can be suddenly discontinuous.

The value of a firm is the amount of profits that it can create in the future.  Don’t let any traded price enthusiast tell you anything different.

Those traded price folks tried to sell the idea that a house was worth whatever someone would pay (with someone else’s money).  But in reality, the house can only be worth an annuity on a fraction of the earnings of the folks who live there.  Traders can temporarily come to a different conclusion.  And they can give each other Nobel Prizes for creating clever math around their mock casino night.

What is Risk?

January 12, 2012

from Max Rudolph

As I deal with a variety of industries, professionals, investors and even risk managers, it has become obvious that the first issue that needs to be addressed from a risk management context is to define the term “risk”. I generally get pushback on this, but what I find is that everyone has a strong definition in their own mind that varies from person to person. How you define risk drives both risk appetite and risk culture. One of the keys in many of the management classes I have attended over the years has been to recognize that others tend to not think like I do. This is important here too. Before reading further, how do you define risk? Let me know if you don’t see your personal high level definition below.

Knightian Risk

Probably the most interesting risk definition I have seen, and the one I had never considered in its extreme, was put forth by Frank Knight in his 1921 book Risk, Uncertainty and Profit. Risk is defined as uncertainty. It is best explained by an example. If you were to launch yourself into space with no protection against the cold and lack of oxygen that defines space, you know you would die. By this definition there is no risk. If there is no uncertainty, in any direction, there is no risk. Sure to fail, no risk. Sure to win, no risk. Most people consider this definition in moderation when managing risk, although most would override it with one of the definitions we will consider next.

Downside Risk

When managing a business or portfolio, many managers consider risk only with respect to something bad that could happen. Outcomes can be defined numerically as more of something is either good or bad, and less of something is the opposite. An additional nuance is needed, and it has been mentioned by others. I like to look at “good” outcomes and “bad” outcomes. To follow an example earlier in this thread, higher sales might initially be called a good outcome, but often it eventually becomes a bad outcome as it outstrips capital availability or flags a pricing issue. Keep in mind that what is important is the overall impact on the entity, so a good overall outcome should be encouraged even if some lines of business would call it a bad outcome for their silo. High mortality is an example of this, with a life insurance line saying it is a bad outcome and a payout annuity considering it a good outcome. This is an example of a natural hedge, provided by two lines with offsetting risks in their portfolio.

Most companies today are looking at risk from a one sided perspective to meet their regulatory compliance needs. Risk management is viewed as a fixed cost under this paradigm. This approach is useful and helps the company avoid bankruptcy. It also provides a base from which you can leverage your ERM efforts.

Volatility Risk

I often think of traders when considering a volatility driven definition of risk. Opportunities abound if prices move, no matter which direction. Those who look at risk from a two sided perspective, and are good at it, can provide an organization with a competitive advantage as enterprise risk management becomes a major part of the strategic planning process. Everything is on the table. This helps an organization grow and prosper, in addition to lowering the probability of ruin. Incorporating risk into decision making provides a competitive advantage in all environments. The downside of this approach is that many who think of volatility as risk also believe that risk can be modeled accurately. They are more prone to model risk.

Not everyone is capable of the two sided risk approach. Risk culture can get in the way, but you also need the right people in place to drive risk management opportunities to senior team members. A risk manager should try to nudge their firm in this direction, but trying to leap there all at once is not likely to work.

Which risk definition is the best one?

It will depend on firm culture and risk appetite to know which definition is most consistent within an entity, and employing people with each definition can help a firm avoid overfocusing on one of the definitions. This will allow the firm to make better decisions. Risk is Opportunity!

©2011 Rudolph Financial Consulting, LLC

Warning: The information provided in this post is the opinion of Max Rudolph and is provided for general information only. It should not be considered investment advice. Information from a variety of sources should be reviewed and considered before decisions are made by the individual investor. My opinions may have already changed, so you don’t want to rely on them. Good luck!

Are you Risk Competent?

November 17, 2011

Find out by taking the Risk Competency Quiz.

Then come back here and let RISKVIEWS know what questions you would put onto a Risk Competency Quiz for people in Banks?  In Insurance Companies?

Is Social Security a Ponzi Scheme?

October 26, 2011

The name calling involved is a distraction from the real problem – the problem of how to keep our entire economic system working with the massive shifting of people into the non-productive retirement ages. Besides the imbalances in pay as you go programs like social security and medicare, there is the problem of who is going to buy the securities that the retirees will need to sell to pay for living expenses? What usually happens when the market knows that someone MUST sell something? What percentage of the stock market’s total holdings MUST be sold over the next 30 years?

Everyone keeps pretending that this is some sort of marginal change situation.  It is definitely not.

What happens if the Boomers sell off causes the market to drop by another 25 – 30%?

Sounds crazy?  But the charts below from the San Fran FRB tells a story…

The solid line represents the ratio of middle aged people (40 – 49) to Old Agers (60 – 69).

This picture shows a 30% drop in PE.  If earnings are also challenged by the low or negative population growth during the same time period, the massive drop is stock prices is quite possible.

So even the people who did save for retirement may be woefully surprised that their money does not save them.

The stock market is but a large and often somewhated distorted mirror of the economy.  If the stock market is challenged by the low growth of the population and the shift from production to consumption of the large retiree population, then that is a reflection that the economy could be challenged in just the same manner.

That is the REALLY BIG problem that needs to be solved.

The Social Security problem is not at all difficult to solve.  According to the most recent actuarial report to the trustees, the shortfall in Social Security is 14% of projected benefits or 17% of projected revenues.  So anyone who can do arithmetic can work out some combination of increases to taxes and decreases to benefits that would bring the program into balance over the 75 year projection period.  Split it down the middle and decrease benefits by 7% and increase social security taxes by 8.5% and it is solved.  But the fact of the matter is that there is no serious consideration being given to any solution, let alone a straightforward solution like the above that anyone could understand.

Time to Ban RISK FREE!

October 25, 2011

Perhaps the very act of declaring something a RISK FREE ASSET guarantees that it will not be such. 

Underneath that declaration of RISK FREE is a presumption that the RISK FREE entity can absorb an unlimited amount of debt.  When in fact, the thing that we are seeing over and over again is that it is the debt itself that causes the risk!

In insurance, if insurers allowed someone to insure a building that they own for five times its value in the event of a fire, we all understand that a fire becomes highly likely.

In banking, it is also a basic tenet of lending that if you lend someone much, much more than they could ever possibly repay, that they will not repay.  But in banking, we have let the concept of RISK FREE creep into our heads and let that overcome the basic tenet about lending and repayment.  Banks are actually encouraged to put more of their money into RISK FREE securities to make them more secure.  But in the case of both the sub prime and the sovereign crises, the problem comes from assets that were improperly designated RISK FREE.

But what if it is the designation of RISK FREE itself that leads to the problems?

In the US Life insurance sector, the regulators provide a Risk Based Capital (RBC) regime.  It assigns a level of capital based upon the regulators understanding of the risk of various activities.  Most life insurance products at the time of the creation of the RBC regime in the early 1990’s involved a guarantee from the general account of the insurer to the beneficiaries of the insureds.  Life insurers traditionally took large amounts of credit risk to support those guarantees.  The RBC originally was focused first on the largest risk of the life insurers, credit.

Variable Annuities did not involve a guarantee from the general account and were therefore considered RISK FREE.  Many insurers wrote that business and did not attribute any capital because the products were RISK FREE.  From the start, insurers paid a fixed commission to brokers who wrote the business.  Insurers did not directly charge the customers for those commissions, but instead recovered those payments from the accounts over time.  Later, life insurers started to also add guarantees from the general account of the benefits from the variable annuities.  The variable annuities were still considered to be RISK FREE so there was still no RBC charge.

It was not a surprise that valuable risk protection that was highly underpriced was attractive to buyers and these products became very heavy sellers for a dozen or more companies.  So much so that attempts to later change the RBC to require proper capital amounts for the product were potentially critically damaging to some of those firms. Eventually, when the financial crisis hit, some of those dozen insurers that wrote large amounts of these products were looking for help from the TARP program

So perhaps we should be rethinking this concept of RISK FREE.   When the activity deemed as RISK FREE starts to become risky, it starts (or in the case of the sub prime backed CDOs always) pays a higher return than the lowest risk activities.  When the denominator for RISK FREE is zero or very near zero, very tiny amounts of excess returns from growing risk of the activity which is now designated RISK FREE in error will look to be fantastically profitable.  A firm that is trying to optimize its return on capital will shift as much activity as possible into the improperly designated assets class.

As long as there is a RISK FREE class, there will be an incentive to shift as much activity as possible into any security in that class that is misclassified. 

And because the capital requirements for risk free are zero, there is no limit to how much banks can move into that class.  They actually look good if they leverage up to increase activity in RISK FREE.

We need to stop even saying that any class of investments is RISK FREE.  As we see where that idea has led us, we need to leave it in the universities where it belongs and keep it out of the business world.  They can keep it on a shelf right next to their bottles of perfect vacuum and along side their frictionless surfaces.  That is where it belongs.

In the real world, there are no RISK FREE assets.  The capital requirements need to be floored with a positive number and graded up with the level of returns.  The market really is telling us something about risk when returns are higher, not about the brilliance of the companies that are able to find the misclassified RISK FREE investments.

 

What Can You Control?

September 2, 2011

Framing is of vital importance in identifying risks.
Risks need to be framed in a way that you CAN actually control them.  If you say that your major risk is a drop in the stock market, then you are framing that risk as something that you cannot control.

If instead, if you frame it as a sudden drop in the value of your investments, then you are very highly in control of your risk.  You can choose your investments.  Your choice to manage the risk becomes a tractable risk reward trade-off.  You can buy hedges to mitigate the amount of your losses.

The same goes for Hurricanes or other acts of nature.  If you say that your risk is hurricanes, then you cannot control hurricanes and you are done.  The risk management committee can go home early.  But if you say that your risk is “damage caused by hurricanes”, suddenly you are in charge.  You have options and you have responsibilities.  You have the option to move some of your activities out of the path of hurricanes.  You have the option to make sure that the construction of your building can withstand some or all hurricanes and the concurrent storm surge.  You have the option of buying insurance to make sure that your damages are reimbursed.

So look at your list of risks.  Make sure that even if it says Hurricane, that you are treating it as a manageable risk.  As if it said “damage caused by hurricanes” that you can manage and you are not just throwing up your hands because you cannot stop a hurricane.

 

Maybe it is not as obvious as you think…

August 24, 2011

Do you have any bad instructions risk?

Solar Risk

August 20, 2011

At least 75% of the US has experienced some Solar Risk this summer. Temperatures were into triple digits.

(in Fahrenheit. Fahrenheit is a part of the ancient measuring system that only America uses. 100F is 37.7C. Not so magical stated that way.  But it is still exceptional.)

But very different solar risk is thought to be on the way.  Solar Storms are thought to entering a busy season and to have the capability of wrecking havoc on various electromagnetic broadcast and receiving systems.  GPS systems are thought to be particularly vulnerable.

The last major storm to hit earth reportedly caused the emerging telegraph systems in the US and Europe to encounter problems.  We now depend upon many, many complex electronic systems.

But see what happens if you try to get your firm to prepare for violent solar storms.  The best that may happen is that you would be laughed out of the room.

So do your own preparation.  Carry a map.

Is there a “Normal” Level for Volatility?

August 10, 2011

Much of modern Financial Economics is built upon a series of assumptions about the markets. One of those assumptions is that the markets are equilibrium seeking. If that was the case, it would seem that it would be possible to determine the equilibrium level, because things would be constantly be tugging towards that level.
But look at Volatility as represented by the VIX…

The above graph shows the VIX for 30 years.  It is difficult to see an equilibrium level in this graph.

What is Volatility?  It is actually a mixture of two main things as well as anything else that the model forgets.  It is a forced value that balances prices for equity options and risk free rates using the Black Scholes formula.

The two main items that are cooked into the volatility number are market expectations of the future variability of returns on the stock market and the second is the risk premium or margin of error that the market wants to be paid for taking on the uncertainty of future transactions.

Looking an the decidedly smoother plot of annual values…


There does not seem to be any evidence that the actual variability of prices is unsteady.  It has been in the range of 20% since it drifted up from the range of 10%.  If there was going to be an equilibrium, this chart seems to show where it might be.  But the chart above shows that the market trades all over the place on volatility, not even necessarily around the level of the experienced volatility.

And much of that is doubtless the uncertainty, or risk premium.  The second graph does show that experienced volatility has drifted to twice the level that it was in the early 1990’s.  There is no guarantee that it will not double again.  The markets keep changing.  There is no reason to rely on these historical analyses.  Stories that the majority of trades today are computer driven very short term positions taken by hedge funds suggest that there is no reason whatsoever to think that the market of the next quarter will be in any way like the market of ten or twenty years ago.  If anything, you would guess that it will be much more volatile.  Those trading schemes make their money off of price movements, not stability.

So is there a normal level for volatility?  Doubtless not.   At least not in this imperfect world.  

Cascading Failures

July 27, 2011

Most of the risks that concern us exist in systems. In massively complex systems.

However, our approach to risk assessment is often to isolate certain risk/loss events and treat them totally marginally.  That works fine when the events are actually marginal to the system but it may put us in a worse situation if the event triggers a cascading failure.

Within a system cycles are found.  Cycles that can ebb and flow over a long time.  And cycles that are self dampening or cycles that are self reinforcing.

The classic epidemiological disease model is an example of a self dampening system.  The dampening is caused by the fact that disease spread is self limiting.  Any person will have so many contacts with other people that might be sufficient to spread a disease were they infected.  In most disease situations, the spread of the disease starts to wane when enough people have already been exposed to the disease and developed immunity so that a significant fraction of the contacts that a newly infected and contagious person might have are already immune.  This produces the “S” curve of a disease. See  The Dynamics of SARS: Plotting the Risk of Epidemic Disasters.

The behavior of a financial markets in a large loss situation is a self reinforcing cycle.  Losses cause institutional investors to lose capital and because of their gearing the loss of capital triggers the need to reduce exposures which means selling into a falling market resulting in more losses.  Often the only cure is to close the market and hope that some exogenous event changes something.

These cascading situations are why the “tail” events are so terribly large compared to the ordinary events.

Each system has its own tipping point.  Your risk appetite should reflect how much you know about the tipping point of the system that each of your risks exists in.

And if you do not know the tipping point…

Playground Risk

July 23, 2011

Some of us are old enough to remember going to a playground without an adult trailing along to make sure that we played safely. Oh, there were always a few parents there, but they were with the pre-k aged kids. Anyone old enough to go to school was generally thought to be old enough to be able to play.

Well, thanks to the immense safety movement that has caused everything to be swathed in bubble wrap and foam padding, all of the risk is now gone from playgrounds. AND if you did go to a playground (and almost no one ever does anymore – they are no fun at all) you find that there is usually at least one and probably two adults supervising each child.


Thanks to Claire Wilkinson at the Terms and Conditions Blog of the III, we find that a new study of childhood risk taking suggests that risk taking is a necessary part of growing up to face the world as an adult. Children’s Risky Play from an Evolutionary Perspective: The Anti-Phobic Effects of Thrilling Experiences is the article.  The article says

we may observe an increased neuroticism or psychopathology in society if children are hindered from partaking in age adequate risky play

Roll the experiences of the last generation of kids forward twenty years, when they start to run the world.  They have been deprived of any chance at risk taking as kids.  Not safe enough.  They will also be living in a world dominated by the aged baby boomers.

Apply that picture to future risk appetites.  Any discussion of risk appetite talks about the amount of risk that someone is comfortable taking.

The lesson that we have taught our kids is that ZERO risk is the only level that they should be comfortable with.

I imagine that it would be a good thing to invest in a company that makes that rubber stuff that lines the floor of the playground.  That is much safer than concrete for sidewalks. It will be everywhere.

And business risk taking – forget about it.  Your business may fall and skin its knee.

Kids and adults and businesses and current and future business leaders need to experience risks and get comfortable with the losses that sometimes come from risk taking.  They need to learn that it is not the end of the world if they skin their knee.  Or even break a leg.  Maybe when that happens, we learn something new about ourselves and our ability to take risks in the world. 

Because if someone believes that they are not taking any risks then the only risks that they have are risks that they are not aware of.

How Not to Handle a Crisis

July 17, 2011

News International has been the news for several days now.  ABC News says that they are an example of How not to Handle a Phone Hacking Crisis.  It seems that nearly every year hands us another example of how a company should NOT handle a crisis.  The ideas of how TO handle one are pretty simple:

  1. Get all the news out.  Don’t withhold.  The constant drip, drip of additional revelations makes many people skeptical about whether they ever hear the whole story.
  2. Don’t just take advice from your lawyer.  It is quite possible to be totally safe in a legal sense and totally ruined in the court of public opinion.
  3. Have a plan and practice.  Most company CEO’s that are faced with a crisis do not give the impression that they have ever given a minute of thought to what they might say in a crisis up until the very minute that they open their mouths.  They also seem to be totally surprised by the questions that they get.  There is no upside to knowing how to handle a crisis, but the downside to not knowing is a large fraction of the total net worth of the company.  If the CEO cannot be bothered to prepare, then they must assign a very senior person to be prepared to be the spokesperson in a crisis.  And also be prepared to hand over the top job to that person if there is a crisis and they handle things well.
  4. Speed of response is Key.  And once you have a crisis, every new item needs a response.  In normal times, most items will blow over.  Ignoring them is the best policy.  In a crisis, the opposite is true.  Everything, no matter how trivial or inaccurate, needs a response.  You need to target getting as much airplay as your detractors.
  5. Crisis management is not just talking.  The actions that you take need to be as clear and decisive as your words.  In many problem situations, early mitigation can be much more effective than a late mitigation, and less costly, and less troublesome to talk about.  Imagine someone trying to make a big deal of a problem that you have already solved.  Being ready to fix lots of things is not cheap, however.  But imagine how much money BP would have saved if ANYONE would have had the equipment right there in the Gulf that was needed to fix that leak.

What in the end it takes is to focus some time and attention and money to being prepared for your worst nightmare.

The Risk Embedded in Competitive Advantage

July 13, 2011

The term Competitive Advantage is popular with management gurus.  On the website, QuickMBA, they describe Michael Porter’s ideas on the topic as:

A Competitive Advantage exists when a firm is able to deliver the same benefits as competitors but at a lower cost (cost advantage) or deliver benefits that exceed those of competing products (differentiation advantage).  Thus a competitive advantage enables the firm to create superior value for its customers and superior profits for itself.

This is a major objective of most firms in a capitalist system, an objective far more desirable than risk and reward.  Going into the competitive marketplace and taking risks to get profits is a commodity approach to business.  That is why Market Consistent accounting regimes seek to show this activity as less desirable by recognizing those profits later.  Profits created by competitive advantage are reported immediately.

Once a firm has found a competitive advantage, they will seek to make it a sustainable advantage.  If the advantage is significant enough, they will also seek to eliminate all risk; turning it into a pure rent seeking activity.  In many cases, the managers of the business start to think of this as a PERMANENT RISK FREE BUSINESS.  

And that is risk that is embedded in Competitive Advantage.  It is a risk that comes with long experience with a favorable outcome.  Every day that goes by collecting those rents makes it harder and harder for employees and management to even imagine that there is any risk that the gravy train will stop.

Henry Ford had that sort of position until Sloan’s General Motors took advantage of Ford’s inability to imagine a different way of doing business than his “any color you want as long as it is black” approach.  IBM had that permanent risk free look 30+ years ago when everyone said that “no one ever got fired for recommending that the company buy IBM” for its computer needs.  Microsoft looked that way 10 years ago as well.  At the time that Microsoft was losing suits about their monopolistic behaviors, Gates was predicting Microsoft’s competition.  And he was right.

A business is not safe from this just because it is not a world dominating franchise.  Companies with small niches where they dominate have the exact same situation.

this does not mean that such competitive advantages are not a good goal for a business.  But it does mean that once you find one and you do the natural thing of eliminating risk to turn that business in a pure rent collection, there is always that one risk that you cannot eliminate.

Focusing on the Extreme goes Against the Grain

June 22, 2011

It is very common that people just totally discount risks that are remote.

There is only a 1% chance of that happening so I am just not going to worry about it.

Is commonly how that might be expressed, or even suggesting that something remote is “never going to happen”.

Buying a lottery ticket is seen as simply playing.  Almost no one makes serious plans around the possibility of winning the lottery.  But many will dream.

Life insurance is an unattractive product in most of Europe and the interest in it wanes in the US, supported only by a large tax incentive.  Perhaps that is possibly due to the remote likelihood that is being insured against.  For most ages of working people the mortality rate is less than 1 in 1000.  A very remote event.

This is one way of thinking about risk tolerance.  If people (including the people who run companies) are not concerned about events with a 1/100 or 1/1000 likelihood, then the risk tolerance should be stated in terms of a likelihood that they are concerned about – say 1/20.  Then the risk tolerance can be the amount of loss that they can tolerate at the level of likelihood that they are willing to actively consider.

Part of the barrier to forming a risk tolerance statement may be the focus on the remote – on a remote level that is beyond the concerns of the people who are being asked to form this opinion.

Resilience Realism

June 19, 2011

There are two parts to identifying and understanding whether something is a risk to your organization. The first part is to understand what might happen in the world and within your organization that might cause an adverse result. The second part is to understand the resilience of your organization to the adversity.

Consider the situation of New Orleans. For the Big Easy to be properly prepared for a major hurricane, they need to have both a realistic view of what sorts of hurricanes could hit the city AND they needed to be realistic about the resilience of their city to the impact of the hurricane.

Riskviews has featured the Plural Rationalities view that there are four different views of risk many times.  In addition to the view of risk, resiliency can follow the pattern of four different points of view.  In fact, it may well be a combination of the view of resiliency and the view of risk that makes up the four risk paradigms.

Conservators believe that the world is risky AND they are not very resilient.

Maximizers believe that the world is low risk AND that they are very resilient.

Managers believe that the world is moderately risky AND that they can be appropriately resilient if the work at it and apply the correct expertise.

Pragmatists believe that they do not know how risky that the world is and they also cannot tell whether they will be sufficiently prepared.

Consider the residents of the Atchafalaya Spillway area where the water from the flooding Mississippi River was diverted by the Army Corps of Engineers.  Some of those folks fled immediately when asked to evacuate.  They doubted that they had the resilience to face the flood.  Others stayed put because they had always survived floods before and they felt that their resilience was fine.  A few folks stayed and built up their own defenses.  You may have seen the TV footage of homes in their own little islands of recently added sandbags.  The Pragmatists may have been in any one of those three groups but for entirely different reasons.)

The feeling of resilience comes from experience – from the feedback that people get from their experiences.  And it helps to form their current approach to risk.


%d bloggers like this: