Study Notes: Risk in Perspective

Study notes for McNeil, A.J., Frey, R. & Embrechts, P. Quantitative Risk Management: Concepts, Techniques, and Tools, Princeton University Press, 2005, Chapter 1.

Risk is most often understood as a hazard, a chance of bad consequences, etc., or something that is mostly a downside event.  An initial definition might be ‘an action or event that may adversely affect an organization’s ability to achieve its objectives or execute its strategies’.  This does not capture all the essence of risk, however.

Risk is strongly related to uncertainty and therefore to randomness, another term that has defied a very firm universal definition for centuries until Kolmogorov’s axiomatic definition (1933). Kolomogorov’s probabilistic model is a triplet (Ω,F,P), where Ω is a state, F is the set of events, of which P is a member, and P(A) is the probability of event A occuring.

Financial Risk

In the context of finance and insurance, the most common types of risk include:

• Market risk – the risk of a change in the value of a financial position due to change in its underlying components.
• Credit risk – the risk of not receiving promised repayments.
• Operational risk – risk of losses resulting from inadequate or failed internal processes, people, systems, and external events.

Liquidity risk is the risk stemming from the marketability of an investment, that it cannot be sold in time to prevent a loss or achieve a gain.
The only viable way to achieve successes in financial risk management is through a holistic approach, taking all types of risks and their interactions into account.
Risk measurement. Measuring the risk of a portfolio of X holdings with w weightings requires a distribution function Fx(x) = P(X <= x).

Basel II defines operational risk a the risk of losses resulting from inadequate or failed internal processes, people and systems or from external events.

The Regulatory Framework of Basel II

Basel II released in 2004. Focuses on more risk-sensitive minimum capital requirements for banking organizations, by laying out principles, enhancing transparency in financial reporting

3-Pillar Concept. In Pillar 1, banks are required to quantify their minimum capital charge (regulatory capital) in line with their economic loss potential. There is a capital charge for credit, market, and operational risk. There was no consideration for operational risk in Basel I. Pillar 2 focuses on ensuring there is a well-functioning corporate governance with appropriate checks and balances.  Pillar 3 is about ensuring appropriate public disclosure of risk measures.

Market Risk Capital Charge. Banks are allowed use internal VaR (Value at Risk) models.  Example: A 10-day VaR at 99% for $20 million means there is a 1% probability for the bank to lose at least $20 million by the end of the 10-day period.

Credit Risk. Under Basel I and Basel II, credit risk is assessed as the sum of risk-weighted assets. The risk weight is reflects the credit worthiness of the counterparty.  In Basel I, creditworthiness was crude and allowed only 3 categories: governments, regulated banks, and other.  Hence risk-weighting for all corporate borrowers are the same, independent of their actual creditworthiness.  In Basel II banks can choose to use standardised approaches or more advanced internal-ratings-based approaches.  The new standardised approaches provide substantially more classifications than the old Basel I.

The premise under Basel II is that while individual banks will reduce their credit risk capital charge through internal credit models, the overall size of regulatory capital will remain unchanged.  All agree that operational risk is important, but there is disagreement and uncertainty about how to quantify this risk.

Cooke ratio says that capital should be at least 8% of the risk-weighted assets of a company.

Criticism of Basel II:

• Cost of setting up a compliant risk management system is substantial
• ‘Risk management herding’ could take place.  This is the phenomenon where organizations simply follow the same rules and behave the way during crisis, exacerbating the situation. 
• Overconfidence may come about due to regulation.

Some have raised the notion that regulatory risk management actually makes organisations even more risky.

Solvency 2

Solvency 2 is a review of the capital adequacy of the European insurance industry.  Basel II is aimed to reinforce the soundness and stability of the international banking system.   Solvency 2 is aimed to protect policyholders against isolated bankruptcy of their insurance company.  Basel II addresses systematic risk, Solvency 2 does not (and is not intended to).

Solvency I was very basic and focused on solvency margins. It was not risk based.

Decision on solvency is based on a 2-tier approach. The first level is a target capital, based on risk-sensitive, market-consistent valuation.  Breaching the first level triggers regulatory intervention. The second level is the minimum capital, computed with the old Solvency I rules.

Why Manage Financial Risk?

Different stakeholders have different interests as to an institutions investment in quantitative risk management.  A balance between the interests have to be sought. Stakeholders can include customers, shareholders, regulators, board of directors, politicians, etc.

Societal View

Modern society depends on the smooth and reliable functioning of the global financial system. There is  a danger of systemic risk.  Modern models attemp to spread out the risk to those most willing and presumably able, to accept the risk. Derivatives are instruments that help to enhance the stability of this system.

Challenges of Quantitative Risk Management

It is the large, extreme, unexpected events that form one of the challenges for QRM.  Modelling the expected and normal outcomes may have the advantage of simplifying things but risk understating the risks.

Concentration of risks is about exposure to what was thought to be diversified risks, but which happened to experience simultaneous falls or rises.  It is a case where many things go wrong at the same time.

If a portfolio is too expansive, multivariate models for all risk factors may not be feasible.  QRM needs to be simplified to use broad brush strokes, concentrating on the key features only. This is a problem in scalability of QRM.

Successful QRM requires integration with many disciplines. Understanding QRM requires integrating techniques from various disciplines, such as mathematical finance, statistics, financial economics, and actuarial mathematics.

QRM for the Future

QRM has had an overall positive impact in the insurance and banking industry. Other industries (eg car manufacturing) have similar practices albeit called differently (e.g., total quality control).

QRM techniques have been adopted in the transport and energy industries, among others. Electrical power is traded on energy exchanges, derivative contracts are used to hedge price increases. There is debate on how much of Basel II can be transferred to the energy industry.

A new area of application is establishments of markets for environmental emission allowances.  The Chicago Climate Futures Exchange offers futures contracts on sulphur dioxide emissions.

Alternative risk transfer is the transfer of risks between industries.

Futures contract

A futures contract is a form of a derivative.  It is a contract to buy a specified asset at a specified price at a specified date. It is a tool to manage financial risk. 

Suppose a company has an obligation to pay a debt of US$1 million in 8 months time.  The company is based in Australia, and normally trades in its own local currency (AUD).  In order to protect itself from the uncertain currency fluctuation, it decides to purchase a futures contract to buy US$1 million in 8 months time from a bank at an exchange rate of USD1 = AUD 1.7.  The contract specifies that the company will buy $1 million in 8 months,  at the pre-determined exchange rate.  By having this contract, the company does not have to worry about whether the US$ will fluctuate against its favor. It is guaranteed to be able to buy $1 million at the specified exchange rate.

If at the 8 month period, the exchange rate becomes USD1 = AUD3, the company is able to purchase the USD1 million at AUD1.7 million, very much in its favour.  The downside of course is that if at the 8-month period, the exchange rate has become USD1 = AUD1, then the company will be purchasing the USD1 million at an unfavourable, though surprise-free, rate.

* * *

Risk Roadshow

Interesting concept of a risk roadshow to introduce young children to the mathematics of probability

Risk Roadshow

Some note on consulting and consultants

Some notes I jotted down while browsing a consulting text by Fiona C.  Some of the thoughts are hers, some are mine. Useful considerations for risk consultants:

• Consulting is about knowledge transfer from consultant to client.
• When deciding which consultant to hire, some companies look for enormous depth of knowledge in the areas their company is interested in.  General knowledge does not cut it.
• Of all consultancies, process oriented ones are where executives are least impressed. The client and consultant level of expertise is not much different, and consulting work is mostly facilitation.
• Some consulting engagements are about solving a problem.
• Some types of consulting services:
• delivering a specific service
• implementing a particular system
• creating a successful solution
• Firms hire consultants because they need the input but don’t want to replicate the skill.  They don’t need the skill in-house on a permanent basis.
• Consultants provide new energy and momentum.
• Consultants are hired as a source of best practice information not available in-house.
• Consultants are also hired to provide championing of a sponsor’s project internally
• The depth of knowledge required is specialist knowledge.

* * *

Choose one: Risk Management or Crisis Management

Adapted from a comment made by the CRO of Fidelity Investments, who wrote “Corporate leaders recognise that over the long term, the only alternative to risk management is crisis management. And crisis management is much more expensive, time-consuming, and painful.”

A Short History of Risk Management

Study notes: Kloman, F. A short history of risk management: 1900-2002. Risk Management Reports, 2002

Risk management is the idea that a logical, disciplined approach to the future’s uncertainties to live with it productively and efficiently. Prior to risk management, faith and luck were the two pillars of managing the future.  Events have causes.  Believing in luck obscures the causes.

The great conflicts (e.g., World War 2), the great disasters, (e.g., Chernobyl) all affected and contributed to the development of risk management. But  the most significant milestone are from personal events:

1900: The Galveston Texas flooding changes the nature of weather prediction worldwide.

1905-1912: Workers’ compensation laws introduced in US from inception in Germany, introduces pension and shifts personal responsibility to business and government.

1920: BP forms Tanker Insurance Company, Ltd, which becomes one of the first captive insurance companies. Today there are 5000 such companies with $214 billion investable assets. (Captive insurance companies are companies formed to finance the risks of their parent companies)

1921: John Maynard Keynes publishes ‘A Treatise on Probability’ which emphasises the importance of relative perception and judgment when determining probabilities, rather than numbers'.

1926: Von Neumann begins publishing papers on games strategy showing that a goal of not losing is superior to a strategy of winning.

1933:US Congress passes Glass-Steagall Act, which slowed the development of financial institutions and fragmented risk management. Also caused the split between financial and insurance risks. Revoked in 1999.

1952: Markowitz’s paper ‘Portfolio Selection’ published, which explores return and variance, which led to many of the sophisticated measure of financial risk in current use.

1956: Russell Gallagher’s paper ‘Risk Management: A New Phase of Cost Control’ published.  Philadelphia becomes focal point of new ‘risk management’ thinking. Snider argues that the ‘professional insurance manager should be a risk manager’. Herbert Denenberg picks up writings of Henri Fayol, using them to explore risk management.

1962: Massey Ferguson develops idea of ‘cost-of-risk’ comparing sums of self-funded losses, insurance premiums, loss control costs, and admin costs to revenues, assets and equity.  Moves insurance risk management thinking away from insurance, but fails to cover all forms of financial and political risk.  Rachel Carson’s ‘The Silent Spring’ is published, leading to the formation of the EPA and Green movement.

1965: Ralph Nader’s ‘Unsafe at Any Speed’ is published which gives rise to consumer movement.  Caveat emptor changes to caveat vendor, leading to stiff product and work safety regulations.  Rise of punitive damages in American courts.

1966:Insurance Institute of America issues first examination ‘Associate in Risk Management’

1972: Kenneth Arrow Nobel Prize winner imagines a perfect world where every uncertainty is insurable. Concludes our knowledge is always incomplete. We are best prepared for risk by accepting its potential as stimulant and penalty.

1973: Geneva Association is formed.  Two years later begins linking risk management, insurance and economics.  The association provides intellectual stimulus for the developing discipline.  Scholes and Black publish paper on option valuation opening up the field of derivatives.

1974: Gustav Hamilton creates a ‘risk management circle’ which graphically describes the interaction of all elements of the process, from assessment and control to financing and communications.

1975: American Society of Insurance Management changes name to Risk & Insurance Management Society (RIMS), signalling shift towards risk management and by end of century has 3500 corporate members.

1976:Fortune magazine publishes ‘The Risk Management Revolution”, suggesting coordination of risk management functions within an organisation and board responsibility fo organisational policy and oversight.

1980:Society for Risk Analysis formed in Washington. Its journal Risk Analysis published.  Makes terms ‘risk assessment’ and ‘risk management’ well known in legislatures on both sides of Atlantic.

1983: William Ruckelshaus’s speech on ‘Science, Risk and Public Policy” brings risk management to the national political agenda.

1986: IRM begins in London. A few years later begins education program looking at all facets of risk management, issuing designation “Fellow of the Institute of Risk Management”.  US Congress passes Risk Retention Act. Risk retention groups begin.

1987: Black Monday.  Vernon Grose publishes ‘Managing Risk’, one of the best ever primers on risk assessment and management.

1990: UN starts IDNDR, International Decade for Natural Disaster Reduction.  Efforts ends with publication of Natural Disaster Magazine, presenting a synopsis on nature of hazards and challenges for the 21st century.

1992: Cadbury Committee in UK issues report suggesting that governing boards are responsible for setting and accepting oversight for risk management policy.  Successor committees (Hempel and Turnbull) and in other countries establish a new and broader mandate for organisational risk management.

British Petroleum turns insurance world topsy-turvy with decision not to insure operations in excess of $10 million.  Decision was based on academic study by Neil Doherty of U of Pennsylvania and Clifford Smith of U of Rochester.

1995: AS/NZS 4360:1995 first published. First Risk Management Standard.  Nick Leeson in Singapore topples Barings.  Revives interest in operational risk management.

1996: Global Association of Risk Professionals start. Operating through the internet, it becomes the largest RM association in the world. Focused on financial risk. 

Risk management popularised and becomes a bestseller through Bernstein’s Against the Gods.

2000: Y2K bug fails to materialise, mainly because of massive fix effort.  A big success for risk management.

2001: Sept 11, collapse of Enron reinvigorates risk management.

* * *