Sunday, February 22, 2009

Re-approaching risk management

I have been reading many good articles and write-ups on risk management that I do not know where to begin. Risk management takes priority in view of what has happened and now is as good a time as any in this organization to demonstrate, apply and implement the value of risk management.

The following are the list of articles, its excerpts and in the order of hierarchy and priority :

Setting the Tone

In the Fortune special report "What boards must do in a crisis", top consultants Ram Charan and Tom Neff say company directors have to roll up their sleeves in times like these and take a hard look at risk, targets, pay, and balance sheets.

"Boards have to spend more time thinking about the unthinkable -- scenarios that would have seemed irrational, maybe unimaginable, just a year ago. What if our lead bank disappears? What if we have a liquidity crisis? What if the Dow goes to 6,000? What if our stock keeps dropping and attracts raiders?

The other subject that boards need to focus more on is enterprise risk management. It's not just risk in the sense that banks need to focus on it, but what are the risks in our business model, what are the global risks that could affect our business? It's a holistic approach to the subject, and stress testing what we're doing."


Shaping Risk Management : Addressing qualities of risk managers, decision-making and culture

In another FT article, Personalizing Risk Management, part of a series of articles in Managing in a Downturn, a professor and executive in residence at the London Business School writes about how companies have evolved in managing risks and the shift in thinking about risk management that is required today.

"Personalisation of risk management does not mean throwing out the traditional systems and support structures. Rather, it means a subtle shift in emphasis from the management of a portfolio of risks to the underwriting of individual risk decisions. This approach is relevant across all sectors of the economy, not just to the world of financial services companies. "

The author suggests three approaches in personalizing risk management that I find has every relevance in this organization in its efforts to move forward with risk management:


  1. High-quality insight. Those who make decisions require good quality information, effective analytical tools and the competence to interpret this information. But it is rare for all these things to come together. It is more likely for decisions to be made with poor insight from self-interested sources, and with the relevant information fragmented across different parts of the company. Effective personalisation of risk management is, therefore, about building a system that puts the right information into the hands of those making decisions, and then transforming that information into insight through experience.
  2. Personal accountability. Effective risk management requires personal accountability, but most companies get this wrong as well. Sometimes there are too many decision makers, or the decision maker is too far removed from the action to feel any genuine responsibility. And often there is no link between the decisions taken and the rewards provided.
  3. Supportive culture. The informal norms of behaviour in a company – its culture – should support the principles of high-quality insight and personal accountability. But all too often, these informal norms end up undermining the effectiveness of decision making. Some companies exhibit a fear culture where bad news is hidden from top executives; some are purely mercenary, where everyone looks out for themselves; some suffer from chronic risk aversion, with almost zero tolerance for false-positive errors.
    Of course, there is no simple way to build a supportive culture. It takes many years of consistent messages and actions from leaders. But there are, nonetheless, a couple of basic principles that can be applied.

Risk Measurement : What It Is and What It Is Not

There has been numerous debates as to the usefulness of Value-at-Risk (VaR) as a mathematical model based on statistical assumptions in predicting risk. The basic VaR model, the parametric model, relies on the extent of historical data available for a market and asset class, and for as long as you think history repeats itself, then the parametric VaR is your best indicator of what your portfolio predicted risk would be.

The nature of the financial crisis that evolved from 2007 till now has been unprecedented and as Nicholas Nassim Taleb said in a McKinsey article "my idea in The Black Swan is to make people think of the unknown and of the potency of the unknown, particularly a certain class of events that you can't imagine but can cost you a lot; rare but high-impact events." Therein lies the limitation of VaR and assuming market risk events can be represented by a probability distribution with a certain confidence level.

This article Risk Mismanagement from the New York times reinforces my overall philosophy that while VaR is a means to quantify risks, we must understand the assumptions behind VaR and certainly should never be complacent in thinking that once VaR is in place and that would represents all of our risks.

Nicholas Nassim Taleb was quoted in this article :

"Wall Street risk models, no matter how mathematically sophisticated, are bogus; indeed, he is the leader of the camp that believes that risk models have done far more harm than good. And the essential reason for this is that the greatest risks are never the ones you can see and measure, but the ones you can’t see and therefore can never measure. The ones that seem so far outside the boundary of normal probability that you can’t imagine they could happen in your lifetime — even though, of course, they do happen, more often than you care to realize. Devastating hurricanes happen. Earthquakes happen. And once in a great while, huge financial catastrophes happen. Catastrophes that risk models somehow always manage to miss."

"What he cares about, with standard VaR, is not the number that falls within the 99 percent probability. He cares about what happens in the other 1 percent, at the extreme edge of the curve. The fact that you are not likely to lose more than a certain amount 99 percent of the time tells you absolutely nothing about what could happen the other 1 percent of the time. You could lose $51 million instead of $50 million — no big deal. That happens two or three times a year, and no one blinks an eye. You could also lose billions and go out of business. VaR has no way of measuring which it will be. "

Gregg Berman of RiskMetrics posits differently :

"Obviously, we are big proponents of risk models,” he said. “But a computer does not do risk modeling. People do it. And people got overzealous and they stopped being careful. They took on too much leverage. And whether they had models that missed that, or they weren’t paying enough attention, I don’t know. But I do think that this was much more a failure of management than of risk management. I think blaming models for this would be very unfortunate because you are placing blame on a mathematical equation. You can’t blame math."

Richard Bookstaber :

"Richard Bookstaber, a hedge-fund risk manager and author of “A Demon of Our Own Design,” ranted about VaR for a half-hour over dinner one night. Then he finally said, “If you put a gun to my head and asked me what my firm’s risk was, I would use VaR.” VaR may have been a flawed number, but it was the best number anyone had come up with."

The NYT article is a good for all risk managers to understand what VaR represents and its limitations with quotes from proponents and dissenters of VaR. Read on.

No comments: