Financial Risk Management: An Introduction

Financial Risk Management: An Introduction François-Serge Lhabitant ■ Olivier Tinguely Executive Summary This article provides a brief introduction to risk management. It discusses the rationale for risk management for corporations, with a strong focus on financial risk management. It describes the various risks that a company is facing, as well as the various steps to identify and manage them. An illustration of the major tools and methodologies is provided for the case of market risks. © 2001 John Wiley & Sons, Inc. INTRODUCTION R isk management is in fashion. One cannot open a business magazine or an academic review without reading an article on financial risk management, derivatives, or Value at Risk (VaR). Three main reasons explain this growing interest: the prevailing economic and financial conditions over the last threedecades, advances in economic and financial theory and, finally, the availability of computing power. The need for management of financial risk has increased in the wake of two major economic events: the progressive opening of national economies to the world market since World War II and the breakdown of the Bretton Woods fixed exchange rates system in the early 1970s. Since then, companies have been increasingly exposed to several kinds of risk and various financial crises. François-Serge Lhabitant is Head of Quantitative Risk Management at Union Bancaire Privée (Geneva), Professor of Risk Management at H.E.C. University of Lausanne (Switzerland) and Assistant Professor of Finance at Thunderbird (Europe), French-Geneva Campus. Olivier Tinguely is Professor of Economics and Finance at University Carlos III (Madrid) and Suffolk University (Madrid). The content of this article is the personal opinion of the authors, and does not necessarily represent the views or practices of any of the firms or organizations to which they belong. The authors may be contacted via e-mail at: [email protected]. Thunderbird International Business Review, Vol. 43(3) 343–363• May–June 2001 © 2001 John Wiley & Sons, Inc. 343 F.-S. Lhabitant • O. Tinguely Examples include the world oil price crises, periods of explosive interest rate volatility, successive stock and bond market crashes, currency crises, the collapse of Long-Term Capital Management, and the financial crises in Mexico, Asia, Russia, and Brazil. These events directly affected the return that most firms received in the course of their businesses, most of the time negatively. As a result, instruments and methods of protection to counter these risks have seen a marked rise in demand, contributing to the rapid growth in the field of financial risk management. . . . instruments and methods of protection to counter these risks have seen a marked rise in demand, contributing to the rapid growth in the field of financial risk management. At the same time, economic and financial research has grown spectacularly. In economics, the early 1970s saw a new generation of researchers who formulated the basis for new classical economics, which has become the dominant paradigm. Among other things, new classical economic theory elaborates a complete formalization of the economics of uncertainty, of the economics of information and initiated a renewal of the macroeconomic line of research, which has profoundly renewed the way economists work and interpret economics (see, eg., Mankiw, 1990). At the same time, paralleling the developments in the area of economic theory, finance has progressively become a science in itself and a major area of research since the 1970s. New tools have been developed, and those have proven to be useful and, in certain cases, very effective in solving important issues. Financial risk management is an example of a subject in which academic and practical research has been particularly fruitful. The availability of powerful computers was the final necessary development. Financial risk management tools rely heavily on complex mathematical models that require both large datasets and highly demanding numerical procedures. This article is an introduction to financial risk management. We would like to convince the reader that financial risk management is an essential ingredient to successfully manage a company. Although there will be more focus on financial management, most of the arguments can be extended to risk management in general. In the next section, we briefly explain the notion of risk. Then we will present the major risks companies face and describe their possible responses. After that, we attempt to justify the utility of risk management. In the following section, the concept of Enterprise Risk Management (ERM) is described. Then, we conclude with an application of risk management to some aspects of corporate finance. 344 Thunderbird International Business Review • May–June 2001 Financial Risk Management WHAT IS RISK? Risk is inherent in human activities. It arises from the unknown nature of future events. Roughly speaking, risk can be defined as the exposure to uncertainty. Accordingly, two notions have to be understood and studied: the uncertainty itself and the exposure of an individual or company to this uncertainty. Uncertainty can be thought of as the possibility of occurrence of one or several events. Uncertainty is usually represented by a range of possible realizations of future events, to which a probability distribution is assigned.1 Stated differently, each possible realization of all the possible events may occur with a given probability. To study risk, a precise description of future events and the determination of their probability distribution are necessary. From a practical point of view, two issues arise from this representation of uncertainty. First, the possible realizations of an event may be difficult to determine. Second, the probability distribution is often not known and has to be inferred. The second component of risk is the exposure to uncertainty. Different human activities are not affected in the same way by the same uncertainty. A typical example is future weather, which is obviously not known, but affects human activities heterogeneously: weather conditions are crucial for agriculture, while they do not affect most other economic activities. The identification of which uncertainty is pertinent to a given activity represents the basic ingredient of risk management. WHICH RISKS? WHAT CAN WE DO? It is important to realize that risk by itself is neither good nor bad. Companies must take risks to stay in business and to gain competitive advantage. What is important for them is to identify and handle risks correctly. This ability can actually become a source of profit. Conversely, an unidentified, mismanaged, misunderstood, unintended or incorrectly priced risk may adversely affect the company’s profit. Successful organizations should take risks that are necessary to achieve their goals, while avoiding undesired risks. Accordingly, risk management is not about seeking or avoiding risk. It is about optimizing risk exposures. See Savage (1954) and Von Neuman-Morgenstern (1953) for the first formalization of uncertainty in economics. A survey can also be found in Drèze (1974). 1 Thunderbird International Business Review • May–June 2001 345 F.-S. Lhabitant • O. Tinguely Which Risks Does the Company Face? In addition to traditional business risks (production risks, supply and demand risks, management risks, human capital risks, etc.), most business activities face financial risks. These can be classified into several basic categories.2 Market risk includes all potential losses due to adverse changes in some financial market variables (such as interest rates, foreign exchange rates, equity and commodity prices, etc.). Their impact can be direct (erosion of own operating margins) or indirect (through the consequences of the exposure faced by competitors, suppliers, or customers). As we will see, the measurement of market risk benefits from the most advanced methodology for risk measurement. Once identified, management of these risks is generally straightforward, because market risks are by definition exchangeable on markets. Credit risk refers to the possibility that a loss will be incurred because some counterpart fails to make payments as due (nonpayment or delayed payment). Most transactions involve credit risk, ranging from nonpayment of anything from conventional loans and securities to trade credits and receivables. Traditional credit risk management consisted of evaluating the creditworthiness of counterparts (through the use of ratings, for example), of setting prudential risk limits to avoid excessive concentration of debt by a single payer, and of measuring nominal exposures and monitoring them against predefined limits. The securitization of credit has progressively transformed both the definition and the management of credit risk. Credit risk can be managed to the same degree as market risk using credit derivatives, that is, derivatives whose underlying asset is the credit risk of a borrower. The emergence of on-line credit trading platforms (such as Credittrade.com and creditex.com) should further act as a catalyst in this process of improving manageability by providing liquidity and transparency. Operational risk is the risk that human errors, system failures, or inadequate procedures or controls will result in unexpected losses. Although operational risk has always existed, it has taken a back seat to both market and credit risk in the past. Indeed, even finding a working definition of operational risk is a difficult task, and this has slowed down the possibility of managing it. Today, operational risk management is a discipline with its own management structure, methodology, tools, and processes. It cannot really prevent losses, but it aims to minSee Esseghaier & Rahl (2000) for an exhaustive list of financial risks faced by companies. 2 346 Thunderbird International Business Review • May–June 2001 Financial Risk Management imize surprises by anticipating what could go wrong and the possible financial impact. On the qualitative side, it focuses primarily on internal controls, “what if” scenarios and regular reviews of systems, documentation, and operational procedures. On the quantitative side, it has started collecting data on operational losses and developing metrics and tracking based on reliability theory, a well-established discipline in Operational Research. Liquidity risk can be defined as the facility with which a corporation can convert an asset into a cash amount equal to its current market value. The conversion typically consists in either selling the asset, or in using it as collateral to secure a loan. Lack of liquidity can arise because of insufficient market depth, or because of disruptions in the marketplace. Liquidity risk is particularly high in over-the-counter markets. Because firms rely heavily on quantitative models (in particular for pricing financial instruments, hedging their positions and monitoring risks), they are exposed to model risk. This new risk category covers several possible failures: a model is inappropriately applied, an incorrect model is used, or a model is simply wrong. Consequently, inadequate decisions are made and subsequent losses appear. Attitudes with Respect to Risk Firms can adopt several attitudes with respect to risk. . . . it aims to minimize surprises by anticipating what could go wrong and the possible financial impact. Avoid risk. Risk, to state the obvious, is inherent in all business and financial activity. It is therefore simply impossible to avoid risk in any economic environment, where at least some of the firm’s suppliers, consumers, or competitors will face risk and will indirectly expose it. In addition, avoiding risk is generally not optimal for firm’s owners. Ignore risk. Even though risk is considered a factor that significantly affects earnings and share prices, several firms do not take any measures against risk.3 Three types of arguments are usually made to try to justify this attitude. 1. The company does not master the necessary quantitative tools to measure the risk exposure and it is intimidated by the complexity of derivatives. 2. Managers estimate that financial manipulations lie outside the firm’s field of expertise and shareholders should manage the See, for instance, Loderer and Pichler (2000), who find that most Swiss firms do not know their foreign exchange exposure. 3 Thunderbird International Business Review • May–June 2001 347 F.-S. Lhabitant • O. Tinguely risks by themselves. A typical assertion is “our business is to produce goods, not to speculate on financial markets.” 3. Managers believe that hedging costs systematically exceed the potential benefits of risk management, so that bearing risks is more profitable than hedging them. This is often the case when risk exposure is small. This explains why most large companies self-insure against minor unexpected losses. The same policy is not necessarily acceptable for smaller or less profitable companies. Whatever the motive, ignoring risk is no longer a safe option. Due to spectacular losses, legislators, investors, regulators, customers, and the public are demanding greater accountability and effective controls. CEOs, directors, and managers increasingly become personally accountable for losses. Therefore, they need to understand the implications and risks associated with each decision they take. Limit risk. It is common practice that higher levels of management place limits on the amount of risk that lower levels of management can take. However, the effectiveness of such limits is contingent upon the ability of both upper and lower management to measure and monitor risk exposures, i.e., in having implemented the first steps of a risk management program. Diversify risks. Diversification—taking multiple uncorrelated risks— provides an effective method to reduce risk at virtually no cost. Usually, it is automatically integrated into the operations of larger firms, which have more product lines, but is harder to achieve for smaller firms that are more specialized. Manage risks. Finally, risk can be managed, which does not necessarily mean eliminated. Firms can decide which risks are part of their core activities and should be retained, and which ones should be transferred or insured to third parties. Through financial engineering, risks can be unbundled and reallocated in a highly calibrated manner among people that are interested in bearing them. Nevertheless, it is important to recall the law of the “conservation of risk”: financial engineering does not alter the underlying risk. The risk remains present, but in someone else’s hands. A RATIONALE FOR RISK MANAGEMENT At its most general level, the term “risk management” denotes the decisions and actions taken independently of the operating business by an 348 Thunderbird International Business Review • May–June 2001 Financial Risk Management individual or a firm to alter the risk/return profile of its future cash flows. Typically, an attempt to reduce risk through such actions is called hedging, while an increase in risk exposure is called speculation.4 From the perspective of an individual, risk sharing and thus risk management increases a sense of well-being because, by nature, humankind is risk averse. For example, the risk of a serious disease is a major concern for most of the population. Individuals typically share this risk through health insurance contracts. This behavior can be viewed as risk management at the individual level. Unfortunately, this type of explanation cannot be applied directly to firms. The usefulness of risk management in a firm is not so clear. Improving shareholder value5 is the primary objective of most publicly held companies. Therefore, a fundamental question needs to be addressed, namely, does risk management add value for shareholders? The answer is not obvious. Early academic research gives no motivation for hedging. Nobel Prize winners Miller and Modigliani (1958) showed that financial manipulation—such as hedging—does not influence a firm’s value in a perfect world.6 Their fundamental premise is that shareholders can hedge risks more effectively in their own portfolio than managers at the firm level. Shareholders can account for their respective risk aversion and preferences, and benefit from the cost-free diversification of offsetting risk exposures between different stocks. . . . risk management increases a sense of wellbeing because, by nature, humankind is risk averse. Similarly, another line of reasoning suggests that risk management wastes resources because economies tend to follow equilibrium longterm relationships.7 In this environment, there is no risk in the long term, and the rationale for risk management is found in short-term deviations from long-term relationships. The cost of eliminating this shortterm risk can easily offset the profit and, therefore, risk management represents only a dead-weight cost that destroys shareholder value. Hereafter, we will not mention the word “speculation” because of its negative connotation, but the frontier between “hedging” and “speculation” is rather thin. 5 Shareholder value regroups all the benefits derived by shareholders from investing in a firm. It includes dividends and captial appreciation. 6 By “perfect world,” we mean a world with no taxes, no bankruptcy costs, and where economic agents have perfect information. 7 Examples of such relationships are the purchasing power parity, the international Fisher effect, and the unbiased forward rate theory. The purchasing power parity states that the exchange rate between two countries is equal to the ratio of the level of prices in the two countries. The Fisher effect asserts that variations in the nominal interest rate are equal to the variations in the monetary growth rate. The unbiased forward rate theory affirms that today’s forward rates are unbiased predictors of future prevailing spot rates. 4 Thunderbird International Business Review • May–June 2001 349 F.-S. Lhabitant • O. Tinguely The growing interest in risk management suggests that new factors have to be considered. In addition to regulator influence,8 there are two primary nonmutually exclusive influences driving the demand for risk management: the presence of market imperfections and managerial risk aversion. Market Imperfections Several market imperfections move us away from the perfect world assumptions and create opportunities for risk management activities. Taxes. The asymmetric treatment of tax losses (positive taxes due as earned, tax losses only realized at a later date with no allowance for the time-value of money) combined with the presence of a convex income tax schedule (increasing marginal corporate tax rate) motivate a firm to smooth earnings to lower its average tax bill. Transaction costs. Firms generally face lower transaction costs than individual investors in securities markets because of the size of the trades they undertake. As a result, hedging is less costly at the firm level. In this case, shareholders are delegating risk management operations to firms to reduce transaction costs. Financial distress costs. Large losses can trigger financial distress. Such a situation usually generates costs for the company in a direct way (legal costs, accounting, auditing, etc.) and in an indirect way (diversion of management time, actions of suppliers, customers, and employees, who may be concerned about the financial status of a company and its future capacity to honor its engagements). Reducing earnings volatility lowers the probability of financial distress and thus its cost. Asymmetric information. When two agents decide to enter into a transaction, the information they possess about this transaction determines the structure and the gain of the exchange. In an extreme case, an important information asymmetry may prevent the transaction from taking place (see Akerlof, 1970). Financial markets are adversely affected by asymmetric information. In the credit market, for example, the lender has less information than the borrower on the latter’s future cash flows. These determine the solvency of the debt contract. Consequently, lenders face difficulFor instance, the German Corporate Act (Akitengesetz, section 91.2), as amended in March 1998, requires the Board of Directors of German public corporations to set up an adequate risk management system. In this context, one can wonder what is the reason for such an act. Indeed, legislation has an aim! 8 350 Thunderbird International Business Review • May–June 2001 Financial Risk Management ties in discriminating “good” from “bad” borrowers, resulting in a higher interest rate or in some credit constraints. In the context of risk management, asymmetric information may be a pertinent issue in the following contexts: • Financing costs. As argued above, firms need to show the intention to repay their debts to obtain attractive credit conditions. Financial risk management helps to achieve this goal, by avoiding unexpected cash flow shortfalls, by reducing the need for costly urgent external financing, by stabilizing cash flows and lowering stock volatility, and therefore the cost of equity. • Creation of new business opportunities. Firms with smooth cash flows can invest when necessary. This represents an important competitive advantage over their competitors. • Insider-outsider information sets. Individual risk management is less efficient than corporate risk management because a precise identification of the risks faced by a company usually requires more information and knowledge than the average stockholder may possess. Thus, mandating a risk manager for this job is a rational decision by shareholders. Managerial Risk Aversion Empirical evidence suggests the existence of a relationship between risk management and managerial risk aversion.9 Some stakeholders, such as employees and managers, may engage in hedging strategies because they have disproportionately large investments in a firm. These investments are often nonvisible, in the form of human capital and business specific skills, and poorly diversified. In this case, hedging becomes a natural form of job protection. . . . lenders face difficulties in discriminating “good” from “bad” borrowers, resulting in a higher interest rate or in some credit constraints. Along the same lines, managers may decide to hedge or speculate because of specific incentive issues. For instance, performance bonuses can encourage taking larger risks toward the end of bad years (“double-or-quit”), as well as lowering risk exposure tolerance toward the end of good years (“freeze and wait”). This suggests that risk management performance benchmarks need to be carefully aligned with shareholder objectives to avoid perverse behaviors. Last, but not least, a pragmatic approach would be to assert that firms increasingly manage their risks because they consider this activity profitable. See, for example, Tufano (1996), who analyzes risk management strategies in the U.S. gold mining industry and observes that the main determinants of hedging discussions are the level of management ownership and the nature of management compensation contracts. 9 Thunderbird International Business Review • May–June 2001 351 F.-S. Lhabitant • O. Tinguely In conclusion, the true motive for risk management is difficult to determine. Does risk management increase managers’ utility or the value of the firm? Although these two objectives conflict most of the time, their respective theories (managerial risk aversion and the presence of market imperfections) accounting for the growth of risk management are not mutually exclusive. That is to say, both theories could be independently contributing to growth in this area. ENTERPRISE RISK MANAGEMENT (ERM): A GLOBAL VIEW A firm represents a complex network of activities that are generally managed by functional and operational areas. Historically, many organizations adopted a decentralized approach to risk management, encouraging each department or business unit to dutifully manage its risks. Consequently, risk managers focused on segregated risks without a clear picture of their combined impact. Over the last few years, firms have begun to consider the sum of individual risks as a combination of risks that are interrelated. For example, market risk certainly influences default probabilities and recovery potentials. Operational risk is created by the same activities that create market and credit risk. The progressive recognition that risks influence one another, and that they jointly affect the performance of a company has promoted the management of risk at a global level instead of at the level of separate entities. This concept, usually referred to as Enterprise Risk Management (ERM), provides two important immediate tangible benefits. It allows for better identification, understanding, and control of all existing risks simultaneously. Moreover, it improves the efficiency of hedging: offsetting positions significantly reduce transaction costs and lead to improvements in procedures or systems that may reduce operational risk. Through a comprehensive risk management framework, ERM helps companies to develop broader risk management practices and it improves the quality of business decision making at all levels. The ERM process can be decomposed down into three phases. It begins with an enterprise risk diagnostic, devoted to identifying, understanding and prioritizing the critical risks that affect enterprise value. It continues with the quantification of these risks, both individually and jointly, so that correlations among risks can be understood. It concludes with the adoption of organizational and financial strategies to control and manage risk at a firm wide level. 352 Thunderbird International Business Review • May–June 2001 Financial Risk Management ERM should not be a static process but rather a dynamic and ongoing one. It is as much about identifying opportunities as it is about avoiding losses. It should raise risk awareness, and enable the company to address new risk exposures. A pioneer in ERM was Microsoft, whose financial systems barely kept up with high-growth revenues, yielding numerous inefficiencies and delays. As an illustration, the company had more than 30 separate general ledgers around the world, with inconsistent data definitions, and no fast access to financial reports (two weeks were necessary to close the books). Former CFOs Michael Brown and Greg Maffei started building a coherent, worldwide replacement for the company’s disconnected systems and created the Microsoft Risk Management Group in 1997. Today, this group watches no fewer than 144 separate risks, from market share and price wars to industrial espionage. An intranet-based risk-evaluation system called RISKS (Risk Information System for Knowledge Sharing) provides managers with near-real time financial information. Although it is not considered to be a profit generator, the systematic foreign-exchange hedging program for net revenues and short-term foreign receivables has delivered about $100 million in insurance payouts, net of hedging costs. Last, but not least, the company’s portfolio ($26 billion in the form of fixed-income, equity, and foreign-exchange holdings) is now managed centrally. Although it was easy in the Microsoft case to leverage internal resources and technology, the major problem in implementing ERM systems is that it is extremely difficult to gather all the required data across the institution, at the same time and in the correct format. . . . the major problem in implementing ERM systems is that it is extremely difficult to gather all the required data across the institution, at the same time and in the correct format. AN ILLUSTRATION OF FINANCIAL RISK MANAGEMENT: MARKET RISK We will now provide an illustration of a market-risk management process. For the purposes of our analysis, we will take the case of a U.S. firm (U.S. dollar based, U.S.D.) manufacturing goods in the United Kingdom (costs in British pounds, GBP) and selling them mostly in France (revenues in Euros, EUR). All investments are financed through U.S.D. debt. We will also assume that managers seek to maximize shareholder’s value, measured as quoted stock price increase in U.S.D. Identifying Market-Risk Factors The first step consists of identifying the market risk factors that significantly affect the firm. Regressing the firm’s past revenues, Thunderbird International Business Review • May–June 2001 353 F.-S. Lhabitant • O. Tinguely expenses, or stock returns against various financial variables like market index returns, interest rates, commodity prices, etc., will often provide valuable information. In our case, let us say that we obtain the following results: R (Firm)= 0.2 + 1.3 R(S&P500) + 1.5S(EUR) - 1.9S(GBP) ( where R(Firm) denotes the return on the firm’s shares, R(S&P500) is the return on the Standard and Poor’s 500 index, and S(EUR) and S(GBP) are the Euro and British Pound exchange rates against the dollar. The interpretation of the above regression is that a 1% appreciation of the dollar versus the Euro leads to a 1.5% increase in the firm’s value, keeping all other market variables constant. Similar conclusions can be reached for the other market variables. By looking at statistical coefficients such as t-stats and R-square (not shown here), one can also test the statistical significance of these exposures and the quality of the model. This provides managers with a simple, but powerful model for estimating exposures. However, regression analysis has caveats. Estimated coefficients are historical, and may not hold in the future. The linear specification may be incorrect, for instance, if the market share depends on the exchange rate. One may omit some risk factors in the regression; or one may use incorrect but correlated risk factors (such as, for instance, the Swiss franc rather than the euro), which would lead to wrong hedging decisions. Therefore, although the knowledge of the regression results is useful at the strategic level and provides management with an indication of the potential magnitude of the exposure to the various factors and the direction of the sensitivity, it cannot easily be turned into operational directives. To obtain detailed knowledge of the individual exposures, a finer cut of the data is required. The traditional approach (sometimes called pro forma approach) focuses on changes to cash flows as the key sensitivity measure. Starting from the firm’s income statement or budget, single transactions are divided into series of payable and receivable cash flows. In our case: Profit=Sales(EUR)–Costs(GBP)–Taxes(USD)–Investment(USD) As expected, we see that the firm is negatively exposed to the pound/dollar and positively exposed to the euro/dollar exchange 354 Thunderbird International Business Review • May–June 2001 Financial Risk Management rates.10 We can also estimate by how much each transaction profit would change if the corresponding risk factors changed unexpectedly. The individual exposures are then pooled where applicable to build an overall (net) position to be managed at the firm’s level. Although simple, the pro-forma method has the disadvantage that it requires precise knowledge of each future cash flow, which may be impossible to determine with certainty. In addition, the number of cash flows may become extremely large. Quantify Exposures Once risk factors have been identified, the next step is to decide on the nature of the firm’s exposure to be managed. There are basically three different exposures in a firm. The transaction exposure is the effect that a price or rate change has on cash flow or firm value. It concerns mostly near cash flows from past business deals and existing contractual obligations. The operating exposure (also called economic exposure) is the effect that a price or rate change has on the future expected cash flows, particularly with reference to the erosion of competitive position. It affects both prices and quantities. The translation exposure (also called accounting exposure) is the degree to which market changes affect a firm’s financial statements. This kind of risk is essentially due to accounting translations using different book and market values (for instance, average rather than closing exchange rates). Although no cash transactions arise, translation exposure results in bookkeeping losses or gains. Once risk factors have been identified, the next step is to decide on the nature of the firm’s exposure to be managed. The existence of these simultaneous exposures illustrates several popular misconceptions about market risks. For instance, it is often said that only firms with foreign operations are exposed to the exchange rate, or that if a firm denominates all sales and purchases in its own currency, it faces no exchange rate risk. Although this is true from a transaction exposure perspective, it is false from the operating exposure perspective. Even if our firm invoices its French customers in dollars, if the euro drops, its prices will have to adjust or local competitors will take advantage. Despite the importance of long-term competitive exposure for a firm’s future cash flows, firms tend to use financial instruments to hedge primarily near-term (less than one year) transaction and Although taxes first appear as irrelevant here, one has to remember that changing sales or costs would actually affect taxes. There will also be lead-lag effects due to delays between production, sales, and tax payments. For the sake of simplicity, we have assumed that investments were financed in dollars. 10 Thunderbird International Business Review • May–June 2001 355 F.-S. Lhabitant • O. Tinguely Table 1. Major Market Risk Measures and Their Interpretation Sensitivity Meaning Duration How much a bond price changes (in relative terms) for a change in interest rates How much a duration changes for a change in interest rates How much a bond price changes (in dollar terms) for a 0.01% change in interest rates How much a security’s value changes for a change of a market index How much a derivative’s value changes for a (small) change in the underlying asset’s price How much a delta changes for a change in the underlying asset (similar to convexity) How much a derivative’s value changes for a change in the volatility How much a derivative’s value changes as the deravative moves closer to its expiration date How much a derivative’s value changes in reponse to a change in interest rates Convexity DV01 Beta Delta Gamma Vega Theta Rho contractual exposures (see, for instance, Bodnar & Gehardt, 1999). Even in this situation, there are numerous possible risks to be hedged: net operating cash flows, taxable income, accounting earnings, etc. The choice will often be driven by the effective motives for risk management. If managers manage risks because of financial constraints, they are more likely to hedge cash flows, whereas if risk management is driven by managers’ risk aversion, it is most likely that income or earnings will be hedged. In our case, as we mentioned already, we assume that managers hedge the market value of the firm. Often, risk exposures are simply defined as the nominal or notional amounts of transactions, holdings, or liabilities. This is acceptable for simple spot exposures such as foreign currencies or commodities. It is inaccurate for complex positions such as bonds or derivative positions, because it does not reflect price sensitivity. A battery of specific quantitative risk sensitivities measures exists for financial instruments (see Table 1). Although they are more precise than notional amounts, they are hard to communicate to end-users, difficult to aggregate across risk factors, perceived subjectively,11 do not facilitate controls, and, last but not least, irrelevant for nonfinancial firms. Value at Risk (VaR) was developed in the 1980s as an answer to all these critiques, initially used at derivatives trading desks The problem of sensitivities is that they are given without relative likelihood, so that their final application is subjective—different people can reach different results. 11 356 Thunderbird International Business Review • May–June 2001 Financial Risk Management Figure 1. Illustration of the 95% Value at Risk Calculation of major U.S. banks. Given the inherent simplicity of the concept and its applicability at multiple levels (from a single position to the overall company), VaR has gained rapid acceptance as a valuable approach to market risk aggregation, measurement, and communication, even by nonfinancial firms.12 VaR is a summary statistic that quantifies the downside risk exposure of an asset or portfolio to all aggregated market factors. Jorion (1997) defines it as an estimate of “the worst expected loss (in value) over a given time interval under normal market conditions at a given confidence level.” For instance, saying that our manufacturing company has a VaR of $1 million over ten days at the 95% level is equivalent to saying that there is a 5% chance that the company’s market value drops by more than 1 million over the next ten days. Several nonfinancial corporations exposed to market risks have embraced the “at Risk” concept, but prefer to focus on quantities such as earnings, earnings per share, or cash flows. This has given birth to alternative measures such as Earnings-at-Risk (EaR), Earnings-per-Share-at-Risk (EPSaR), and Cash-Flow-at-Risk (CFaR). All have the potential for being even more useful than VaR, because they can also include sensitivity of supply/demand functions to changes in financial variables, aggregating both business risk and financial risk. For instance, Hallerbach and Menkveld (1999) extensively develop the case of KLM Royal Dutch Airlines, which faces commodity risk (fuel price), foreign exchange risk (revenues), and interest rate risk (leverage and leasing). They show that VaR is a useful tool for financial risk management at KLM. 12 Thunderbird International Business Review • May–June 2001 357 F.-S. Lhabitant • O. Tinguely Table 2. Derivatives Defined Forward contract Futures contract Option Intuitively, to obtain an “atrisk” measure, the idea is to construct a distribution of possible outcomes Swap A private contract between two parties, a buyer and a seller, for the buyer to purchase an asset from the seller at a fixed price at a future date. The contract is negotiable and flexible, but often illiquid, nonregulated, and subjects each party to the possibility of default of the other. A contract betwen a buyer and a seller, for the buyer to purchase an aset from the seller at a fixed price at a future date. The contract is traded on an organized exchange, has standardized underlying assets, quantities, and expirations. A clearinghouse guarantees execution, and there is a daily settling of gains and losses to avoid default events. A contract between two parties in which one party (the buyer) has the right to buy (call option) or sell (put option) an asset at a fixed price for a definite period. To obtain this right, the buyer pays a premium to the other party (the seller or writer). The fixed price is called the exercise price. If the option can be exercised at any time up to expiration, it is called an American option. If the option can be exercised only at expiration, it is called a European option. An agreement between two parties for each party to pay periodically the other a series of cash flows over an agreed period.The payments are generally based upon different rates applied on a notional amount of principal, which may or may not be exchanged. Intuitively, to obtain an “at-risk” measure, the idea is to construct a distribution of possible outcomes, and then disregard the tail value leaving the desired percentage of the outcomes to the left (see Figure 1). Although the methodology has become a de facto industry standard, there are several competing approaches (parametric, historical, simulated, etc.) to estimate this distribution, with very different assumptions, limitations . . . and results. Therefore, firms design and supplement “at-risk” calculations with several add-ons. These include sensitivity analysis (to show how the figure varies with different assumptions, different data, etc.), scenario analysis and stress testing (to assess the risk of an unusually turbulent market environment and to be aware of worst-case situations), as well as back testing (to determine if the computed figure proves to be accurate after the fact). Manage the Risk Once individual and global market risk(s) exposure(s) are available, strategies to control and manage them can start. To be honest, the optimal risk management strategy is often company specific—an assertion consistent with the observation that there is wide variety in the risk management practices of companies. Each firm needs to 358 Thunderbird International Business Review • May–June 2001 Financial Risk Management assess which method best suits its objectives, its business, its view of the world, and its budget. Bearing some risks up to a given limit is a normal part of business activity. Firms may set these limits on net positions, gross positions, or both; they may be specified in terms of notional amounts, maximum allowable loss (stop loss), specific quantitative measures (maturity gaps, betas, deltas, etc.) or in terms of value at risk. When risk exposure is judged excessive, firms have two possible routes to return to an acceptable situation: change operations, or use financial markets to modify exposures. A change in operations is often referred to as operational hedging. Examples include changing sources of supply, locating plants in countries where the products are primarily sold, and so on, to reduce the impact of risk factors. The firm may also seek to match inflows and outflows in foreign currencies (accounts payable vs. accounts receivables) to become self-hedged. Using financial markets, firms can undertake two different kinds of risk management. The first is hedging, that is, offsetting one risk with an opposite position in the same (or similar) risk. The second involves insurance, that is, the transfer of risk or a part of it to another party. Derivatives have become a key component for financial-risk management, but it is worthwhile noting that financial hedging is not limited to the use of derivatives. For instance, issuing foreign currency-denominated debt can reduce foreign exchange rate risk by using foreign currency income to service the debt. A Note on Derivatives Derivatives are financial instruments that derive their price from the value of another security or rate, called the underlying asset. Traditional underlying assets are interest rates,13 exchange rates, bonds, stocks, stock indices, and commodities. Among the latest underlying assets for derivative products are credit (default risk), catastrophe events, weather and electricity. Basic derivatives include four major categories of instruments: forward contracts, futures contracts, options, and swaps (see Table 2). As an illustration, the simplest derivative is probably a T-bill, which derives its price from the level of interest rates. 13 Thunderbird International Business Review • May–June 2001 359 F.-S. Lhabitant • O. Tinguely In recent years, over the counter (OTC) markets have succeeded in creating a variety of new “exotic” products (zero-cost collars, range forward deferred, average options, etc.). The attractiveness of their complicated payoffs is that they can often achieve the specific risk management objectives of some firms more precisely and at much lower cost. Their economic function is the same: securitize and transfer risks to the capital markets, transforming an insurance risk into an investment risk. “Efficient risk-sharing is what much of the futures and options revolution has been all about,” wrote Merton Miller (1992). Indeed, much of the financial engineering process involves combining basic instruments so that new ones with different cash flow patterns are created. The public often perceives derivatives as esoteric financial instruments. Because most derivatives’ positions are closed before maturity and will, therefore, never result in the delivery of the underlying goods, . . . derivative users are carica- derivative users are caricatured as gamblers who find it more profitable to speculate on financial markets rather than to invest in the productured as gamblers who find it tion of goods and services. This perception is incorrect, as discussed Gibson and Zimmermann (1994). Any objective assessment of the more profitable economic functions performed by derivatives has to admit that they to speculate on financial markets have contributed positively to our ability to manage risks by providing a low-cost efficient method to redistribute them and share them more rather than to invest in the pro- broadly. In particular, derivatives allow for the separation between duction of goods ownership of an asset and the associated risk bearing. For instance, using futures and options, inventories of commodities, or securities and services. can be carried without the necessity of also bearing the risk of price fluctuation. This reduces the likelihood that owners will face financial distress, lowers the cost of capital formation, increases market liquidity, and allows for a more efficient production outcome. Globally, this stimulates economic growth and helps to stabilize employment. Derivatives are also useful for managing and transforming liabilities. For instance, using swaps, multinational corporations can alter their ratio of fixed- to floating-rate debt and the currency composition of that debt. This gives them the ability to obtain financing in the cheapest capital market, wherever and however it is, and to transform the resulting debt into the form that is desired. Similar constructions exist on the equity side. For instance, Microsoft was one of the first companies to sell put warrants on its own stock, reducing the cost associated with its stock-repurchase program by $2 billion, or more than 15%. Another example is Cephalon, a biotech company that bought a large number of call options on its own stock. Its managers reasoned that if the FDA were to approve Myotrophin (the firm’s 360 Thunderbird International Business Review • May–June 2001 Financial Risk Management new drug), the firm’s stock would rise in value to reflect the future value of the drug, its purchased call options would pay off, and the firm could use these proceeds to finance part of its new capital needs. Both examples are perfect illustration of the growing interactions between risk management and capital management. In addition to firms, governments can also benefit by learning from derivative markets. By trading on derivatives markets, informed agents reveal their information, which is incorporated into prices. This reduces information asymmetry and increases market efficiency. What about the safety and efficacy of derivatives? People often misinterpret some widely publicized losses in derivative markets as derivatives being too risky. It is important to recall that from a static perspective, derivatives do not create new risks, but redistribute existing ones, spreading the impact of underlying economic shocks among a larger set of investors in a better position to absorb them. There are no fundamentally new or different risks in derivatives14 ; indeed, familiar kinds of risks are just presented or combined in novel ways. What is new is the coupling with leverage15: only a fraction of the capital necessary to acquire the underlying asset is required to open a derivative position. This has a magnifying potential and opens the door to—but does not force—gambling. However, arguing that derivatives are bad because they are very price sensitive is similar to arguing that razors should be avoided because they are sharp! Obviously, someone might injure himself if a sharp razor is not used properly. Similarly, the inadequate use of derivatives can devastate an organization. Should we all stop shaving? Derivatives have also been at the center of an increasingly vociferous public debate about their alleged destabilizing effect on the overall stability of the financial system (“systemic risk”). Concerns have been expressed that derivatives may exacerbate market moves through increased trading and transmit financial shocks from one market to another farther and faster than before. Although the debate is still open, virtually every academic study concluded that volatility was reduced with the introduction of derivatives. As summarized by Katiforis (1995), “the explosive growth of derivatives in recent years was the result rather than the cause of volatility in forA good illustration is provided by Figlewski (1994): “The reason so many holders of derivatives positions took large losses in early 1994 is in most cases exactly the same as the reason that many more investors lost money on ordinary bonds: interest rates rose very far and very fast.” 15 It is important to remember that derivatives are not leverage. It is simply one way to obtain leverage. 14 Thunderbird International Business Review • May–June 2001 361 F.-S. Lhabitant • O. Tinguely eign exchanges and in money markets.” As recognized by the Financial Economists Roundtable (1994), “the widely publicized losses on derivatives have been due to inadequate risk-management systems and poor operations control and supervision. These losses have not threatened the stability and efficiency of financial markets; and, by encouraging the development of better risk-management and operational controls, they have had a salutary effect.” To summarize derivative instruments, we will say that they are now a permanent feature of our financial markets. They are like finely tuned racing cars in a competition open to all firms. For obvious reasons, it is safer for untutored drivers not to join, but at the same time, nondrivers are unlikely to win the race . . . CONCLUSIONS . . . a complete risk-management process should define and follow a series of simple steps . . . Corporate risk management is a natural response to an uncertain future. It is a matter of concern for all market participants: academics are interested in the rationality of hedging, investors are concerned by the sensitivity of stocks to given risk factors, managers are focused on efficient ways to hedge, and regulators are preoccupied with the systemic impact of risk and the existence of sufficient capital cushions to absorb losses. An increased knowledge and understanding of exposure to risk is desirable. It leads to a systematic, well-informed and thorough method of decision making, a key step toward more effective strategic planning, better cost control and resource usage, and minimized disruptions. Therefore, a complete risk-management process should define and follow a series of simple steps, which involve the firm in: (a) becoming aware of the risks; (b) measuring the risks, using accounting information, future cash flow projections, and levels of contingent or economic exposures; and finally, (c) adjusting the risks, if necessary, through operational or financial actions, including the use of derivatives. The level of sophistication with which the risk management function is performed has advanced significantly in recent years. Mathematics and models play a proportionately greater role, but are not sufficient to control risk. Qualitative input is just as important as quantitative analysis. In fact, the two must be used in tandem for best effect. Whatever the risk management strategy chosen, it is important to establish good risk practices and clear standards, and to maintain the independence of the risk management unit. 362 Thunderbird International Business Review • May–June 2001 Financial Risk Management Finally, if they truly want to increase shareholder value, firms should also disclose their risk management practices beyond just a footnote in their annual report, to make sure this function is reflected in their share price. REFERENCES Akerlof, G. (1970). The markets for lemons: Qualitative uncertainty and the market mechanism. Quarterly Journal of Economics, 84, 488–500. Bodnar, G.M., & Gebhardt, G. (1999). Derivatives usage in risk management by US and German non-financial firms: A comprehensive survey. Working paper, Wharton School. Dreze, J.H. (1974). Axiomatic theories of choice, cardinal utility and subjective probability: A review. In J.H. Drèze (Ed.), Allocation under uncertainty, equilibrium and optimality (pp. 3–23). New York: Wiley. Esseghaier, Z., & Rahl, L. (2000). Measuring financial risk in the 21st century. Bank Accounting and Finance, Spring, 45–54. Figlewski, S. (1994). How to lose money in derivatives. The Journal of Derivatives, 2(2), Winter. Financial Economists Roundtable. (1994). Statement on derivatives markets and financial risk. Journal of Applied Corporate Finance, 7(5), Fall. Gibson, R., & Zimmermann, H. (1994). The benefits and risks of derivative instruments: An economic perspective. Working paper, University of Lausanne and Hochschule St. Gallen. Hallerbach, W., & Menkveld, B. (1999). Value at risk as a diagnostic tool for corporates: The Airline Industry. Working paper, Erasmus University Rotterdam. Jorion, P. (1997). VaR: The new2 Beachmark for controlling derivatives risks. New York: Irwin Publishing. Katiforis, G. (1995). Financial derivatives: Their present role on capital markets, their advantages and risks. Working paper, European Parliament–Committee on Economic and Monetary Affairs and Industrial Policy, March 1. Loderer, C., & Pichler, K. (2000). Firms, do you know your currency risk exposure? Survey results. Working paper, University of Bern. Mankiw, G.N. (1990). A quick refresher course in macroeconomics. Journal of Economic Literature, 28(4), 1645–1660. Miller, M.H. (1992). Financial innovation: Achievements and prospects. Journal of Applied Corporate Finance, 4(4), Winter. Miller, M.H., Modigliani, F. (1958). The cost of capital, corporation finance, and the theory of investment. American Economic Review, 48, 261–297. Savage, L.J. (1954). The foundations of statistics. New York: Wiley. Stulz, R. (1996). Rethinking risk management. Journal of Applied Corporate Finance, 9, 8–24. Tufano, P. (1996). Who manages risk? An empirical examination of risk management practices in the gold mining industry. Journal of Finance, 51, 1097–1137. Von Neuman, T., & Morgenstern, O. (1953). Theory of games and economic behavior. Princeton, NJ: Princeton University Press. Thunderbird International Business Review • May–June 2001 363