Chapter 1

Download as pdf or txt
Download as pdf or txt
You are on page 1of 33

Foundation of risk

management
The Building Blocks of Risk
Management
Learning objectives
• Explain the concept of risk and compare risk management with risk taking
• Describe the risk management process and identify problems and challenges that can
arise in the risk management process.
• Evaluate and apply tools and procedures used to measure and manage risk, including
quantitative measures, qualitative assessment, and enterprise risk management.
• Distinguish between expected loss and unexpected loss and provide examples of
each.
• Interpret the relationship between risk and reward and explain how conflicts of
interest can impact risk management.
• Describe and differentiate between the key classes of risks, explain how each type of
risk can arise and assess the potential impact of each type of risk on the organization.
• Explain how risk factors can interact with each other and describe challenges in
aggregating risk exposures.
Risk, in the most basic sense, is
the possibility that bad things
might happen.
TYPOLOGY OF A typology of risks in the financial
RISKS AND industry.
RISK
INTERACTIONS
Each key risk type demands a
specific set of skills and its own
philosophical approach.
TYPOLOGY OF RISKS AND RISK INTERACTIONS
TYPOLOGY OF RISKS AND RISK INTERACTIONS
▪ Market risk is the risk of losses arising from changes in market risk factors.
Market risk can arise from changes in interest rates, foreign exchange rates,
or equity and commodity price factors.

▪ Credit risk is the risk of loss following a change in the factors that drive the
credit quality of an asset. These include adverse effects arising from credit
grade migration, including default, and the dynamics of recovery rates.
TYPOLOGY OF RISKS AND RISK INTERACTIONS
▪ Operational risk refers to financial loss resulting from a host of potential
operational breakdowns that we can think in terms of risk of loss resulting
from inadequate or failed internal processes, people, and systems, or
from external events (e.g., frauds, a mistake in operations, or a natural
disaster)
THE RISK MANAGEMENT PROCESS

• Risk management is a continual process of


corporate risk reduction .
• Risk management is really about how firms
actively select the type and level of risk that it
is appropriate for them to assume. Most
business decisions are about sacrificing
current resources for future uncertain returns.
• Risk management and risk taking aren’t
opposites, but two sides of the same coin.
Together they drive all our modern
economies.
THE RISK MANAGEMENT PROCESS
▪ The capacity to make forward-looking choices about risk in relation to
reward, and to evaluate performance, lies at the heart of the management
process of all enduringly successful corporations.
▪ A formal discipline has been a bumpy affair (not smoothly) (e.g., the lack of
financial institution bankruptcies in the downturn in credit quality in 2001–
2002, the spectacular failure to control risk in the run-up to the 2007–2009
financial crisis)
▪ As a result, risk management is now widely acknowledged as one of the
most powerful forces in the world’s financial markets, in both a positive
and a negative sense.
THE RISK MANAGEMENT PROCESS

➢The development of a huge market for credit derivatives, which allows


institutions to obtain insurance to protect themselves against credit
default and the widening of credit spreads

➢Credit derivatives can be used to redistribute part or all of an institution’s


credit risk exposures to banks, hedge funds, or other institutional investors

➢However, the misuse of credit derivatives also helped to destabilize


institutions during the 2007–2009 crisis and to fuel fears of a systemic
meltdown.
THE RISK MANAGEMENT PROCESS
➢The financial crisis of 2007–2009: the only embarrassing failure of risk
management in recent decades.

➢The near failure of the giant hedge fund Long-Term Capital Management
(LTCM) in 1998 to the string of financial scandals associated with the
millennial boom in the equity and technology markets (from Enron,
WorldCom, Global Crossing, and Qwest in the United States to Parmalat in
Europe and Satyam in Asia) .
IDENTIFYING RISK:
KNOWNS AND UNKNOWNS

▪ One of the easiest mistakes to


make is to focus on risks that are
known and measurable while
ignoring those that are unknown
or sets out.
IDENTIFYING RISK: KNOWNS AND UNKNOWNS

▪ Humans tend to focus on the risks for which they have data and ignore
potentially larger risks that are unknown or poorly understood. Yet those
risks exist and must be managed.

▪ In his famous 1921 paper, Knight distinguished between variability that


cannot be quantified at all, which he called uncertainty, and "true" risk
that can be quantified in terms of statistical science.
IDENTIFYING RISK: KNOWNS AND UNKNOWNS

▪ However, risk managers must never treat risks that cannot be measured as
if they are a known quantity. Uncertainty and ambiguity must be
acknowledged because they exist in much greater amounts for some risky
activities than for others. Our confidence in a risk measure shapes how the
result should be applied in decision-making.
RISK FACTOR BREAKDOWN AND
INTERACTIONS BETWEEN FACTORS

▪ Each primary risk factor is driven by a more


fundamental set of risk factors.
▪ Breaking risk down into its key risk factors and
understanding their importance as loss drivers—
and their relationships with each other and the
wider business environment— is a key activity
for risk managers.
▪ It is easier to understand the
difference between the risk
management concepts of expected
loss (or expected costs) and
QUANTITATIVE unexpected loss (or unexpected cost).
RISK METRICS ▪ Understanding this difference is the
key to understanding modern risk
management concepts such as
economic capital attribution and risk-
adjusted pricing.
QUANTITATIVE RISK METRICS
Risk factors and the modeling of risk:
▪ To develop a number for unexpected loss, a bank risk manager first identifies the risk factors that
seem to drive volatility in any outcome and then uses statistical analysis to calculate the
probabilities of various outcomes for the position or portfolio under consideration. This
probability distribution can be used in various ways.

▪ The risk manager must also measure the influence of the risk factors on each other, the statistical
measure of which is the “covariance.” Disentangling the effects of multiple risk factors and
quantifying the influence of each is a fairly complicated undertaking, especially when covariance
alters over time. There is often a distinct difference in the behavior and relationship of risk factors
during normal business conditions and during stressful conditions such as financial crises.
QUANTITATIVE RISK METRICS

Expected loss and Unexpected loss:


▪ For example: The expected credit loss for a credit card portfolio, refers to how
much the bank expects to lose, on average, as a result of fraud and defaults by
cardholders over a period of time,

▪ Expected loss accounts for almost all the losses that are incurred in normal
times. It is generally viewed as one of the costs of doing business, and ideally it
is priced into the products and services offered to the customer.
QUANTITATIVE RISK METRICS

Expected loss and Unexpected loss:


▪ For credit cards, the expected loss is recovered by charging the businesses a
certain commission (2 to 4 percent) and by charging a spread to the customer
on any borrowed money, over and above the bank’s funding cost (i.e., the rate
the bank pays to raise funds in the money markets and elsewhere, the salaries
it pays tellers, in much the same way.
QUANTITATIVE RISK METRICS

Expected loss and Unexpected loss:


▪ A corporate loan portfolio, however, tends to be much “lumpier” than a retail portfolio (i.e., there
are more big loans). Furthermore, if we look at industry data on commercial loan losses over a
period of decades, it’s much more apparent that in some years losses spike upward to unexpected
loss levels, driven by risk factors that suddenly begin to act together.

▪ For example, the default rate for a bank that lends too heavily to the technology sector will be
driven not just by the health of individual borrowers, but by the business cycle of the technology
sector as a whole. The tendency for things to go wrong together isn’t confined to the clustering of
defaults among a portfolio of commercial borrowers.
QUANTITATIVE RISK METRICS

Expected loss and Unexpected loss:


▪ Risk management becomes not the process of controlling and reducing
expected losses, but the process of understanding, costing, and efficiently
managing unexpected levels of variability in the financial outcomes for a
business.
QUANTITATIVE RISK METRICS

Expected loss and Unexpected loss:


➢Its confidence in the way it assesses and measures the unexpected loss levels
associated with its various activities

➢The accumulation of sufficient capital or the deployment of other risk


management techniques to protect against potential unexpected loss levels

➢Appropriate returns from the risky activities, once the costs of risk capital and risk
management are taken into account

➢Clear communication with stakeholders about the company’s target risk profile.
QUANTITATIVE RISK METRICS

Value-at-Risk (VaR):
➢In January 1990, Dennis Weatherstone, newly appointed CEO of J.P. Morgan,
called for a report on the total risk of his firm to be delivered to his desk every
day at 4:15 p.m. The request helped to drive the development of a new global
risk metric: Value-at-Risk (VaR).
QUALITATIVE RISK ASSESSMENT

▪ Scenario analysis takes into account potential risk factors with uncertainties
that are often quantifiable. One option is to consider an adverse scenario or
worst-case scenario analysis to get an idea of the full magnitude of potential
losses even if they have a very small chance of occurring. Worst-case
scenarios on the entity and within its various divisions, often taking into
account several categories of risk.
▪ Stress testing: is a form of scenario analysis that examines a financial outcome
base on the given stress on the entity. For example, it is plausible for interest
rates or unemployment rates to rise severely in an economic crisis and stress
testing attempts to examine such crisis situations to determine the outcome
on the entity.
STRUCTURAL CHANGE: FROM
TAIL RISK TO SYSTEMIC CRISIS

▪ Some risk events have a diabolical side that


seem s designed to outwit the human mind.
This may be because such events are very
rare and extreme or they arise from
unobserved structural changes in a market.
STRUCTURAL CHANGE: FROM TAIL RISK TO
SYSTEMIC CRISIS

▪ In complex system s, such as the global climate or financial markets, extremely


rare events can happen over long time periods, even if the system remains
structurally stable. These risks, really an extreme version of unexpected loss, are
difficult to find in the data because (by definition) there are not a lot of them.

▪ Where data are scarce, modern risk management can sometimes apply statistical
tail risk techniques, utilizing a branch of statistics called Extreme Value Theory
(EVT) to help make tails more visible and to extract the most useful information.
STRUCTURAL CHANGE: FROM TAIL RISK TO
SYSTEMIC CRISIS
▪ When the structure underlying a system changes, risk increases. Large loss events may suddenly
increase in frequency or size.

▪ Risk factors might suddenly move in lockstep. Entirely new sources of loss, in term s of risk type, may
appear.

▪ A change in events does not only affect tail risk—the amounts of EL and unexpected loss might
change as well. Risk managers are continuously trying to assess the risk in system s that are
changing in ways that might, or might not, matter.

▪ An important recent example was the growth in subprime lending by US banks starting in the early
2000s and its role in the creation of the 2007-2009 global financial crisis.
RISK AGGREGATION

▪ Given the many different types of risk and risk metrics, a key problem in
risk management is the challenge of seeing the bigger picture. How can
senior managers identify the riskiest businesses on their watch and tell
when the firm's aggregate risk is approaching intolerable levels?
▪ Large financial institutions needed a risk measure that was much more
comprehensive.
RISK AGGREGATION
▪ VaR was a popular risk aggregation measure in the years leading up to the crisis.

▪ In fact, the concept of VaR also involves many simplifying assumptions.

▪ Bank regulators have tried to improve the way VaR is calculated, make its calculation across
the industry more consistent and reliable, and strengthen the role of supplementary risk
measures such as expected shortfall (ES) and worst-case scenario analysis.
RISK AND • Trade-Off between Risk and
REWARD Reward
• Balancing Risk and Reward
TRADE-OFF BETWEEN RISK AND REWARD
▪ In financial markets, as well as in many commercial activities, if one wants to
achieve a higher rate of return on average, one often has to assume more risk.
But the transparency of the trade-off between risk and return is highly
variable.
BALANCING RISK AND REWARD
▪ There are many variants on the RAROC formula, applied across many different
industries and institutions. Their level of sophistication varies but all have the
same purpose: to adjust performance for risk. Four day-to-day applications
stand out:
➢Business comparison
➢Investment analysis
➢Pricing strategies
➢Risk management cost/benefit analysis

ENTERPRISE RISK MANAGEMENT (ERM)

▪ Financial risk managers have long recognized that they must overcome
this silo-based risk management process to build a broad picture of risk
across risk types and business lines: enterprise risk management (ERM).
▪ Measuring risk in economic capital term s is important for balancing risk
and reward. However, the key factor that saves an institution may come
from another risk analysis tool— perhaps from worst-case scenario
analysis or some new digital approach.
ENTERPRISE RISK MANAGEMENT (ERM)
▪ The modern approach to ERM must also look at the processes that link
information to action and also look at the firm’s corporate governance and
risk culture.

▪ ERM is no longer simply about aggregating risk across risk types and
businesses. It is about taking a more holistic approach to the entire risk
management process and its relationship to strategic decisions.

You might also like