4 Introduction to Risk Management

null Modern Financial Markets: Prices, Yields, and Risk Analysis Modern Financial Markets: Prices, Yields, and Risk Analysis Blackwell, Griffiths and Winters, Chap 11IntroductionIntroductionWhat is risk? When does it occur? Why should we be concerned? How do we measure it? How should we manage it? These questions are asked frequently by business and financial managers. Introduction (cont.)Introduction (cont.)In Chapter 7 we introduced systematic (market) risk and unsystematic (business) risk and discussed how to eliminate business risk through diversification. However, this tells us little about how to operationalize the management of risk.Introduction (cont.)Introduction (cont.)Value-at-Risk (VaR) is a recent development to help investors operationalize risk. Introduction (cont.)Introduction (cont.)An example of VaR comes from the 1994 annual report for J.P. Morgan which stated the daily earnings at risk for our combined trading activities averaged approximately $15 million … at the 95% percent level. Then investors can determine if they are comfortable with this level of risk in one of their investments. General Definition of RiskGeneral Definition of RiskRisk is a measure of the potential changes in value that will be experienced in a managed portfolio as a result of differences in the economic environment between now and some specific point in the future. Risk LandscapeRisk LandscapeTo set the risk landscape for a business, we need to further define market risk and business risk. Business risk has five component parts.Risk Landscape (cont.) Business RiskRisk Landscape (cont.) Business RiskBusiness RiskOperational RiskCredit RiskLiquidity RiskModel RiskLegal RiskRisk Landscape (cont.) Business Risk (cont.)Risk Landscape (cont.) Business Risk (cont.)Operational Risk is the risk of the failure of the internal systems that manage a business. Legal Risk is the risk that contracts are not enforced.Risk Landscape (cont.) Business Risk (cont.)Risk Landscape (cont.) Business Risk (cont.)Credit Risk is when a party to a financial transaction does not have the ability to make the required payments under the contract. Liquidity Risk is the need to sell (unwind) an asset at an unfavorable price because of a very near-term need for cash. Risk Landscape (cont.) Business Risk (cont.)Risk Landscape (cont.) Business Risk (cont.)Model Risk is that financial models may not do what a person excepts or needs them to do. Financial models have gotten increasingly complex to the point where it is often difficult to determine underlying assumptions and other features of a model causing the models to be used incorrectly.Risk Landscape (cont.) Market RiskRisk Landscape (cont.) Market RiskLike business risk, market risk has various component parts. Operational RiskOperational RiskOperational risk is the risk of direct or indirect loss resulting from inadequate or failed internal processes, people, and systems or from external events. Note that this definition includes people interacting with the business and the business interacting with the outside world.Operational Risk (cont.)Operational Risk (cont.)It is useful to breakdown operational risk into four component parts. 1. Operations risk results from the consequences of a breakdown in a core operating, manufacturing, or processing capability. In an organization charged with investment responsibilities, this risk is associated with the manager, marketing and sales behavior, as well as technology-related transactions.Operational Risk (cont.)Operational Risk (cont.)2. Asset impairment risk occurs when an asset loses a significant portion of its current value because of a reduction in the likelihood of receiving future cash flows. This risk centers on the organization’s ability to safeguard its assets. Points where transactions are processed or where data can be manipulated are important for maintaining the integrity of the financial system and the value of the assets.Operational Risk (cont.)Operational Risk (cont.)3. Competitive risks result from changes in the competitive environment that could impair the business’ ability to create value and differentiate its products and services. In financial terms, this often means the organization has failed to deliver superior performance as a result of a market downturn or from managerial failures.Operational Risk (cont.)Operational Risk (cont.)4. Franchise risk is a consequence of excessive risk in one of the three other risk categories. It occurs when the value of the entire business erodes due to a loss in confidence by critical constituents such as shareholders, investors or customers.Causes of Operational RiskCauses of Operational RiskBarings’ failure is a spectacular example of operating risk and a rare event. However, operating risk is a common problem and often arises because a company is successful and growing. R.L. Simons developed a framework for assessing operational risk. Causes of Operational Risk (cont.)Causes of Operational Risk (cont.)GrowthCultureInformation ManagementErrors of Omission or CommissionIncomplete Management InformationInefficiencies and BreakdownsSource: A Note on Identifying Strategic Risk, R.L. Simons, 1999Total ScoreCauses of Operational Risk (cont.)Causes of Operational Risk (cont.)In Simon’s grid, you assign each cell a score from 1 (low risk) to 5 (high risk) and then total the score. 9 to 20: The Safety Zone Companies that carry this low level are usually safe from unexpected errors or events that could threaten the business. But is the risk exposure too low? After all, there is a trade-off between risk and return.Causes of Operational Risk (cont.)Causes of Operational Risk (cont.)21 to 34: The Caution Zone Most companies fall here. But watch for high scores in 2 or 3 dimensions. These are issues that senior management should address in the near term. 35 to 45: The Danger Zone Alarm bells should be going off and immediate action is necessary. A full operational risk audit should be implemented at the insistence of senior management and the Board of Directors. Operational Risk ExampleOperational Risk ExampleJoseph Jett and Kidder, Peabody. Kidder, Peabody is owned by GE and the chairman of GE demanded each business owned by GE be number 1 or 2 in their market. Kidder, Peabody chose to be a leader in mortgage-backed securities.Operational Risk Example (cont.)Operational Risk Example (cont.)However, Kidder, Peabody did not have the people nor computer systems to do this. In this environment, Joseph Jett became the head of Kidder, Peabody’s government trading desk. Jett found weaknesses in the computer system that allowed him to book profits and hide losses and thus create a pyramid scheme.Managing Operational RiskManaging Operational RiskThe British Bankers Association (BBA) did a survey of operational risk management procedures and found five stages in the evolution of operational risk management. The five stages are presented on the next slide.nullBBA Five StagesBBA Five StagesCompanies know that operational risk exists. Recognize that operational risk can have a significant impact on the profitability of the company. Company works to understand and assess operational risk. Measure current levels of operational risk and effectiveness of management function. BBA Five Stages (cont.)BBA Five Stages (cont.)Quantify relative risks and predict possible outcomes. Company usually develops empirical models and test their validity. Recognize the pervasive nature of operational risk. The objective is to integrate and implement processes and solutions that recognize the different needs of different levels of management. At this stage operational risk becomes an integral part of strategic planning.Why are we so concerned about operational risk?Why are we so concerned about operational risk?The goal of management is to maximize present shareholder wealth. That is, management is to create value for the shareholders. The goal of operational risk management is to protect the firm value for shareholders.Implementing Risk ManagementImplementing Risk ManagementTo implement a risk management procedure, we need to establish a risk management philosophy that incorporates: a knowledge of the effect of risk on the performance of the company, the amount risk [potential losses] the company can tolerate and, the impact of volatility on financial performance. Operational Risk in the Risk Management FunctionOperational Risk in the Risk Management FunctionThere are three parts to operational risk in the risk management function. Why a business should have a risk management policy, How to create a risk management policy, and How to measure the effectiveness of the risk management operation.Why a business should have a risk management policyWhy a business should have a risk management policyA risk policy provides guidelines for management. It has two purposes (see Figure 11.5 as an example): 1. to protect the shareholders of the firm from the management of the firm. 2. protect the managers from themselves by outlining the specific actions that may or may not be taken. The policies force managers to work together within a unified framework toward a common goal.nullExhibit 10-5 ING Bank, fsb Authority and Responsibility The Board of Directors has ultimate authority and responsibility for the management of investment portfolios and financial risk. All new proposals and amendments on limits, products and other parts of the investment policy are also subject to approval by the ING Direct Market & Credit Risk Management Committee (DMC). In order to ensure accountability, authority to act is delegated to individuals (defined in Delegation of Authority Section below) in the Company, and to ensure maximum control, responsibility for monitoring limits is delegated to Risk Management and the Asset-Liability Committee (ALCO). In order to ensure an efficient and effective process, authority for the management of investment portfolios and authority for the management of financial risk is delegated to the same individuals. Delegation of Authority The authority to manage ING Bank, fsb’s investment portfolios and its financial risk, within the limits specified, is delegated from the Board to the President who shall delegate all these authorities of a portion thereof to the Treasurer. The Treasurer may further delegate all or a portion of these authorities with the approval of the President. All delegations of the President’s and Treasurer’s authorities shall be confirmed in writing. Why a business should have a risk management policy (cont.)Why a business should have a risk management policy (cont.)The policy statement is designed so a well-informed independent reviewer can understand why something was done and the way it was done. The policy should be developed by senior management under the supervision of the Board of Directors.Why a business should have a risk management policy (cont.)Why a business should have a risk management policy (cont.)The policy could try to eliminate risk, but eliminating risk also eliminates gain. Instead, most risk policies are designed to trade-off upside benefits against downside losses. Most businesses prefer to avoid losses at the expense of realizing large upside gains.Creating a Risk Management Policy StatementCreating a Risk Management Policy StatementThis statement starts with identification of the company’s investment philosophy, which is based on the company’s level of risk aversion. The statement will clearly differentiate between operational aspects of risk and investment risk (see Figure 11-6).nullFigure 11-6 ING Bank, fsb Investment Philosophy Taking risk may result in an enhancement of a financial intermediary’s spread and can be an attractive way to boost income. ING Bank, fsb must manage the trade-off between the incremental income received and the potential for losses. These risks are difficult to manage, because no one transaction causes them. They arise from the net of all transactions. The only practical approach is to manage financial risk on a portfolio basis. Credit and settlement risks are inherent in the transactions used to manage the financial position. They do not affect clients’ products, but are relevant to the investment activity. The management of ING Bank, fsb’s investment portfolios is not separate from the management of overall financial risk. The risk characteristics of these portfolios are designed to be consistent with the parameters set by the Board of Directors, ING Direct Market & Credit Risk Management Committee (DMC) and consistent with the Bank’s prudent risk management philosophy. Placing the management of financial risk and investment portfolios in Treasury under the review of the Risk Management Department is an effective way to ensure a disciplined and integrated process. Creating a Risk Management Policy Statement (cont.)Creating a Risk Management Policy Statement (cont.)The next step is to identify the objective of the risk management policy. Some standard policy objectives are: preserving the value of the firm in the long term regardless of the variation in underlying economic variables ensuring orderly recognition of income without undue variation due to changes in underlying economic variablesCreating a Risk Management Policy Statement (cont.) Objectives (cont.)Creating a Risk Management Policy Statement (cont.) Objectives (cont.)ensuring the total risk position of the firm is managed in a prudent fashion through the imposition of reasonable and stringently enforceable limits ensuring that within the limits imposed, the firm receives a reasonable return for the risk it does take pursuing a non-concentration strategy (including but not limited to issuer, industry and maturity), the selection of solvent counter-parties, issuers and an adequate control of market riskCreating a Risk Management Policy Statement (cont.) LimitationsCreating a Risk Management Policy Statement (cont.) LimitationsNow we must identify the parties responsible for risk management and the limitations the company wants to place on risk managers. A treasurer must know: How risk management tools work in both rising and falling markets, and How to quantify the dollar value of potential gains and losses.Creating a Risk Management Policy Statement (cont.) Limitations (cont.)Creating a Risk Management Policy Statement (cont.) Limitations (cont.)While the treasurer must understand various techniques, the Board of Directors may choose to limit the tools that the treasurer may use in attempting to manage risk. Figure 11-7 presents the major components in a risk management policy statement.nullFigure 11-7 Major Components of a Risk Management Policy Statement In general, a policy statement should indicate the following: the investment philosophy the objectives of the policy the authority and responsibility for the management of investment portfolios and financial risk the limitations on managers including: - investment limits and definitions - risk measurement - limits on short-term investments - limits on long-term investments - how limits are established and revised - eligible investments - trading limits - the movement of funds - counter-party limits risk specific limits reporting auditing policy review and revisionEvaluating Risk Management PerformanceEvaluating Risk Management PerformanceOne major benefit from creating a risk management philosophy and a risk management policy statement is that these provide reference for evaluating the effectiveness of the company’s risk management efforts. One possible measure of effectiveness of risk management is degree of hedging efficiency.Evaluating Risk Management Performance (cont.)Evaluating Risk Management Performance (cont.)Regardless of the hedging objective, the implementation must have the following characteristics. 1. Acceptability - the strategies must make sense to professionals who will implement the strategy. Evaluating Risk Management Performance (cont.)Evaluating Risk Management Performance (cont.)Consistency - the strategies make sense in the context of management's stated values and objectives and the strategies have a logical flow from period to period. Quality - the strategies can be seen to improve management decision-making, i.e. management’s beliefs align with market realities.