Performance and VaR Together

A lot of market risk analysts often question how they can compare risk with return or the relevance of tracking error in the context of Value at Risk and performance reporting together.

In this short blog posting, I link to a presentation which explains how performance reporting, risk measurement and tracking error may be delivered side-by-side.

Addressing Procyclicality

Basel III is actually proving to be quite an ordeal for both the banking community as well as the regulators and some senior members of the regulatory community, both in the UK and the US have made public statements to this fact.

Perhaps one of the biggest issues facing banks with Basel III is how to address Procyclicality, especially if the bank is not running an Advanced IRB credit risk framework. Actually, just obtaining information about the different accepted practices on how to measure Procyclicality within a lending portfolio isn't so easy.

Just the other day I was pointed in the direction of a really good summary and publication on Procyclicality and I wanted to share this link here on the Causal Capital blog.

Can risk practices be shared?

There is a common belief among many enterprise risk managers that practices in operational risk can be applied to market or credit risk with ease. However, such thinking might be a little bit misplaced.

Let's take a look at this.
  

Monte Carlo Example

A recent discussion on the G31000 forum debates the importance of Monte Carlo but it resulted in me promising a model to the group, a straight forward and fundamental model on Monte Carlo?

I have talked about Monte Carlo before on this blog and in more than one place. However, the effort today is to develop a Monte Carlo simulation in Excel that works for operational risk losses, rather than in market risk or credit risk where the technique is so often found. The objective is to build a fully working Microsoft Excel model which isn't just statistical theory but actually exemplifies the Monte Carlo simulation process in practice.

This article explains such a model and there is a link at the end of this posting that will allow you to download the spreadsheet, if you so desire.
  

Resolving Risk Disputes

The question today is; does the use of a risk framework such as the one proposed in the ISO 31000 risk standard reduce disputes between managers in a company?

A possible upside we may be seeking from a risk framework is the improvement in the sharing of risk knowledge, as well as the communication of business intel across a company. The ability for a risk framework to assign accountability to threats would surely be even more ideal.

One would hope that if managers can formally describe the types of risks they face in their daily work and communicate this insight to internal customers, staff would become more understanding and empathetic to problems or disruptions when they occur. Oversight and disclosure is often fantastic grease for the emotional machine of sympathy.

It could of course go the other way, the risk framework may drive arguments from differing opinions on risk treatment, bickering over risk budgets and divides on ownership and accountability of threats.

In the last twenty-four hours, what did the G31000 forum vote for in our poll?
  

Importance of risk categories

So much inspiration for articles in this blog seems to originate from reading what risk practitioners are writing about on the G31000 linked-In portal. One recent debate restarted an old angst on enterprise risk categories.

Personally I am a big believer in the categorisation of risk events and while this may not be popular among many of the non-banking members of the risk community, even more so with ISO 31000 practitioners it seems, I still believe it is an important exercise to carryout. Either way, I have taken to list ten reasons why causal event categorisation is crucial for the operation of a sound enterprise risk management framework.

Inherent vs Residual Exposure

A recent debate on the G31000 Linked-In forum around the gap between Inherent versus Residual exposure has shown that there is a large deviation on opinion, not only with what these terms actually stand for but why it is important to measure inherent risk as a value in the first place.

Inherent Risk is actually not a new concept to risk management and is captured in many other risk standards such as COSO but for ISO 31000, the term has uniquely been excluded. This omission adds to the confusion on whether it should be used at all, let alone why someone would want to understand their Inherent and Residual risk side-by-side.

In this short blog, we are going to investigate these two terms and how they interrelate with each other, why and importantly how inherent risk can be estimated. 

The Risk Clock

Some things come in cycles is a common saying I am sure we have all heard before. This seems to be even more so the case when we are presented with a complex disorder which is stubborn to stamp out. We will have moments when everything looks fine, only to be presented with a set of known preconditions over and over again that result in what we thought was under control suddenly being less so.

Are risks more seasonal than we would like to first imagine?

The Dark Side of Risk Management

Risk management can be a paradox in nature and this often leads entire communities, perhaps society at large to entertain red herring solutions for systemic threats. 

Today I can see at least three man made ills which may be killing us broadly and as a global community they are. Long term side effects may take us to a place that is far worse than where we are at present. Perhaps we should carefully rethink what we are trying to achieve because we may just find our desperate first attempt to resolve the unwanted is often not the most ideal solution.

Shutting down Libor, disbanding nuclear power and embracing a never ending program of Quantitative Easing could have dangerous outcomes which are not really understood in the long term. Let's take a look at Quantitative Easing and Libor, we can talk about nuclear power another time.

How many controls are too many?

In a recent discussion on the G31000 Linkedin forum, a member put forward an interesting question. 

How many controls are too many?

Can an organisation literally have too many controls?

Cluster Events

The world of risk management is continually evolving but where is the next developmental phase for the practice of risk theory?

In my opinion, one area which offers great opportunity is the relatively undiscovered work around event predictability. Let's be real of course, there is no way to predict the future but it might be nice to understand the shape of that future.

In this blog, we review the use of the Extensible Markov Model for shaping event clusters.

PV01 vs Historical VaR

The world of fixed income is very much impacted by PV01, yet Market Risk analysts hang onto historical Value at Risk as if it is the be all for measuring potential downside. In my opinion this is a bit busted and I will explain why in this short blog post.

Understanding risk appetite

Over the last week, there have been a lot of discussions on risk appetite in the G31000 forum and while ISO 31000 refers to risk appetite as risk attitude, broadly the concept is not fully appreciated by many risk analysts in the market place.

In this blog we look at risk appetite; what it is, where it has been used and why it is important.

Risk Charting and Bubble Charts

Perhaps ten years ago; reporting risk profiles or organisational threats was a challenging thing to do for many risk analysts on the job and while the majority of risk reports were fundamentally ordinary, it became apparent quite quickly that a simple list of hazards was never going to cut it.

In this blog we look at an emerging era of risk reporting.

ROC Control Optimization

In the world of risk, analysts and managers alike try to reduce the likelihood of an event occurring by inserting controls between the event's driving factors and its outcome. Additionally, these analysts often regularly monitor specific indicators they believe will give them insight into something unwanted happening.

While the logic around this is sound, not all controls are equal and more often than not, some key risk indicators emit erroneous measures which mislead entire risk teams.

In this short post, we look at a method for weeding out erroneous control signals.

ISO 31010 and Loss Modeling

One of the most concerning trends that continually persists in operational risk management, is the lack of interest analysts have for attempting to quantify this risk exposure coherently.

In this blog we look at operational risk from the perspective of the normal and the extreme.

ISO 31000 for Property Development

It states in the ISO 31000 standards guide, that organisations of all types and sizes face internal and external factors as well as influences that make it uncertain whether and when they will achieve their objectives.

If we were to look at property development or the construction industry for example, we know that these types of issues are also likely to be evident. So, would ISO 31000 be of benefit to the construction sector?

In this short journal post, we share a presentation that reviews some of the problems of risk management in property development, how risk management currently functions in this industry sector and why it would be advantageous to adopt ISO 31000 in property development.

Retrofitting ISO 31000

There have been some interesting discussions on the G31000 forum over the last week which allude to a future of potential conflict for ISO 31000.

In this short post, we look at some of the headwinds that ISO 31000 is going meet, as the adoption of the standard ramps-up across multiple industries.
  

Cause and Effect Analysis

There are several ways of looking at operational risk specifically but perhaps one of the most exciting and intuitive methods in use today is Cause~Effect Analysis.

In this short post, we look at how Cause-Effect Analysis works and we extend a bow tie diagram further to show how it can be applied to a Cause~Effect risk space.
  

ISO 31004 Wishlist

The International Organisation for Standardization [ ISO ] is about to enter into a trial review for its ISO 31004 guide.

Being an active risk manager, I believe it is important to highlight potential key topical points for inclusion in the ISO 31004 program. This is all in the hope that the final ISO 31004 document will address some of the open ended elements that ISO 31000 seems to omit. The risk community at large seems to struggle with some of the items listed in the attachment that is linked to this post and more information, example case studies and critique on these areas of risk measurement specifically, would be welcome from the ISO body.

This blog lists 50 key aspects of commercial enterprise risk management which are not only common practice in some cases, but are also important for evolving the enterprise risk management field today.

The Model Dilemma

Over the last few months, risk models have come under the spotlight as a potential reason why risk management as an entire institutional function is failing. In the recent JP Morgan CDX tranche 9 blow up, Value at Risk was held accountable in much of the part. The JP Morgan disaster initially put the bank into a negative trajectory of at least USD 2bn and is very much a tail event that might just fall outside a traditional risk modelling technique.

But this is not an isolated case. There have been other claims from many corners of society that risk models are as dangerous as the risk they are attempting to quantify.

  

In this blog we look at the argument to rebuke the model.

Why Banks Fail Stress Tests

Perhaps one of the most important risk activities a bank should initiate or enhance over the coming years ahead is stress testing. The stress testing framework, not that risk analysts currently see it as that, is probably going to be the next best thing and the only viable commercially alternative for reducing financial sector fragility other than crippling regulation or bailouts.

  

In this blog we look at why banks have been failing their stress tests. 

Time in risk

A recent debate on the G31000 Linked in forum about time and risk poses the following question "Is delaying a risk considered a separate treatment method or is it just a sub-type of changing the likelihood?"

  

This is a very interesting statement and it leads this blog posting into looking at some of the aspects of risk through time. 
  
Time or the lack of it would intuitively have anyone believe that impact is likely to increase overtime just like a pressure cooker building up. I suppose that is one manner in which to conceptualize these time effects more practically. Alternatively, the "spreading out" of risk events makes for easier management, rather than having a lot of events occurring in a short period of time, it can go both ways. Perhaps then, time features more in risk management than we would like to first acknowledge?

In this blog posting we take a look at eight situations where time intertwines with risk. There are many more examples of risk in time or time in risk as it is, but we have chosen to talk about eight unique relationships of risk and time.

Perception in Objectives

Over the last two years alone, we have seen some incredible risk events across the planet. 

These disasters have not only been extremely high profile but also massively impacting and questions are now emanating from all quarters, that risk management as a commercial discipline of planning control is missing the mark.

  

What is wrong with risk management?

Concentration Risk

The quantification of Credit Risk has both normal and stressed modes of measurement, just as all measures of risk do. However, when an analyst attempts to quantify stress in credit portfolios, they should attempt to dimension the concentration risk aspects of their portfolio in line with the stress test they have in mind.

  

In this blog post we look at the stress testing aspects around concentration risk and a presentation has also been attached to the end of this journal which can be downloaded. This presentation investigates standard and accepted practices for measuring concentration risk in credit portfolios.

Modelling Loss Data

In our previous post on Loss Event Data, we discussed the types of fields and specific risk framework elements that need to be in place for a best practice Loss Data Repository and you can follow this [Link] for a recap. In this third series on the Loss Data Monte Carlo debate (this is turning into a bit of a tome on data modelling), we take look at the types of techniques that can be used for understanding Operational Risk Loss Data better.

  

There are 14 key models that have been listed in this post and brief summaries, as well as the purpose for each model has been supplied within.

The Loss Data Process

In our last blog posting on Monte Carlo and Loss Data we described the importance of the Loss Data exercise. A few people have personally emailed me asking for more information on this aspect of risk management, so I have decided to write a blog post on it.
  

I will be posting two articles on the risk function around loss data specifically. In this post we look at what comprises a Loss Database and the event management process for administering Loss Data itself.  In a second posting, I will describe the types of statistical models we can use to carry out analysis of the data we capture in our Loss Data repository.

ISO 31000 for banks

ISO 31000 is a risk management standard that provides generic guidelines for the design and operation of an enterprise risk management framework. Released in 2009 by the ISO standards board, the standard itself has been crafted in such a manner that it makes ISO applicable for any organisation type. Theoretically banks to manufacturing firms can benefit from implementing ISO 31000.

What we are exploring in brief today is: Should the banking sector entertain ISO 31000 when it already has an established global risk standard of its own?

The presentation for this posting can be found by following this [link]

Monte Carlo and Loss Data

Recently I had a discussion on modelling risk with a fantastic and successful business person who said to me : "I have read about Monte Carlo, you even make mention to it on your blog but it doesn't make great sense to me. The maths in Monte Carlo is even worse because it seems to confuse the concept by taking it into an academic place that most people aren't from.

Is it possible to explain Monte Carlo by using a tool we all understand such as Microsoft Excel?"

So be it, this blog posting is an Excel example of Monte Carlo and Loss Data. Due to the size of the post, it will be separated into two, possibly three updates.

Breaking down the silo

I often hear from risk analysts that we need to break down the risk silo and stop measuring risk in unique disciplines but such a statement without thinking begs the question: If the silo is so evil, why did we invent the structure in the first place?

In this quick posting we look at risk silos, why they exist, the problems with them and how to make them work.

Bureaucracy Banking

Banking today is viewed upon by the customers it is designed to serve as sick. 

The causal factors for the Global Financial Crisis have been debated by many a soul and some blame our economic pain on feeble regulation, others on poor credit risk origination practices or asset bubble growth in a long only market. There is actually a whole array of factors that break banking greater than these three reasons alone I can assure you, but emphasis aside, nearly everyone I speak with will put the banking sector squarely and central to the debate of our economic woes.

What has gone wrong with banking then?

Correlate your risk factors

When modelling enterprise risk outcomes, analysts need to consider the correlation between variables in their algorithms. If they don't, the potential loss estimates they generate from these calculations are likely to be extremely erroneous.

A recent linked-in discussion on the dependency, correlation, causality and mutuality of multiple risk factors has opened up an interesting debate on the subject and stimulated this blog post. Additionally, after speaking with several risk analysts on the subject of factor dependency, there also appears to be a genuine interest in putting to word how to model an aggregate level of risk which is sensitive to correlation.

In this article we review a very straight forward method for measuring correlation in risk variables and for propagating a final outcome.  We also show why the process under CAPM is flawed.

What is wrong with VaR

Value at Risk (VaR) is often criticised. This is especially the case from those who don't use it, no surprise there and I label such propaganda as statistical xenophobia by the masses. There is even a mainstream following that claims in some respect that the use of Value at Risk should be scrapped. Interestingly, I have never met anyone of this thinking who is able to suggest a viable and cognitive alternative. Well, not quite yet that is.

In this post we look at the problems with VaR and what can be done to improve this measure of potential downside.

Problems with Probability

Why we don't know what we talk about when we talk about probability has been revisited by its original author Nassim Taleb in a recent publication on his Fooled by Randomness portal. Great claims are being made in this paper that perhaps we should ban the use of probability and sometimes the best discoveries seem to occur when we explore dynamics at their extremities. This might just be the case here as well.

In this short post, we take a look at the recent paper "Problems with Probability" published by Nassim Taleb.

Frequency x Magnitude - the wrong measure

In the world of operational risk, there are a lot of analysts who believe that they can dimension the impacts from uncertainty by counting the number of events they experience over a period of time and then multiply that count by the average loss amount for the total event horizon. This approach for quantifying the impacts from uncertainty is full of error and it should be avoided.  In fact, let's be clear, it is so fundamentally wrong as a measure of exposure that it isn't even a good estimate of how much operational risk may cost us in the future.

In this article we will look at why F x M = Exposure, doesn't equal the true potential loss for operational risk and what can be done to improve this measure of risk.

ISO 31000 and Objectives

ISO 31000 is becoming a popular risk framework, a credible alternative for COSO and many organisations across the planet are now selecting this approach for formalizing their internal risk programs directly. Actually, ISO 31000 is probably taking the lion's share of market interest for risk management at present and that isn't such a bad thing.

One aspect that sets ISO aside from many other risk frameworks in use, is its clear delineation yet connection between an objective and the objectives uncertainty. In this article we take a brief look at this relationship.

Funding Liquidity Risk

Basel III includes a new standard for Liquidity Risk that seems to be tripping up a few risk analysts working in this domain. In this post we briefly look at the possible outcomes from a poorly managed liquidity risk program and also the types of initiatives banks may consider for meeting the new Basel III Liquidity Risk Standard.

Crowded Markets

The equities market a decade ago cannot be compared to what it has become today.

Over the last ten years globalization really has become that and connectivity has reached the masses.

The rise of Exchange Traded Funds, High Frequency Trading, the increase in the number of large positional hedge funds and the interest for sovereign powers to replace state funded pension programs with community based superannuation disbursements, are all driving factors for the emergence of asset bubbles.

In this short post we look at why asset bubbles are going to become a common occurrence.

Heat Map Distortion

For most risk systems one big selling point is the heat map. It's tidy, it's colorful and in a macabre kind of way, it really energizes management to stare in ore at risks registered in the red zone. For the consultant it is a dream come true and the more they find wrong with a business, the more valuable they seem to become.

Worthy or not, traditional heat maps distort risk reality, they squeeze risk into a two dimensional perspective that makes the reporting process itself as dangerous as it is useful.

1+1 doesn't equal 2

In the world of risk, statistics, finance and many other fields of endeavour, 1+1 does not equal 2.

It's a little bit complicated but as 1+1 does not equal 2 in the realm of risk and while executives believe that 2 is the answer, our banking system will inevitably continue to fail us.
  

Changing the way we educate bankers

In the next five years the world of traditional banking is going to need to adapt in more ways than we can possibly imagine if it is to survive. These changes are likely to be driven from external factors, that is obvious. Recently however, internal catalysts seem to be appearing in the market that may question the very way these institutions function.

In this post we look at how some banks are starting to rethink their training environments to meet tomorrows banking challenges.

Is enterprise risk a journey or a destination?

A couple of days ago a customer asked me; is Enterprise Risk Management the end game in the world of risk? 

After reading a recent question on an ERM Linked-in forum, which goes something like this: "Is enterprise risk a journey or a destination?" I have been encouraged to write briefly on this subject here.

  

So then, is Enterprise Risk Management a journey or a destination?

China's Reserve Ratio Tactic

As last year drew to a close, the Peoples Bank of China cut the reserve requirement for local banks in an effort to swiftly ease funding liquidity conditions in the country.

In this post, we look at this tactic and why the central bank is doing this.