The Simple Rules of Risk: Revisiting the Art of Financial Risk Management (The Wiley Finance Series)

The Simple Rules of Risk......Page 4
Contents......Page 8
Acknowledgements......Page 18
Biography......Page 20
1.1 Risk and risk management......Page 22
1.2 Qualitative and quantitative approaches to risk management......Page 23
1.3 Financial losses and failures of the risk process......Page 27
1.3.1 Showa Shell Seikyu......Page 29
1.3.2 Procter and Gamble......Page 30
1.3.4 Orange County......Page 31
1.3.5 Barings......Page 32
1.3.6 Sumitomo Corporation......Page 33
1.3.7 Long Term Capital Management (LTCM)......Page 34
1.3.8 Enron......Page 35
1.3.9 Allfirst......Page 36
1.4.1 Flaws in governance......Page 37
1.4.3 Flaws in reporting and monitoring......Page 38
1.4.4 Flaws in management......Page 39
1.4.5 Flaws in infrastructure......Page 40
1.5 Strengthening risk practices......Page 41
1.6 The simple rules of risk......Page 42
1.6.1 The cardinal rules......Page 43
2.1 Risk-taking should be aligned with other corporate priorities, directives and initiatives......Page 46
2.3 Deciding to become an active risk taker without implementing a robust risk process is likely to lead to financial losses......Page 48
2.5 Risk generates profits, and can therefore benefit a firm—it must, however, be managed properly......Page 49
2.6 Risk is a finite resource that is driven by capital......Page 50
2.8 More risk should be taken when it makes sense to do so—but only if the reasons are well established and the returns appropriate......Page 51
2.11 “Worst case scenarios” happen with considerable frequency in an era of volatility and event risk. the lessons of history—financial cycles and crises—provide useful risk information......Page 52
2.12 Understanding the dynamics of different risk classes can help define an approach to risk......Page 53
2.14 Healthy skepticism—though not cynicism—can be useful in considering risks......Page 54
2.16 Creating a risk capability and presence should be regarded as a long-term endeavor......Page 55
2.17 Once a risk philosophy is defined, it should be communicated clearly and followed with discipline......Page 56
3 Risk Governance......Page 58
3.2 Clear expression of firm-wide risk appetite is essential......Page 60
3.3 The risk governance structure should assign responsibility for risk to senior officials from various parts of the organization; these officials must ultimately be accountable to the board of directors......Page 61
3.5 Human judgment is remarkably valuable; years of “crisis experience” can be far more valuable than recommendations generated by models......Page 62
3.6 Independence of the risk function must be undoubted......Page 63
3.9 Disciplined application of the risk process is a necessity......Page 64
3.11 Risk takers must have clear reporting lines and accountabilities......Page 65
3.12 Compensation policies for risk takers must be rational......Page 66
3.14 Once management has confidence in its risk process, it should let business managers conduct business and monitor the results......Page 67
3.16 Risk policies should be used to define and control all risk activities......Page 68
3.17 A new product process should exist to evaluate the nuances and complexities of new instruments, markets and transactions; the same should apply to capital commitments......Page 69
3.19 An effective disciplinary system is crucial; if limits/policies are breached, quick disciplinary action must be taken—if decisive action is not taken, the risk governance process loses credibility......Page 70
3.21 The knowledge that an experienced group of professionals is scrutinizing risk is a very powerful risk management tool......Page 71
3.23 Ensuring the risk function possesses the right mix of skills and experience strengthens the management process......Page 72
3.25 Risk expertise must be disseminated throughout the organization......Page 73
3.27 General risk education should be mandatory throughout the firm......Page 74
3.29 Risk specialists should question and probe until they are satisfied with the answers—they should not be afraid to query and challenge “business experts,” even when it seems difficult to do so......Page 75
3.31 A constructive relationship with business units can be more productive than an adversarial one; but a constructive relationship does not mean approving all business deals and risks......Page 76
3.33 Consistency is vital throughout the risk control organization; this eliminates the possibility of “internal arbitrage” across regions and businesses......Page 77
3.35 A risk crisis management program, with clear authorities, responsibilities and expectations, should be designed for quick implementation......Page 78
3.37 The governance process must provide senior managers with an ability to view and manage risk on a regulatory/legal entity basis......Page 79
3.38 Regular internal audits of the risk process should be performed......Page 80
4.1 Proper identification of risk can only occur after a thorough understanding of a product, transaction, market or process has been gained......Page 82
4.3 The identification process should serve as the base for the quantification process; risks that are identified should be quantified, and ultimately limited, in some manner......Page 83
4.4 The identification process should follow a logical progression—beginning with the most common or essential, and moving on to the more complex or esoteric......Page 84
4.6 Risk identification should be an ongoing process that continually re-examines all dimensions of exposure......Page 85
4.8 Risk specialists must focus on details because the discipline is complex; but reviewing broader “macro” issues is also an important part of the risk process......Page 86
4.10 All sources of settlement risk must be identified......Page 87
4.12 Risk arising from convergence/divergence trades must be identified......Page 88
4.14 Risk exposures created through changes in the structure and timing of cash flows must be identified......Page 89
4.16 Local markets may possess very unique risks and due care must be taken to understand them......Page 90
4.18 If the identification process reveals that a large number of firms are extending credit to a counterparty, caution should be exercised......Page 91
4.20 Market risk concentrations must be properly identified......Page 92
4.22 During times of market stress, market and credit risks can become linked; advance identification of these linkages can help avoid problems......Page 93
4.24 Identifying the source of the next “large loss” can provide guidance on the nature/quality of controls needed to protect against such a loss......Page 94
4.25 If an unexpected loss occurs, the identification process may not be working correctly and should be reviewed......Page 95
5.1 Risks discovered in the identification stages should be decomposed into quantifiable terms; this allows exposures to be constrained and monitored......Page 98
5.3 Models are based on assumptions that may, or may not, be realistic; assumptions, and the impact they can have on valuation, must be well understood......Page 99
5.4 Models should not be used to the point of “blind faith”—they are only ancillary tools intended to supplement the risk process......Page 100
5.6 The effects of volatility on risk exposures should be quantified......Page 101
5.7 The impact of correlation between assets, and between assets and counterparties, should be quantified......Page 102
5.9 Use of traditional risk quantification techniques may underestimate potential market risk losses if a portfolio or business is very illiquid......Page 103
5.11 Quantifying the effect of “disaster” scenarios on risk portfolios is useful, but managing to such scenarios is not an advisable practice......Page 104
5.13 Credit and market risk linkages should be quantified when possible......Page 105
5.15 Relying on a mark-to-market calculation as an estimate of replacement cost at the time of default might result in an understatement......Page 106
5.17 The efficacy of risk analytics should be demonstrated through regular quantitative testing......Page 107
5.18 Independent verification of the analytics used to quantify risks should be undertaken......Page 108
6.2 Top risks should be monitored continuously......Page 110
6.4 Standard risk reports should be supplemented by special reports that provide an indication of illiquidity, mismarks and other problems......Page 111
6.6 Information should not come from multiple sources—a single, independent source should be used as the kernel for all reports, and should be audited for accuracy on a regular basis......Page 112
6.7 The ability to relate profit and loss to risk, in detail, is paramount......Page 113
6.9 Some risk positions generate losses instantaneously while others bleed profits over time; P&L decomposition can help identify losses in both cases......Page 114
6.12 Senior managers in the risk governance structure must receive and review risk information on a regular basis......Page 115
6.14 Reporting should be flexible enough to provide all relevant views of risk information......Page 116
6.17 More, rather than less, disclosure of credit and market risks to external parties is preferable; it adds transparency and comfort......Page 117
6.18 Reporting should not be aimed at very limited audiences or be done “for show”......Page 118
6.20 Monitoring processes should be implemented to verify the nature of collateral and counterparties......Page 119
6.22 Financial markets contain a great deal of credit information—monitoring the stock prices and credit spreads of counterparties can be helpful, especially on the downside......Page 120
7.2 Risk officers and risk takers should discuss risk issues on a regular basis......Page 122
7.4 Risk managers should strive to be “value added” by searching for beneficial risk solutions whenever possible......Page 123
7.6 When a potential risk problem is discovered, immediate action must be taken; problems must not be permitted to grow out of control......Page 124
7.8 If other institutions do not want to accept a risk-bearing deal, there may be a reason for it—it is important to determine whether it should be a factor in approving or declining the risk......Page 125
7.10 Credit reserve mechanisms should be implemented in order to encourage active management of credit risks......Page 126
7.12 A risk is not hedged or sold until it is actually hedged or sold; just because it is “theoretically” possible to hedge or sell a risk does not mean that it can be done......Page 127
7.13 Active management of asset and funding liquidity is vital in order to avoid potential losses......Page 128
7.14 Since liquidity has a tendency to disappear quickly, conservative liquidation assumptions should be used when managing risks......Page 129
7.17 Concentrated risks can be very damaging and must be managed actively......Page 130
7.19 Risk-bearing positions must be booked/housed in officially sanctioned trading systems......Page 131
7.21 Aggressive risk-taking behavior, which may ultimately create risk problems, should be managed closely......Page 132
7.23 Risk mitigation/migration tools should be used wherever possible......Page 133
7.24 Attempting to predict what will happen in the future is hazardous—the risk function should be realistic in assessing the time horizon of deals, structures and credits......Page 134
7.26 Strong client sales practices can help mitigate risks......Page 135
7.28 Where possible and feasible—and without compromising confidentiality—counterparty information should be shared with others seeking to extend credit......Page 136
7.30 Legal and operational staff should be familiar with triggers and clauses that can be influenced by credit, market and liquidity events......Page 137
7.32 A legal documentation backlog may ultimately lead to operational/legal errors and losses—authorizations, guarantees, confirmations and master agreements should always be as current as possible......Page 138
7.33 Establishing documentary targets and thresholds can help limit operational and legal risks; incomplete documentation should be prioritized by creditworthiness and risk exposure......Page 139
8.1 Data is the fundamental component of any risk process—bad data leads to bad information and bad risk decisions......Page 142
8.2 A single source of trade data should be used whenever possible to ensure consistency; when this is not possible, data processes must be properly reconciled and audited......Page 143
8.4 Risk requirements should be a central part of any business technology blueprint......Page 144
8.6 Minimum standards related to risk technology, analytics and reporting should be applied to all risk-taking business......Page 145
8.7 A risk control system is not a risk management system; the two are different and both are necessary......Page 146
8.9 Changes in risk measures, processes or technology by the trading or risk management functions must be thoroughly developed, tested, reviewed and documented before being implemented......Page 147
8.11 When automated infrastructure solutions are not available, the best manual solutions, with checks and balances, should be implemented......Page 148
8.13 Infrastructure contingency plans should take account of all risk requirements......Page 149
9 Summary......Page 152
Selected References......Page 154
Index......Page 156