Erik Banks

The Simple Rules of Risk

Revisiting the Art of Financial Risk Management

• Gebundenes Buch

Produktbeschreibung

In an age where companies and financial institutions are keenly focused on managing the financial risk of their operations, the implementation of quantitative methods and models has been of tremendous help. Tools such as VaR, credit VaR, risk-adjusted returns, and scenario analyses have given institutions the means to quantify and understand their risk profiles. However, the focus on quantitative risk management, while important, can sometimes be over-emphasized--at the expense of logic and experience. At its core, the successful management of risk is still largely an "art." The Simple Rules of Risk takes a fresh look at the qualitative aspects of risk management. It also considers how qualitative approaches can make optimal use of the mathematical aspects of risk management to create the most effective framework possible.

---

Erik Banks is a highly regarded finance practitioner and the author of several well-regarded finance books.
_ Fills a much-needed gap in the market for a more "qualitative" look at risk management.

---

Hinweis: Dieser Artikel kann nur an eine deutsche Lieferadresse ausgeliefert werden.

Produktdetails

• Wiley Finance Series
• Verlag: Wiley & Sons
• 1. Auflage
• Seitenzahl: 160
• Erscheinungstermin: 30. Dezember 2002
• Englisch
• Abmessung: 257mm x 167mm x 14mm
• Gewicht: 470g
• ISBN-13: 9780470847749
• ISBN-10: 0470847743
• Artikelnr.: 11054131

Autorenporträt

ERIK BANKS has held senior risk management positions in several global financial institutions. In 2001, Erik joined XL Capitals weather/energy risk management subsidiary, Element Re, as Partner and Chief Risk Officer. Prior to that he spent 13 years at Merrill Lynch, where he was Managing Director of Corporate Risk Management, responsible for the firms risk infrastructure; before that he spent 8 years abroad, managing Merrills credit and market risk teams in London, Hong Kong and Tokyo. Prior to joining Merrill Lynch in 1988 he was credit officer at Citibank and Manufacturers Hanover in New York. Erik is author of seven other books on risk, emerging markets, derivatives, merchant banking and electronic finance; he is also editor and co-author of a book on weather risk management, and is working on various new financial texts.

Inhaltsangabe

Acknowledgements xv
Biography xvii
1 Introduction 1
1.1 Risk and risk management 1
1.2 Qualitative and quantitative approaches to risk management 2
1.3 Financial losses and failures of the risk process 6
1.3.1 Showa Shell Seikyu 8
1.3.2 Procter and Gamble 9
1.3.3 Metallgesellschaft 10
1.3.4 Orange County 10
1.3.5 Barings 11
1.3.6 Sumitomo Corporation 12
1.3.7 Long Term Capital Management (LTCM) 13
1.3.8 Enron 14
1.3.9 Allfirst 15
1.4 Diagnosing risk process problems 16
1.4.1 Flaws in governance 16
1.4.2 Flaws in identification and measurement 17
1.4.3 Flaws in reporting and monitoring 17
1.4.4 Flaws in management 18
1.4.5 Flaws in infrastructure 19
1.5 Strengthening risk practices 20
1.6 The simple rules of risk 21
1.6.1 The cardinal rules 22
2 Philosophy of Risk 25
2.1 Risk-taking should be aligned with other corporate priorities,
directives and initiatives 25
2.2 Risk should be viewed on an enterprise-wide basis in order to
understand how it impacts the entire organization 27
2.3 Deciding to become an active risk taker without implementing a robust
risk process is likely to lead to financial losses 27
2.4 Actively assuming risk requires support from key stakeholders and
commitment of necessary financial resources 28
2.5 Risk generates profits, and can therefore benefit a firm - it must,
however, be managed properly 28
2.6 Risk is a finite resource that is driven by capital 29
2.7 Risk capacity is not free and proper compensation must be obtained; the
process should be disciplined and applied without exception 30
2.8 More risk should be taken when it makes sense to do so - but only if
the reasons are well established and the returns appropriate 30
2.9 A robust risk/return framework should be used to evaluate the
performance of risk-taking activities 31
2.10 Risk-taking should be confined to areas in which a firm has technical
expertise and a competitive advantage 31
2.11 "Worst case scenarios" happen with considerable frequency in an era of
volatility and event risk. the lessons of history - financial cycles and
crises - provide useful risk information 31
2.12 Understanding the dynamics of different risk classes can help define
an approach to risk 32
2.13 Senior management should know the strengths, weaknesses, motivations,
expertise and risk behavior of its business leaders and risk takers 33
2.14 Healthy skepticism - though not cynicism - can be useful in
considering risks 33
2.15 Though risk activities of financial and non-financial companies are
based on similar principles, they often feature important differences that
must be thoroughly understood 34
2.16 Creating a risk capability and presence should be regarded as a
long-term endeavor 34
2.17 Once a risk philosophy is defined, it should be communicated clearly
and followed with discipline 35
3 Risk Governance 37
3.1 Risk classes need to be clearly defined and delineated 39
3.2 Clear expression of firm-wide risk appetite is essential 39
3.3 The risk governance structure should assign responsibility for risk to
senior officials from various parts of the organization; these officials
must ultimately be accountable to the board of directors 40
3.4 Accountability for risk must run from the top to the bottom of an
organization; senior management must not claim to be unaware of risk, or be
in a position where they are unaware of risk 41
3.5 Human judgment is remarkably valuable; years of "crisis experience" can
be far more valuable than recommendations generated by models 41
3.6 Independence of the risk function must be undoubted 42
3.7 Other key control functions must remain equally independent of the
business 43
3.8 The risk process must be dynamic in order to be truly effective 43
3.9 Disciplined application of the risk process is a necessity 43
3.10 An ineffective control process is a source of risk that must be
addressed 44
3.11 Risk takers must have clear reporting lines and accountabilities 44
3.12 Compensation policies for risk takers must be rational 45
3.13 Trading managers and investment bankers should be the front line of
risk management - accountable, in a measurable way, for assuming "good"
risks 46
3.14 Once management has confidence in its risk process, it should let
business managers conduct business and monitor the results 46
3.15 Appropriate limits should exist to control risks 47
3.16 Risk policies should be used to define and control all risk activities
47
3.17 A new product process should exist to evaluate the nuances and
complexities of new instruments, markets and transactions; the same should
apply to capital commitments 48
3.18 The nature and structure of risk policies, metrics and reporting
should be reviewed regularly to account for changing dimensions of business
49
3.19 An effective disciplinary system is crucial; if limits/policies are
breached, quick disciplinary action must be taken - if decisive action is
not taken, the risk governance process loses credibility 49
3.20 The risk organization must carry stature, experience and authority in
order to command respect 50
3.21 The knowledge that an experienced group of professionals is
scrutinizing risk is a very powerful risk management tool 50
3.22 Hiring the best risk experts available, with a broad range of credit,
market, legal and quantitative experience, is a worthwhile investment in
the firm's future 51
3.23 Ensuring the risk function possesses the right mix of skills and
experience strengthens the management process 51
3.24 Risk takers, risk managers and other control professionals should
rotate regularly to remain "fresh" in their experience and perspectives 52
3.25 Risk expertise must be disseminated throughout the organization 52
3.26 Preserving an institutional memory of risk issues is important for
future management of risk within a company 53
3.27 General risk education should be mandatory throughout the firm 53
3.28 Educational efforts should focus on concepts that are part of the
daily operating environment 54
3.29 Risk specialists should question and probe until they are satisfied
with the answers - they should not be afraid to query and challenge
"business experts," even when it seems difficult to do so 54
3.30 Risk management spans many fronts - allies in audit, finance, legal
and operations can help in the process 55
3.31 A constructive relationship with business units can be more productive
than an adversarial one; but a constructive relationship does not mean
approving all business deals and risks 55
3.32 Risk decisions should be made quickly and firmly; overruling the
decisions of risk subordinates should be kept to an absolute minimum 56
3.33 Consistency is vital throughout the risk control organization; this
eliminates the possibility of "internal arbitrage" across regions and
businesses 56
3.34 Risk officers should be involved in every aspect of the firm that has
a risk dimension to ensure that the proper perspective is always
represented 57
3.35 A risk crisis management program, with clear authorities,
responsibilities and expectations, should be designed for quick
implementation 57
3.36 Sensitivity to regulatory requirements is important 58
3.37 The governance process must provide senior managers with an ability to
view and manage risk on a regulatory/legal entity basis 58
3.38 Regular internal audits of the risk process should be performed 59
4 Risk Identification 61
4.1 Proper identification of risk can only occur after a thorough
understanding of a product, transaction, market or process has been gained
61
4.2 All dimensions of risk must be identified; risks that might be less
apparent at the time of analysis should not be ignored, as they can become
more prominent as market conditions change 62
4.3 The identification process should serve as the base for the
quantification process; risks that are identified should be quantified, and
ultimately limited, in some manner 62
4.4 The identification process should follow a logical progression -
beginning with the most common or essential, and moving on to the more
complex or esoteric 63
4.5 In the search for more complex dimensions of risk, care must be taken
not to overlook the most obvious risks 64
4.6 Risk identification should be an ongoing process that continually
re-examines all dimensions of exposure 64
4.7 Risk officers should work with traders, product experts and finance
personnel to analyze products and identify risks 65
4.8 Risk specialists must focus on details because the discipline is
complex; but reviewing broader "macro" issues is also an important part of
the risk process 65
4.9 Cooperation between different control units can lead to identification
of risks that "cross boundaries" 66
4.10 All sources of settlement risk must be identified 66
4.11 Hedges may not always function as intended; potential "problem hedges"
should be identified in advance 67
4.12 Risk arising from convergence/divergence trades must be identified 67
4.13 Models used to price and manage risks may contain risks of their own
68
4.14 Risk exposures created through changes in the structure and timing of
cash flows must be identified 68
4.15 New products and markets can contain special risks that have not been
encountered before; these risks should be thoroughly understood 69
4.16 Local markets may possess very unique risks and due care must be taken
to understand them 69
4.17 "Risk-free" strategies with above average returns are rarely
risk-free; pockets of "hidden" or structural risk may exist 70
4.18 If the identification process reveals that a large number of firms are
extending credit to a counterparty, caution should be exercised 70
4.19 The existence of "credit cliffs" can result in the creation of
sub-investment grade credit exposures, and should be identified in advance
71
4.20 Market risk concentrations must be properly identified 71
4.21 Understanding and identifying the links between liquidity, leverage,
funding and exposure is vital 72
4.22 During times of market stress, market and credit risks can become
linked; advance identification of these linkages can help avoid problems 72
4.23 Risk outside a specialist's domain that is discovered during the
identification stage should be forwarded to a unit with direct
responsibility 73
4.24 Identifying the source of the next "large loss" can provide guidance
on the nature/quality of controls needed to protect against such a loss 73
4.25 If an unexpected loss occurs, the identification process may not be
working correctly and should be reviewed 74
5 Risk Quantification and Analysis 77
5.1 Risks discovered in the identification stages should be decomposed into
quantifiable terms; this allows exposures to be constrained and monitored
77
5.2 Though certain risks can be difficult to quantify, basic attempts at
measurement are important in order to obtain an indication of riskiness 78
5.3 Models are based on assumptions that may, or may not, be realistic;
assumptions, and the impact they can have on valuation, must be well
understood 78
5.4 Models should not be used to the point of "blind faith"-they are only
ancillary tools intended to supplement the risk process 79
5.5 It is important to know which risks are marked-to-model and why 80
5.6 The effects of volatility on risk exposures should be quantified 80
5.7 The impact of correlation between assets, and between assets and
counterparties, should be quantified 81
5.8 The valuation of large positions should be regarded with skepticism;
proof, through periodic, random liquidation exercises, can help provide an
assessment of fair value 82
5.9 Use of traditional risk quantification techniques may underestimate
potential market risk losses if a portfolio or business is very illiquid 82
5.10 Scenario analysis can be useful in quantifying how risk profiles
change with fluctuating variables 83
5.11 Quantifying the effect of "disaster" scenarios on risk portfolios is
useful, but managing to such scenarios is not an advisable practice 83
5.12 "Safe" assets and exposures can become risky in a crisis - quantifying
the downside of such exposures is useful 84
5.13 Credit and market risk linkages should be quantified when possible 84
5.14 Leverage can magnify credit, market, funding and liquidity risks and
must be factored into any quantification exercise 85
5.15 Relying on a mark-to-market calculation as an estimate of replacement
cost at the time of default might result in an understatement 85
5.16 Quantifying credit exposures on a net basis should only be done when a
firm has appropriate counterparty documentation and is operating in a
jurisdiction where netting is legally recognized 86
5.17 The efficacy of risk analytics should be demonstrated through regular
quantitative testing 86
5.18 Independent verification of the analytics used to quantify risks
should be undertaken 87
6 Risk Monitoring and Reporting 89
6.1 If risk cannot be monitored it cannot be managed 89
6.2 Top risks should be monitored continuously 89
6.3 The use of a "risk watchlist" report, which alerts participants to
potential concerns or problem areas, can be a valuable management tool 90
6.4 Standard risk reports should be supplemented by special reports that
provide an indication of illiquidity, mismarks and other problems 90
6.5 It is more useful to have timely reporting of 90% of a firm's risk
exposure than delayed reporting of 100% 91
6.6 Information should not come from multiple sources - a single,
independent source should be used as the kernel for all reports, and should
be audited for accuracy on a regular basis 91
6.7 The ability to relate profit and loss to risk, in detail, is paramount
92
6.8 Profits must be reviewed with the same rigor as losses as they may be
indicative of large, or unknown, risks 93
6.9 Some risk positions generate losses instantaneously while others bleed
profits over time; P&L decomposition can help identify losses in both cases
93
6.10 Reporting should focus on the essential - simple reports that convey
the right information are often the most effective tool 94
6.11 Management reporting should generally commence with broad summaries of
key risks for board directors and senior executives, and increase in detail
as it moves down the management chain 94
6.12 Senior managers in the risk governance structure must receive and
review risk information on a regular basis 94
6.13 Ready access to detailed risk information is critical 95
6.14 Reporting should be flexible enough to provide all relevant views of
risk information 95
6.15 Regulatory reports are generally not sufficient to manage a complex
business 96
6.16 Regulatory reporting requirements are likely to increase over time and
should be borne in mind when designing reporting mechanisms 96
6.17 More, rather than less, disclosure of credit and market risks to
external parties is preferable; it adds transparency and comfort 96
6.18 Reporting should not be aimed at very limited audiences or be done
"for show" 97
6.19 Use of "flash reporting" can provide an early indication of P&L and
risk performance 98
6.20 Monitoring processes should be implemented to verify the nature of
collateral and counterparties 98
6.21 Public credit ratings can be useful for "third party" confirmation and
monitoring, but should not be regarded as a substitute for proprietary
internal ratings 99
6.22 Financial markets contain a great deal of credit information -
monitoring the stock prices and credit spreads of counterparties can be
helpful, especially on the downside 99
7 Risk Management 101
7.1 Risk managers should be visible and available 101
7.2 Risk officers and risk takers should discuss risk issues on a regular
basis 101
7.3 Risk managers should be in regular contact with market participants -
the market has a great deal of information that can be used in daily
management of risk 102
7.4 Risk managers should strive to be "value added" by searching for
beneficial risk solutions whenever possible 102
7.5 Risk decisions should be documented clearly in order to avoid errors
and misinterpretation; good documentation establishes a proper audit trail
103
7.6 When a potential risk problem is discovered, immediate action must be
taken; problems must not be permitted to grow out of control 103
7.7 Risk decisions should not be driven by competitive pressures 104
7.8 If other institutions do not want to accept a risk-bearing deal, there
may be a reason for it - it is important to determine whether it should be
a factor in approving or declining the risk 104
7.9 Prudent risk reserve mechanisms should be established for concentrated,
complex, illiquid or marked-to-model risks 105
7.10 Credit reserve mechanisms should be implemented in order to encourage
active management of credit risks 105
7.11 Failure to price the cost of credit risk will ultimately lead to a
misbalanced credit portfolio and credit losses 106
7.12 A risk is not hedged or sold until it is actually hedged or sold; just
because it is "theoretically" possible to hedge or sell a risk does not
mean that it can be done 106
7.13 Active management of asset and funding liquidity is vital in order to
avoid potential losses 107
7.14 Since liquidity has a tendency to disappear quickly, conservative
liquidation assumptions should be used when managing risks 108
7.15 An investment account must not be regarded as a trading account for
illiquid positions 109
7.16 Large deals mean large - and possibly illiquid or unhedgeable - risks;
they must be managed carefully and command an appropriate premium 109
7.17 Concentrated risks can be very damaging and must be managed actively
109
7.18 Risk takers should be limited to taking risk in specific markets and
instruments 110
7.19 Risk-bearing positions must be booked/housed in officially sanctioned
trading systems 110
7.20 Using financial incentives and penalties to influence risk-taking
behavior is an effective management tool 111
7.21 Aggressive risk-taking behavior, which may ultimately create risk
problems, should be managed closely 111
7.22 Risk mitigation should not be mistaken for risk migration 112
7.23 Risk mitigation/migration tools should be used wherever possible 112
7.24 Attempting to predict what will happen in the future is hazardous -
the risk function should be realistic in assessing the time horizon of
deals, structures and credits 113
7.25 Understanding why a client is entering into a complex risk trade is
important; if suitability emerges as an issue, it should be made known to
legal officers 114
7.26 Strong client sales practices can help mitigate risks 114
7.27 Executing a risk-bearing deal to accommodate a client or build a
client relationship does not justify the assumption of bad risk 115
7.28 Where possible and feasible - and without compromising confidentiality
- counterparty information should be shared with others seeking to extend
credit 115
7.29 Collateral taken in support of an exposure should relate directly to
counterparty credit quality, the size of the risk exposure and relevant
concentration/liquidity parameters 116
7.30 Legal and operational staff should be familiar with triggers and
clauses that can be influenced by credit, market and liquidity events 116
7.31 Legal documentation that protects multiple products/eventualities can
help control risk exposures 117
7.32 A legal documentation backlog may ultimately lead to operational/legal
errors and losses - authorizations, guarantees, confirmations and master
agreements should always be as current as possible 117
7.33 Establishing documentary targets and thresholds can help limit
operational and legal risks; incomplete documentation should be prioritized
by creditworthiness and risk exposure 118
8 Risk Infrastructure 121
8.1 Data is the fundamental component of any risk process - bad data leads
to bad information and bad risk decisions 121
8.2 A single source of trade data should be used whenever possible to
ensure consistency; when this is not possible, data processes must be
properly reconciled and audited 122
8.3 Technology should be made as flexible as possible in order to
accommodate the changing business environment 123
8.4 Risk requirements should be a central part of any business technology
blueprint 123
8.5 Technology changes that impact risk management, finance, legal,
regulatory reporting and operations should always be considered jointly 124
8.6 Minimum standards related to risk technology, analytics and reporting
should be applied to all risk-taking business 124
8.7 A risk control system is not a risk management system; the two are
different and both are necessary 125
8.8 The technology platform that generates valuations and risk information
must be under the scrutiny/control of technological auditors/risk managers
126
8.9 Changes in risk measures, processes or technology by the trading or
risk management functions must be thoroughly developed, tested, reviewed
and documented before being implemented 126
8.10 Use of short-term, temporary infrastructure solutions is acceptable,
but these should be replaced by robust solutions as soon as possible 127
8.11 When automated infrastructure solutions are not available, the best
manual solutions, with checks and balances, should be implemented 127
8.12 "Off-the-shelf" technology solutions that provide 80% or 90% of the
capability a firm is seeking can be an ideal solution 128
8.13 Infrastructure contingency plans should take account of all risk
requirements 128
9 Summary 131
Selected References 133
Index 135