29. Risk measurement and reporting

Question 1

Describe how the risk identification ‘brainstorming’ approach can be extended to obtain a subjective assessment of risk exposure

Answer 1

Subjective assessment of risk exposure

• Estimate probability and severity of each risk separately
• Assign a number from the scale 1-5
• The product of probability and severity=> ranked 1-25
• Allows risks to be ranked and prioritised
• Carried out with and without possible risk controls

Question 2

How can a model be used to assess a risk event/exposure?

Answer 2

• Distribution assigned to both Frequency and severity of a risk event
• Define an event
• Use historic events to calculate a probability distribution for that event
• Alternatively - Frequency of the event defined and used to determine the loss parameter
• Decide stochastic vs deterministic model
• Availability of data=> Influence which model is used
• Important when considering rare events

Question 3

What the different ways of valuing risk?

Answer 3

SRC

• Scenario analysis
• Stress testing
• Stochastic modelling
• Reverse stress testing
• Combined stress and scenario testing

Question 4

What steps should be involved in a scenario analysis to evaluate operational risk?

4

Answer 4

• Group risks into categories.
• Develop a plausible adverse scenario of risk events for each group of risks, which is representitive of all risks in the group
• Calculate the consequences/costs of the risk event occurring for each scenario. Involving input from senior staff.
• Calculate the total costs of all risks represented by the scenario

Question 5

What categories may operational risk be divided into for the purpose of scenarios analysis?

6

Answer 5

• Fraud
• Loss of key personnel
• Mis-selling of financial products
• Calculation error in the computer system
• Loss of business premises
• Loss of company e-mail access

Question 6

What is stress testing?

Answer 6

• Deterministic method of modelling adverse event over a period of time
• Commonly used to model extreme market events but can be applied to other risks.
• It models the impact of event, but not probability

In relation to market risk:
* It involves subjecting a portfolio to extreme market movements by:
1. by radically changing the underlying assumtions and characteristics
2. Change asset class correlations and volatilities

Designed to:
* Identify weak areas=> investigate effect of localised stress situation
* Different combinations of correlations + volatilities => Impact of major market turmoil=> all parameters
* Ensure consistency between correlations while they are stressed

Question 7

A provider of unit-linked investment bonds has constructed a model to investigate the stress scenario of a sustained reduction in equity market values.
List factors that would need to be built into this model

Answer 7

The model would need to allow for the impact of the sustained reduction in equity market values on:
* Income received from fund management charges
* Persistency of existing bonds
* New business volumes
* Regulatory capital requirements
* Value of shareholders’ interests
* Probability of any gurantee biting
* Other economic conditions=>interest rates, inflation + investment returns on other assets

Question 8

What is reverse stress testing?

Answer 8

• Construction of a severe stress scenario
• Only just allows the company to continue
• To fulfil its strategic business plan
• Financial or non-financial
• Although extreme, MUST BE PLAUSIBLE

Question 9

How can a stochastic model be used to evaluate a particular risk?

Answer 9

• Variables that give rise to risk => treat as RV with probability distributions
• Model must be dynamic- with full interactions and correlations between variables
• Model run to determine amount of capital to just avoid ruin
• With a given probability

Question 10

A stochastic model used to evaluate risk may become impractical to run.
Outline three approaches to limiting the ideal scope of a stochastic model in order to make the model more practical

Answer 10

• Restrict the time Horizon that the model projects
• Limit the number of variables that the model models stochastically
• Carry out a number of runs with a single different stochastic variable
• Followed by a single deterministic run using all the worst-case scenarios together

Question 11

Why can the phrase 1 in 200-year event be misleading, in relation to risk and setting riskbased capital requirements?

Answer 11

• Misleading to non-experts
• If the risk event has just occurred=> will occur again in 200 years
• Rare events in practise such as stock market crashes are occurring more frequently than the assumed probability indicates
• 1 in 200-year combined event not the same as combining individual 1 in 200 year events

Question 12

How does the overall capital requirement relate to the individual capital requirements of a group of risks?

Answer 12

• Fully dependent=> Overall cap = sum of individual risk cap
• Fully independent=> Overall cap< sum of individual risk cap. Under certain assumptions: Overall risk is square root of sum of squares of individual risks
• Partially dependent=> Overall cap requirement< sum of individual cap
• The difference is the diversification benefit

Question 13

What are examples of likely correlations between risks?

Answer 13

• Inflation risk = expense risk
• Equity markets inverse to inflation rates
• Equity market falls= higher withdrawal rates on unit linked savings products
• Operational risks correlated to other risks
• Longevity risk strongly negatively correlated to mortality risk

Question 14

What methods exist for aggregating partially dependent risks?

Answer 14

• Stochastic model
• Correlation matrices
• Copulas

Question 15

What is a correlation matrix and how can it be used in the assessment of risk?

Answer 15

• Specifies the correlations between all pairs of individual risk factors being modelled

Question 16

What is a copula and how can it be used to model risk?

Answer 16

• F(Marginal CDF)= Joint CDFs
• Method of calculating joint probabilities of risk
• P(RBonds>L,REquity<M)= Joint probability
• Different copulas are used to describe different degrees of dependence between RV
• Including dependence in the tails of the distributions
• USEFUL for modelling tail risk=> Capital requirements for extreme events

Question 17

How can liability risk be measured?

Answer 17

• Analysis of experience- A/E
• NB consistent classification and measurement of the risk event+ exposure to risk

Question 18

What is Value at Risk (Var)?

Answer 18

• Maximum possible loss
• On a portfolio
• Over a given time period
• With a given degree of confidence
• Absolute amount or relative to a benchmark

Question 19

What are the disadvantages/drawbacks of using VaR as a measure of risk?

3

Answer 19

• Calculated assuming a normal distribution of returns. NOT TRUE IN PRACTISE
• VaR can be used with a different distribution. Data is sparse particulalarly in the tails=> difficult to fit accurately
• VaR does not quantify the size of the tail=> loss might be past VaR confidence level

Question 20

What is tail VaR or TVaR?

Answer 20

• Expected shortfall below a certain level, given that shortfall has occurred
• e.g. if average loss on the worst 5% of possible outcomes is 5 mil, then the TVaR is 5 mil for the 5% tail

Question 21

What is a risk portfolio and what might it contain?

Answer 21

• Means of categorising the various risks to the company
• Against each risk=> likely severity + probability
• Product=> idea of relative importance of the various risks
• Extended to explain how each risk was dealt with
• Details for mitigated risks=> revised assessment of risk remaining
• Retained risks=> Details of control, risk owner, need for management.

Question 22

Why is regular risk reporting important within a business?

Answer 22

FRAUD CRIME

• Financing
• Rating agencies
• Attractive investors
• Understand better
• Determine appropriate control systems
• Changes over time
• Regulator
• Interactions
• Monitor effectiveness of controls
• Emerging risk identification

Question 23

Explain why, if risk is being managed at the enterprise level, it is necessary to have a coherent system of risk reporting across the whole enterprise.

Answer 23

• Each unit given risk exposure allocation
• Benefits of diversification rely on each business unit taking on exposure allocated
• Necessary each unit report on exposure they are taking on
• NOT done in a consistent way= more capital required

Question 24

What are the two modelling steps of the determining the amount of capital to hold?

Answer 24

• A model used to determine risk event at the required level of probability
• Stochastic model used to determine this
• Second model=> determine the consequences/ costs of the risk event determined ❖ Deterministic model likely to be used

Question 25

What are the issues when assessing risk-based capital requirements?

Answer 25

• Ruin P expressed over single year or entire run off of the business?
• Modelling more than 2 varaibles stochastically impractical => method of identifying correlation between varibales is needed = Correlation matrix
• Effect of multiple risk events influenced by diversification and their interactions
• Operation risk is highly subjective => Look beyond past events for risk scenarios
• Past data used with caution => censequences of rare events

Question 26

Describe the key considerations when designing risk reporting, including typical contents of such reports.

Answer 26

• Risk reporting should be clear and relavant, linking to company’s risk appetite/tolerances in order to allow effective decision-making
• Split according to risk types and operating units, and include:
  1. Key Risk Indicators (KRIs)
  2. Summaries of main risk areas in tables/graphs, showing likelihood and severity of each risk.
  3. Traffic light systems to highlight areas of concern.
• Must contain the appropriate level of detail for the audience, balancing completeness with clarity and simplicity.